| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/chromium/crypto/proof_source_chromium.h" | 5 #include "net/quic/chromium/crypto/proof_source_chromium.h" |
| 6 | 6 |
| 7 #include <openssl/digest.h> | 7 #include <openssl/digest.h> |
| 8 #include <openssl/evp.h> | 8 #include <openssl/evp.h> |
| 9 #include <openssl/rsa.h> | 9 #include <openssl/rsa.h> |
| 10 | 10 |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 86 base::StringPiece chlo_hash, | 86 base::StringPiece chlo_hash, |
| 87 scoped_refptr<ProofSource::Chain>* out_chain, | 87 scoped_refptr<ProofSource::Chain>* out_chain, |
| 88 string* out_signature, | 88 string* out_signature, |
| 89 string* out_leaf_cert_sct) { | 89 string* out_leaf_cert_sct) { |
| 90 DCHECK(private_key_.get()) << " this: " << this; | 90 DCHECK(private_key_.get()) << " this: " << this; |
| 91 | 91 |
| 92 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 92 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 93 crypto::ScopedEVP_MD_CTX sign_context(EVP_MD_CTX_create()); | 93 crypto::ScopedEVP_MD_CTX sign_context(EVP_MD_CTX_create()); |
| 94 EVP_PKEY_CTX* pkey_ctx; | 94 EVP_PKEY_CTX* pkey_ctx; |
| 95 | 95 |
| 96 if (quic_version > QUIC_VERSION_30) { | 96 uint32_t len_tmp = chlo_hash.length(); |
| 97 uint32_t len = chlo_hash.length(); | 97 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), |
| 98 if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), | 98 nullptr, private_key_->key()) || |
| 99 nullptr, private_key_->key()) || | 99 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || |
| 100 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || | 100 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) || |
| 101 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) || | 101 !EVP_DigestSignUpdate( |
| 102 !EVP_DigestSignUpdate( | 102 sign_context.get(), |
| 103 sign_context.get(), | 103 reinterpret_cast<const uint8_t*>(kProofSignatureLabel), |
| 104 reinterpret_cast<const uint8_t*>(kProofSignatureLabel), | 104 sizeof(kProofSignatureLabel)) || |
| 105 sizeof(kProofSignatureLabel)) || | 105 !EVP_DigestSignUpdate(sign_context.get(), |
| 106 !EVP_DigestSignUpdate(sign_context.get(), | 106 reinterpret_cast<const uint8_t*>(&len_tmp), |
| 107 reinterpret_cast<const uint8_t*>(&len), | 107 sizeof(len_tmp)) || |
| 108 sizeof(len)) || | 108 !EVP_DigestSignUpdate( |
| 109 !EVP_DigestSignUpdate( | 109 sign_context.get(), |
| 110 sign_context.get(), | 110 reinterpret_cast<const uint8_t*>(chlo_hash.data()), len_tmp) || |
| 111 reinterpret_cast<const uint8_t*>(chlo_hash.data()), len) || | 111 !EVP_DigestSignUpdate( |
| 112 !EVP_DigestSignUpdate( | 112 sign_context.get(), |
| 113 sign_context.get(), | 113 reinterpret_cast<const uint8_t*>(server_config.data()), |
| 114 reinterpret_cast<const uint8_t*>(server_config.data()), | 114 server_config.size())) { |
| 115 server_config.size())) { | |
| 116 return false; | |
| 117 } | |
| 118 } else if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), | |
| 119 nullptr, private_key_->key()) || | |
| 120 !EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) || | |
| 121 !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1) || | |
| 122 !EVP_DigestSignUpdate( | |
| 123 sign_context.get(), | |
| 124 reinterpret_cast<const uint8_t*>(kProofSignatureLabelOld), | |
| 125 sizeof(kProofSignatureLabelOld)) || | |
| 126 !EVP_DigestSignUpdate( | |
| 127 sign_context.get(), | |
| 128 reinterpret_cast<const uint8_t*>(server_config.data()), | |
| 129 server_config.size())) { | |
| 130 return false; | 115 return false; |
| 131 } | 116 } |
| 132 | |
| 133 // Determine the maximum length of the signature. | 117 // Determine the maximum length of the signature. |
| 134 size_t len = 0; | 118 size_t len = 0; |
| 135 if (!EVP_DigestSignFinal(sign_context.get(), nullptr, &len)) { | 119 if (!EVP_DigestSignFinal(sign_context.get(), nullptr, &len)) { |
| 136 return false; | 120 return false; |
| 137 } | 121 } |
| 138 std::vector<uint8_t> signature(len); | 122 std::vector<uint8_t> signature(len); |
| 139 // Sign it. | 123 // Sign it. |
| 140 if (!EVP_DigestSignFinal(sign_context.get(), signature.data(), &len)) { | 124 if (!EVP_DigestSignFinal(sign_context.get(), signature.data(), &len)) { |
| 141 return false; | 125 return false; |
| 142 } | 126 } |
| (...skipping 17 matching lines...) Expand all Loading... |
| 160 // GetProof, then invoke the callback with the results and destroy it. | 144 // GetProof, then invoke the callback with the results and destroy it. |
| 161 scoped_refptr<ProofSource::Chain> chain; | 145 scoped_refptr<ProofSource::Chain> chain; |
| 162 string signature; | 146 string signature; |
| 163 string leaf_cert_sct; | 147 string leaf_cert_sct; |
| 164 const bool ok = GetProof(server_ip, hostname, server_config, quic_version, | 148 const bool ok = GetProof(server_ip, hostname, server_config, quic_version, |
| 165 chlo_hash, &chain, &signature, &leaf_cert_sct); | 149 chlo_hash, &chain, &signature, &leaf_cert_sct); |
| 166 callback->Run(ok, chain, signature, leaf_cert_sct, nullptr /* details */); | 150 callback->Run(ok, chain, signature, leaf_cert_sct, nullptr /* details */); |
| 167 } | 151 } |
| 168 | 152 |
| 169 } // namespace net | 153 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2401363004:
relnote: Deprecate flag quic_disable_pre_32 (Closed)
