Mac: Generate valid <keygen> data if challenge string is empty

This works around an apparent bug in Apple's ASN.1 encoder.
BUG=41679
TEST=Manual testing with comodo.com or a local test site

Review URL: http://codereview.chromium.org/1549047

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@44980 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 7 insertions, 1 deletions

diff --git a/net/base/keygen_handler_mac.cc b/net/base/keygen_handler_mac.cc
index 35e4714..a604035 100644
--- a/net/base/keygen_handler_mac.cc
+++ b/net/base/keygen_handler_mac.cc
@@ -25,6 +25,12 @@ struct PublicKeyAndChallenge {
   CSSM_DATA challenge_string;
 };
 
+// This is a copy of the built-in kSecAsn1IA5StringTemplate, but without the
+// 'streamable' flag, which was causing bogus data to be written.
+const SecAsn1Template kIA5StringTemplate[] = {
+    { SEC_ASN1_IA5_STRING, 0, NULL, sizeof(CSSM_DATA) }
+};
+
 static const SecAsn1Template kPublicKeyAndChallengeTemplate[] = {
   {
     SEC_ASN1_SEQUENCE,
@@ -40,7 +46,7 @@ static const SecAsn1Template kPublicKeyAndChallengeTemplate[] = {
   {
     SEC_ASN1_INLINE,
     offsetof(PublicKeyAndChallenge, challenge_string),
-    kSecAsn1IA5StringTemplate
+    kIA5StringTemplate
   },
   {
     0