Update from chromium https://crrev.com/302282

net/cert/x509_certificate_win.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_certificate.h"
 
-#include <blapi.h>  // Implement CalculateChainFingerprint() with NSS.
-
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/strings/string_util.h"
 #include "base/strings/utf_string_conversions.h"
 #include "crypto/capi_util.h"
 #include "crypto/scoped_capi_types.h"
 #include "crypto/sha2.h"
 #include "net/base/net_errors.h"
 
+// Implement CalculateChainFingerprint() with our native crypto library.
+#if defined(USE_OPENSSL)
+#include <openssl/sha.h>
+#else
+#include <blapi.h>
+#endif
+
 #pragma comment(lib, "crypt32.lib")
 
 using base::Time;
 
 namespace net {
 
 namespace {
 
 typedef crypto::ScopedCAPIHandle<
     HCERTSTORE,
@@ skipping 297 matching lines @@
   // Use crypto::SHA256HashString for two reasons:
   // * < Windows Vista does not have universal SHA-256 support.
   // * More efficient on Windows > Vista (less overhead since non-default CSP
   // is not needed).
   base::StringPiece der_cert(reinterpret_cast<const char*>(cert->pbCertEncoded),
                              cert->cbCertEncoded);
   crypto::SHA256HashString(der_cert, sha256.data, sha256_size);
   return sha256;
 }
 
-// TODO(wtc): This function is implemented with NSS low-level hash
-// functions to ensure it is fast.  Reimplement this function with
-// CryptoAPI.  May need to cache the HCRYPTPROV to reduce the overhead.
-// static
 SHA1HashValue X509Certificate::CalculateCAFingerprint(
     const OSCertHandles& intermediates) {
   SHA1HashValue sha1;
   memset(sha1.data, 0, sizeof(sha1.data));
 
+#if defined(USE_OPENSSL)
+  SHA_CTX ctx;
+  if (!SHA1_Init(&ctx))
+    return sha1;
+  for (size_t i = 0; i < intermediates.size(); ++i) {
+    PCCERT_CONTEXT ca_cert = intermediates[i];
+    if (!SHA1_Update(&ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded))
+      return sha1;
+  }
+  SHA1_Final(sha1.data, &ctx);
+#else  // !USE_OPENSSL
   SHA1Context* sha1_ctx = SHA1_NewContext();
   if (!sha1_ctx)
     return sha1;
   SHA1_Begin(sha1_ctx);
   for (size_t i = 0; i < intermediates.size(); ++i) {
     PCCERT_CONTEXT ca_cert = intermediates[i];
     SHA1_Update(sha1_ctx, ca_cert->pbCertEncoded, ca_cert->cbCertEncoded);
   }
   unsigned int result_len;
   SHA1_End(sha1_ctx, sha1.data, &result_len, SHA1_LENGTH);
   SHA1_DestroyContext(sha1_ctx, PR_TRUE);
+#endif  // USE_OPENSSL
 
   return sha1;
 }
 
 // static
 X509Certificate::OSCertHandle
 X509Certificate::ReadOSCertHandleFromPickle(PickleIterator* pickle_iter) {
   const char* data;
   int length;
   if (!pickle_iter->ReadData(&data, &length))
@@ skipping 98 matching lines @@
        it != intermediate_ca_certs_.end(); ++it) {
     if (IsCertNameBlobInIssuerList(&(*it)->pCertInfo->Issuer,
                                    valid_issuers)) {
       return true;
     }
   }
 
   return false;
 }
 
+// static
+bool X509Certificate::IsSelfSigned(OSCertHandle cert_handle) {
+  return !!CryptVerifyCertificateSignatureEx(
+      NULL,
+      X509_ASN_ENCODING,
+      CRYPT_VERIFY_CERT_SIGN_SUBJECT_CERT,
+      reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),
+      CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT,
+      reinterpret_cast<void*>(const_cast<PCERT_CONTEXT>(cert_handle)),
+      0,
+      NULL);
+}
+
 }  // namespace net