Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(186)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/cert/x509_certificate_openssl.cc

Issue 401153002: Switch to BoringSSL. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase across DEPS change Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/cert_verify_proc_openssl.cc ('k') | net/http/des.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/cert/x509_certificate.h" 5 #include "net/cert/x509_certificate.h"
6 6
7 #include <openssl/asn1.h> 7 #include <openssl/asn1.h>
8 #include <openssl/bytestring.h>
8 #include <openssl/crypto.h> 9 #include <openssl/crypto.h>
9 #include <openssl/obj_mac.h> 10 #include <openssl/obj_mac.h>
10 #include <openssl/pem.h> 11 #include <openssl/pem.h>
11 #include <openssl/pkcs7.h>
12 #include <openssl/sha.h> 12 #include <openssl/sha.h>
13 #include <openssl/ssl.h> 13 #include <openssl/ssl.h>
14 #include <openssl/x509v3.h> 14 #include <openssl/x509v3.h>
15 15
16 #include "base/memory/singleton.h" 16 #include "base/memory/singleton.h"
17 #include "base/pickle.h" 17 #include "base/pickle.h"
18 #include "base/sha1.h" 18 #include "base/sha1.h"
19 #include "base/strings/string_number_conversions.h" 19 #include "base/strings/string_number_conversions.h"
20 #include "base/strings/string_util.h" 20 #include "base/strings/string_util.h"
21 #include "crypto/openssl_util.h" 21 #include "crypto/openssl_util.h"
(...skipping 11 matching lines...) Expand all
33 33
34 namespace { 34 namespace {
35 35
36 typedef crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>::Type 36 typedef crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free>::Type
37 ScopedGENERAL_NAMES; 37 ScopedGENERAL_NAMES;
38 38
39 void CreateOSCertHandlesFromPKCS7Bytes( 39 void CreateOSCertHandlesFromPKCS7Bytes(
40 const char* data, int length, 40 const char* data, int length,
41 X509Certificate::OSCertHandles* handles) { 41 X509Certificate::OSCertHandles* handles) {
42 crypto::EnsureOpenSSLInit(); 42 crypto::EnsureOpenSSLInit();
43 const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data); 43 crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);
44 crypto::ScopedOpenSSL<PKCS7, PKCS7_free>::Type pkcs7_cert(
45 d2i_PKCS7(NULL, &der_data, length));
46 if (!pkcs7_cert.get())
47 return;
48 44
49 STACK_OF(X509)* certs = NULL; 45 CBS der_data;
50 int nid = OBJ_obj2nid(pkcs7_cert.get()->type); 46 CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);
51 if (nid == NID_pkcs7_signed) { 47 STACK_OF(X509)* certs = sk_X509_new_null();
52 certs = pkcs7_cert.get()->d.sign->cert;
53 } else if (nid == NID_pkcs7_signedAndEnveloped) {
54 certs = pkcs7_cert.get()->d.signed_and_enveloped->cert;
55 }
56 48
57 if (certs) { 49 if (PKCS7_get_certificates(certs, &der_data)) {
58 for (int i = 0; i < sk_X509_num(certs); ++i) { 50 for (size_t i = 0; i < sk_X509_num(certs); ++i) {
59 X509* x509_cert = 51 X509* x509_cert =
60 X509Certificate::DupOSCertHandle(sk_X509_value(certs, i)); 52 X509Certificate::DupOSCertHandle(sk_X509_value(certs, i));
61 handles->push_back(x509_cert); 53 handles->push_back(x509_cert);
62 } 54 }
63 } 55 }
56 sk_X509_pop_free(certs, X509_free);
64 } 57 }
65 58
66 void ParsePrincipalValues(X509_NAME* name, 59 void ParsePrincipalValues(X509_NAME* name,
67 int nid, 60 int nid,
68 std::vector<std::string>* fields) { 61 std::vector<std::string>* fields) {
69 for (int index = -1; 62 for (int index = -1;
70 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) { 63 (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) {
71 std::string field; 64 std::string field;
72 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field)) 65 if (!x509_util::ParsePrincipalValueByIndex(name, index, &field))
73 break; 66 break;
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after
107 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1); 100 int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
108 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index); 101 X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index);
109 if (!alt_name_ext) 102 if (!alt_name_ext)
110 return; 103 return;
111 104
112 ScopedGENERAL_NAMES alt_names( 105 ScopedGENERAL_NAMES alt_names(
113 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext))); 106 reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext)));
114 if (!alt_names.get()) 107 if (!alt_names.get())
115 return; 108 return;
116 109
117 for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) { 110 for (size_t i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
118 const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i); 111 const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i);
119 if (name->type == GEN_DNS && dns_names) { 112 if (name->type == GEN_DNS && dns_names) {
120 const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName); 113 const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName);
121 if (!dns_name) 114 if (!dns_name)
122 continue; 115 continue;
123 int dns_name_len = ASN1_STRING_length(name->d.dNSName); 116 int dns_name_len = ASN1_STRING_length(name->d.dNSName);
124 dns_names->push_back( 117 dns_names->push_back(
125 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len)); 118 std::string(reinterpret_cast<const char*>(dns_name), dns_name_len));
126 } else if (name->type == GEN_IPADD && ip_addresses) { 119 } else if (name->type == GEN_IPADD && ip_addresses) {
127 const unsigned char* ip_addr = name->d.iPAddress->data; 120 const unsigned char* ip_addr = name->d.iPAddress->data;
(...skipping 374 matching lines...) Expand 10 before | Expand all | Expand 10 after
502 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin(); 495 for (OSCertHandles::iterator it = intermediate_ca_certs_.begin();
503 it != intermediate_ca_certs_.end(); ++it) { 496 it != intermediate_ca_certs_.end(); ++it) {
504 issuer = X509_get_issuer_name(*it); 497 issuer = X509_get_issuer_name(*it);
505 if (issuer == NULL) 498 if (issuer == NULL)
506 return false; 499 return false;
507 cert_names.push_back(issuer); 500 cert_names.push_back(issuer);
508 } 501 }
509 502
510 // and 'cert_names'. 503 // and 'cert_names'.
511 for (size_t n = 0; n < cert_names.size(); ++n) { 504 for (size_t n = 0; n < cert_names.size(); ++n) {
512 for (int m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) { 505 for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
513 X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m); 506 X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);
514 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) { 507 if (X509_NAME_cmp(issuer, cert_names[n]) == 0) {
515 return true; 508 return true;
516 } 509 }
517 } 510 }
518 } 511 }
519 512
520 return false; 513 return false;
521 } 514 }
522 515
523 } // namespace net 516 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/cert_verify_proc_openssl.cc ('k') | net/http/des.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698