crypto/ec_private_key_openssl.cc - Issue 205333002: Hack to allow ec_private_key_openssl loading keys generated with NSS.

Side by Side Diff: crypto/ec_private_key_openssl.cc

Issue 205333002: Hack to allow ec_private_key_openssl loading keys generated with NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "crypto/ec_private_key.h"	5 #include "crypto/ec_private_key.h"

6	6

7 #include <openssl/ec.h>	7 #include <openssl/ec.h>

8 #include <openssl/evp.h>	8 #include <openssl/evp.h>

9 #include <openssl/pkcs12.h>	9 #include <openssl/pkcs12.h>

10 #include <openssl/x509.h>	10 #include <openssl/x509.h>

(...skipping 114 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
125 // Convert it, then decrypt it into a PKCS#8 object.	125 // Convert it, then decrypt it into a PKCS#8 object.

126 ScopedOpenSSL<X509_SIG, X509_SIG_free> p8_encrypted(	126 ScopedOpenSSL<X509_SIG, X509_SIG_free> p8_encrypted(

127 d2i_PKCS8_bio(bio.get(), NULL));	127 d2i_PKCS8_bio(bio.get(), NULL));

128 if (!p8_encrypted.get())	128 if (!p8_encrypted.get())

129 return NULL;	129 return NULL;

130	130

131 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> p8_decrypted(	131 ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free> p8_decrypted(

132 PKCS8_decrypt(p8_encrypted.get(),	132 PKCS8_decrypt(p8_encrypted.get(),

133 password.c_str(),	133 password.c_str(),

134 static_cast<int>(password.size())));	134 static_cast<int>(password.size())));

	135 if (!p8_decrypted.get() && password.empty()) {

	136 // Hack for reading keys generated by ec_private_key_nss. Passing NULL

	137 // causes OpenSSL to use an empty password instead of "\0\0".
	wtc 2014/03/22 03:13:45 Does NSS have a bug? Does NSS have a bug? mattm 2014/03/22 04:01:34 I don't know I'd call it a bug in NSS, other than Show quoted text On 2014/03/22 03:13:45, wtc wrote: > > Does NSS have a bug? I don't know I'd call it a bug in NSS, other than perhaps of lacking documentation. NSS takes a SECItem for the password and uses it directly, so it's up to the app to use an appropriately formatted password. (In ec_private_key_nss.cc, we pass in a 0-length pwitem.) OpenSSL interprets the password input as ASCII and converts it to 2-byte unicode string with included null termination (Unless you #define PBE_UNICODE when building OpenSSL, in which case it's like NSS and you can pass in whatever you want without it being changed.) PKCS 12 section B.1 says the password should be a 2-byte big-endian unicode string with included 2 bytes of null termination, but then B.2.3 says that if the password is the empty string, P should also be empty. I guess taken literally, "\0\0" is not an empty string, but I dunno if that's what was intended.
	138 p8_decrypted.reset(PKCS8_decrypt(p8_encrypted.get(), NULL, 0));

	139 }

135 if (!p8_decrypted.get())	140 if (!p8_decrypted.get())

136 return NULL;	141 return NULL;

137	142

138 // Create a new EVP_PKEY for it.	143 // Create a new EVP_PKEY for it.

139 scoped_ptr<ECPrivateKey> result(new ECPrivateKey);	144 scoped_ptr<ECPrivateKey> result(new ECPrivateKey);

140 result->key_ = EVP_PKCS82PKEY(p8_decrypted.get());	145 result->key_ = EVP_PKCS82PKEY(p8_decrypted.get());

141 if (!result->key_)	146 if (!result->key_)

142 return NULL;	147 return NULL;

143	148

144 return result.release();	149 return result.release();

(...skipping 50 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
195 OpenSSLErrStackTracer err_tracer(FROM_HERE);	200 OpenSSLErrStackTracer err_tracer(FROM_HERE);

196 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_));	201 ScopedOpenSSL<EC_KEY, EC_KEY_free> ec_key(EVP_PKEY_get1_EC_KEY(key_));

197 return ExportKey(ec_key.get(),	202 return ExportKey(ec_key.get(),

198 reinterpret_cast<ExportDataFunction>(i2d_ECParameters),	203 reinterpret_cast<ExportDataFunction>(i2d_ECParameters),

199 output);	204 output);

200 }	205 }

201	206

202 ECPrivateKey::ECPrivateKey() : key_(NULL) {}	207 ECPrivateKey::ECPrivateKey() : key_(NULL) {}

203	208

204 } // namespace crypto	209 } // namespace crypto

OLD	NEW

« no previous file with comments | « no previous file | crypto/ec_private_key_unittest.cc » ('j') | no next file with comments »