diff options
| author | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-16 22:15:31 +0000 |
|---|---|---|
| committer | agl@chromium.org <agl@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-16 22:15:31 +0000 |
| commit | 675d5e126b007d9b6db0223a4c1100a4dc8f55c9 (patch) | |
| tree | baabb8e51c4bde5d9be52e6043e621542ff9ac6e /crypto | |
| parent | f0ff179aedad3d2b9cabd886ae1138a21c0f239e (diff) | |
| download | chromium_src-675d5e126b007d9b6db0223a4c1100a4dc8f55c9.zip chromium_src-675d5e126b007d9b6db0223a4c1100a4dc8f55c9.tar.gz chromium_src-675d5e126b007d9b6db0223a4c1100a4dc8f55c9.tar.bz2 | |
Switch to BoringSSL.
(This is a much larger change than its diff suggests. If it breaks something, please revert first and ask questions later.)
R=davidben@chromium.org, eroman@chromium.org, rsleevi@chromium.org
Review URL: https://codereview.chromium.org/345063006
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@283542 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/BUILD.gn | 2 | ||||
| -rw-r--r-- | crypto/crypto.gyp | 4 | ||||
| -rw-r--r-- | crypto/crypto_nacl.gyp | 2 | ||||
| -rw-r--r-- | crypto/encryptor_openssl.cc | 5 | ||||
| -rw-r--r-- | crypto/openssl_bio_string_unittest.cc | 7 | ||||
| -rw-r--r-- | crypto/openssl_util.cc | 8 | ||||
| -rw-r--r-- | crypto/rsa_private_key_openssl.cc | 2 | ||||
| -rw-r--r-- | crypto/scoped_openssl_types.h | 1 | ||||
| -rw-r--r-- | crypto/signature_verifier_openssl.cc | 15 |
9 files changed, 25 insertions, 21 deletions
diff --git a/crypto/BUILD.gn b/crypto/BUILD.gn index 30784208..bd7f06d 100644 --- a/crypto/BUILD.gn +++ b/crypto/BUILD.gn @@ -242,7 +242,7 @@ test("crypto_unittests") { # on the current SSL library should just depend on this. group("platform") { if (use_openssl) { - deps = [ "//third_party/openssl" ] + deps = [ "//third_party/boringssl" ] } else { deps = [ "//net/third_party/nss/ssl:libssl" ] if (is_linux) { diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp index 0c472ff..42f3cad 100644 --- a/crypto/crypto.gyp +++ b/crypto/crypto.gyp @@ -100,7 +100,7 @@ }], [ 'use_openssl==1', { 'dependencies': [ - '../third_party/openssl/openssl.gyp:openssl', + '../third_party/boringssl/boringssl.gyp:boringssl', ], # TODO(joth): Use a glob to match exclude patterns once the # OpenSSL file set is complete. @@ -209,7 +209,7 @@ }], [ 'use_openssl==1', { 'dependencies': [ - '../third_party/openssl/openssl.gyp:openssl', + '../third_party/boringssl/boringssl.gyp:boringssl', ], 'sources!': [ 'nss_util_unittest.cc', diff --git a/crypto/crypto_nacl.gyp b/crypto/crypto_nacl.gyp index 6ec5e83..4451610 100644 --- a/crypto/crypto_nacl.gyp +++ b/crypto/crypto_nacl.gyp @@ -22,7 +22,7 @@ 'build_pnacl_newlib': 1, }, 'dependencies': [ - '../third_party/openssl/openssl_nacl.gyp:openssl_nacl', + '../third_party/boringssl/boringssl_nacl.gyp:boringssl_nacl', '../native_client/tools.gyp:prep_toolchain', '../native_client_sdk/native_client_sdk_untrusted.gyp:nacl_io_untrusted', ], diff --git a/crypto/encryptor_openssl.cc b/crypto/encryptor_openssl.cc index 0bf96b7..0504adb 100644 --- a/crypto/encryptor_openssl.cc +++ b/crypto/encryptor_openssl.cc @@ -19,7 +19,6 @@ namespace { const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) { switch (key->key().length()) { case 16: return EVP_aes_128_cbc(); - case 24: return EVP_aes_192_cbc(); case 32: return EVP_aes_256_cbc(); default: return NULL; } @@ -100,8 +99,8 @@ bool Encryptor::Crypt(bool do_encrypt, DCHECK(cipher); // Already handled in Init(); const std::string& key = key_->key(); - DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length())); - DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length())); + DCHECK_EQ(EVP_CIPHER_iv_length(cipher), iv_.length()); + DCHECK_EQ(EVP_CIPHER_key_length(cipher), key.length()); ScopedCipherCTX ctx; if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL, diff --git a/crypto/openssl_bio_string_unittest.cc b/crypto/openssl_bio_string_unittest.cc index 2467215..9dfa0e7 100644 --- a/crypto/openssl_bio_string_unittest.cc +++ b/crypto/openssl_bio_string_unittest.cc @@ -23,24 +23,17 @@ TEST(OpenSSLBIOString, TestWrite) { EXPECT_EQ(static_cast<int>(expected1.size()), BIO_printf(bio.get(), "a %s\nb %i\n", "one", 2)); EXPECT_EQ(expected1, s); - EXPECT_EQ(static_cast<int>(expected1.size()), BIO_tell(bio.get())); EXPECT_EQ(1, BIO_flush(bio.get())); - EXPECT_EQ(-1, BIO_seek(bio.get(), 0)); EXPECT_EQ(expected1, s); EXPECT_EQ(static_cast<int>(expected2.size()), BIO_write(bio.get(), expected2.data(), expected2.size())); EXPECT_EQ(expected1 + expected2, s); - EXPECT_EQ(static_cast<int>(expected1.size() + expected2.size()), - BIO_tell(bio.get())); EXPECT_EQ(static_cast<int>(expected3.size()), BIO_puts(bio.get(), expected3.c_str())); EXPECT_EQ(expected1 + expected2 + expected3, s); - EXPECT_EQ(static_cast<int>(expected1.size() + expected2.size() + - expected3.size()), - BIO_tell(bio.get())); } EXPECT_EQ(expected1 + expected2 + expected3, s); } diff --git a/crypto/openssl_util.cc b/crypto/openssl_util.cc index 34af810..94bf246 100644 --- a/crypto/openssl_util.cc +++ b/crypto/openssl_util.cc @@ -6,6 +6,7 @@ #include <openssl/err.h> #include <openssl/ssl.h> +#include <openssl/cpu.h> #include "base/logging.h" #include "base/memory/scoped_vector.h" @@ -22,8 +23,9 @@ namespace crypto { namespace { -unsigned long CurrentThreadId() { - return static_cast<unsigned long>(base::PlatformThread::CurrentId()); +void CurrentThreadId(CRYPTO_THREADID* id) { + CRYPTO_THREADID_set_numeric( + id, static_cast<unsigned long>(base::PlatformThread::CurrentId())); } // Singleton for initializing and cleaning up the OpenSSL library. @@ -53,7 +55,7 @@ class OpenSSLInitSingleton { for (int i = 0; i < num_locks; ++i) locks_.push_back(new base::Lock()); CRYPTO_set_locking_callback(LockingCallback); - CRYPTO_set_id_callback(CurrentThreadId); + CRYPTO_THREADID_set_callback(CurrentThreadId); #if defined(OS_ANDROID) && defined(ARCH_CPU_ARMEL) const bool has_neon = diff --git a/crypto/rsa_private_key_openssl.cc b/crypto/rsa_private_key_openssl.cc index e3cf04c..8dcde61 100644 --- a/crypto/rsa_private_key_openssl.cc +++ b/crypto/rsa_private_key_openssl.cc @@ -4,6 +4,8 @@ #include "crypto/rsa_private_key.h" +#include <openssl/bio.h> +#include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/pkcs12.h> #include <openssl/rsa.h> diff --git a/crypto/scoped_openssl_types.h b/crypto/scoped_openssl_types.h index a949233..19953a2 100644 --- a/crypto/scoped_openssl_types.h +++ b/crypto/scoped_openssl_types.h @@ -5,6 +5,7 @@ #ifndef CRYPTO_SCOPED_OPENSSL_TYPES_H_ #define CRYPTO_SCOPED_OPENSSL_TYPES_H_ +#include <openssl/bio.h> #include <openssl/bn.h> #include <openssl/dsa.h> #include <openssl/ec.h> diff --git a/crypto/signature_verifier_openssl.cc b/crypto/signature_verifier_openssl.cc index 155a2cf3..a855120 100644 --- a/crypto/signature_verifier_openssl.cc +++ b/crypto/signature_verifier_openssl.cc @@ -26,7 +26,7 @@ const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { case SignatureVerifier::SHA256: return EVP_sha256(); } - return EVP_md_null(); + return NULL; } } // namespace @@ -80,8 +80,11 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, const uint8* public_key_info, int public_key_info_len) { OpenSSLErrStackTracer err_tracer(FROM_HERE); - const EVP_MD* digest = ToOpenSSLDigest(hash_alg); + const EVP_MD* const digest = ToOpenSSLDigest(hash_alg); DCHECK(digest); + if (!digest) { + return false; + } EVP_PKEY_CTX* pkey_ctx; if (!CommonInit(digest, signature, signature_len, public_key_info, @@ -92,8 +95,12 @@ bool SignatureVerifier::VerifyInitRSAPSS(HashAlgorithm hash_alg, int rv = EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING); if (rv != 1) return false; - rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, - ToOpenSSLDigest(mask_hash_alg)); + const EVP_MD* const mgf_digest = ToOpenSSLDigest(mask_hash_alg); + DCHECK(mgf_digest); + if (!mgf_digest) { + return false; + } + rv = EVP_PKEY_CTX_set_rsa_mgf1_md(pkey_ctx, mgf_digest); if (rv != 1) return false; rv = EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, salt_len); |