summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authoreranm@google.com <eranm@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2013-11-20 02:01:55 +0000
committereranm@google.com <eranm@google.com@0039d316-1c4b-4281-b951-d872f2087c98>2013-11-20 02:01:55 +0000
commite135ed5dab24ca11b00a67b2f154b37c2c03d94c (patch)
tree32de54658551f087637f735e98eb10bcba9bf08c
parent783b7d156fc041def17acca2863f7c7f8b3e6afc (diff)
downloadchromium_src-e135ed5dab24ca11b00a67b2f154b37c2c03d94c.zip
chromium_src-e135ed5dab24ca11b00a67b2f154b37c2c03d94c.tar.gz
chromium_src-e135ed5dab24ca11b00a67b2f154b37c2c03d94c.tar.bz2
Certificate Transparency: Address review comments from issue 65863002.
BUG=309578 Review URL: https://codereview.chromium.org/65533014 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@236097 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r--net/cert/ct_objects_extractor_nss.cc24
-rw-r--r--net/cert/scoped_nss_types.h26
-rw-r--r--net/net.gyp2
-rw-r--r--net/socket/ssl_client_socket_nss.cc10
4 files changed, 36 insertions, 26 deletions
diff --git a/net/cert/ct_objects_extractor_nss.cc b/net/cert/ct_objects_extractor_nss.cc
index 97b8590..0f353489e 100644
--- a/net/cert/ct_objects_extractor_nss.cc
+++ b/net/cert/ct_objects_extractor_nss.cc
@@ -13,6 +13,7 @@
#include "crypto/scoped_nss_types.h"
#include "crypto/sha2.h"
#include "net/cert/asn1_util.h"
+#include "net/cert/scoped_nss_types.h"
#include "net/cert/signed_certificate_timestamp.h"
namespace net {
@@ -21,16 +22,6 @@ namespace ct {
namespace {
-struct FreeCERTCertificate {
- public:
- inline void operator()(CERTCertificate* x) const {
- CERT_DestroyCertificate(x);
- }
-};
-
-typedef scoped_ptr_malloc<CERTCertificate, FreeCERTCertificate>
- ScopedCERTCertificate;
-
// Wrapper class to convert a X509Certificate::OSCertHandle directly
// into a CERTCertificate* usable with other NSS functions. This is used for
// platforms where X509Certificate::OSCertHandle refers to a different type
@@ -65,9 +56,9 @@ NSSCertWrapper::NSSCertWrapper(X509Certificate::OSCertHandle cert_handle) {
// The wire form of the OID 1.3.6.1.4.1.11129.2.4.2. See Section 3.3 of
// RFC6962.
-static const unsigned char kEmbeddedSCTOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
- 0xD6, 0x79, 0x02, 0x04, 0x02};
-static const char kEmbeddedSCTDescription[] =
+const unsigned char kEmbeddedSCTOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
+ 0xD6, 0x79, 0x02, 0x04, 0x02};
+const char kEmbeddedSCTDescription[] =
"X.509v3 Certificate Transparency Embedded Signed Certificate Timestamp "
"List";
@@ -131,11 +122,10 @@ bool GetOctetStringExtension(CERTCertificate* cert,
base::StringPiece raw_data(reinterpret_cast<char*>(extension.data),
extension.len);
base::StringPiece parsed_data;
- if (!asn1::GetElement(&raw_data, asn1::kOCTETSTRING, &parsed_data)) {
+ if (!asn1::GetElement(&raw_data, asn1::kOCTETSTRING, &parsed_data) ||
+ raw_data.size() > 0) { // Decoding failure or raw data left
rv = SECFailure;
} else {
- if (raw_data.size() > 0)
- return false; // leftover data
parsed_data.CopyToString(extension_data);
}
@@ -144,7 +134,7 @@ bool GetOctetStringExtension(CERTCertificate* cert,
}
// Given a |cert|, extract the TBSCertificate from this certificate, also
-// removing X.509 extensions with OID 1.3.6.1.4.1.11129.2.4.2 (that is,
+// removing the X.509 extension with OID 1.3.6.1.4.1.11129.2.4.2 (that is,
// the embedded SCT)
bool ExtractTBSCertWithoutSCTs(CERTCertificate* cert,
std::string* to_be_signed) {
diff --git a/net/cert/scoped_nss_types.h b/net/cert/scoped_nss_types.h
new file mode 100644
index 0000000..3e6d57d
--- /dev/null
+++ b/net/cert/scoped_nss_types.h
@@ -0,0 +1,26 @@
+// Copyright 2013 The Chromium Authors. All rights reserved.
+// // Use of this source code is governed by a BSD-style license that can be
+// // found in the LICENSE file.
+//
+#ifndef NET_CERT_SCOPED_NSS_TYPES_H_
+#define NET_CERT_SCOPED_NSS_TYPES_H_
+
+#include <cert.h>
+
+#include "base/memory/scoped_ptr.h"
+
+namespace net {
+
+struct FreeCERTCertificate {
+ public:
+ void operator()(CERTCertificate* x) const {
+ CERT_DestroyCertificate(x);
+ }
+};
+
+typedef scoped_ptr_malloc<CERTCertificate, FreeCERTCertificate>
+ ScopedCERTCertificate;
+
+} // namespace net
+
+#endif // NET_CERT_SCOPED_NSS_TYPES_H_
diff --git a/net/net.gyp b/net/net.gyp
index 8a7dd26..9b80bd4 100644
--- a/net/net.gyp
+++ b/net/net.gyp
@@ -290,6 +290,7 @@
'cert/nss_cert_database.h',
'cert/pem_tokenizer.cc',
'cert/pem_tokenizer.h',
+ 'cert/scoped_nss_types.h',
'cert/signed_certificate_timestamp.cc',
'cert/signed_certificate_timestamp.h',
'cert/single_request_cert_verifier.cc',
@@ -1274,6 +1275,7 @@
'cert/jwk_serializer_nss.cc',
'cert/nss_cert_database.cc',
'cert/nss_cert_database.h',
+ 'cert/scoped_nss_types.h',
'cert/test_root_certs_nss.cc',
'cert/x509_certificate_nss.cc',
'cert/x509_util_nss.cc',
diff --git a/net/socket/ssl_client_socket_nss.cc b/net/socket/ssl_client_socket_nss.cc
index 6f1910c..89eab14 100644
--- a/net/socket/ssl_client_socket_nss.cc
+++ b/net/socket/ssl_client_socket_nss.cc
@@ -93,6 +93,7 @@
#include "net/cert/asn1_util.h"
#include "net/cert/cert_status_flags.h"
#include "net/cert/cert_verifier.h"
+#include "net/cert/scoped_nss_types.h"
#include "net/cert/single_request_cert_verifier.h"
#include "net/cert/x509_certificate_net_log_param.h"
#include "net/cert/x509_util.h"
@@ -221,15 +222,6 @@ bool IsOCSPStaplingSupported() {
}
#endif
-class FreeCERTCertificate {
- public:
- inline void operator()(CERTCertificate* x) const {
- CERT_DestroyCertificate(x);
- }
-};
-typedef scoped_ptr_malloc<CERTCertificate, FreeCERTCertificate>
- ScopedCERTCertificate;
-
#if defined(OS_WIN)
// This callback is intended to be used with CertFindChainInStore. In addition