| Index: net/socket/ssl_client_socket_openssl.cc
|
| diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
|
| index 29c59f7f583fa46c3430b1d46b5c739f8867369a..e750684ff5c7f571e69be4b0f9efa2a91307860f 100644
|
| --- a/net/socket/ssl_client_socket_openssl.cc
|
| +++ b/net/socket/ssl_client_socket_openssl.cc
|
| @@ -23,7 +23,6 @@
|
| #include "base/stl_util.h"
|
| #include "base/strings/string_piece.h"
|
| #include "base/synchronization/lock.h"
|
| -#include "base/threading/sequenced_worker_pool.h"
|
| #include "base/threading/thread_local.h"
|
| #include "base/values.h"
|
| #include "crypto/ec_private_key.h"
|
| @@ -167,33 +166,6 @@ bool EVP_MDToPrivateKeyHash(const EVP_MD* md, SSLPrivateKey::Hash* hash) {
|
| }
|
| }
|
|
|
| -#if !defined(OS_NACL)
|
| -class PlatformKeyTaskRunner {
|
| - public:
|
| - PlatformKeyTaskRunner() {
|
| - // Serialize all the private key operations on a single background
|
| - // thread to avoid problems with buggy smartcards.
|
| - worker_pool_ = new base::SequencedWorkerPool(1, "Platform Key Thread");
|
| - task_runner_ = worker_pool_->GetSequencedTaskRunnerWithShutdownBehavior(
|
| - worker_pool_->GetSequenceToken(),
|
| - base::SequencedWorkerPool::CONTINUE_ON_SHUTDOWN);
|
| - }
|
| -
|
| - scoped_refptr<base::SequencedTaskRunner> task_runner() {
|
| - return task_runner_;
|
| - }
|
| -
|
| - private:
|
| - scoped_refptr<base::SequencedWorkerPool> worker_pool_;
|
| - scoped_refptr<base::SequencedTaskRunner> task_runner_;
|
| -
|
| - DISALLOW_COPY_AND_ASSIGN(PlatformKeyTaskRunner);
|
| -};
|
| -
|
| -base::LazyInstance<PlatformKeyTaskRunner>::Leaky g_platform_key_task_runner =
|
| - LAZY_INSTANCE_INITIALIZER;
|
| -#endif
|
| -
|
| } // namespace
|
|
|
| class SSLClientSocketOpenSSL::SSLContext {
|
| @@ -612,7 +584,6 @@ void SSLClientSocketOpenSSL::Disconnect() {
|
| channel_id_request_.Cancel();
|
| ssl_failure_state_ = SSL_FAILURE_NONE;
|
|
|
| - private_key_.reset();
|
| signature_result_ = kNoPendingResult;
|
| signature_.clear();
|
| }
|
| @@ -1044,7 +1015,7 @@ int SSLClientSocketOpenSSL::DoHandshake() {
|
| return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
|
| }
|
| if (ssl_error == SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) {
|
| - DCHECK(private_key_);
|
| + DCHECK(ssl_config_.client_private_key);
|
| DCHECK_NE(kNoPendingResult, signature_result_);
|
| GotoState(STATE_HANDSHAKE);
|
| return ERR_IO_PENDING;
|
| @@ -1510,7 +1481,7 @@ int SSLClientSocketOpenSSL::DoPayloadRead() {
|
| pending_read_error_ = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
|
| } else if (pending_read_ssl_error_ ==
|
| SSL_ERROR_WANT_PRIVATE_KEY_OPERATION) {
|
| - DCHECK(private_key_);
|
| + DCHECK(ssl_config_.client_private_key);
|
| DCHECK_NE(kNoPendingResult, signature_result_);
|
| pending_read_error_ = ERR_IO_PENDING;
|
| } else {
|
| @@ -1801,17 +1772,12 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
|
| }
|
|
|
| #if defined(OS_NACL)
|
| - OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY);
|
| - return -1;
|
| + OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY);
|
| + return -1;
|
| #else
|
| - // TODO(davidben): Lift this call up to the embedder so we can actually test
|
| - // this code. https://crbug.com/394131
|
| - private_key_ = FetchClientCertPrivateKey(
|
| - ssl_config_.client_cert.get(),
|
| - g_platform_key_task_runner.Get().task_runner());
|
| - if (!private_key_) {
|
| - // Could not find the private key. Fail the handshake and surface an
|
| - // appropriate error to the caller.
|
| + if (!ssl_config_.client_private_key) {
|
| + // The caller supplied a null private key. Fail the handshake and surface
|
| + // an appropriate error to the caller.
|
| LOG(WARNING) << "Client cert found without private key";
|
| OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_CERT_NO_PRIVATE_KEY);
|
| return -1;
|
| @@ -1820,7 +1786,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl) {
|
| SSL_set_private_key_method(ssl_, &SSLContext::kPrivateKeyMethod);
|
|
|
| std::vector<SSLPrivateKey::Hash> digest_prefs =
|
| - private_key_->GetDigestPreferences();
|
| + ssl_config_.client_private_key->GetDigestPreferences();
|
|
|
| size_t digests_len = digest_prefs.size();
|
| std::vector<int> digests;
|
| @@ -2077,7 +2043,7 @@ bool SSLClientSocketOpenSSL::IsRenegotiationAllowed() const {
|
| }
|
|
|
| int SSLClientSocketOpenSSL::PrivateKeyTypeCallback() {
|
| - switch (private_key_->GetType()) {
|
| + switch (ssl_config_.client_private_key->GetType()) {
|
| case SSLPrivateKey::Type::RSA:
|
| return EVP_PKEY_RSA;
|
| case SSLPrivateKey::Type::ECDSA:
|
| @@ -2088,7 +2054,7 @@ int SSLClientSocketOpenSSL::PrivateKeyTypeCallback() {
|
| }
|
|
|
| size_t SSLClientSocketOpenSSL::PrivateKeyMaxSignatureLenCallback() {
|
| - return private_key_->GetMaxSignatureLengthInBytes();
|
| + return ssl_config_.client_private_key->GetMaxSignatureLengthInBytes();
|
| }
|
|
|
| ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCallback(
|
| @@ -2100,7 +2066,7 @@ ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCallback(
|
| size_t in_len) {
|
| DCHECK_EQ(kNoPendingResult, signature_result_);
|
| DCHECK(signature_.empty());
|
| - DCHECK(private_key_);
|
| + DCHECK(ssl_config_.client_private_key);
|
|
|
| net_log_.BeginEvent(NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION);
|
|
|
| @@ -2111,7 +2077,7 @@ ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCallback(
|
| }
|
|
|
| signature_result_ = ERR_IO_PENDING;
|
| - private_key_->SignDigest(
|
| + ssl_config_.client_private_key->SignDigest(
|
| hash, base::StringPiece(reinterpret_cast<const char*>(in), in_len),
|
| base::Bind(&SSLClientSocketOpenSSL::OnPrivateKeySignComplete,
|
| weak_factory_.GetWeakPtr()));
|
| @@ -2123,7 +2089,7 @@ ssl_private_key_result_t SSLClientSocketOpenSSL::PrivateKeySignCompleteCallback(
|
| size_t* out_len,
|
| size_t max_out) {
|
| DCHECK_NE(kNoPendingResult, signature_result_);
|
| - DCHECK(private_key_);
|
| + DCHECK(ssl_config_.client_private_key);
|
|
|
| if (signature_result_ == ERR_IO_PENDING)
|
| return ssl_private_key_retry;
|
| @@ -2146,7 +2112,7 @@ void SSLClientSocketOpenSSL::OnPrivateKeySignComplete(
|
| const std::vector<uint8_t>& signature) {
|
| DCHECK_EQ(ERR_IO_PENDING, signature_result_);
|
| DCHECK(signature_.empty());
|
| - DCHECK(private_key_);
|
| + DCHECK(ssl_config_.client_private_key);
|
|
|
| net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION,
|
| error);
|
|
|
Chromium Code Reviews
Issue 1422573008:
Plumbing SSLPrivateKey (//net) (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master