X509CertificateBytes: Allow invalid serial numbers for now.

net/cert/x509_certificate_bytes.cc

 // Copyright 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
 #include "base/numerics/safe_conversions.h"
 #include "base/pickle.h"
 #include "crypto/openssl_util.h"
 #include "net/base/ip_address.h"
@@ skipping 24 matching lines @@
   base::Time::Exploded exploded = {0};
   exploded.year = generalized.year;
   exploded.month = generalized.month;
   exploded.day_of_month = generalized.day;
   exploded.hour = generalized.hours;
   exploded.minute = generalized.minutes;
   exploded.second = generalized.seconds;
   return base::Time::FromUTCExploded(exploded, result);
 }
 
+ParseCertificateOptions DefaultParseCertificateOptions() {
+  ParseCertificateOptions options;
+  options.allow_invalid_serial_numbers = true;
+  return options;
+}
+
 // Sets |value| to the Value from a DER Sequence Tag-Length-Value and return
 // true, or return false if the TLV was not a valid DER Sequence.
 WARN_UNUSED_RESULT bool GetSequenceValue(const der::Input& tlv,
                                          der::Input* value) {
   der::Parser parser(tlv);
   return parser.ReadTag(der::kSequence, value) && !parser.HasMore();
 }
 
 // Normalize |cert|'s Issuer and store it in |out_normalized_issuer|, returning
 // true on success or false if there was a parsing error.
 bool GetNormalizedCertIssuer(CRYPTO_BUFFER* cert,
                              std::string* out_normalized_issuer) {
   der::Input tbs_certificate_tlv;
   der::Input signature_algorithm_tlv;
   der::BitString signature_value;
   if (!ParseCertificate(
           der::Input(CRYPTO_BUFFER_data(cert), CRYPTO_BUFFER_len(cert)),
           &tbs_certificate_tlv, &signature_algorithm_tlv, &signature_value,
           nullptr)) {
     return false;
   }
   ParsedTbsCertificate tbs;
-  if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs, nullptr))
+  if (!ParseTbsCertificate(tbs_certificate_tlv,
+                           DefaultParseCertificateOptions(), &tbs, nullptr))
     return false;
 
   der::Input issuer_value;
   if (!GetSequenceValue(tbs.issuer_tlv, &issuer_value))
     return false;
 
   return NormalizeName(issuer_value, out_normalized_issuer);
 }
 
 // Fills |principal| from the DER encoded |name_tlv|, returning true on success
@@ skipping 84 matching lines @@
   der::BitString signature_value;
 
   if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_),
                                    CRYPTO_BUFFER_len(cert_handle_)),
                         &tbs_certificate_tlv, &signature_algorithm_tlv,
                         &signature_value, nullptr)) {
     return false;
   }
 
   ParsedTbsCertificate tbs;
-  if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs, nullptr))
+  if (!ParseTbsCertificate(tbs_certificate_tlv,
+                           DefaultParseCertificateOptions(), &tbs, nullptr))
     return false;
 
   if (!ParsePrincipal(tbs.subject_tlv, &subject_) ||
       !ParsePrincipal(tbs.issuer_tlv, &issuer_)) {
     return false;
   }
 
   if (!GeneralizedTimeToBaseTime(tbs.validity_not_before, &valid_start_) ||
       !GeneralizedTimeToBaseTime(tbs.validity_not_after, &valid_expiry_)) {
     return false;
@@ skipping 14 matching lines @@
   der::Input signature_algorithm_tlv;
   der::BitString signature_value;
   if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle_),
                                    CRYPTO_BUFFER_len(cert_handle_)),
                         &tbs_certificate_tlv, &signature_algorithm_tlv,
                         &signature_value, nullptr)) {
     return false;
   }
 
   ParsedTbsCertificate tbs;
-  if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs, nullptr))
+  if (!ParseTbsCertificate(tbs_certificate_tlv,
+                           DefaultParseCertificateOptions(), &tbs, nullptr))
     return false;
   if (!tbs.has_extensions)
     return false;
 
   std::map<der::Input, ParsedExtension> extensions;
   if (!ParseExtensions(tbs.extensions_tlv, &extensions))
     return false;
 
   ParsedExtension subject_alt_names_extension;
   if (!ConsumeExtension(SubjectAltNameOid(), &extensions,
@@ skipping 203 matching lines @@
   der::Input tbs_certificate_tlv;
   der::Input signature_algorithm_tlv;
   der::BitString signature_value;
   if (!ParseCertificate(der::Input(CRYPTO_BUFFER_data(cert_handle),
                                    CRYPTO_BUFFER_len(cert_handle)),
                         &tbs_certificate_tlv, &signature_algorithm_tlv,
                         &signature_value, nullptr)) {
     return false;
   }
   ParsedTbsCertificate tbs;
-  if (!ParseTbsCertificate(tbs_certificate_tlv, {}, &tbs, nullptr)) {
+  if (!ParseTbsCertificate(tbs_certificate_tlv,
+                           DefaultParseCertificateOptions(), &tbs, nullptr)) {
     return false;
   }
 
   der::Input subject_value;
   std::string normalized_subject;
   if (!GetSequenceValue(tbs.subject_tlv, &subject_value) ||
       !NormalizeName(subject_value, &normalized_subject)) {
     return false;
   }
   der::Input issuer_value;
@@ skipping 31 matching lines @@
 
 // static
 bool X509Certificate::WriteOSCertHandleToPickle(OSCertHandle cert_handle,
                                                 base::Pickle* pickle) {
   return pickle->WriteData(
       reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert_handle)),
       CRYPTO_BUFFER_len(cert_handle));
 }
 
 }  // namespace net