Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1402)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/base/openssl_private_key_store_android.cc

Issue 11260015: Fix Android cryptographic key pair storage. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/android/network_library.h ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/base/openssl_private_key_store_android.cc
diff --git a/net/base/openssl_private_key_store_android.cc b/net/base/openssl_private_key_store_android.cc
index 3adc22238c381e482c382ba5624b3195467c05de..4bf1f3fedcb555fd316acfa0a183f0972079146b 100644
--- a/net/base/openssl_private_key_store_android.cc
+++ b/net/base/openssl_private_key_store_android.cc
@@ -5,6 +5,7 @@
#include "net/base/openssl_private_key_store.h"
#include <openssl/evp.h>
+#include <openssl/x509.h>
#include "base/logging.h"
#include "base/memory/singleton.h"
@@ -19,19 +20,30 @@ class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore {
public:
~OpenSSLKeyStoreAndroid() {}
- // TODO(joth): Use the |url| to help identify this key to the user.
- // Currently Android has no UI to list these stored private keys (and no
- // API to associate a name with them), so this is a non-issue.
virtual bool StorePrivateKey(const GURL& url, EVP_PKEY* pkey) {
- uint8* public_key = NULL;
- int public_len = i2d_PublicKey(pkey, &public_key);
- uint8* private_key = NULL;
- int private_len = i2d_PrivateKey(pkey, &private_key);
-
+ // Always clear openssl errors on exit.
+ crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
+
+ // Important: Do not use i2d_PublicKey() here, which returns data in
+ // PKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded
+ // SubjectPublicKeyInfo (X.509), as expected by the platform.
+ unsigned char* public_key = NULL;
+ int public_len = i2d_PUBKEY(pkey, &public_key);
+
+ // Important: Do not use i2d_PrivateKey() here, it returns data
+ // in a format that is incompatible with what the platform expects.
+ unsigned char* private_key = NULL;
+ int private_len = 0;
+ crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO,
+ PKCS8_PRIV_KEY_INFO_free> pkcs8(EVP_PKEY2PKCS8(pkey));
+ if (pkcs8.get() != NULL) {
+ private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &private_key);
+ }
bool ret = false;
- if (public_len && private_len) {
- ret = net::android::StoreKeyPair(public_key, public_len, private_key,
- private_len);
+ if (public_len > 0 && private_len > 0) {
+ ret = net::android::StoreKeyPair(
+ static_cast<const uint8*>(public_key), public_len,
+ static_cast<const uint8*>(private_key), private_len);
}
LOG_IF(ERROR, !ret) << "StorePrivateKey failed. pub len = " << public_len
<< " priv len = " << private_len;
« no previous file with comments | « net/android/network_library.h ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698