net/base/openssl_private_key_store_android.cc - Issue 11031043: Fix handling of user and CA certificates on Android.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/base/openssl_private_key_store_android.cc

Issue 11031043: Fix handling of user and CA certificates on Android. (Closed) Base URL: http://git.chromium.org/chromium/src.git@master

Patch Set: Created 8 years, 2 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/base/openssl_private_key_store_android.cc

diff --git a/net/base/openssl_private_key_store_android.cc b/net/base/openssl_private_key_store_android.cc

index 3adc22238c381e482c382ba5624b3195467c05de..60ec2a4adfc61803d542d1df6e31ca931277f204 100644

--- a/net/base/openssl_private_key_store_android.cc

+++ b/net/base/openssl_private_key_store_android.cc

@@ -5,6 +5,7 @@

#include "net/base/openssl_private_key_store.h"

#include <openssl/evp.h>

+#include <openssl/x509.h>

#include "base/logging.h"

#include "base/memory/singleton.h"

@@ -19,17 +20,27 @@ class OpenSSLKeyStoreAndroid : public OpenSSLPrivateKeyStore {

public:

~OpenSSLKeyStoreAndroid() {}

- // TODO(joth): Use the |url| to help identify this key to the user.

- // Currently Android has no UI to list these stored private keys (and no

- // API to associate a name with them), so this is a non-issue.

virtual bool StorePrivateKey(const GURL& url, EVP_PKEY* pkey) {

+ // Always clear openssl errors on exit.

+ crypto::OpenSSLErrStackTracer err_trace(FROM_HERE);

+ // Important: Do not use i2d_PublicKey() here, which returns data in

+ // PKKCS#1 format, use i2d_PUBKEY() which returns it as DER-encoded

+ // SubjectPublicKeyInfo (X.509), as expected by the platform.

uint8* public_key = NULL;

- int public_len = i2d_PublicKey(pkey, &public_key);

+ int public_len = i2d_PUBKEY(pkey, &public_key);

+ // Important: Do not use i2d_PrivateKey() here, it returns data

+ // in a format that is incompatible with what the platform expects

+ // (i.e. this crashes the CertInstaller with an assertion error

+ // "error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag"

uint8* private_key = NULL;

- int private_len = i2d_PrivateKey(pkey, &private_key);

+ int private_len = 0;

+ PKCS8_PRIV_KEY_INFO* pkcs8 = EVP_PKEY2PKCS8(pkey);

+ if (pkcs8 != NULL) {

+ private_len = i2d_PKCS8_PRIV_KEY_INFO(pkcs8, &private_key);

+ PKCS8_PRIV_KEY_INFO_free(pkcs8);

+ }

bool ret = false;

- if (public_len && private_len) {

+ if (public_len > 0 && private_len > 0) {

ret = net::android::StoreKeyPair(public_key, public_len, private_key,

private_len);

}

« no previous file with comments | « net/base/mime_util.cc ('k') | no next file » | no next file with comments »