New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 630150 link

Starred by 2 users
Status: Fixed
Owner:
davidben@chromium.org
Closed: Oct 2016
Cc:
svaldez@chromium.org
nhar...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 3
Type: Bug

Blocking:
issue 630147



Sign in to add a comment

Update SSLPrivateKey for extended SSL_PRIVATE_KEY_METHOD::type

Project Member Reported by davidben@chromium.org, Jul 21 2016 
TLS 1.3 requires curve and hash match when signing things. For BoringSSL to know the curve of custom keys, SSL_PRIVATE_KEY_METHOD::type was extended to expect a curve NID rather than just EVP_PKEY_EC (which is the NID for id-ecPublicKey). The SSLPrivateKey needs to get update to route this through.
Project Member

Comment 1 by bugdroid1@chromium.org, Oct 5 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/7d92d2268bd7df1cfcf1a021a480eed851f52fa7

commit 7d92d2268bd7df1cfcf1a021a480eed851f52fa7
Author: davidben <davidben@chromium.org>
Date: Wed Oct 05 00:54:28 2016

Tidy up ssl_platform_key_android_unittest.cc.

Use the same test files as other client cert tests. While I'm here, use
the new BoringSSL scopers. This is done in preparation for to make
our ECDSA client certs logic for TLS 1.3. (Having certificates with the
keys will be convenient)

Also check in client_root_ca.pem so the inputs are all available.

BUG= 630150 

Review-Url: https://codereview.chromium.org/2390493002
Cr-Commit-Position: refs/heads/master@{#423029}

[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/chrome/test/data/extensions/api_test/platform_keys/client_1.der
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/chrome/test/data/extensions/api_test/platform_keys/client_1_spki.der
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/chrome/test/data/extensions/api_test/platform_keys/client_2.der
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/chrome/test/data/extensions/api_test/platform_keys/signature_nohash_pkcs
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/chrome/test/data/extensions/api_test/platform_keys/signature_sha1_pkcs
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/README
[delete] https://crrev.com/c301bd5c1ec7613f1ab618421b6eb015a649c2f2/net/data/ssl/certificates/android-test-key-dsa-public.pem
[delete] https://crrev.com/c301bd5c1ec7613f1ab618421b6eb015a649c2f2/net/data/ssl/certificates/android-test-key-dsa.pem
[delete] https://crrev.com/c301bd5c1ec7613f1ab618421b6eb015a649c2f2/net/data/ssl/certificates/android-test-key-ecdsa-public.pem
[delete] https://crrev.com/c301bd5c1ec7613f1ab618421b6eb015a649c2f2/net/data/ssl/certificates/android-test-key-ecdsa.pem
[delete] https://crrev.com/c301bd5c1ec7613f1ab618421b6eb015a649c2f2/net/data/ssl/certificates/android-test-key-rsa.pem
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_1.key
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_1.pem
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_1.pk8
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_1_ca.pem
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_2.key
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_2.pem
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_2.pk8
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_2_ca.pem
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_3.key
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_3.pem
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_3.pk8
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_3_ca.pem
[add] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_4.key
[add] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_4.pem
[add] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_4.pk8
[add] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_4_ca.pem
[add] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/certificates/client_root_ca.pem
[delete] https://crrev.com/c301bd5c1ec7613f1ab618421b6eb015a649c2f2/net/data/ssl/scripts/generate-android-test-keys.sh
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/data/ssl/scripts/generate-client-certificates.sh
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/net.gypi
[modify] https://crrev.com/7d92d2268bd7df1cfcf1a021a480eed851f52fa7/net/ssl/ssl_platform_key_android_unittest.cc
Project Member

Comment 2 by bugdroid1@chromium.org, Oct 13 2016 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/1c09a43037481167ab735ab4a0487cad78358f0b

commit 1c09a43037481167ab735ab4a0487cad78358f0b
Author: davidben <davidben@chromium.org>
Date: Thu Oct 13 19:17:34 2016

Report curve types in ECDSA SSLPrivateKeys.

This should make ECDSA client certificates work in TLS 1.3.
For simplicity, it puts all platforms through the same
certificate-based key metadata lookup path. This saves
code and avoids guessing based on key sizes.

BUG= 630150 

Review-Url: https://codereview.chromium.org/2391213002
Cr-Commit-Position: refs/heads/master@{#425123}

[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/android_webview/native/aw_contents_client_bridge.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/chrome/browser/ui/android/ssl_client_certificate_request.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/android/java/src/org/chromium/net/AndroidKeyStore.java
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/android/keystore.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/android/keystore.h
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/net.gypi
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/socket/ssl_client_socket_impl.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_android.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_android.h
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_android_unittest.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_chromecast.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_mac.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_nss.cc
[delete] https://crrev.com/468f3c355c499087911dbb34c8d2ba6d9a014cff/net/ssl/ssl_platform_key_task_runner.cc
[delete] https://crrev.com/468f3c355c499087911dbb34c8d2ba6d9a014cff/net/ssl/ssl_platform_key_task_runner.h
[add] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_util.cc
[add] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_util.h
[add] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_util_unittest.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_platform_key_win.cc
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/ssl_private_key.h
[modify] https://crrev.com/1c09a43037481167ab735ab4a0487cad78358f0b/net/ssl/test_ssl_private_key.cc

Comment 3 by davidben@chromium.org, Oct 13 2016

Labels: M-56
Owner: davidben@chromium.org
Status: Fixed (was: Available)

Sign in to add a comment