Chromium Code Reviews Chromium Code Reviews
Issue 2534773002:
Set OPENSSL_EC_NAMED_CURVE explicitly on EC key so that certificate has ASN1 OID and NIST curve inf… (Closed)
| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. | 2 * Copyright 2004 The WebRTC Project Authors. All rights reserved. |
| 3 * | 3 * |
| 4 * Use of this source code is governed by a BSD-style license | 4 * Use of this source code is governed by a BSD-style license |
| 5 * that can be found in the LICENSE file in the root of the source | 5 * that can be found in the LICENSE file in the root of the source |
| 6 * tree. An additional intellectual property rights grant can be found | 6 * tree. An additional intellectual property rights grant can be found |
| 7 * in the file PATENTS. All contributing project authors may | 7 * in the file PATENTS. All contributing project authors may |
| 8 * be found in the AUTHORS file in the root of the source tree. | 8 * be found in the AUTHORS file in the root of the source tree. |
| 9 */ | 9 */ |
| 10 | 10 |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 54 BN_free(exponent); | 54 BN_free(exponent); |
| 55 RSA_free(rsa); | 55 RSA_free(rsa); |
| 56 LOG(LS_ERROR) << "Failed to make RSA key pair"; | 56 LOG(LS_ERROR) << "Failed to make RSA key pair"; |
| 57 return NULL; | 57 return NULL; |
| 58 } | 58 } |
| 59 // ownership of rsa struct was assigned, don't free it. | 59 // ownership of rsa struct was assigned, don't free it. |
| 60 BN_free(exponent); | 60 BN_free(exponent); |
| 61 } else if (key_params.type() == KT_ECDSA) { | 61 } else if (key_params.type() == KT_ECDSA) { |
| 62 if (key_params.ec_curve() == EC_NIST_P256) { | 62 if (key_params.ec_curve() == EC_NIST_P256) { |
| 63 EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); | 63 EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
| 64 // Ensure curve name is included when EC key is | |
|
mattdr-at-webrtc.org
2016/12/02 19:10:29
The whitespace is a bit weird here -- it seems to
| |
| 65 // is serialized. Without this call, OpenSSL versions | |
| 66 // before 1.1.0 will create certificates that don't work | |
| 67 // for TLS. This is a no-op for BoringSSL and OpenSSL 1.1.0+ | |
| 68 | |
| 69 EC_KEY_set_asn1_flag(ec_key, OPENSSL_EC_NAMED_CURVE); | |
| 64 if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) || | 70 if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) || |
| 65 !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) { | 71 !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) { |
| 66 EVP_PKEY_free(pkey); | 72 EVP_PKEY_free(pkey); |
| 67 EC_KEY_free(ec_key); | 73 EC_KEY_free(ec_key); |
| 68 LOG(LS_ERROR) << "Failed to make EC key pair"; | 74 LOG(LS_ERROR) << "Failed to make EC key pair"; |
| 69 return NULL; | 75 return NULL; |
| 70 } | 76 } |
| 71 // ownership of ec_key struct was assigned, don't free it. | 77 // ownership of ec_key struct was assigned, don't free it. |
| 72 } else { | 78 } else { |
| 73 // Add generation of any other curves here. | 79 // Add generation of any other curves here. |
| (...skipping 490 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 564 *this->certificate_ == *other.certificate_; | 570 *this->certificate_ == *other.certificate_; |
| 565 } | 571 } |
| 566 | 572 |
| 567 bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const { | 573 bool OpenSSLIdentity::operator!=(const OpenSSLIdentity& other) const { |
| 568 return !(*this == other); | 574 return !(*this == other); |
| 569 } | 575 } |
| 570 | 576 |
| 571 } // namespace rtc | 577 } // namespace rtc |
| 572 | 578 |
| 573 #endif // HAVE_OPENSSL_SSL_H | 579 #endif // HAVE_OPENSSL_SSL_H |
| OLD | NEW |
