content/renderer/webcrypto/crypto_data.h - Issue 155623005: Refactor to share more code between OpenSSL and NSS implementations.

Side by Side Diff: content/renderer/webcrypto/crypto_data.h

Issue 155623005: Refactor to share more code between OpenSSL and NSS implementations. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Fix for openssl Created 6 years, 10 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
(Empty)
	1 // Copyright (c) 2014 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #ifndef CONTENT_RENDERER_WEBCRYPTO_CRYPTO_DATA_

	6 #define CONTENT_RENDERER_WEBCRYPTO_CRYPTO_DATA_

	7

	8 #include <string>

	9 #include <vector>

	10

	11 #include "base/basictypes.h"

	12 #include "content/common/content_export.h"

	13

	14 namespace blink {

	15 class WebArrayBuffer;

	16 }

	17

	18 namespace content {

	19

	20 namespace webcrypto {

	21

	22 // Helper to pass around a range of immutable bytes. This is conceptually

	23 // similar to StringPiece, but for crypto byte data.
	Ryan Sleevi 2014/02/07 01:19:21 base::StringPiece base::StringPiece eroman 2014/02/07 21:15:57 Done. Show quoted text On 2014/02/07 01:19:21, Ryan Sleevi wrote: > base::StringPiece Done.
	24 //

	25 // The data used at construction is NOT owned, and should remain valid as long

	26 // as the CryptoData is being used.

	27 class CONTENT_EXPORT CryptoData {

	28 public:

	29 // Constructs empty data.

	30 CryptoData();

	31

	32 CryptoData(const unsigned char* bytes, unsigned int byte_length);

	33

	34 // Allow implicit conversions for convenience.

	35 CryptoData(const std::vector<unsigned char>& bytes);

	36 CryptoData(const std::string& bytes);

	37 CryptoData(const blink::WebArrayBuffer& buffer);
	Ryan Sleevi 2014/02/07 01:19:21 style guide says: boo http://google-styleguide.go style guide says: boo http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Explic... eroman 2014/02/07 21:15:57 I am aware of the style guide, however I was model Show quoted text On 2014/02/07 01:19:21, Ryan Sleevi wrote: > style guide says: boo > > http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Explic... > I am aware of the style guide, however I was modelling after base::StringPiece which uses implicit constructors. I will switch it to explicit and upload as separate patchset, since it has a large impact on the unittests (which largely work with std::vectors).
	38

	39 const unsigned char* bytes() const { return bytes_; }

	40 unsigned int byte_length() const { return byte_length_; }

	41

	42 private:

	43 const unsigned char* bytes_;

	44 const unsigned int byte_length_;

	45

	46 // Copying would not be safe, since the data is not owned.

	47 DISALLOW_COPY_AND_ASSIGN(CryptoData);
	Ryan Sleevi 2014/02/07 01:19:21 This comment doesn't make any sense. Just because This comment doesn't make any sense. Just because the data isn't owned doesn't mean it can't be copied. StringPiece can be copied. It can also slice data. eroman 2014/02/07 21:15:57 Copies are dangerous, since they encourage develop Show quoted text On 2014/02/07 01:19:21, Ryan Sleevi wrote: > This comment doesn't make any sense. Just because the data isn't owned doesn't > mean it can't be copied. > > StringPiece can be copied. It can also slice data. Copies are dangerous, since they encourage developpers to pass around copies, perhaps not realizing that the underlying memory is now owned. I'll remove the comment, but I stand by it as being a meaningful restriction. Ryan Sleevi 2014/02/07 21:18:49 I still don't believe this does anything to reduce Show quoted text On 2014/02/07 21:15:57, eroman wrote: > On 2014/02/07 01:19:21, Ryan Sleevi wrote: > > This comment doesn't make any sense. Just because the data isn't owned doesn't > > mean it can't be copied. > > > > StringPiece can be copied. It can also slice data. > > Copies are dangerous, since they encourage developpers to pass around copies, > perhaps not realizing that the underlying memory is now owned. > > I'll remove the comment, but I stand by it as being a meaningful restriction. I still don't believe this does anything to reduce the danger. It's still incredibly easy to misuse this class CryptoData foo(SomethingReturnsAString()); foo.bytes(); // INVALID If you're going to have a class not take ownership (which is fine, I think), then I don't think it makes sense to suggest that some things are more dangerous than others, given how much you're allowing for potential misuse.
	48 };

	49

	50 } // namespace webcrypto

	51

	52 } // namespace content

	53

	54 #endif // CONTENT_RENDERER_WEBCRYPTO_CRYPTO_DATA_

OLD	NEW

« no previous file with comments | « content/content_tests.gypi ('k') | content/renderer/webcrypto/crypto_data.cc » ('j') | content/renderer/webcrypto/crypto_data.cc » ('J')