Chromium Code Reviews Chromium Code Reviews
Issue 7324039:
Ensure X509Certificate::OSCertHandles are safe to be used on both UI and IO threads on Win (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/base/x509_certificate.h" | 5 #include "net/base/x509_certificate.h" |
| 6 | 6 |
| 7 #include <openssl/asn1.h> | 7 #include <openssl/asn1.h> |
| 8 #include <openssl/crypto.h> | 8 #include <openssl/crypto.h> |
| 9 #include <openssl/obj_mac.h> | 9 #include <openssl/obj_mac.h> |
| 10 #include <openssl/pem.h> | 10 #include <openssl/pem.h> |
| (...skipping 289 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 300 } | 300 } |
| 301 | 301 |
| 302 // static | 302 // static |
| 303 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { | 303 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) { |
| 304 // Decrement the ref-count for the cert and, if all references are gone, | 304 // Decrement the ref-count for the cert and, if all references are gone, |
| 305 // free the memory and any application-specific data associated with the | 305 // free the memory and any application-specific data associated with the |
| 306 // certificate. | 306 // certificate. |
| 307 X509_free(cert_handle); | 307 X509_free(cert_handle); |
| 308 } | 308 } |
| 309 | 309 |
| 310 // static | |
| 311 void X509Certificate::FreeOSCertListHandle(OSCertListHandle cert_list) { | |
|
wtc
2011/10/04 00:26:34
cert_list => cert_list_handle
| |
| 312 sk_X509_pop_free(cert_list, X509_free); | |
| 313 } | |
| 314 | |
| 310 void X509Certificate::Initialize() { | 315 void X509Certificate::Initialize() { |
| 311 crypto::EnsureOpenSSLInit(); | 316 crypto::EnsureOpenSSLInit(); |
| 312 fingerprint_ = CalculateFingerprint(cert_handle_); | 317 fingerprint_ = CalculateFingerprint(cert_handle_); |
| 313 | 318 |
| 314 ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); | 319 ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_); |
| 315 if (num) { | 320 if (num) { |
| 316 serial_number_ = std::string( | 321 serial_number_ = std::string( |
| 317 reinterpret_cast<char*>(num->data), | 322 reinterpret_cast<char*>(num->data), |
| 318 num->length); | 323 num->length); |
| 319 // Remove leading zeros. | 324 // Remove leading zeros. |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 335 SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { | 340 SHA1Fingerprint X509Certificate::CalculateFingerprint(OSCertHandle cert) { |
| 336 SHA1Fingerprint sha1; | 341 SHA1Fingerprint sha1; |
| 337 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); | 342 unsigned int sha1_size = static_cast<unsigned int>(sizeof(sha1.data)); |
| 338 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); | 343 int ret = X509_digest(cert, EVP_sha1(), sha1.data, &sha1_size); |
| 339 CHECK(ret); | 344 CHECK(ret); |
| 340 CHECK_EQ(sha1_size, sizeof(sha1.data)); | 345 CHECK_EQ(sha1_size, sizeof(sha1.data)); |
| 341 return sha1; | 346 return sha1; |
| 342 } | 347 } |
| 343 | 348 |
| 344 // static | 349 // static |
| 350 X509Certificate::OSCertListHandle | |
| 351 X509Certificate::CreateOSCertListHandle() const { | |
|
wtc
2011/10/04 00:26:34
Change VerifyInternal to use CreateOSCertListHandl
| |
| 352 STACK_OF(X509)* cert_list_handle = sk_X509_new_null(); | |
| 353 if (!cert_list_handle) | |
| 354 return NULL; | |
| 355 | |
| 356 if (!sk_X509_push(cert_list_handle, DupOSCertHandle(cert_handle_))) { | |
| 357 FreeOSCertListHandle(cert_list_handle); | |
| 358 return NULL; | |
| 359 } | |
| 360 | |
| 361 bool ok = true; | |
| 362 for (size_t i = 0; i < intermediate_ca_certs_.size(); ++i) { | |
| 363 if (!sk_X509_push(cert_list_handle, | |
| 364 DupOSCertHandle(intermediate_ca_certs_[i]))) { | |
| 365 ok = false; | |
| 366 break; | |
| 367 } | |
| 368 } | |
| 369 if (!ok) { | |
| 370 FreeOSCertListHandle(cert_list_handle); | |
| 371 return NULL; | |
| 372 } | |
| 373 | |
| 374 return cert_list_handle; | |
| 375 } | |
| 376 | |
| 377 // static | |
| 345 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( | 378 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes( |
| 346 const char* data, int length) { | 379 const char* data, int length) { |
| 347 if (length < 0) | 380 if (length < 0) |
| 348 return NULL; | 381 return NULL; |
| 349 crypto::EnsureOpenSSLInit(); | 382 crypto::EnsureOpenSSLInit(); |
| 350 const unsigned char* d2i_data = | 383 const unsigned char* d2i_data = |
| 351 reinterpret_cast<const unsigned char*>(data); | 384 reinterpret_cast<const unsigned char*>(data); |
| 352 // Don't cache this data via SetDERCache as this wire format may be not be | 385 // Don't cache this data via SetDERCache as this wire format may be not be |
| 353 // identical from the i2d_X509 roundtrip. | 386 // identical from the i2d_X509 roundtrip. |
| 354 X509* cert = d2i_X509(NULL, &d2i_data, length); | 387 X509* cert = d2i_X509(NULL, &d2i_data, length); |
| (...skipping 167 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 522 DERCache der_cache; | 555 DERCache der_cache; |
| 523 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) | 556 if (!GetDERAndCacheIfNeeded(cert_handle, &der_cache)) |
| 524 return false; | 557 return false; |
| 525 | 558 |
| 526 return pickle->WriteData( | 559 return pickle->WriteData( |
| 527 reinterpret_cast<const char*>(der_cache.data), | 560 reinterpret_cast<const char*>(der_cache.data), |
| 528 der_cache.data_length); | 561 der_cache.data_length); |
| 529 } | 562 } |
| 530 | 563 |
| 531 } // namespace net | 564 } // namespace net |
| OLD | NEW |
