zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Formatted sslidenty.cc and moved non referenced functions into an

Browse Source 
anonymous namespace.

There is some really scary code in this function that I did not refactor in
this change. I believe the ASN parsing code should be removed completely
and have attached TODOs to do this once we have a correct test suite to validate
the functionality. I am almost certain openssl has functions that do this
better.

Bug: webrtc:9860
Change-Id: Ice06079eb1e5b10bdb2ee45ae45cbfb2ce8f6f13
Reviewed-on: https://webrtc-review.googlesource.com/c/108206
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Reviewed-by: Karl Wiberg <kwiberg@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25404}
This commit is contained in:
Benjamin Wright
2018-10-28 18:39:00 -07:00
committed by Commit Bot
parent 428320c776
commit 22a8f98dd5
1 changed files with 86 additions and 89 deletions
Download Patch File Download Diff File Expand all files Collapse all files

175
rtc_base/sslidentity.cc
View File

@ -24,6 +24,82 @@
namespace rtc {
//////////////////////////////////////////////////////////////////////
// Helper Functions
//////////////////////////////////////////////////////////////////////
namespace {
// Read |n| bytes from ASN1 number string at *|pp| and return the numeric value.
// Update *|pp| and *|np| to reflect number of read bytes.
// TODO(bugs.webrtc.org/9860) - Remove this code.
inline int ASN1ReadInt(const unsigned char** pp, size_t* np, size_t n) {
const unsigned char* p = *pp;
int x = 0;
for (size_t i = 0; i < n; i++) {
x = 10 * x + p[i] - '0';
}
*pp = p + n;
*np = *np - n;
return x;
}
} // namespace
// TODO(bugs.webrtc.org/9860) - Remove this code.
int64_t ASN1TimeToSec(const unsigned char* s, size_t length, bool long_format) {
size_t bytes_left = length;
// Make sure the string ends with Z. Doing it here protects the strspn call
// from running off the end of the string in Z's absense.
if (length == 0 || s[length - 1] != 'Z') {
return -1;
}
// Make sure we only have ASCII digits so that we don't need to clutter the
// code below and ASN1ReadInt with error checking.
size_t n = strspn(reinterpret_cast<const char*>(s), "0123456789");
if (n + 1 != length) {
return -1;
}
// Read out ASN1 year, in either 2-char "UTCTIME" or 4-char "GENERALIZEDTIME"
// format. Both format use UTC in this context.
int year = 0;
if (long_format) {
// ASN1 format: yyyymmddhh[mm[ss[.fff]]]Z where the Z is literal, but
// RFC 5280 requires us to only support exactly yyyymmddhhmmssZ.
if (bytes_left < 11) {
return -1;
}
year = ASN1ReadInt(&s, &bytes_left, 4);
year -= 1900;
} else {
// ASN1 format: yymmddhhmm[ss]Z where the Z is literal, but RFC 5280
// requires us to only support exactly yymmddhhmmssZ.
if (bytes_left < 9) {
return -1;
}
year = ASN1ReadInt(&s, &bytes_left, 2);
// Per RFC 5280 4.1.2.5.1
if (year < 50) {
year += 100;
}
}
// Read out remaining ASN1 time data and store it in |tm| in documented
// std::tm format.
tm tm;
tm.tm_year = year;
tm.tm_mon = ASN1ReadInt(&s, &bytes_left, 2) - 1;
tm.tm_mday = ASN1ReadInt(&s, &bytes_left, 2);
tm.tm_hour = ASN1ReadInt(&s, &bytes_left, 2);
tm.tm_min = ASN1ReadInt(&s, &bytes_left, 2);
tm.tm_sec = ASN1ReadInt(&s, &bytes_left, 2);
// Now just Z should remain. Its existence was asserted above.
if (bytes_left != 1) {
return -1;
}
return TmToSeconds(tm);
}
//////////////////////////////////////////////////////////////////////
// KeyParams
//////////////////////////////////////////////////////////////////////
@ -92,22 +168,21 @@ KeyType IntKeyTypeFamilyToKeyType(int key_type_family) {
bool SSLIdentity::PemToDer(const std::string& pem_type,
const std::string& pem_string,
std::string* der) {
// Find the inner body. We need this to fulfill the contract of
// returning pem_length.
// Find the inner body. We need this to fulfill the contract of returning
// pem_length.
size_t header = pem_string.find("-----BEGIN " + pem_type + "-----");
if (header == std::string::npos)
if (header == std::string::npos) {
return false;
}
size_t body = pem_string.find("\n", header);
if (body == std::string::npos)
if (body == std::string::npos) {
return false;
}
size_t trailer = pem_string.find("-----END " + pem_type + "-----");
if (trailer == std::string::npos)
if (trailer == std::string::npos) {
return false;
}
std::string inner = pem_string.substr(body + 1, trailer - (body + 1));
*der = Base64::Decode(inner, Base64::DO_PARSE_WHITE | Base64::DO_PAD_ANY |
Base64::DO_TERM_BUFFER);
return true;
@ -117,14 +192,12 @@ std::string SSLIdentity::DerToPem(const std::string& pem_type,
const unsigned char* data,
size_t length) {
rtc::StringBuilder result;
result << "-----BEGIN " << pem_type << "-----\n";
std::string b64_encoded;
Base64::EncodeFromArray(data, length, &b64_encoded);
// Divide the Base-64 encoded data into 64-character chunks, as per
// 4.3.2.4 of RFC 1421.
// Divide the Base-64 encoded data into 64-character chunks, as per 4.3.2.4
// of RFC 1421.
static const size_t kChunkSize = 64;
size_t chunks = (b64_encoded.size() + (kChunkSize - 1)) / kChunkSize;
for (size_t i = 0, chunk_offset = 0; i < chunks;
@ -132,9 +205,7 @@ std::string SSLIdentity::DerToPem(const std::string& pem_type,
result << b64_encoded.substr(chunk_offset, kChunkSize);
result << "\n";
}
result << "-----END " << pem_type << "-----\n";
return result.Release();
}
@ -185,78 +256,4 @@ bool operator!=(const SSLIdentity& a, const SSLIdentity& b) {
return !(a == b);
}
//////////////////////////////////////////////////////////////////////
// Helper Functions
//////////////////////////////////////////////////////////////////////
// Read |n| bytes from ASN1 number string at *|pp| and return the numeric value.
// Update *|pp| and *|np| to reflect number of read bytes.
static inline int ASN1ReadInt(const unsigned char** pp, size_t* np, size_t n) {
const unsigned char* p = *pp;
int x = 0;
for (size_t i = 0; i < n; i++)
x = 10 * x + p[i] - '0';
*pp = p + n;
*np = *np - n;
return x;
}
int64_t ASN1TimeToSec(const unsigned char* s, size_t length, bool long_format) {
size_t bytes_left = length;
// Make sure the string ends with Z. Doing it here protects the strspn call
// from running off the end of the string in Z's absense.
if (length == 0 || s[length - 1] != 'Z')
return -1;
// Make sure we only have ASCII digits so that we don't need to clutter the
// code below and ASN1ReadInt with error checking.
size_t n = strspn(reinterpret_cast<const char*>(s), "0123456789");
if (n + 1 != length)
return -1;
int year;
// Read out ASN1 year, in either 2-char "UTCTIME" or 4-char "GENERALIZEDTIME"
// format. Both format use UTC in this context.
if (long_format) {
// ASN1 format: yyyymmddhh[mm[ss[.fff]]]Z where the Z is literal, but
// RFC 5280 requires us to only support exactly yyyymmddhhmmssZ.
if (bytes_left < 11)
return -1;
year = ASN1ReadInt(&s, &bytes_left, 4);
year -= 1900;
} else {
// ASN1 format: yymmddhhmm[ss]Z where the Z is literal, but RFC 5280
// requires us to only support exactly yymmddhhmmssZ.
if (bytes_left < 9)
return -1;
year = ASN1ReadInt(&s, &bytes_left, 2);
if (year < 50) // Per RFC 5280 4.1.2.5.1
year += 100;
}
tm tm;
tm.tm_year = year;
// Read out remaining ASN1 time data and store it in |tm| in documented
// std::tm format.
tm.tm_mon = ASN1ReadInt(&s, &bytes_left, 2) - 1;
tm.tm_mday = ASN1ReadInt(&s, &bytes_left, 2);
tm.tm_hour = ASN1ReadInt(&s, &bytes_left, 2);
tm.tm_min = ASN1ReadInt(&s, &bytes_left, 2);
tm.tm_sec = ASN1ReadInt(&s, &bytes_left, 2);
if (bytes_left != 1) {
// Now just Z should remain. Its existence was asserted above.
return -1;
}
return TmToSeconds(tm);
}
} // namespace rtc