Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(395)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: crypto/ec_private_key.cc

Issue 2608453002: Remove the password parameter for ECPrivateKey::ExportEncryptedPrivateKey. (Closed)
Patch Set: fmt Created 4 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « crypto/ec_private_key.h ('k') | crypto/ec_private_key_unittest.cc » ('j') | net/ssl/channel_id_service.h » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: crypto/ec_private_key.cc
diff --git a/crypto/ec_private_key.cc b/crypto/ec_private_key.cc
index 0a2344c2a6661c05ac60ee36e87b24b9aacb8aa5..9914c5dde866e9f2e47b9a747ab7584cefff4d19 100644
--- a/crypto/ec_private_key.cc
+++ b/crypto/ec_private_key.cc
@@ -95,7 +95,6 @@ std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromPrivateKeyInfo(
// static
std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
- const std::string& password,
const std::vector<uint8_t>& encrypted_private_key_info,
const std::vector<uint8_t>& subject_public_key_info) {
// NOTE: The |subject_public_key_info| can be ignored here, it is only
@@ -113,21 +112,15 @@ std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
if (!p8_encrypted || ptr != data + encrypted_private_key_info.size())
return nullptr;
- bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> p8_decrypted;
- if (password.empty()) {
- // Hack for reading keys generated by an older version of the OpenSSL
- // code. OpenSSL used to use "\0\0" rather than the empty string because it
- // would treat the password as an ASCII string to be converted to UCS-2
- // while NSS used a byte string.
- p8_decrypted.reset(PKCS8_decrypt_pbe(
- p8_encrypted.get(), reinterpret_cast<const uint8_t*>("\0\0"), 2));
- }
- if (!p8_decrypted) {
- p8_decrypted.reset(PKCS8_decrypt_pbe(
- p8_encrypted.get(),
- reinterpret_cast<const uint8_t*>(password.data()),
- password.size()));
- }
+ // Hack for reading keys generated by an older version of the OpenSSL code.
+ // Some implementations encode the empty password as "\0\0" (passwords are
+ // normally encoded in big-endian UCS-2 with a NUL terminator) and some
+ // encode as the empty string. PKCS8_decrypt distinguishes the two by whether
+ // the password is nullptr.
+ bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> p8_decrypted(
+ PKCS8_decrypt(p8_encrypted.get(), "", 0));
+ if (!p8_decrypted)
+ p8_decrypted.reset(PKCS8_decrypt(p8_encrypted.get(), nullptr, 0));
if (!p8_decrypted)
return nullptr;
@@ -166,8 +159,6 @@ bool ECPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const {
}
bool ECPrivateKey::ExportEncryptedPrivateKey(
- const std::string& password,
- int iterations,
std::vector<uint8_t>* output) const {
OpenSSLErrStackTracer err_tracer(FROM_HERE);
// Convert into a PKCS#8 object.
@@ -180,9 +171,8 @@ bool ECPrivateKey::ExportEncryptedPrivateKey(
// so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL
// equivalent.
bssl::UniquePtr<X509_SIG> encrypted(
- PKCS8_encrypt_pbe(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr,
- reinterpret_cast<const uint8_t*>(password.data()),
- password.size(), nullptr, 0, iterations, pkcs8.get()));
+ PKCS8_encrypt(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr, nullptr, 0,
+ nullptr, 0, 1, pkcs8.get()));
if (!encrypted)
return false;
« no previous file with comments | « crypto/ec_private_key.h ('k') | crypto/ec_private_key_unittest.cc » ('j') | net/ssl/channel_id_service.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698