Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(403)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/socket/ssl_client_socket_openssl.cc

Issue 474663002: Remove manual CRYPTO_add calls. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: speling Created 6 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/cert/x509_certificate_openssl.cc ('k') | net/ssl/openssl_client_key_store.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 // OpenSSL binding for SSLClientSocket. The class layout and general principle 5 // OpenSSL binding for SSLClientSocket. The class layout and general principle
6 // of operation is derived from SSLClientSocketNSS. 6 // of operation is derived from SSLClientSocketNSS.
7 7
8 #include "net/socket/ssl_client_socket_openssl.h" 8 #include "net/socket/ssl_client_socket_openssl.h"
9 9
10 #include <errno.h> 10 #include <errno.h>
(...skipping 226 matching lines...) Expand 10 before | Expand all | Expand 10 after
237 237
238 SSLClientSocketOpenSSL::PeerCertificateChain& 238 SSLClientSocketOpenSSL::PeerCertificateChain&
239 SSLClientSocketOpenSSL::PeerCertificateChain::operator=( 239 SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
240 const PeerCertificateChain& other) { 240 const PeerCertificateChain& other) {
241 if (this == &other) 241 if (this == &other)
242 return *this; 242 return *this;
243 243
244 // os_chain_ is reference counted by scoped_refptr; 244 // os_chain_ is reference counted by scoped_refptr;
245 os_chain_ = other.os_chain_; 245 os_chain_ = other.os_chain_;
246 246
247 // Must increase the reference count manually for sk_X509_dup 247 openssl_chain_.reset(X509_chain_up_ref(other.openssl_chain_.get()));
248 openssl_chain_.reset(sk_X509_dup(other.openssl_chain_.get())); 248
249 for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
250 X509* x = sk_X509_value(openssl_chain_.get(), i);
251 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
252 }
253 return *this; 249 return *this;
254 } 250 }
255 251
256 #if defined(USE_OPENSSL_CERTS) 252 #if defined(USE_OPENSSL_CERTS)
257 // When OSCertHandle is typedef'ed to X509, this implementation does a short cut 253 // When OSCertHandle is typedef'ed to X509, this implementation does a short cut
258 // to avoid converting back and forth between der and X509 struct. 254 // to avoid converting back and forth between der and X509 struct.
259 void SSLClientSocketOpenSSL::PeerCertificateChain::Reset( 255 void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
260 STACK_OF(X509)* chain) { 256 STACK_OF(X509)* chain) {
261 openssl_chain_.reset(NULL); 257 openssl_chain_.reset(NULL);
262 os_chain_ = NULL; 258 os_chain_ = NULL;
263 259
264 if (!chain) 260 if (!chain)
265 return; 261 return;
266 262
267 X509Certificate::OSCertHandles intermediates; 263 X509Certificate::OSCertHandles intermediates;
268 for (size_t i = 1; i < sk_X509_num(chain); ++i) 264 for (size_t i = 1; i < sk_X509_num(chain); ++i)
269 intermediates.push_back(sk_X509_value(chain, i)); 265 intermediates.push_back(sk_X509_value(chain, i));
270 266
271 os_chain_ = 267 os_chain_ =
272 X509Certificate::CreateFromHandle(sk_X509_value(chain, 0), intermediates); 268 X509Certificate::CreateFromHandle(sk_X509_value(chain, 0), intermediates);
273 269
274 // sk_X509_dup does not increase reference count on the certs in the stack. 270 openssl_chain_.reset(X509_chain_up_ref(chain));
275 openssl_chain_.reset(sk_X509_dup(chain));
276
277 std::vector<base::StringPiece> der_chain;
278 for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
279 X509* x = sk_X509_value(openssl_chain_.get(), i);
280 // Increase the reference count for the certs in openssl_chain_.
281 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
282 }
283 } 271 }
284 #else // !defined(USE_OPENSSL_CERTS) 272 #else // !defined(USE_OPENSSL_CERTS)
285 void SSLClientSocketOpenSSL::PeerCertificateChain::Reset( 273 void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
286 STACK_OF(X509)* chain) { 274 STACK_OF(X509)* chain) {
287 openssl_chain_.reset(NULL); 275 openssl_chain_.reset(NULL);
288 os_chain_ = NULL; 276 os_chain_ = NULL;
289 277
290 if (!chain) 278 if (!chain)
291 return; 279 return;
292 280
293 // sk_X509_dup does not increase reference count on the certs in the stack. 281 openssl_chain_.reset(X509_chain_up_ref(chain));
294 openssl_chain_.reset(sk_X509_dup(chain));
295 282
296 std::vector<base::StringPiece> der_chain; 283 std::vector<base::StringPiece> der_chain;
297 for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) { 284 for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
298 X509* x = sk_X509_value(openssl_chain_.get(), i); 285 X509* x = sk_X509_value(openssl_chain_.get(), i);
299 286
300 // Increase the reference count for the certs in openssl_chain_.
301 CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
302
303 unsigned char* cert_data = NULL; 287 unsigned char* cert_data = NULL;
304 int cert_data_length = i2d_X509(x, &cert_data); 288 int cert_data_length = i2d_X509(x, &cert_data);
305 if (cert_data_length && cert_data) 289 if (cert_data_length && cert_data)
306 der_chain.push_back(base::StringPiece(reinterpret_cast<char*>(cert_data), 290 der_chain.push_back(base::StringPiece(reinterpret_cast<char*>(cert_data),
307 cert_data_length)); 291 cert_data_length));
308 } 292 }
309 293
310 os_chain_ = X509Certificate::CreateFromDERCertChain(der_chain); 294 os_chain_ = X509Certificate::CreateFromDERCertChain(der_chain);
311 295
312 for (size_t i = 0; i < der_chain.size(); ++i) { 296 for (size_t i = 0; i < der_chain.size(); ++i) {
(...skipping 1322 matching lines...) Expand 10 before | Expand all | Expand 10 after
1635 if (handshake_succeeded_ && marked_session_as_good_) 1619 if (handshake_succeeded_ && marked_session_as_good_)
1636 OnHandshakeCompletion(); 1620 OnHandshakeCompletion();
1637 } 1621 }
1638 1622
1639 scoped_refptr<X509Certificate> 1623 scoped_refptr<X509Certificate>
1640 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const { 1624 SSLClientSocketOpenSSL::GetUnverifiedServerCertificateChain() const {
1641 return server_cert_; 1625 return server_cert_;
1642 } 1626 }
1643 1627
1644 } // namespace net 1628 } // namespace net
OLDNEW
« no previous file with comments | « net/cert/x509_certificate_openssl.cc ('k') | net/ssl/openssl_client_key_store.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698