| Index: net/android/keystore_openssl.cc
|
| diff --git a/net/android/keystore_openssl.cc b/net/android/keystore_openssl.cc
|
| index afdca30de0d772d51261d9dfa7dbda242374e0bf..6c1bd40f3316e4fa6797ae5b56fe48807ce2e5ba 100644
|
| --- a/net/android/keystore_openssl.cc
|
| +++ b/net/android/keystore_openssl.cc
|
| @@ -136,9 +136,9 @@ int RsaMethodPubDec(int flen,
|
| // third_party/openssl/openssl/crypto/rsa/rsa_eay.c for the default
|
| // implementation of this function.
|
| int RsaMethodPrivEnc(int flen,
|
| - const unsigned char *from,
|
| - unsigned char *to,
|
| - RSA *rsa,
|
| + const unsigned char* from,
|
| + unsigned char* to,
|
| + RSA* rsa,
|
| int padding) {
|
| DCHECK_EQ(RSA_PKCS1_PADDING, padding);
|
| if (padding != RSA_PKCS1_PADDING) {
|
| @@ -173,8 +173,8 @@ int RsaMethodPrivEnc(int flen,
|
|
|
| size_t expected_size = static_cast<size_t>(RSA_size(rsa));
|
| if (result.size() > expected_size) {
|
| - LOG(ERROR) << "RSA Signature size mismatch, actual: "
|
| - << result.size() << ", expected <= " << expected_size;
|
| + LOG(ERROR) << "RSA Signature size mismatch, actual: " << result.size()
|
| + << ", expected <= " << expected_size;
|
| RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
|
| return -1;
|
| }
|
| @@ -216,23 +216,23 @@ int RsaMethodFinish(RSA* rsa) {
|
| }
|
|
|
| const RSA_METHOD android_rsa_method = {
|
| - /* .name = */ "Android signing-only RSA method",
|
| - /* .rsa_pub_enc = */ RsaMethodPubEnc,
|
| - /* .rsa_pub_dec = */ RsaMethodPubDec,
|
| - /* .rsa_priv_enc = */ RsaMethodPrivEnc,
|
| - /* .rsa_priv_dec = */ RsaMethodPrivDec,
|
| - /* .rsa_mod_exp = */ NULL,
|
| - /* .bn_mod_exp = */ NULL,
|
| - /* .init = */ RsaMethodInit,
|
| - /* .finish = */ RsaMethodFinish,
|
| - // This flag is necessary to tell OpenSSL to avoid checking the content
|
| - // (i.e. internal fields) of the private key. Otherwise, it will complain
|
| - // it's not valid for the certificate.
|
| - /* .flags = */ RSA_METHOD_FLAG_NO_CHECK,
|
| - /* .app_data = */ NULL,
|
| - /* .rsa_sign = */ NULL,
|
| - /* .rsa_verify = */ NULL,
|
| - /* .rsa_keygen = */ NULL,
|
| + /* .name = */ "Android signing-only RSA method",
|
| + /* .rsa_pub_enc = */ RsaMethodPubEnc,
|
| + /* .rsa_pub_dec = */ RsaMethodPubDec,
|
| + /* .rsa_priv_enc = */ RsaMethodPrivEnc,
|
| + /* .rsa_priv_dec = */ RsaMethodPrivDec,
|
| + /* .rsa_mod_exp = */ NULL,
|
| + /* .bn_mod_exp = */ NULL,
|
| + /* .init = */ RsaMethodInit,
|
| + /* .finish = */ RsaMethodFinish,
|
| + // This flag is necessary to tell OpenSSL to avoid checking the content
|
| + // (i.e. internal fields) of the private key. Otherwise, it will complain
|
| + // it's not valid for the certificate.
|
| + /* .flags = */ RSA_METHOD_FLAG_NO_CHECK,
|
| + /* .app_data = */ NULL,
|
| + /* .rsa_sign = */ NULL,
|
| + /* .rsa_verify = */ NULL,
|
| + /* .rsa_keygen = */ NULL,
|
| };
|
|
|
| // Copy the contents of an encoded big integer into an existing BIGNUM.
|
| @@ -241,12 +241,10 @@ const RSA_METHOD android_rsa_method = {
|
| // |num| points to the BIGNUM which will be assigned with the new value.
|
| // Returns true on success, false otherwise. On failure, |*num| is
|
| // not modified.
|
| -bool CopyBigNumFromBytes(const std::vector<uint8>& new_bytes,
|
| - BIGNUM* num) {
|
| - BIGNUM* ret = BN_bin2bn(
|
| - reinterpret_cast<const unsigned char*>(&new_bytes[0]),
|
| - static_cast<int>(new_bytes.size()),
|
| - num);
|
| +bool CopyBigNumFromBytes(const std::vector<uint8>& new_bytes, BIGNUM* num) {
|
| + BIGNUM* ret = BN_bin2bn(reinterpret_cast<const unsigned char*>(&new_bytes[0]),
|
| + static_cast<int>(new_bytes.size()),
|
| + num);
|
| return (ret != NULL);
|
| }
|
|
|
| @@ -261,10 +259,10 @@ bool CopyBigNumFromBytes(const std::vector<uint8>& new_bytes,
|
| bool SwapBigNumPtrFromBytes(const std::vector<uint8>& new_bytes,
|
| BIGNUM** num_ptr) {
|
| BIGNUM* old_num = *num_ptr;
|
| - BIGNUM* new_num = BN_bin2bn(
|
| - reinterpret_cast<const unsigned char*>(&new_bytes[0]),
|
| - static_cast<int>(new_bytes.size()),
|
| - old_num);
|
| + BIGNUM* new_num =
|
| + BN_bin2bn(reinterpret_cast<const unsigned char*>(&new_bytes[0]),
|
| + static_cast<int>(new_bytes.size()),
|
| + old_num);
|
| if (new_num == NULL)
|
| return false;
|
|
|
| @@ -316,8 +314,7 @@ bool GetRsaPkeyWrapper(jobject private_key, EVP_PKEY* pkey) {
|
| // |pkey| is the EVP_PKEY to setup as a wrapper.
|
| // Returns true on success, false otherwise.
|
| EVP_PKEY* GetRsaLegacyKey(jobject private_key) {
|
| - EVP_PKEY* sys_pkey =
|
| - GetOpenSSLSystemHandleForPrivateKey(private_key);
|
| + EVP_PKEY* sys_pkey = GetOpenSSLSystemHandleForPrivateKey(private_key);
|
| if (sys_pkey != NULL) {
|
| CRYPTO_add(&sys_pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
|
| } else {
|
| @@ -352,9 +349,7 @@ EVP_PKEY* GetRsaLegacyKey(jobject private_key) {
|
| // RSA_set_ex_data() with a hard-coded index of 0, so this code
|
| // does the same thing here.
|
|
|
| -DSA_SIG* DsaMethodDoSign(const unsigned char* dgst,
|
| - int dlen,
|
| - DSA* dsa) {
|
| +DSA_SIG* DsaMethodDoSign(const unsigned char* dgst, int dlen, DSA* dsa) {
|
| // Extract the JNI reference to the PrivateKey object.
|
| jobject private_key = reinterpret_cast<jobject>(DSA_get_ex_data(dsa, 0));
|
| if (private_key == NULL)
|
| @@ -364,9 +359,8 @@ DSA_SIG* DsaMethodDoSign(const unsigned char* dgst,
|
| std::vector<uint8> signature;
|
| if (!RawSignDigestWithPrivateKey(
|
| private_key,
|
| - base::StringPiece(
|
| - reinterpret_cast<const char*>(dgst),
|
| - static_cast<size_t>(dlen)),
|
| + base::StringPiece(reinterpret_cast<const char*>(dgst),
|
| + static_cast<size_t>(dlen)),
|
| &signature)) {
|
| return NULL;
|
| }
|
| @@ -374,9 +368,8 @@ DSA_SIG* DsaMethodDoSign(const unsigned char* dgst,
|
| // Note: With DSA, the actual signature might be smaller than DSA_size().
|
| size_t max_expected_size = static_cast<size_t>(DSA_size(dsa));
|
| if (signature.size() > max_expected_size) {
|
| - LOG(ERROR) << "DSA Signature size mismatch, actual: "
|
| - << signature.size() << ", expected <= "
|
| - << max_expected_size;
|
| + LOG(ERROR) << "DSA Signature size mismatch, actual: " << signature.size()
|
| + << ", expected <= " << max_expected_size;
|
| return NULL;
|
| }
|
|
|
| @@ -388,10 +381,7 @@ DSA_SIG* DsaMethodDoSign(const unsigned char* dgst,
|
| return dsa_sig;
|
| }
|
|
|
| -int DsaMethodSignSetup(DSA* dsa,
|
| - BN_CTX* ctx_in,
|
| - BIGNUM** kinvp,
|
| - BIGNUM** rp) {
|
| +int DsaMethodSignSetup(DSA* dsa, BN_CTX* ctx_in, BIGNUM** kinvp, BIGNUM** rp) {
|
| NOTIMPLEMENTED();
|
| DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_INVALID_DIGEST_TYPE);
|
| return -1;
|
| @@ -409,7 +399,7 @@ int DsaMethodDoVerify(const unsigned char* dgst,
|
| int DsaMethodFinish(DSA* dsa) {
|
| // Free the global JNI reference that was created with this
|
| // wrapper key.
|
| - jobject key = reinterpret_cast<jobject>(DSA_get_ex_data(dsa,0));
|
| + jobject key = reinterpret_cast<jobject>(DSA_get_ex_data(dsa, 0));
|
| if (key != NULL) {
|
| DSA_set_ex_data(dsa, 0, NULL);
|
| ReleaseKey(key);
|
| @@ -420,19 +410,18 @@ int DsaMethodFinish(DSA* dsa) {
|
| }
|
|
|
| const DSA_METHOD android_dsa_method = {
|
| - /* .name = */ "Android signing-only DSA method",
|
| - /* .dsa_do_sign = */ DsaMethodDoSign,
|
| - /* .dsa_sign_setup = */ DsaMethodSignSetup,
|
| - /* .dsa_do_verify = */ DsaMethodDoVerify,
|
| - /* .dsa_mod_exp = */ NULL,
|
| - /* .bn_mod_exp = */ NULL,
|
| - /* .init = */ NULL, // nothing to do here.
|
| - /* .finish = */ DsaMethodFinish,
|
| - /* .flags = */ 0,
|
| - /* .app_data = */ NULL,
|
| - /* .dsa_paramgem = */ NULL,
|
| - /* .dsa_keygen = */ NULL
|
| -};
|
| + /* .name = */ "Android signing-only DSA method",
|
| + /* .dsa_do_sign = */ DsaMethodDoSign,
|
| + /* .dsa_sign_setup = */ DsaMethodSignSetup,
|
| + /* .dsa_do_verify = */ DsaMethodDoVerify,
|
| + /* .dsa_mod_exp = */ NULL,
|
| + /* .bn_mod_exp = */ NULL,
|
| + /* .init = */ NULL, // nothing to do here.
|
| + /* .finish = */ DsaMethodFinish,
|
| + /* .flags = */ 0,
|
| + /* .app_data = */ NULL,
|
| + /* .dsa_paramgem = */ NULL,
|
| + /* .dsa_keygen = */ NULL};
|
|
|
| // Setup an EVP_PKEY to wrap an existing DSA platform PrivateKey object.
|
| // |private_key| is a JNI reference (local or global) to the object.
|
| @@ -510,18 +499,18 @@ int ExDataDup(CRYPTO_EX_DATA* to,
|
| }
|
|
|
| class EcdsaExDataIndex {
|
| -public:
|
| + public:
|
| int ex_data_index() { return ex_data_index_; }
|
|
|
| EcdsaExDataIndex() {
|
| - ex_data_index_ = ECDSA_get_ex_new_index(0, // argl
|
| - NULL, // argp
|
| - NULL, // new_func
|
| - ExDataDup, // dup_func
|
| - ExDataFree); // free_func
|
| + ex_data_index_ = ECDSA_get_ex_new_index(0, // argl
|
| + NULL, // argp
|
| + NULL, // new_func
|
| + ExDataDup, // dup_func
|
| + ExDataFree); // free_func
|
| }
|
|
|
| -private:
|
| + private:
|
| int ex_data_index_;
|
| };
|
|
|
| @@ -549,11 +538,9 @@ ECDSA_SIG* EcdsaMethodDoSign(const unsigned char* dgst,
|
| }
|
| // Sign message with it through JNI.
|
| std::vector<uint8> signature;
|
| - base::StringPiece digest(
|
| - reinterpret_cast<const char*>(dgst),
|
| - static_cast<size_t>(dgst_len));
|
| - if (!RawSignDigestWithPrivateKey(
|
| - private_key, digest, &signature)) {
|
| + base::StringPiece digest(reinterpret_cast<const char*>(dgst),
|
| + static_cast<size_t>(dgst_len));
|
| + if (!RawSignDigestWithPrivateKey(private_key, digest, &signature)) {
|
| LOG(WARNING) << "Could not sign message in EcdsaMethodDoSign!";
|
| return NULL;
|
| }
|
| @@ -562,9 +549,8 @@ ECDSA_SIG* EcdsaMethodDoSign(const unsigned char* dgst,
|
| // ECDSA_size().
|
| size_t max_expected_size = static_cast<size_t>(ECDSA_size(eckey));
|
| if (signature.size() > max_expected_size) {
|
| - LOG(ERROR) << "ECDSA Signature size mismatch, actual: "
|
| - << signature.size() << ", expected <= "
|
| - << max_expected_size;
|
| + LOG(ERROR) << "ECDSA Signature size mismatch, actual: " << signature.size()
|
| + << ", expected <= " << max_expected_size;
|
| return NULL;
|
| }
|
|
|
| @@ -594,12 +580,12 @@ int EcdsaMethodDoVerify(const unsigned char* dgst,
|
| }
|
|
|
| const ECDSA_METHOD android_ecdsa_method = {
|
| - /* .name = */ "Android signing-only ECDSA method",
|
| - /* .ecdsa_do_sign = */ EcdsaMethodDoSign,
|
| - /* .ecdsa_sign_setup = */ EcdsaMethodSignSetup,
|
| - /* .ecdsa_do_verify = */ EcdsaMethodDoVerify,
|
| - /* .flags = */ 0,
|
| - /* .app_data = */ NULL,
|
| + /* .name = */ "Android signing-only ECDSA method",
|
| + /* .ecdsa_do_sign = */ EcdsaMethodDoSign,
|
| + /* .ecdsa_sign_setup = */ EcdsaMethodSignSetup,
|
| + /* .ecdsa_do_verify = */ EcdsaMethodDoVerify,
|
| + /* .flags = */ 0,
|
| + /* .app_data = */ NULL,
|
| };
|
|
|
| // Setup an EVP_PKEY to wrap an existing platform PrivateKey object.
|
| @@ -637,9 +623,7 @@ bool GetEcdsaPkeyWrapper(jobject private_key, EVP_PKEY* pkey) {
|
| LOG(ERROR) << "Can't create global JNI reference";
|
| return false;
|
| }
|
| - ECDSA_set_ex_data(eckey.get(),
|
| - EcdsaGetExDataIndex(),
|
| - global_key.Release());
|
| + ECDSA_set_ex_data(eckey.get(), EcdsaGetExDataIndex(), global_key.Release());
|
|
|
| EVP_PKEY_assign_EC_KEY(pkey, eckey.release());
|
| return true;
|
| @@ -656,26 +640,24 @@ EVP_PKEY* GetOpenSSLPrivateKeyWrapper(jobject private_key) {
|
| // Create sub key type, depending on private key's algorithm type.
|
| PrivateKeyType key_type = GetPrivateKeyType(private_key);
|
| switch (key_type) {
|
| - case PRIVATE_KEY_TYPE_RSA:
|
| - {
|
| - // Route around platform bug: if Android < 4.2, then
|
| - // base::android::RawSignDigestWithPrivateKey() cannot work, so
|
| - // instead, obtain a raw EVP_PKEY* to the system object
|
| - // backing this PrivateKey object.
|
| - const int kAndroid42ApiLevel = 17;
|
| - if (base::android::BuildInfo::GetInstance()->sdk_int() <
|
| - kAndroid42ApiLevel) {
|
| - EVP_PKEY* legacy_key = GetRsaLegacyKey(private_key);
|
| - if (legacy_key == NULL)
|
| - return NULL;
|
| - pkey.reset(legacy_key);
|
| - } else {
|
| - // Running on Android 4.2.
|
| - if (!GetRsaPkeyWrapper(private_key, pkey.get()))
|
| - return NULL;
|
| - }
|
| + case PRIVATE_KEY_TYPE_RSA: {
|
| + // Route around platform bug: if Android < 4.2, then
|
| + // base::android::RawSignDigestWithPrivateKey() cannot work, so
|
| + // instead, obtain a raw EVP_PKEY* to the system object
|
| + // backing this PrivateKey object.
|
| + const int kAndroid42ApiLevel = 17;
|
| + if (base::android::BuildInfo::GetInstance()->sdk_int() <
|
| + kAndroid42ApiLevel) {
|
| + EVP_PKEY* legacy_key = GetRsaLegacyKey(private_key);
|
| + if (legacy_key == NULL)
|
| + return NULL;
|
| + pkey.reset(legacy_key);
|
| + } else {
|
| + // Running on Android 4.2.
|
| + if (!GetRsaPkeyWrapper(private_key, pkey.get()))
|
| + return NULL;
|
| }
|
| - break;
|
| + } break;
|
| case PRIVATE_KEY_TYPE_DSA:
|
| if (!GetDsaPkeyWrapper(private_key, pkey.get()))
|
| return NULL;
|
|
|
Chromium Code Reviews
