Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(441)

Issue 205333002: Hack to allow ec_private_key_openssl loading keys generated with NSS. (Closed)

Created:
6 years, 9 months ago by mattm
Modified:
6 years, 9 months ago
Reviewers:
wtc, Ryan Sleevi
CC:
chromium-reviews
Visibility:
Public.

Description

Hack to allow ec_private_key_openssl loading keys generated with NSS. BUG=none Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=258739

Patch Set 1 #

Total comments: 2
Unified diffs Side-by-side diffs Delta from patch set Stats (+128 lines, -3 lines) Patch
M crypto/ec_private_key_openssl.cc View 1 chunk +5 lines, -0 lines 2 comments Download
M crypto/ec_private_key_unittest.cc View 2 chunks +123 lines, -3 lines 0 comments Download

Messages

Total messages: 8 (0 generated)
mattm
6 years, 9 months ago (2014-03-19 21:48:34 UTC) #1
mattm
Oh, one annoying thing is that if you have --vmodule specified, you still get bunch ...
6 years, 9 months ago (2014-03-19 21:49:44 UTC) #2
Ryan Sleevi
lgtm
6 years, 9 months ago (2014-03-21 20:32:18 UTC) #3
mattm
The CQ bit was checked by mattm@chromium.org
6 years, 9 months ago (2014-03-21 21:05:43 UTC) #4
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/mattm@chromium.org/205333002/1
6 years, 9 months ago (2014-03-21 21:06:24 UTC) #5
commit-bot: I haz the power
Change committed as 258739
6 years, 9 months ago (2014-03-22 02:42:50 UTC) #6
wtc
https://codereview.chromium.org/205333002/diff/1/crypto/ec_private_key_openssl.cc File crypto/ec_private_key_openssl.cc (right): https://codereview.chromium.org/205333002/diff/1/crypto/ec_private_key_openssl.cc#newcode137 crypto/ec_private_key_openssl.cc:137: // causes OpenSSL to use an empty password instead ...
6 years, 9 months ago (2014-03-22 03:13:45 UTC) #7
mattm
6 years, 9 months ago (2014-03-22 04:01:33 UTC) #8
Message was sent while issue was closed.
https://codereview.chromium.org/205333002/diff/1/crypto/ec_private_key_openss...
File crypto/ec_private_key_openssl.cc (right):

https://codereview.chromium.org/205333002/diff/1/crypto/ec_private_key_openss...
crypto/ec_private_key_openssl.cc:137: // causes OpenSSL to use an empty password
instead of "\0\0".
On 2014/03/22 03:13:45, wtc wrote:
> 
> Does NSS have a bug?

I don't know I'd call it a bug in NSS, other than perhaps of lacking
documentation.
NSS takes a SECItem for the password and uses it directly, so it's up to the app
to use an appropriately formatted password. (In ec_private_key_nss.cc, we pass
in a 0-length pwitem.)

OpenSSL interprets the password input as ASCII and converts it to 2-byte unicode
string with included null termination (Unless you #define PBE_UNICODE when
building OpenSSL, in which case it's like NSS and you can pass in whatever you
want without it being changed.)

PKCS 12 section B.1 says the password should be a 2-byte big-endian unicode
string with included 2 bytes of null termination, but then B.2.3 says that if
the password is the empty string, P should also be empty. I guess taken
literally, "\0\0" is not an empty string, but I dunno if that's what was
intended.

Powered by Google App Engine
This is Rietveld 408576698