summaryrefslogtreecommitdiffstats
path: root/net/cert
diff options
context:
space:
mode:
Diffstat (limited to 'net/cert')
-rw-r--r--net/cert/cert_verify_proc_openssl.cc6
-rw-r--r--net/cert/x509_certificate_openssl.cc27
2 files changed, 20 insertions, 13 deletions
diff --git a/net/cert/cert_verify_proc_openssl.cc b/net/cert/cert_verify_proc_openssl.cc
index 7643240..0122fac 100644
--- a/net/cert/cert_verify_proc_openssl.cc
+++ b/net/cert/cert_verify_proc_openssl.cc
@@ -101,7 +101,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);
X509* verified_cert = NULL;
std::vector<X509*> verified_chain;
- for (size_t i = 0; i < sk_X509_num(chain); ++i) {
+ for (int i = 0; i < sk_X509_num(chain); ++i) {
X509* cert = sk_X509_value(chain, i);
if (i == 0) {
verified_cert = cert;
@@ -111,7 +111,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
// Only check the algorithm status for certificates that are not in the
// trust store.
- if (i < static_cast<size_t>(store_ctx->last_untrusted)) {
+ if (i < store_ctx->last_untrusted) {
int sig_alg = OBJ_obj2nid(cert->sig_alg->algorithm);
if (sig_alg == NID_md2WithRSAEncryption) {
verify_result->has_md2 = true;
@@ -151,7 +151,7 @@ void GetCertChainInfo(X509_STORE_CTX* store_ctx,
void AppendPublicKeyHashes(X509_STORE_CTX* store_ctx,
HashValueVector* hashes) {
STACK_OF(X509)* chain = X509_STORE_CTX_get_chain(store_ctx);
- for (size_t i = 0; i < sk_X509_num(chain); ++i) {
+ for (int i = 0; i < sk_X509_num(chain); ++i) {
X509* cert = sk_X509_value(chain, i);
std::string der_data;
diff --git a/net/cert/x509_certificate_openssl.cc b/net/cert/x509_certificate_openssl.cc
index 504f3ae..005423ba 100644
--- a/net/cert/x509_certificate_openssl.cc
+++ b/net/cert/x509_certificate_openssl.cc
@@ -5,10 +5,10 @@
#include "net/cert/x509_certificate.h"
#include <openssl/asn1.h>
-#include <openssl/bytestring.h>
#include <openssl/crypto.h>
#include <openssl/obj_mac.h>
#include <openssl/pem.h>
+#include <openssl/pkcs7.h>
#include <openssl/sha.h>
#include <openssl/ssl.h>
#include <openssl/x509v3.h>
@@ -40,20 +40,27 @@ void CreateOSCertHandlesFromPKCS7Bytes(
const char* data, int length,
X509Certificate::OSCertHandles* handles) {
crypto::EnsureOpenSSLInit();
- crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);
+ const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data);
+ crypto::ScopedOpenSSL<PKCS7, PKCS7_free>::Type pkcs7_cert(
+ d2i_PKCS7(NULL, &der_data, length));
+ if (!pkcs7_cert.get())
+ return;
- CBS der_data;
- CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);
- STACK_OF(X509)* certs = sk_X509_new_null();
+ STACK_OF(X509)* certs = NULL;
+ int nid = OBJ_obj2nid(pkcs7_cert.get()->type);
+ if (nid == NID_pkcs7_signed) {
+ certs = pkcs7_cert.get()->d.sign->cert;
+ } else if (nid == NID_pkcs7_signedAndEnveloped) {
+ certs = pkcs7_cert.get()->d.signed_and_enveloped->cert;
+ }
- if (PKCS7_get_certificates(certs, &der_data)) {
- for (size_t i = 0; i < sk_X509_num(certs); ++i) {
+ if (certs) {
+ for (int i = 0; i < sk_X509_num(certs); ++i) {
X509* x509_cert =
X509Certificate::DupOSCertHandle(sk_X509_value(certs, i));
handles->push_back(x509_cert);
}
}
- sk_X509_pop_free(certs, X509_free);
}
void ParsePrincipalValues(X509_NAME* name,
@@ -107,7 +114,7 @@ void ParseSubjectAltName(X509Certificate::OSCertHandle cert,
if (!alt_names.get())
return;
- for (size_t i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
+ for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i);
if (name->type == GEN_DNS && dns_names) {
const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName);
@@ -502,7 +509,7 @@ bool X509Certificate::IsIssuedByEncoded(
// and 'cert_names'.
for (size_t n = 0; n < cert_names.size(); ++n) {
- for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
+ for (int m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {
X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);
if (X509_NAME_cmp(issuer, cert_names[n]) == 0) {
return true;