Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(289)

Side by Side Diff: net/ssl/ssl_platform_key_nss.cc

Issue 2400033005: Use BoringSSL scopers in //net. (Closed)
Patch Set: eroman comments Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/ssl_platform_key_mac.cc ('k') | net/ssl/ssl_platform_key_win.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <keyhi.h> 5 #include <keyhi.h>
6 #include <openssl/bn.h> 6 #include <openssl/bn.h>
7 #include <openssl/ecdsa.h> 7 #include <openssl/ecdsa.h>
8 #include <openssl/mem.h>
9 #include <openssl/nid.h>
8 #include <openssl/rsa.h> 10 #include <openssl/rsa.h>
9 #include <pk11pub.h> 11 #include <pk11pub.h>
10 #include <prerror.h> 12 #include <prerror.h>
11 13
12 #include <utility> 14 #include <utility>
13 15
14 #include "base/logging.h" 16 #include "base/logging.h"
15 #include "base/macros.h" 17 #include "base/macros.h"
16 #include "base/memory/ptr_util.h" 18 #include "base/memory/ptr_util.h"
17 #include "base/sequenced_task_runner.h" 19 #include "base/sequenced_task_runner.h"
18 #include "crypto/scoped_nss_types.h" 20 #include "crypto/scoped_nss_types.h"
19 #include "crypto/scoped_openssl_types.h"
20 #include "net/cert/x509_certificate.h" 21 #include "net/cert/x509_certificate.h"
21 #include "net/ssl/client_key_store.h" 22 #include "net/ssl/client_key_store.h"
22 #include "net/ssl/ssl_platform_key.h" 23 #include "net/ssl/ssl_platform_key.h"
23 #include "net/ssl/ssl_platform_key_task_runner.h" 24 #include "net/ssl/ssl_platform_key_task_runner.h"
24 #include "net/ssl/ssl_private_key.h" 25 #include "net/ssl/ssl_private_key.h"
25 #include "net/ssl/threaded_ssl_private_key.h" 26 #include "net/ssl/threaded_ssl_private_key.h"
26 27
27 namespace net { 28 namespace net {
28 29
29 namespace { 30 namespace {
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
64 } 65 }
65 66
66 Error SignDigest(SSLPrivateKey::Hash hash, 67 Error SignDigest(SSLPrivateKey::Hash hash,
67 const base::StringPiece& input, 68 const base::StringPiece& input,
68 std::vector<uint8_t>* signature) override { 69 std::vector<uint8_t>* signature) override {
69 SECItem digest_item; 70 SECItem digest_item;
70 digest_item.data = 71 digest_item.data =
71 const_cast<uint8_t*>(reinterpret_cast<const uint8_t*>(input.data())); 72 const_cast<uint8_t*>(reinterpret_cast<const uint8_t*>(input.data()));
72 digest_item.len = input.size(); 73 digest_item.len = input.size();
73 74
74 crypto::ScopedOpenSSLBytes free_digest_info; 75 bssl::UniquePtr<uint8_t> free_digest_info;
75 if (type_ == SSLPrivateKey::Type::RSA) { 76 if (type_ == SSLPrivateKey::Type::RSA) {
76 // PK11_Sign expects the caller to prepend the DigestInfo. 77 // PK11_Sign expects the caller to prepend the DigestInfo.
77 int hash_nid = NID_undef; 78 int hash_nid = NID_undef;
78 switch (hash) { 79 switch (hash) {
79 case SSLPrivateKey::Hash::MD5_SHA1: 80 case SSLPrivateKey::Hash::MD5_SHA1:
80 hash_nid = NID_md5_sha1; 81 hash_nid = NID_md5_sha1;
81 break; 82 break;
82 case SSLPrivateKey::Hash::SHA1: 83 case SSLPrivateKey::Hash::SHA1:
83 hash_nid = NID_sha1; 84 hash_nid = NID_sha1;
84 break; 85 break;
(...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after
124 // NSS emits raw ECDSA signatures, but BoringSSL expects a DER-encoded 125 // NSS emits raw ECDSA signatures, but BoringSSL expects a DER-encoded
125 // ECDSA-Sig-Value. 126 // ECDSA-Sig-Value.
126 if (type_ == SSLPrivateKey::Type::ECDSA) { 127 if (type_ == SSLPrivateKey::Type::ECDSA) {
127 if (signature->size() % 2 != 0) { 128 if (signature->size() % 2 != 0) {
128 LOG(ERROR) << "Bad signature length"; 129 LOG(ERROR) << "Bad signature length";
129 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; 130 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
130 } 131 }
131 size_t order_len = signature->size() / 2; 132 size_t order_len = signature->size() / 2;
132 133
133 // Convert the RAW ECDSA signature to a DER-encoded ECDSA-Sig-Value. 134 // Convert the RAW ECDSA signature to a DER-encoded ECDSA-Sig-Value.
134 crypto::ScopedECDSA_SIG sig(ECDSA_SIG_new()); 135 bssl::UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
135 if (!sig || !BN_bin2bn(signature->data(), order_len, sig->r) || 136 if (!sig || !BN_bin2bn(signature->data(), order_len, sig->r) ||
136 !BN_bin2bn(signature->data() + order_len, order_len, sig->s)) { 137 !BN_bin2bn(signature->data() + order_len, order_len, sig->s)) {
137 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; 138 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
138 } 139 }
139 140
140 int len = i2d_ECDSA_SIG(sig.get(), nullptr); 141 int len = i2d_ECDSA_SIG(sig.get(), nullptr);
141 if (len <= 0) 142 if (len <= 0)
142 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; 143 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
143 signature->resize(len); 144 signature->resize(len);
144 uint8_t* ptr = signature->data(); 145 uint8_t* ptr = signature->data();
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
181 default: 182 default:
182 LOG(ERROR) << "Unknown key type: " << nss_type; 183 LOG(ERROR) << "Unknown key type: " << nss_type;
183 return nullptr; 184 return nullptr;
184 } 185 }
185 return make_scoped_refptr(new ThreadedSSLPrivateKey( 186 return make_scoped_refptr(new ThreadedSSLPrivateKey(
186 base::MakeUnique<SSLPlatformKeyNSS>(type, std::move(key)), 187 base::MakeUnique<SSLPlatformKeyNSS>(type, std::move(key)),
187 GetSSLPlatformKeyTaskRunner())); 188 GetSSLPlatformKeyTaskRunner()));
188 } 189 }
189 190
190 } // namespace net 191 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/ssl_platform_key_mac.cc ('k') | net/ssl/ssl_platform_key_win.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698