diff options
| author | davidben <davidben@chromium.org> | 2015-04-21 19:36:41 -0700 |
|---|---|---|
| committer | Commit bot <commit-bot@chromium.org> | 2015-04-22 02:36:54 +0000 |
| commit | 2bcbc6bceb6017c762ef01553a55a12fe390de16 (patch) | |
| tree | b44d9b97e521927703b146fc348f9e45096ce603 /crypto/rsa_private_key.h | |
| parent | 0c71fc50716dcf2fef839bde83ef09287c64202b (diff) | |
| download | chromium_src-2bcbc6bceb6017c762ef01553a55a12fe390de16.zip chromium_src-2bcbc6bceb6017c762ef01553a55a12fe390de16.tar.gz chromium_src-2bcbc6bceb6017c762ef01553a55a12fe390de16.tar.bz2 | |
Initial support for using BoringSSL with NSS certificates.
This switches the USE_OPENSSL Linux and CrOS builds to continue
setting USE_NSS_CERTS. This lets it use BoringSSL for the crypto
and SSL stack and NSS for certificate verification. See design
doc for details on the flags:
https://docs.google.com/document/d/1x4DOCKwFkAxl9MGfd6snIzFigO4ku6Shuci0r5BzasQ/edit
On Linux, only client auth and OCSP stapling are missing. On ChromeOS,
there are some problematic USE_NSS_CERTS APIs in RSAPrivateKey to
resolve. We also still need to resolve crbug.com/347404 to maintain
parity.
As a follow-up, USE_OPENSSL_CERTS on non-Android can now be
removed (it was never supported anyway).
BUG=462040
Review URL: https://codereview.chromium.org/881213004
Cr-Commit-Position: refs/heads/master@{#326222}
Diffstat (limited to 'crypto/rsa_private_key.h')
| -rw-r--r-- | crypto/rsa_private_key.h | 29 |
1 files changed, 17 insertions, 12 deletions
diff --git a/crypto/rsa_private_key.h b/crypto/rsa_private_key.h index 78a660e..9ab9c57 100644 --- a/crypto/rsa_private_key.h +++ b/crypto/rsa_private_key.h @@ -180,7 +180,22 @@ class CRYPTO_EXPORT RSAPrivateKey { static RSAPrivateKey* CreateFromPrivateKeyInfo( const std::vector<uint8>& input); -#if defined(USE_NSS_CERTS) +#if defined(USE_OPENSSL) + // Create a new instance from an existing EVP_PKEY, taking a + // reference to it. |key| must be an RSA key. Returns NULL on + // failure. + static RSAPrivateKey* CreateFromKey(EVP_PKEY* key); +#else + // Create a new instance by referencing an existing private key + // structure. Does not import the key. + static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key); +#endif + + // TODO(davidben): These functions are used when NSS is the platform key + // store, but they also assume that the internal crypto library is NSS. Split + // out the convenience NSS platform key methods from the logic which expects + // an RSAPrivateKey. See https://crbug.com/478777. +#if defined(USE_NSS_CERTS) && !defined(USE_OPENSSL) // Create a new random instance in |slot|. Can return NULL if initialization // fails. The created key is permanent and is not exportable in plaintext // form. @@ -194,10 +209,6 @@ class CRYPTO_EXPORT RSAPrivateKey { PK11SlotInfo* slot, const std::vector<uint8>& input); - // Create a new instance by referencing an existing private key - // structure. Does not import the key. - static RSAPrivateKey* CreateFromKey(SECKEYPrivateKey* key); - // Import an existing public key, and then search for the private // half in the key database. The format of the public key blob is is // an X509 SubjectPublicKeyInfo block. This can return NULL if @@ -216,13 +227,7 @@ class CRYPTO_EXPORT RSAPrivateKey { static RSAPrivateKey* FindFromPublicKeyInfoInSlot( const std::vector<uint8>& input, PK11SlotInfo* slot); -#elif defined(USE_OPENSSL) - // Create a new instance from an existing EVP_PKEY, taking a - // reference to it. |key| must be an RSA key. Returns NULL on - // failure. - static RSAPrivateKey* CreateFromKey(EVP_PKEY* key); - -#endif +#endif // USE_NSS_CERTS && !USE_OPENSSL #if defined(USE_OPENSSL) EVP_PKEY* key() { return key_; } |