Make X509Certificate creation fail if X509Certificate::Initialize fails.

net/cert/x509_certificate_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include "base/macros.h"
 #include "base/memory/singleton.h"
 #include "base/numerics/safe_conversions.h"
 #include "base/pickle.h"
@@ skipping 50 matching lines @@
                           std::vector<std::string>* fields) {
   for (int index = -1;
        (index = X509_NAME_get_index_by_NID(name, nid, index)) != -1;) {
     std::string field;
     if (!x509_util::ParsePrincipalValueByIndex(name, index, &field))
       break;
     fields->push_back(field);
   }
 }
 
-void ParsePrincipal(X509Certificate::OSCertHandle cert,
+bool ParsePrincipal(X509Certificate::OSCertHandle cert,
                     X509_NAME* x509_name,
                     CertPrincipal* principal) {
   if (!x509_name)
-    return;
+    return false;
 
   ParsePrincipalValues(x509_name, NID_streetAddress,
                        &principal->street_addresses);
   ParsePrincipalValues(x509_name, NID_organizationName,
                        &principal->organization_names);
   ParsePrincipalValues(x509_name, NID_organizationalUnitName,
                        &principal->organization_unit_names);
   ParsePrincipalValues(x509_name, NID_domainComponent,
                        &principal->domain_components);
 
   x509_util::ParsePrincipalValueByNID(x509_name, NID_commonName,
                                       &principal->common_name);
   x509_util::ParsePrincipalValueByNID(x509_name, NID_localityName,
                                       &principal->locality_name);
   x509_util::ParsePrincipalValueByNID(x509_name, NID_stateOrProvinceName,
                                       &principal->state_or_province_name);
   x509_util::ParsePrincipalValueByNID(x509_name, NID_countryName,
                                       &principal->country_name);
+  return true;
 }
 
 bool ParseSubjectAltName(X509Certificate::OSCertHandle cert,
                          std::vector<std::string>* dns_names,
                          std::vector<std::string>* ip_addresses) {
   int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
   X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index);
   if (!alt_name_ext)
     return false;
 
@@ skipping 75 matching lines @@
 }
 
 // static
 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
   // Decrement the ref-count for the cert and, if all references are gone,
   // free the memory and any application-specific data associated with the
   // certificate.
   X509_free(cert_handle);
 }
 
-void X509Certificate::Initialize() {
+bool X509Certificate::Initialize() {
   crypto::EnsureOpenSSLInit();
 
   ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_);
-  if (serial_num) {
-    // ASN1_INTEGERS represent the decoded number, in a format internal to
-    // OpenSSL. Most notably, this may have leading zeroes stripped off for
-    // numbers whose first byte is >= 0x80. Thus, it is necessary to
-    // re-encoded the integer back into DER, which is what the interface
-    // of X509Certificate exposes, to ensure callers get the proper (DER)
-    // value.
-    int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL);
-    unsigned char* buffer = reinterpret_cast<unsigned char*>(
-        base::WriteInto(&serial_number_, bytes_required + 1));
-    int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
-    DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
-  }
+  if (!serial_num)
+    return false;
+  // ASN1_INTEGERS represent the decoded number, in a format internal to
+  // OpenSSL. Most notably, this may have leading zeroes stripped off for
+  // numbers whose first byte is >= 0x80. Thus, it is necessary to
+  // re-encoded the integer back into DER, which is what the interface
+  // of X509Certificate exposes, to ensure callers get the proper (DER)
+  // value.
+  int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL);
+  unsigned char* buffer = reinterpret_cast<unsigned char*>(
+      base::WriteInto(&serial_number_, bytes_required + 1));
+  int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
+  DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
 
-  ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_);
-  ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_), &issuer_);
-  x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_);
-  x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_);
+  return (
+      ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_),
+                     &subject_) &&
+      ParsePrincipal(cert_handle_, X509_get_issuer_name(cert_handle_),
+                     &issuer_) &&
+      x509_util::ParseDate(X509_get_notBefore(cert_handle_), &valid_start_) &&
+      x509_util::ParseDate(X509_get_notAfter(cert_handle_), &valid_expiry_));
 }
 
 // static
 void X509Certificate::ResetCertStore() {
   X509InitSingleton::GetInstance()->ResetCertStore();
 }
 
 // static
 SHA256HashValue X509Certificate::CalculateFingerprint256(OSCertHandle cert) {
   SHA256HashValue sha256;
@@ skipping 212 matching lines @@
 bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
   bssl::UniquePtr<EVP_PKEY> scoped_key(X509_get_pubkey(cert_handle));
   if (!scoped_key)
     return false;
   if (!X509_verify(cert_handle, scoped_key.get()))
     return false;
   return X509_check_issued(cert_handle, cert_handle) == X509_V_OK;
 }
 
 }  // namespace net