Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/third_party/nss/ssl/sslplatf.c

Issue 4825003: ssl3_PlatformSignHashes should set buf->len to the... (Closed) Base URL: svn://chrome-svn/chrome/trunk/src/
Patch Set: Created 10 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « no previous file | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Platform specific crypto wrappers 2 * Platform specific crypto wrappers
3 * 3 *
4 * ***** BEGIN LICENSE BLOCK ***** 4 * ***** BEGIN LICENSE BLOCK *****
5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1 5 * Version: MPL 1.1/GPL 2.0/LGPL 2.1
6 * 6 *
7 * The contents of this file are subject to the Mozilla Public License Version 7 * The contents of this file are subject to the Mozilla Public License Version
8 * 1.1 (the "License"); you may not use this file except in compliance with 8 * 1.1 (the "License"); you may not use this file except in compliance with
9 * the License. You may obtain a copy of the License at 9 * the License. You may obtain a copy of the License at
10 * http://www.mozilla.org/MPL/ 10 * http://www.mozilla.org/MPL/
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after
253 } 253 }
254 if (!CryptSetHashParam(hHash, HP_HASHVAL, (BYTE*)hashItem.data, 0)) { 254 if (!CryptSetHashParam(hHash, HP_HASHVAL, (BYTE*)hashItem.data, 0)) {
255 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); 255 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
256 goto done; 256 goto done;
257 } 257 }
258 if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID, 258 if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID,
259 NULL, &signatureLen) || signatureLen == 0) { 259 NULL, &signatureLen) || signatureLen == 0) {
260 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); 260 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
261 goto done; 261 goto done;
262 } 262 }
263 buf->len = signatureLen;
264 buf->data = (unsigned char *)PORT_Alloc(signatureLen); 263 buf->data = (unsigned char *)PORT_Alloc(signatureLen);
265 if (!buf->data) 264 if (!buf->data)
266 goto done; /* error code was set. */ 265 goto done; /* error code was set. */
267 266
268 if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID, 267 if (!CryptSignHash(hHash, keySpec, NULL, CRYPT_NOHASHOID,
269 (BYTE*)buf->data, &signatureLen)) { 268 (BYTE*)buf->data, &signatureLen)) {
270 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); 269 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
271 goto done; 270 goto done;
272 } 271 }
272 buf->len = signatureLen;
273 273
274 /* CryptoAPI signs in little-endian, so reverse */ 274 /* CryptoAPI signs in little-endian, so reverse */
275 for (i = 0; i < buf->len / 2; ++i) { 275 for (i = 0; i < buf->len / 2; ++i) {
276 unsigned char tmp = buf->data[i]; 276 unsigned char tmp = buf->data[i];
277 buf->data[i] = buf->data[buf->len - 1 - i]; 277 buf->data[i] = buf->data[buf->len - 1 - i];
278 buf->data[buf->len - 1 - i] = tmp; 278 buf->data[buf->len - 1 - i] = tmp;
279 } 279 }
280 if (doDerEncode) { 280 if (doDerEncode) {
281 SECItem derSig = {siBuffer, NULL, 0}; 281 SECItem derSig = {siBuffer, NULL, 0};
282 282
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after
417 /* SecKeyGetBlockSize wasn't addeded until OS X 10.6 - but the 417 /* SecKeyGetBlockSize wasn't addeded until OS X 10.6 - but the
418 * needed information is readily available on the key itself. 418 * needed information is readily available on the key itself.
419 */ 419 */
420 signatureLen = (cssmKey->KeyHeader.LogicalKeySizeInBits + 7) / 8; 420 signatureLen = (cssmKey->KeyHeader.LogicalKeySizeInBits + 7) / 8;
421 421
422 if (signatureLen == 0) { 422 if (signatureLen == 0) {
423 PORT_SetError(SEC_ERROR_INVALID_KEY); 423 PORT_SetError(SEC_ERROR_INVALID_KEY);
424 goto done; 424 goto done;
425 } 425 }
426 426
427 buf->len = signatureLen;
428 buf->data = (unsigned char *)PORT_Alloc(signatureLen); 427 buf->data = (unsigned char *)PORT_Alloc(signatureLen);
429 if (!buf->data) 428 if (!buf->data)
430 goto done; /* error code was set. */ 429 goto done; /* error code was set. */
431 430
432 sigAlg = cssmKey->KeyHeader.AlgorithmId; 431 sigAlg = cssmKey->KeyHeader.AlgorithmId;
433 switch (sigAlg) { 432 switch (sigAlg) {
434 case CSSM_ALGID_RSA: 433 case CSSM_ALGID_RSA:
435 hashData.Data = hash->md5; 434 hashData.Data = hash->md5;
436 hashData.Length = sizeof(SSL3Hashes); 435 hashData.Length = sizeof(SSL3Hashes);
437 break; 436 break;
(...skipping 17 matching lines...) Expand all
455 * you can prevent the UI by setting the provider handle on the 454 * you can prevent the UI by setting the provider handle on the
456 * certificate to be opened with CRYPT_SILENT, but is there an equivalent? 455 * certificate to be opened with CRYPT_SILENT, but is there an equivalent?
457 */ 456 */
458 status = SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN, 457 status = SecKeyGetCredentials(key, CSSM_ACL_AUTHORIZATION_SIGN,
459 kSecCredentialTypeDefault, &cssmCreds); 458 kSecCredentialTypeDefault, &cssmCreds);
460 if (status != noErr) { 459 if (status != noErr) {
461 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); 460 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
462 goto done; 461 goto done;
463 } 462 }
464 463
465 signatureData.Length = buf->len; 464 signatureData.Length = signatureLen;
466 signatureData.Data = (uint8*)buf->data; 465 signatureData.Data = (uint8*)buf->data;
467 466
468 cssmRv = CSSM_CSP_CreateSignatureContext(cspHandle, sigAlg, cssmCreds, 467 cssmRv = CSSM_CSP_CreateSignatureContext(cspHandle, sigAlg, cssmCreds,
469 cssmKey, &cssmSignature); 468 cssmKey, &cssmSignature);
470 if (cssmRv) { 469 if (cssmRv) {
471 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); 470 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
472 goto done; 471 goto done;
473 } 472 }
474 473
475 /* See "Apple Cryptographic Service Provider Functional Specification" */ 474 /* See "Apple Cryptographic Service Provider Functional Specification" */
476 if (cssmKey->KeyHeader.AlgorithmId == CSSM_ALGID_RSA) { 475 if (cssmKey->KeyHeader.AlgorithmId == CSSM_ALGID_RSA) {
477 /* To set RSA blinding for RSA keys */ 476 /* To set RSA blinding for RSA keys */
478 CSSM_CONTEXT_ATTRIBUTE blindingAttr; 477 CSSM_CONTEXT_ATTRIBUTE blindingAttr;
479 blindingAttr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING; 478 blindingAttr.AttributeType = CSSM_ATTRIBUTE_RSA_BLINDING;
480 blindingAttr.AttributeLength = sizeof(uint32); 479 blindingAttr.AttributeLength = sizeof(uint32);
481 blindingAttr.Attribute.Uint32 = 1; 480 blindingAttr.Attribute.Uint32 = 1;
482 cssmRv = CSSM_UpdateContextAttributes(cssmSignature, 1, &blindingAttr); 481 cssmRv = CSSM_UpdateContextAttributes(cssmSignature, 1, &blindingAttr);
483 if (cssmRv) { 482 if (cssmRv) {
484 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); 483 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
485 goto done; 484 goto done;
486 } 485 }
487 } 486 }
488 487
489 cssmRv = CSSM_SignData(cssmSignature, &hashData, 1, CSSM_ALGID_NONE, 488 cssmRv = CSSM_SignData(cssmSignature, &hashData, 1, CSSM_ALGID_NONE,
490 &signatureData); 489 &signatureData);
491 if (cssmRv) { 490 if (cssmRv) {
492 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE); 491 ssl_MapLowLevelError(SSL_ERROR_SIGN_HASHES_FAILURE);
493 goto done; 492 goto done;
494 } 493 }
494 buf->len = signatureData.Length;
495 495
496 if (doDerEncode) { 496 if (doDerEncode) {
497 SECItem derSig = {siBuffer, NULL, 0}; 497 SECItem derSig = {siBuffer, NULL, 0};
498 498
499 /* This also works for an ECDSA signature */ 499 /* This also works for an ECDSA signature */
500 rv = DSAU_EncodeDerSigWithLen(&derSig, buf, buf->len); 500 rv = DSAU_EncodeDerSigWithLen(&derSig, buf, buf->len);
501 if (rv == SECSuccess) { 501 if (rv == SECSuccess) {
502 PORT_Free(buf->data); /* discard unencoded signature. */ 502 PORT_Free(buf->data); /* discard unencoded signature. */
503 *buf = derSig; /* give caller encoded signature. */ 503 *buf = derSig; /* give caller encoded signature. */
504 } else if (derSig.data) { 504 } else if (derSig.data) {
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after
552 SECStatus 552 SECStatus
553 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf, 553 ssl3_PlatformSignHashes(SSL3Hashes *hash, PlatformKey key, SECItem *buf,
554 PRBool isTLS) 554 PRBool isTLS)
555 { 555 {
556 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR); 556 PORT_SetError(PR_NOT_IMPLEMENTED_ERROR);
557 return SECFailure; 557 return SECFailure;
558 } 558 }
559 #endif 559 #endif
560 560
561 #endif /* NSS_PLATFORM_CLIENT_AUTH */ 561 #endif /* NSS_PLATFORM_CLIENT_AUTH */
OLDNEW
« no previous file with comments | « no previous file | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698