Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(614)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/cert_verify_proc_openssl.cc

Issue 401153002: Switch to BoringSSL. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase across DEPS change Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/android/keystore_unittest.cc ('k') | net/cert/x509_certificate_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/cert_verify_proc_openssl.h" 5 #include "net/cert/cert_verify_proc_openssl.h"
6 6
7 #include <openssl/x509v3.h> 7 #include <openssl/x509v3.h>
8 8
9 #include <string> 9 #include <string>
10 #include <vector> 10 #include <vector>
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after
94 // param directly. 94 // param directly.
95 void sk_X509_free_fn(STACK_OF(X509)* st) { 95 void sk_X509_free_fn(STACK_OF(X509)* st) {
96 sk_X509_free(st); 96 sk_X509_free(st);
97 } 97 }
98 98
99 void GetCertChainInfo(X509_STORE_CTX* store_ctx, 99 void GetCertChainInfo(X509_STORE_CTX* store_ctx,
100 CertVerifyResult* verify_result) { 100 CertVerifyResult* verify_result) {
101 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); 101 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);
102 X509* verified_cert = NULL; 102 X509* verified_cert = NULL;
103 std::vector<X509*> verified_chain; 103 std::vector<X509*> verified_chain;
104 for (int i = 0; i < sk_X509_num(chain); ++i) { 104 for (size_t i = 0; i < sk_X509_num(chain); ++i) {
105 X509* cert = sk_X509_value(chain, i); 105 X509* cert = sk_X509_value(chain, i);
106 if (i == 0) { 106 if (i == 0) {
107 verified_cert = cert; 107 verified_cert = cert;
108 } else { 108 } else {
109 verified_chain.push_back(cert); 109 verified_chain.push_back(cert);
110 } 110 }
111 111
112 // Only check the algorithm status for certificates that are not in the 112 // Only check the algorithm status for certificates that are not in the
113 // trust store. 113 // trust store.
114 if (i < store_ctx->last_untrusted) { 114 if (i < static_cast<size_t>(store_ctx->last_untrusted)) {
115 int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm); 115 int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm);
116 if (sig_alg == NID_md2WithRSAEncryption) { 116 if (sig_alg == NID_md2WithRSAEncryption) {
117 verify_result->has_md2 = true; 117 verify_result->has_md2 = true;
118 } else if (sig_alg == NID_md4WithRSAEncryption) { 118 } else if (sig_alg == NID_md4WithRSAEncryption) {
119 verify_result->has_md4 = true; 119 verify_result->has_md4 = true;
120 } else if (sig_alg == NID_md5WithRSAEncryption) { 120 } else if (sig_alg == NID_md5WithRSAEncryption) {
121 verify_result->has_md5 = true; 121 verify_result->has_md5 = true;
122 } 122 }
123 } 123 }
124 } 124 }
(...skipping 19 matching lines...) Expand all
144 TestRootCerts* root_certs = TestRootCerts::GetInstance(); 144 TestRootCerts* root_certs = TestRootCerts::GetInstance();
145 if (root_certs->Contains(root)) 145 if (root_certs->Contains(root))
146 verify_result->is_issued_by_known_root = false; 146 verify_result->is_issued_by_known_root = false;
147 } 147 }
148 } 148 }
149 } 149 }
150 150
151 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx, 151 void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx,
152 HashValueVector* hashes) { 152 HashValueVector* hashes) {
153 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx); 153 STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);
154 for (int i = 0; i < sk_X509_num(chain); ++i) { 154 for (size_t i = 0; i < sk_X509_num(chain); ++i) {
155 X509* cert = sk_X509_value(chain, i); 155 X509* cert = sk_X509_value(chain, i);
156 156
157 std::string der_data; 157 std::string der_data;
158 if (!X509Certificate::GetDEREncoded(cert, &der_data)) 158 if (!X509Certificate::GetDEREncoded(cert, &der_data))
159 continue; 159 continue;
160 160
161 base::StringPiece der_bytes(der_data); 161 base::StringPiece der_bytes(der_data);
162 base::StringPiece spki_bytes; 162 base::StringPiece spki_bytes;
163 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes)) 163 if (!asn1::ExtractSPKIFromDERCert(der_bytes, &spki_bytes))
164 continue; 164 continue;
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
232 232
233 GetCertChainInfo(ctx.get(), verify_result); 233 GetCertChainInfo(ctx.get(), verify_result);
234 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes); 234 AppendPublicKeyHashes(ctx.get(), &verify_result->public_key_hashes);
235 if (IsCertStatusError(verify_result->cert_status)) 235 if (IsCertStatusError(verify_result->cert_status))
236 return MapCertStatusToNetError(verify_result->cert_status); 236 return MapCertStatusToNetError(verify_result->cert_status);
237 237
238 return OK; 238 return OK;
239 } 239 }
240 240
241 } // namespace net 241 } // namespace net
OLDNEW
« no previous file with comments | « net/android/keystore_unittest.cc ('k') | net/cert/x509_certificate_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698