Index: webrtc/base/opensslidentity.cc |
diff --git a/webrtc/base/opensslidentity.cc b/webrtc/base/opensslidentity.cc |
index dbb040ecf41d6ceaf7ca64f5ead6b000a40612f8..de4e6a771e04f5f0c1924ba83313f790a16988a2 100644 |
--- a/webrtc/base/opensslidentity.cc |
+++ b/webrtc/base/opensslidentity.cc |
@@ -46,23 +46,40 @@ static const int CERTIFICATE_LIFETIME = 60*60*24*30; // 30 days, arbitrarily |
static const int CERTIFICATE_WINDOW = -60*60*24; |
// Generate a key pair. Caller is responsible for freeing the returned object. |
-static EVP_PKEY* MakeKey() { |
+static EVP_PKEY* MakeKey(KeyType key_type) { |
LOG(LS_INFO) << "Making key pair"; |
EVP_PKEY* pkey = EVP_PKEY_new(); |
- // RSA_generate_key is deprecated. Use _ex version. |
- BIGNUM* exponent = BN_new(); |
- RSA* rsa = RSA_new(); |
- if (!pkey || !exponent || !rsa || |
- !BN_set_word(exponent, 0x10001) || // 65537 RSA exponent |
- !RSA_generate_key_ex(rsa, KEY_LENGTH, exponent, NULL) || |
- !EVP_PKEY_assign_RSA(pkey, rsa)) { |
- EVP_PKEY_free(pkey); |
+ if (key_type == KT_RSA) { |
+ BIGNUM* exponent = BN_new(); |
+ RSA* rsa = RSA_new(); |
+ if (!pkey || !exponent || !rsa || |
+ !BN_set_word(exponent, 0x10001) || // 65537 RSA exponent |
+ !RSA_generate_key_ex(rsa, KEY_LENGTH, exponent, NULL) || |
+ !EVP_PKEY_assign_RSA(pkey, rsa)) { |
+ EVP_PKEY_free(pkey); |
+ BN_free(exponent); |
+ RSA_free(rsa); |
+ LOG(LS_ERROR) << "Failed to make RSA key pair"; |
+ return NULL; |
+ } |
+ // ownership of rsa struct was assigned, don't free it. |
BN_free(exponent); |
- RSA_free(rsa); |
+ } else if (key_type == KT_ECDSA) { |
+ EC_KEY* ec_key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); |
+ if (!pkey || !ec_key || !EC_KEY_generate_key(ec_key) || |
+ !EVP_PKEY_assign_EC_KEY(pkey, ec_key)) { |
+ EVP_PKEY_free(pkey); |
+ EC_KEY_free(ec_key); |
+ LOG(LS_ERROR) << "Failed to make EC key pair"; |
+ return NULL; |
+ } |
+ // ownership of ec_key struct was assigned, don't free it. |
+ } else { |
+ EVP_PKEY_free(pkey); |
+ LOG(LS_ERROR) << "Key type requested not understood"; |
return NULL; |
} |
- // ownership of rsa struct was assigned, don't free it. |
- BN_free(exponent); |
+ |
LOG(LS_INFO) << "Returning key pair"; |
return pkey; |
} |
@@ -138,8 +155,8 @@ static void LogSSLErrors(const std::string& prefix) { |
} |
} |
-OpenSSLKeyPair* OpenSSLKeyPair::Generate() { |
- EVP_PKEY* pkey = MakeKey(); |
+OpenSSLKeyPair* OpenSSLKeyPair::Generate(KeyType key_type) { |
+ EVP_PKEY* pkey = MakeKey(key_type); |
if (!pkey) { |
LogSSLErrors("Generating key pair"); |
return NULL; |
@@ -207,8 +224,7 @@ OpenSSLCertificate* OpenSSLCertificate::FromPEMString( |
if (!bio) |
return NULL; |
BIO_set_mem_eof_return(bio, 0); |
- X509 *x509 = PEM_read_bio_X509(bio, NULL, NULL, |
- const_cast<char*>("\0")); |
+ X509* x509 = PEM_read_bio_X509(bio, NULL, NULL, const_cast<char*>("\0")); |
BIO_free(bio); // Frees the BIO, but not the pointed-to string. |
if (!x509) |
@@ -283,7 +299,7 @@ bool OpenSSLCertificate::ComputeDigest(const X509* x509, |
unsigned char* digest, |
size_t size, |
size_t* length) { |
- const EVP_MD *md; |
+ const EVP_MD* md; |
unsigned int n; |
if (!OpenSSLDigest::GetDigestEVP(algorithm, &md)) |
@@ -363,10 +379,10 @@ OpenSSLIdentity::~OpenSSLIdentity() = default; |
OpenSSLIdentity* OpenSSLIdentity::GenerateInternal( |
const SSLIdentityParams& params) { |
- OpenSSLKeyPair *key_pair = OpenSSLKeyPair::Generate(); |
+ OpenSSLKeyPair* key_pair = OpenSSLKeyPair::Generate(params.key_type); |
if (key_pair) { |
- OpenSSLCertificate *certificate = OpenSSLCertificate::Generate( |
- key_pair, params); |
+ OpenSSLCertificate* certificate = |
+ OpenSSLCertificate::Generate(key_pair, params); |
if (certificate) |
return new OpenSSLIdentity(key_pair, certificate); |
delete key_pair; |
@@ -375,11 +391,13 @@ OpenSSLIdentity* OpenSSLIdentity::GenerateInternal( |
return NULL; |
} |
-OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name) { |
+OpenSSLIdentity* OpenSSLIdentity::Generate(const std::string& common_name, |
+ KeyType key_type) { |
SSLIdentityParams params; |
params.common_name = common_name; |
params.not_before = CERTIFICATE_WINDOW; |
params.not_after = CERTIFICATE_LIFETIME; |
+ params.key_type = key_type; |
return GenerateInternal(params); |
} |
@@ -404,8 +422,8 @@ SSLIdentity* OpenSSLIdentity::FromPEMStrings( |
return NULL; |
} |
BIO_set_mem_eof_return(bio, 0); |
- EVP_PKEY *pkey = PEM_read_bio_PrivateKey(bio, NULL, NULL, |
- const_cast<char*>("\0")); |
+ EVP_PKEY* pkey = |
+ PEM_read_bio_PrivateKey(bio, NULL, NULL, const_cast<char*>("\0")); |
BIO_free(bio); // Frees the BIO, but not the pointed-to string. |
if (!pkey) { |