Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/openssl_private_key_store_android.cc

Issue 12220104: Wire up SSL client authentication for OpenSSL/Android through the net/ stack (Closed) Base URL: http://git.chromium.org/chromium/src.git@master
Patch Set: address nits Created 7 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« net/base/openssl_private_key_store.h ('K') | « net/base/openssl_private_key_store.h ('k') | net/base/openssl_private_key_store_memory.cc » ('j') | net/socket/ssl_client_socket_openssl_unittest.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/base/openssl_private_key_store.h" 5 #include "net/base/openssl_private_key_store.h"
6 6
7 #include <openssl/evp.h> 7 #include <openssl/evp.h>
8 #include <openssl/x509.h> 8 #include <openssl/x509.h>
9 9
10 #include "base/logging.h" 10 #include "base/logging.h"
11 #include "base/memory/singleton.h" 11 #include "base/memory/singleton.h"
12 #include "crypto/openssl_util.h"
13 #include "net/android/network_library.h" 12 #include "net/android/network_library.h"
14 13
15 namespace net { 14 namespace net {
16 15
17 namespace { 16 bool OpenSSLPrivateKeyStore::StoreKeyPair(const GURL& url,
17 EVP_PKEY* pkey) {
18 // Always clear openssl errors on exit.
19 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);
18 20
19 class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore { 21 // Important: Do not use i2d_PublicKey() here, which returns data in
20 public: 22 // PKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded
21 ~OpenSSLKeyStoreAndroid() {} 23 // SubjectPublicKeyInfo (X.509), as expected by the platform.
24 unsigned char* public_key = NULL;
25 int public_len = i2d_PUBKEY(pkey, &public_key);
22 26
23 virtual bool StorePrivateKey(const GURL& url, EVP_PKEY* pkey) { 27 // Important: Do not use i2d_PrivateKey() here, it returns data
24 // Always clear openssl errors on exit. 28 // in a format that is incompatible with what the platform expects.
25 crypto::OpenSSLErrStackTracer err_trace(FROM_HERE); 29 unsigned char* private_key = NULL;
26 30 int private_len = 0;
27 // Important: Do not use i2d_PublicKey() here, which returns data in 31 crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO,
28 // PKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded 32 PKCS8_PRIV_KEY_INFO_free> pkcs8(EVP_PKEY2PKCS8(pkey));
Ryan Sleevi 2013/02/28 00:58:35 style: crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO,
digit1 2013/02/28 15:46:56 Done.
29 // SubjectPublicKeyInfo (X.509), as expected by the platform. 33 if (pkcs8.get() != NULL) {
30 unsigned char* public_key = NULL; 34 private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &private_key);
31 int public_len = i2d_PUBKEY(pkey, &public_key);
32
33 // Important: Do not use i2d_PrivateKey() here, it returns data
34 // in a format that is incompatible with what the platform expects.
35 unsigned char* private_key = NULL;
36 int private_len = 0;
37 crypto::ScopedOpenSSL<PKCS8_PRIV_KEY_INFO,
38 PKCS8_PRIV_KEY_INFO_free> pkcs8(EVP_PKEY2PKCS8(pkey));
39 if (pkcs8.get() != NULL) {
40 private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8.get(), &private_key);
41 }
42 bool ret = false;
43 if (public_len > 0 && private_len > 0) {
44 ret = net::android::StoreKeyPair(
45 static_cast<const uint8*>(public_key), public_len,
46 static_cast<const uint8*>(private_key), private_len);
47 }
48 LOG_IF(ERROR, !ret) << "StorePrivateKey failed. pub len = " << public_len
49 << " priv len = " << private_len;
50 OPENSSL_free(public_key);
51 OPENSSL_free(private_key);
52 return ret;
53 } 35 }
54 36 bool ret = false;
55 virtual EVP_PKEY* FetchPrivateKey(EVP_PKEY* pkey) { 37 if (public_len > 0 && private_len > 0) {
56 // TODO(joth): Implement when client authentication is required. 38 ret = net::android::StoreKeyPair(
57 NOTIMPLEMENTED(); 39 static_cast<const uint8*>(public_key), public_len,
58 return NULL; 40 static_cast<const uint8*>(private_key), private_len);
Ryan Sleevi 2013/02/28 00:58:35 style: indents - four spaces here.
digit1 2013/02/28 15:46:56 Done.
59 } 41 }
60 42 LOG_IF(ERROR, !ret) << "StoreKeyPair failed. pub len = " << public_len
61 static OpenSSLKeyStoreAndroid* GetInstance() { 43 << " priv len = " << private_len;
62 // Leak the OpenSSL key store as it is used from a non-joinable worker 44 OPENSSL_free(public_key);
63 // thread that may still be running at shutdown. 45 OPENSSL_free(private_key);
64 return Singleton< 46 return ret;
65 OpenSSLKeyStoreAndroid,
66 OpenSSLKeyStoreAndroidLeakyTraits>::get();
67 }
68
69 private:
70 friend struct DefaultSingletonTraits<OpenSSLKeyStoreAndroid>;
71 typedef LeakySingletonTraits<OpenSSLKeyStoreAndroid>
72 OpenSSLKeyStoreAndroidLeakyTraits;
73
74 OpenSSLKeyStoreAndroid() {}
75
76 DISALLOW_COPY_AND_ASSIGN(OpenSSLKeyStoreAndroid);
77 };
78
79 } // namespace
80
81 OpenSSLPrivateKeyStore* OpenSSLPrivateKeyStore::GetInstance() {
82 return OpenSSLKeyStoreAndroid::GetInstance();
83 } 47 }
84 48
85 } // namespace net 49 } // namespace net
OLDNEW
« net/base/openssl_private_key_store.h ('K') | « net/base/openssl_private_key_store.h ('k') | net/base/openssl_private_key_store_memory.cc » ('j') | net/socket/ssl_client_socket_openssl_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698