bcc chromium-dev
cc net-dev
On Fri, Jul 21, 2017 at 10:02 AM, <
mena...@gmail.com> wrote:
> Hello,
> I am currently trying to work on integrating CryptoAPI Next Generation with
> OpenSSL, and I came through the integration with BoringSSL on Chromium and I
> have some questions:
> On the commit 2a5e750faa7a7bd8ee6635f208e509e792cdd70a, Lines 464 and 523:
> You provide an implementation for ECDSA_Sign() [Called ECDSAMethodSign] and
> not for ECDSA_verify() [ECDSAMethodVerify] does this mean:
>
> A developer may reuse the OpenSSL/BoringSSL built-in functions to verify an
> ECDSA signature?
Yes
> A developer should rewrite ECDSA_verify() in the same manner ECSDA_sign()
> was written?
Not necessarily.
> How does Chromium implement the ECDSA signature verification under that
> scheme?
Through BoringSSL.
> On the current master branch, the implementation scraps the ECSDA_*
> implementation all together and proposes a new method SignDigest. I would
> like to know why and when did this happen.
Why: To perform the signing asynchronously and to better accommodate
the diversity of Chromium platforms.
When: Two years ago.
https://chromium.googlesource.com/chromium/src/+/1d48952e7ac455a52ffbe6597b58a571faab42e6