Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(75)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 1076063002: Remove certificates from Channel ID (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: major refactor: push transition to crypto::ECPrivateKey as low as possible Created 5 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/extras/sqlite/sqlite_channel_id_store_unittest.cc ('K') | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | net/ssl/channel_id_service.h » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 981 matching lines...) Expand 10 before | Expand all | Expand 10 after
992 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info)); 992 CreateNetLogOpenSSLErrorCallback(net_error, ssl_error, error_info));
993 } 993 }
994 } 994 }
995 return net_error; 995 return net_error;
996 } 996 }
997 997
998 int SSLClientSocketOpenSSL::DoChannelIDLookup() { 998 int SSLClientSocketOpenSSL::DoChannelIDLookup() {
999 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED); 999 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_REQUESTED);
1000 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE); 1000 GotoState(STATE_CHANNEL_ID_LOOKUP_COMPLETE);
1001 return channel_id_service_->GetOrCreateChannelID( 1001 return channel_id_service_->GetOrCreateChannelID(
1002 host_and_port_.host(), 1002 host_and_port_.host(), &channel_id_key_,
1003 &channel_id_private_key_,
1004 &channel_id_cert_,
1005 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete, 1003 base::Bind(&SSLClientSocketOpenSSL::OnHandshakeIOComplete,
1006 base::Unretained(this)), 1004 base::Unretained(this)),
1007 &channel_id_request_handle_); 1005 &channel_id_request_handle_);
1008 } 1006 }
1009 1007
1010 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) { 1008 int SSLClientSocketOpenSSL::DoChannelIDLookupComplete(int result) {
1011 if (result < 0) 1009 if (result < 0)
1012 return result; 1010 return result;
1013 1011
1014 DCHECK_LT(0u, channel_id_private_key_.size()); 1012 if (!channel_id_key_) {
1015 // Decode key.
1016 std::vector<uint8> encrypted_private_key_info;
1017 std::vector<uint8> subject_public_key_info;
1018 encrypted_private_key_info.assign(
1019 channel_id_private_key_.data(),
1020 channel_id_private_key_.data() + channel_id_private_key_.size());
1021 subject_public_key_info.assign(
1022 channel_id_cert_.data(),
1023 channel_id_cert_.data() + channel_id_cert_.size());
1024 scoped_ptr<crypto::ECPrivateKey> ec_private_key(
1025 crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
1026 ChannelIDService::kEPKIPassword,
1027 encrypted_private_key_info,
1028 subject_public_key_info));
1029 if (!ec_private_key) {
1030 LOG(ERROR) << "Failed to import Channel ID."; 1013 LOG(ERROR) << "Failed to import Channel ID.";
1031 return ERR_CHANNEL_ID_IMPORT_FAILED; 1014 return ERR_CHANNEL_ID_IMPORT_FAILED;
1032 } 1015 }
1033 1016
1034 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key 1017 // Hand the key to OpenSSL. Check for error in case OpenSSL rejects the key
1035 // type. 1018 // type.
1036 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); 1019 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
1037 int rv = SSL_set1_tls_channel_id(ssl_, ec_private_key->key()); 1020 int rv = SSL_set1_tls_channel_id(ssl_, channel_id_key_->key());
1038 if (!rv) { 1021 if (!rv) {
1039 LOG(ERROR) << "Failed to set Channel ID."; 1022 LOG(ERROR) << "Failed to set Channel ID.";
1040 int err = SSL_get_error(ssl_, rv); 1023 int err = SSL_get_error(ssl_, rv);
1041 return MapOpenSSLError(err, err_tracer); 1024 return MapOpenSSLError(err, err_tracer);
1042 } 1025 }
1043 1026
1044 // Return to the handshake. 1027 // Return to the handshake.
1045 set_channel_id_sent(true); 1028 set_channel_id_sent(true);
1046 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED); 1029 net_log_.AddEvent(NetLog::TYPE_SSL_CHANNEL_ID_PROVIDED);
1047 GotoState(STATE_HANDSHAKE); 1030 GotoState(STATE_HANDSHAKE);
(...skipping 870 matching lines...) Expand 10 before | Expand all | Expand 10 after
1918 1901
1919 return result; 1902 return result;
1920 } 1903 }
1921 1904
1922 scoped_refptr<X509Certificate> 1905 scoped_refptr<X509Certificate>
1923 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1906 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1924 return server_cert_; 1907 return server_cert_;
1925 } 1908 }
1926 1909
1927 } // namespace net 1910 } // namespace net
OLDNEW
« net/extras/sqlite/sqlite_channel_id_store_unittest.cc ('K') | « net/socket/ssl_client_socket_openssl.h ('k') | net/socket/ssl_client_socket_unittest.cc » ('j') | net/ssl/channel_id_service.h » ('J')

Powered by Google App Engine
This is Rietveld 408576698