Questions about CNG Integration on Chromium (net/ssl/openssl_platform_key_win.cc)

15 views
Skip to first unread message

mena...@gmail.com

unread,
Jul 21, 2017, 10:02:39 AM7/21/17
to Chromium-dev
Hello,
I am currently trying to work on integrating CryptoAPI Next Generation with OpenSSL, and I came through the integration with BoringSSL on Chromium and I have some questions:
On the commit 2a5e750faa7a7bd8ee6635f208e509e792cdd70a, Lines 464 and 523:
You provide an implementation for ECDSA_Sign() [Called ECDSAMethodSign] and not for ECDSA_verify() [ECDSAMethodVerify] does this mean:
  • A developer may reuse the OpenSSL/BoringSSL built-in functions to verify an ECDSA signature?
  • A developer should rewrite ECDSA_verify() in the same manner ECSDA_sign() was written?
  • How does Chromium implement the ECDSA signature verification under that scheme?
On the current master branch, the implementation scraps the ECSDA_* implementation all together and proposes a new method SignDigest. I would like to know why and when did this happen.

Kind Regards.


Ryan Sleevi

unread,
Jul 21, 2017, 10:37:59 AM7/21/17
to mena...@gmail.com, net-dev
bcc chromium-dev
cc net-dev

On Fri, Jul 21, 2017 at 10:02 AM, <mena...@gmail.com> wrote:
> Hello,
> I am currently trying to work on integrating CryptoAPI Next Generation with
> OpenSSL, and I came through the integration with BoringSSL on Chromium and I
> have some questions:
> On the commit 2a5e750faa7a7bd8ee6635f208e509e792cdd70a, Lines 464 and 523:
> You provide an implementation for ECDSA_Sign() [Called ECDSAMethodSign] and
> not for ECDSA_verify() [ECDSAMethodVerify] does this mean:
>
> A developer may reuse the OpenSSL/BoringSSL built-in functions to verify an
> ECDSA signature?

Yes

> A developer should rewrite ECDSA_verify() in the same manner ECSDA_sign()
> was written?

Not necessarily.

> How does Chromium implement the ECDSA signature verification under that
> scheme?

Through BoringSSL.

> On the current master branch, the implementation scraps the ECSDA_*
> implementation all together and proposes a new method SignDigest. I would
> like to know why and when did this happen.

Why: To perform the signing asynchronously and to better accommodate
the diversity of Chromium platforms.
When: Two years ago.

https://chromium.googlesource.com/chromium/src/+/1d48952e7ac455a52ffbe6597b58a571faab42e6

baris tas

unread,
Jul 19, 2019, 12:43:19 PM7/19/19
to Chromium-dev
Hi,

Were you able to integrate CNG into OpenSSL? 

Thank you,
B.
Reply all
Reply to author
Forward
0 new messages