net/cert/x509_certificate_openssl.cc - Issue 406693004: Revert "Switch to BoringSSL."

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/cert/x509_certificate_openssl.cc

Issue 406693004: Revert "Switch to BoringSSL." (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/cert/x509_certificate_openssl.cc

diff --git a/net/cert/x509_certificate_openssl.cc b/net/cert/x509_certificate_openssl.cc

index 504f3aea5f33fe2b0a98ee510e2b6feaf364a365..005423baf826523bbd4819f671be99eaa596d02a 100644

--- a/net/cert/x509_certificate_openssl.cc

+++ b/net/cert/x509_certificate_openssl.cc

@@ -5,10 +5,10 @@

#include "net/cert/x509_certificate.h"

#include <openssl/asn1.h>

-#include <openssl/bytestring.h>

#include <openssl/crypto.h>

#include <openssl/obj_mac.h>

#include <openssl/pem.h>

+#include <openssl/pkcs7.h>

#include <openssl/sha.h>

#include <openssl/ssl.h>

#include <openssl/x509v3.h>

@@ -40,20 +40,27 @@ void CreateOSCertHandlesFromPKCS7Bytes(

const char* data, int length,

X509Certificate::OSCertHandles* handles) {

crypto::EnsureOpenSSLInit();

- crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);

+ const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data);

+ crypto::ScopedOpenSSL<PKCS7, PKCS7_free>::Type pkcs7_cert(

+ d2i_PKCS7(NULL, &der_data, length));

+ if (!pkcs7_cert.get())

+ return;

- CBS der_data;

- CBS_init(&der_data, reinterpret_cast<const uint8_t*>(data), length);

- STACK_OF(X509)* certs = sk_X509_new_null();

+ STACK_OF(X509)* certs = NULL;

+ int nid = OBJ_obj2nid(pkcs7_cert.get()->type);

+ if (nid == NID_pkcs7_signed) {

+ certs = pkcs7_cert.get()->d.sign->cert;

+ } else if (nid == NID_pkcs7_signedAndEnveloped) {

+ certs = pkcs7_cert.get()->d.signed_and_enveloped->cert;

+ }

- if (PKCS7_get_certificates(certs, &der_data)) {

- for (size_t i = 0; i < sk_X509_num(certs); ++i) {

+ if (certs) {

+ for (int i = 0; i < sk_X509_num(certs); ++i) {

X509* x509_cert =

X509Certificate::DupOSCertHandle(sk_X509_value(certs, i));

handles->push_back(x509_cert);

}

- sk_X509_pop_free(certs, X509_free);

}

void ParsePrincipalValues(X509_NAME* name,

@@ -107,7 +114,7 @@ void ParseSubjectAltName(X509Certificate::OSCertHandle cert,

if (!alt_names.get())

return;

- for (size_t i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {

+ for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {

const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i);

if (name->type == GEN_DNS && dns_names) {

const unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName);

@@ -502,7 +509,7 @@ bool X509Certificate::IsIssuedByEncoded(

// and 'cert_names'.

for (size_t n = 0; n < cert_names.size(); ++n) {

- for (size_t m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {

+ for (int m = 0; m < sk_X509_NAME_num(issuer_names.get()); ++m) {

X509_NAME* issuer = sk_X509_NAME_value(issuer_names.get(), m);

if (X509_NAME_cmp(issuer, cert_names[n]) == 0) {

return true;

« no previous file with comments | « net/cert/cert_verify_proc_openssl.cc ('k') | net/http/des.cc » ('j') | no next file with comments »