| Index: webrtc/base/opensslidentity.cc
|
| diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc
|
| index dbb040ecf41d6ceaf7ca64f5ead6b000a40612f8..de4e6a771e04f5f0c1924ba83313f790a16988a2 100644
|
| --- a/webrtc/base/opensslidentity.cc
|
| +++ b/webrtc/base/opensslidentity.cc
|
| @@ -46,23 +46,40 @@ static const int CERTIFICATE_LIFETIME = 60*60*24*30; // 30 days, arbitrarily
|
| static const int CERTIFICATE_WINDOW = -60*60*24;
|
|
|
| // Generate a key pair. Caller is responsible for freeing the returned object.
|
| -static EVP_PKEY* MakeKey() {
|
| +static EVP_PKEY* MakeKey(KeyType key_type) {
|
| LOG(LS_INFO) << "Making key pair";
|
| EVP_PKEY* pkey = EVP_PKEY_new();
|
| - // RSA_generate_key is deprecated. Use _ex version.
|
| - BIGNUM* exponent = BN_new();
|
| - RSA* rsa = RSA_new();
|
| - if (!pkey || !exponent || !rsa ||
|
| - !BN_set_word(exponent, 0x10001) || // 65537 RSA exponent
|
| - !RSA_generate_key_ex(rsa, KEY_LENGTH, exponent, NULL) ||
|
| - !EVP_PKEY_assign_RSA(pkey, rsa)) {
|
| - EVP_PKEY_free(pkey);
|
| + if (key_type == KT_RSA) {
|
| + BIGNUM* exponent = BN_new();
|
| + RSA* rsa = RSA_new();
|
| + if (!pkey || !exponent || !rsa ||
|
| + !BN_set_word(exponent, 0x10001) || // 65537 RSA exponent
|
| + !RSA_generate_key_ex(rsa, KEY_LENGTH, exponent, NULL) ||
|
| + !EVP_PKEY_assign_RSA(pkey, rsa)) {
|
| + EVP_PKEY_free(pkey);
|
| + BN_free(exponent);
|
| + RSA_free(rsa);
|
| + LOG(LS_ERROR) << "Failed to make RSA key pair";
|
| + return NULL;
|
| + }
|
| + // ownership of rsa struct was assigned, don't free it.
|
| BN_free(exponent);
|
| - RSA_free(rsa);
|
| + } else if (key_type == KT_ECDSA) {
|
| + EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
|
| + if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) ||
|
| + !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) {
|
| + EVP_PKEY_free(pkey);
|
| + EC_KEY_free(ec_key);
|
| + LOG(LS_ERROR) << "Failed to make EC key pair";
|
| + return NULL;
|
| + }
|
| + // ownership of ec_key struct was assigned, don't free it.
|
| + } else {
|
| + EVP_PKEY_free(pkey);
|
| + LOG(LS_ERROR) << "Key type requested not understood";
|
| return NULL;
|
| }
|
| - // ownership of rsa struct was assigned, don't free it.
|
| - BN_free(exponent);
|
| +
|
| LOG(LS_INFO) << "Returning key pair";
|
| return pkey;
|
| }
|
| @@ -138,8 +155,8 @@ static void LogSSLErrors(const std::string& prefix) {
|
| }
|
| }
|
|
|
| -OpenSSLKeyPair* OpenSSLKeyPair::Generate() {
|
| - EVP_PKEY* pkey = MakeKey();
|
| +OpenSSLKeyPair* OpenSSLKeyPair::Generate(KeyType key_type) {
|
| + EVP_PKEY* pkey = MakeKey(key_type);
|
| if (!pkey) {
|
| LogSSLErrors("Generating key pair");
|
| return NULL;
|
| @@ -207,8 +224,7 @@ OpenSSLCertificate* OpenSSLCertificate::FromPEMString(
|
| if (!bio)
|
| return NULL;
|
| BIO_set_mem_eof_return(bio, 0);
|
| - X509 *x509 = PEM_read_bio_X509(bio, NULL, NULL,
|
| - const_cast<char*>("\0"));
|
| + X509* x509 = PEM_read_bio_X509(bio, NULL, NULL, const_cast<char*>("\0"));
|
| BIO_free(bio); // Frees the BIO, but not the pointed-to string.
|
|
|
| if (!x509)
|
| @@ -283,7 +299,7 @@ bool OpenSSLCertificate::ComputeDigest(const X509* x509,
|
| unsigned char* digest,
|
| size_t size,
|
| size_t* length) {
|
| - const EVP_MD *md;
|
| + const EVP_MD* md;
|
| unsigned int n;
|
|
|
| if (!OpenSSLDigest::GetDigestEVP(algorithm, &md))
|
| @@ -363,10 +379,10 @@ OpenSSLIdentity::~OpenSSLIdentity() = default;
|
|
|
| OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
|
| const SSLIdentityParams& params) {
|
| - OpenSSLKeyPair *key_pair = OpenSSLKeyPair::Generate();
|
| + OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_type);
|
| if (key_pair) {
|
| - OpenSSLCertificate *certificate = OpenSSLCertificate::Generate(
|
| - key_pair, params);
|
| + OpenSSLCertificate* certificate =
|
| + OpenSSLCertificate::Generate(key_pair, params);
|
| if (certificate)
|
| return new OpenSSLIdentity(key_pair, certificate);
|
| delete key_pair;
|
| @@ -375,11 +391,13 @@ OpenSSLIdentity* OpenSSLIdentity::GenerateInternal(
|
| return NULL;
|
| }
|
|
|
| -OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name) {
|
| +OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name,
|
| + KeyType key_type) {
|
| SSLIdentityParams params;
|
| params.common_name = common_name;
|
| params.not_before = CERTIFICATE_WINDOW;
|
| params.not_after = CERTIFICATE_LIFETIME;
|
| + params.key_type = key_type;
|
| return GenerateInternal(params);
|
| }
|
|
|
| @@ -404,8 +422,8 @@ SSLIdentity* OpenSSLIdentity::FromPEMStrings(
|
| return NULL;
|
| }
|
| BIO_set_mem_eof_return(bio, 0);
|
| - EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL,
|
| - const_cast<char*>("\0"));
|
| + EVP_PKEY* pkey =
|
| + PEM_read_bio_PrivateKey(bio, NULL, NULL, const_cast<char*>("\0"));
|
| BIO_free(bio); // Frees the BIO, but not the pointed-to string.
|
|
|
| if (!pkey) {
|
|
|
Chromium Code Reviews
Issue 1189583002:
Support generation of EC keys using P256 curve and support ECDSA certs. (Closed)
Base URL: https://chromium.googlesource.com/external/webrtc.git@master