Chromium Code Reviews Chromium Code Reviews
Issue 2534773002:
Set OPENSSL_EC_NAMED_CURVE explicitly on EC key so that certificate has ASN1 OID and NIST curve inf… (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 54 BN_free(exponent); | 54 BN_free(exponent); |
| 55 RSA_free(rsa); | 55 RSA_free(rsa); |
| 56 LOG(LS_ERROR) << "Failed to make RSA key pair"; | 56 LOG(LS_ERROR) << "Failed to make RSA key pair"; |
| 57 return NULL; | 57 return NULL; |
| 58 } | 58 } |
| 59 // ownership of rsa struct was assigned, don't free it. | 59 // ownership of rsa struct was assigned, don't free it. |
| 60 BN_free(exponent); | 60 BN_free(exponent); |
| 61 } else if (key_params.type() == KT_ECDSA) { | 61 } else if (key_params.type() == KT_ECDSA) { |
| 62 if (key_params.ec_curve() == EC_NIST_P256) { | 62 if (key_params.ec_curve() == EC_NIST_P256) { |
| 63 EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); | 63 EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
| 64 // Set OPENSSL_EC_NAMED_CURVE explicitly so that the | |
| 65 // certificate has the ASN1 OID and NIST CURVE info. | |
| 66 // Without this openSSL handshake negotiation fails | |
| 67 // throwing SSL_R_NO_SHARED_CIPHER | |
| 68 EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE); | |
|
mattdr-at-webrtc.org
2016/11/29 23:52:11
Let's change this comment to offer a bit more cont
| |
| 64 if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) || | 69 if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) || |
| 65 !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) { | 70 !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) { |
| 66 EVP_PKEY_free(pkey); | 71 EVP_PKEY_free(pkey); |
| 67 EC_KEY_free(ec_key); | 72 EC_KEY_free(ec_key); |
| 68 LOG(LS_ERROR) << "Failed to make EC key pair"; | 73 LOG(LS_ERROR) << "Failed to make EC key pair"; |
| 69 return NULL; | 74 return NULL; |
| 70 } | 75 } |
| 71 // ownership of ec_key struct was assigned, don't free it. | 76 // ownership of ec_key struct was assigned, don't free it. |
| 72 } else { | 77 } else { |
| 73 // Add generation of any other curves here. | 78 // Add generation of any other curves here. |
| (...skipping 490 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 564 *this->certificate_ == *other.certificate_; | 569 *this->certificate_ == *other.certificate_; |
| 565 } | 570 } |
| 566 | 571 |
| 567 bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const { | 572 bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const { |
| 568 return !(*this == other); | 573 return !(*this == other); |
| 569 } | 574 } |
| 570 | 575 |
| 571 } // namespace rtc | 576 } // namespace rtc |
| 572 | 577 |
| 573 #endif // HAVE_OPENSSL_SSL_H | 578 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
