Fix X509CertificateTest.SerialNumbers on OpenSSL builds after http://crrev.com/107956

BUG=none TEST=X509CertificateTest.SerialNumbers no longer failing on http://build.chromium.org/p/chromium.fyi/builders/Chromium%20Linux%20Redux Review URL: http://codereview.chromium.org/8432026 Patch from Ryan Sleevi <rsleevi@chromium.org>. git-svn-id: svn://svn.chromium.org/chrome/trunk/src@108088 0039d316-1c4b-4281-b951-d872f2087c98
author: joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-11-01 10:10:16 +0000
committer: joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> 2011-11-01 10:10:16 +0000
commit: 3d0f06036817faf81e5151be967c05c5b41eca0e (patch)
tree: 6487458f9e36436272e29d54751aaae54186c3c0
parent: fb66d370d366c95143b0be820751e512ed09791e (diff)
download: chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.zip
chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.tar.gz
chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.tar.bz2
1 files changed, 14 insertions, 5 deletions
diff --git a/net/base/x509_certificate_openssl.cc b/net/base/x509_certificate_openssl.cc
index 5880911..8583e4d 100644
--- a/net/base/x509_certificate_openssl.cc
+++ b/net/base/x509_certificate_openssl.cc
@@ -17,6 +17,7 @@
 #include "base/pickle.h"
 #include "base/sha1.h"
 #include "base/string_number_conversions.h"
+#include "base/string_util.h"
 #include "crypto/openssl_util.h"
 #include "net/base/asn1_util.h"
 #include "net/base/cert_status_flags.h"
@@ -327,11 +328,19 @@ void X509Certificate::Initialize() {
   fingerprint_ = CalculateFingerprint(cert_handle_);
   chain_fingerprint_ = CalculateChainFingerprint();
 
-  ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_);
-  if (num) {
-    serial_number_ = std::string(
-        reinterpret_cast<char*>(num->data),
-        num->length);
+  ASN1_INTEGER* serial_num = X509_get_serialNumber(cert_handle_);
+  if (serial_num) {
+    // ASN1_INTEGERS represent the decoded number, in a format internal to
+    // OpenSSL. Most notably, this may have leading zeroes stripped off for
+    // numbers whose first byte is >= 0x80. Thus, it is necessary to
+    // re-encoded the integer back into DER, which is what the interface
+    // of X509Certificate exposes, to ensure callers get the proper (DER)
+    // value.
+    int bytes_required = i2c_ASN1_INTEGER(serial_num, NULL);
+    unsigned char* buffer = reinterpret_cast<unsigned char*>(
+        WriteInto(&serial_number_, bytes_required + 1));
+    int bytes_written = i2c_ASN1_INTEGER(serial_num, &buffer);
+    DCHECK_EQ(static_cast<size_t>(bytes_written), serial_number_.size());
   }
 
   ParsePrincipal(cert_handle_, X509_get_subject_name(cert_handle_), &subject_);
author	joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-11-01 10:10:16 +0000
committer	joth@chromium.org <joth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>	2011-11-01 10:10:16 +0000
commit	3d0f06036817faf81e5151be967c05c5b41eca0e (patch)
tree	6487458f9e36436272e29d54751aaae54186c3c0
parent	fb66d370d366c95143b0be820751e512ed09791e (diff)
download	chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.zip chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.tar.gz chromium_src-3d0f06036817faf81e5151be967c05c5b41eca0e.tar.bz2