Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(106)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: webrtc/base/opensslidentity.cc

Issue 1329493005: Provide RSA2048 as per RFC (Closed) Base URL: https://chromium.googlesource.com/external/webrtc.git@master
Patch Set: Created 5 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« webrtc/base/nssstreamadapter.cc ('K') | « webrtc/base/nssstreamadapter.cc ('k') | webrtc/base/opensslstreamadapter.cc » ('j') | webrtc/base/sslidentity.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 /* 1 /*
2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved.
3 * 3 *
4 * Use of this source code is governed by a BSD-style license 4 * Use of this source code is governed by a BSD-style license
5 * that can be found in the LICENSE file in the root of the source 5 * that can be found in the LICENSE file in the root of the source
6 * tree. An additional intellectual property rights grant can be found 6 * tree. An additional intellectual property rights grant can be found
7 * in the file PATENTS. All contributing project authors may 7 * in the file PATENTS. All contributing project authors may
8 * be found in the AUTHORS file in the root of the source tree. 8 * be found in the AUTHORS file in the root of the source tree.
9 */ 9 */
10 10
(...skipping 15 matching lines...) Expand all
26 #include "webrtc/base/helpers.h" 26 #include "webrtc/base/helpers.h"
27 #include "webrtc/base/logging.h" 27 #include "webrtc/base/logging.h"
28 #include "webrtc/base/openssl.h" 28 #include "webrtc/base/openssl.h"
29 #include "webrtc/base/openssldigest.h" 29 #include "webrtc/base/openssldigest.h"
30 30
31 namespace rtc { 31 namespace rtc {
32 32
33 // We could have exposed a myriad of parameters for the crypto stuff, 33 // We could have exposed a myriad of parameters for the crypto stuff,
34 // but keeping it simple seems best. 34 // but keeping it simple seems best.
35 35
36 // Strength of generated keys. Those are RSA.
37 static const int KEY_LENGTH = 1024;
38
39 // Random bits for certificate serial number 36 // Random bits for certificate serial number
40 static const int SERIAL_RAND_BITS = 64; 37 static const int SERIAL_RAND_BITS = 64;
41 38
42 // Certificate validity lifetime 39 // Certificate validity lifetime
43 static const int CERTIFICATE_LIFETIME = 60*60*24*30; // 30 days, arbitrarily 40 static const int CERTIFICATE_LIFETIME = 60*60*24*30; // 30 days, arbitrarily
44 // Certificate validity window. 41 // Certificate validity window.
45 // This is to compensate for slightly incorrect system clocks. 42 // This is to compensate for slightly incorrect system clocks.
46 static const int CERTIFICATE_WINDOW = -60*60*24; 43 static const int CERTIFICATE_WINDOW = -60*60*24;
47 44
48 // Generate a key pair. Caller is responsible for freeing the returned object. 45 // Generate a key pair. Caller is responsible for freeing the returned object.
49 static EVP_PKEY* MakeKey(KeyType key_type) { 46 static EVP_PKEY* MakeKey(KeyType key_type) {
50 LOG(LS_INFO) << "Making key pair"; 47 LOG(LS_INFO) << "Making key pair";
51 EVP_PKEY* pkey = EVP_PKEY_new(); 48 EVP_PKEY* pkey = EVP_PKEY_new();
52 if (key_type == KT_RSA) { 49 if (key_type == KT_RSA1024 || key_type == KT_RSA2048) {
50 int key_length = key_type == KT_RSA1024 ? 1024 : 2048;
53 BIGNUM* exponent = BN_new(); 51 BIGNUM* exponent = BN_new();
54 RSA* rsa = RSA_new(); 52 RSA* rsa = RSA_new();
55 if (!pkey || !exponent || !rsa || 53 if (!pkey || !exponent || !rsa ||
56 !BN_set_word(exponent, 0x10001) || // 65537 RSA exponent 54 !BN_set_word(exponent, 0x10001) || // 65537 RSA exponent
57 !RSA_generate_key_ex(rsa, KEY_LENGTH, exponent, NULL) || 55 !RSA_generate_key_ex(rsa, key_length, exponent, NULL) ||
58 !EVP_PKEY_assign_RSA(pkey, rsa)) { 56 !EVP_PKEY_assign_RSA(pkey, rsa)) {
59 EVP_PKEY_free(pkey); 57 EVP_PKEY_free(pkey);
60 BN_free(exponent); 58 BN_free(exponent);
61 RSA_free(rsa); 59 RSA_free(rsa);
62 LOG(LS_ERROR) << "Failed to make RSA key pair"; 60 LOG(LS_ERROR) << "Failed to make RSA key pair";
63 return NULL; 61 return NULL;
64 } 62 }
65 // ownership of rsa struct was assigned, don't free it. 63 // ownership of rsa struct was assigned, don't free it.
66 BN_free(exponent); 64 BN_free(exponent);
67 } else if (key_type == KT_ECDSA) { 65 } else if (key_type == KT_ECDSA) {
(...skipping 382 matching lines...) Expand 10 before | Expand all | Expand 10 after
450 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) { 448 SSL_CTX_use_PrivateKey(ctx, key_pair_->pkey()) != 1) {
451 LogSSLErrors("Configuring key and certificate"); 449 LogSSLErrors("Configuring key and certificate");
452 return false; 450 return false;
453 } 451 }
454 return true; 452 return true;
455 } 453 }
456 454
457 } // namespace rtc 455 } // namespace rtc
458 456
459 #endif // HAVE_OPENSSL_SSL_H 457 #endif // HAVE_OPENSSL_SSL_H
OLDNEW
« webrtc/base/nssstreamadapter.cc ('K') | « webrtc/base/nssstreamadapter.cc ('k') | webrtc/base/opensslstreamadapter.cc » ('j') | webrtc/base/sslidentity.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698