Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(4)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/ssl/ssl_platform_key_win.cc

Issue 2400033005: Use BoringSSL scopers in //net. (Closed)
Patch Set: eroman comments Created 4 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/ssl/ssl_platform_key_nss.cc ('k') | net/ssl/test_ssl_private_key.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/ssl/ssl_platform_key.h" 5 #include "net/ssl/ssl_platform_key.h"
6 6
7 #include <windows.h> 7 #include <windows.h>
8 #include <NCrypt.h> 8 #include <NCrypt.h>
9 9
10 #include <algorithm> 10 #include <algorithm>
11 #include <string> 11 #include <string>
12 #include <utility> 12 #include <utility>
13 #include <vector> 13 #include <vector>
14 14
15 #include <openssl/bn.h> 15 #include <openssl/bn.h>
16 #include <openssl/ecdsa.h> 16 #include <openssl/ecdsa.h>
17 #include <openssl/evp.h> 17 #include <openssl/evp.h>
18 #include <openssl/x509.h> 18 #include <openssl/x509.h>
19 19
20 #include "base/logging.h" 20 #include "base/logging.h"
21 #include "base/macros.h" 21 #include "base/macros.h"
22 #include "base/sequenced_task_runner.h" 22 #include "base/sequenced_task_runner.h"
23 #include "crypto/openssl_util.h" 23 #include "crypto/openssl_util.h"
24 #include "crypto/scoped_capi_types.h" 24 #include "crypto/scoped_capi_types.h"
25 #include "crypto/wincrypt_shim.h" 25 #include "crypto/wincrypt_shim.h"
26 #include "net/base/net_errors.h" 26 #include "net/base/net_errors.h"
27 #include "net/cert/x509_certificate.h" 27 #include "net/cert/x509_certificate.h"
28 #include "net/ssl/scoped_openssl_types.h"
29 #include "net/ssl/ssl_platform_key_task_runner.h" 28 #include "net/ssl/ssl_platform_key_task_runner.h"
30 #include "net/ssl/ssl_private_key.h" 29 #include "net/ssl/ssl_private_key.h"
31 #include "net/ssl/threaded_ssl_private_key.h" 30 #include "net/ssl/threaded_ssl_private_key.h"
32 31
33 namespace net { 32 namespace net {
34 33
35 namespace { 34 namespace {
36 35
37 class SSLPlatformKeyCAPI : public ThreadedSSLPrivateKey::Delegate { 36 class SSLPlatformKeyCAPI : public ThreadedSSLPrivateKey::Delegate {
38 public: 37 public:
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after
213 // CNG emits raw ECDSA signatures, but BoringSSL expects a DER-encoded 212 // CNG emits raw ECDSA signatures, but BoringSSL expects a DER-encoded
214 // ECDSA-Sig-Value. 213 // ECDSA-Sig-Value.
215 if (type_ == SSLPrivateKey::Type::ECDSA) { 214 if (type_ == SSLPrivateKey::Type::ECDSA) {
216 if (signature->size() % 2 != 0) { 215 if (signature->size() % 2 != 0) {
217 LOG(ERROR) << "Bad signature length"; 216 LOG(ERROR) << "Bad signature length";
218 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; 217 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
219 } 218 }
220 size_t order_len = signature->size() / 2; 219 size_t order_len = signature->size() / 2;
221 220
222 // Convert the RAW ECDSA signature to a DER-encoded ECDSA-Sig-Value. 221 // Convert the RAW ECDSA signature to a DER-encoded ECDSA-Sig-Value.
223 crypto::ScopedECDSA_SIG sig(ECDSA_SIG_new()); 222 bssl::UniquePtr<ECDSA_SIG> sig(ECDSA_SIG_new());
224 if (!sig || !BN_bin2bn(signature->data(), order_len, sig->r) || 223 if (!sig || !BN_bin2bn(signature->data(), order_len, sig->r) ||
225 !BN_bin2bn(signature->data() + order_len, order_len, sig->s)) { 224 !BN_bin2bn(signature->data() + order_len, order_len, sig->s)) {
226 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; 225 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
227 } 226 }
228 227
229 int len = i2d_ECDSA_SIG(sig.get(), nullptr); 228 int len = i2d_ECDSA_SIG(sig.get(), nullptr);
230 if (len <= 0) 229 if (len <= 0)
231 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED; 230 return ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED;
232 signature->resize(len); 231 signature->resize(len);
233 uint8_t* ptr = signature->data(); 232 uint8_t* ptr = signature->data();
(...skipping 19 matching lines...) Expand all
253 bool GetKeyInfo(const X509Certificate* certificate, 252 bool GetKeyInfo(const X509Certificate* certificate,
254 SSLPrivateKey::Type* out_type, 253 SSLPrivateKey::Type* out_type,
255 size_t* out_max_length) { 254 size_t* out_max_length) {
256 crypto::OpenSSLErrStackTracer tracker(FROM_HERE); 255 crypto::OpenSSLErrStackTracer tracker(FROM_HERE);
257 256
258 std::string der_encoded; 257 std::string der_encoded;
259 if (!X509Certificate::GetDEREncoded(certificate->os_cert_handle(), 258 if (!X509Certificate::GetDEREncoded(certificate->os_cert_handle(),
260 &der_encoded)) 259 &der_encoded))
261 return false; 260 return false;
262 const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data()); 261 const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());
263 ScopedX509 x509(d2i_X509(nullptr, &bytes, der_encoded.size())); 262 bssl::UniquePtr<X509> x509(d2i_X509(nullptr, &bytes, der_encoded.size()));
264 if (!x509) 263 if (!x509)
265 return false; 264 return false;
266 crypto::ScopedEVP_PKEY key(X509_get_pubkey(x509.get())); 265 bssl::UniquePtr<EVP_PKEY> key(X509_get_pubkey(x509.get()));
267 if (!key) 266 if (!key)
268 return false; 267 return false;
269 switch (EVP_PKEY_id(key.get())) { 268 switch (EVP_PKEY_id(key.get())) {
270 case EVP_PKEY_RSA: 269 case EVP_PKEY_RSA:
271 *out_type = SSLPrivateKey::Type::RSA; 270 *out_type = SSLPrivateKey::Type::RSA;
272 break; 271 break;
273 case EVP_PKEY_EC: 272 case EVP_PKEY_EC:
274 *out_type = SSLPrivateKey::Type::ECDSA; 273 *out_type = SSLPrivateKey::Type::ECDSA;
275 break; 274 break;
276 default: 275 default:
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after
314 delegate.reset(new SSLPlatformKeyCNG(prov_or_key, key_type, max_length)); 313 delegate.reset(new SSLPlatformKeyCNG(prov_or_key, key_type, max_length));
315 } else { 314 } else {
316 DCHECK(SSLPrivateKey::Type::RSA == key_type); 315 DCHECK(SSLPrivateKey::Type::RSA == key_type);
317 delegate.reset(new SSLPlatformKeyCAPI(prov_or_key, key_spec, max_length)); 316 delegate.reset(new SSLPlatformKeyCAPI(prov_or_key, key_spec, max_length));
318 } 317 }
319 return make_scoped_refptr(new ThreadedSSLPrivateKey( 318 return make_scoped_refptr(new ThreadedSSLPrivateKey(
320 std::move(delegate), GetSSLPlatformKeyTaskRunner())); 319 std::move(delegate), GetSSLPlatformKeyTaskRunner()));
321 } 320 }
322 321
323 } // namespace net 322 } // namespace net
OLDNEW
« no previous file with comments | « net/ssl/ssl_platform_key_nss.cc ('k') | net/ssl/test_ssl_private_key.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698