zqz/platform-external-webrtc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

openssl: Use unique_ptr to remove unnecessary goto statements

Browse Source 
Bug: None
Change-Id: I377cd17490a009d75545052a9300cfc34869ae85
Reviewed-on: https://webrtc-review.googlesource.com/c/src/+/223501
Reviewed-by: Harald Alvestrand <hta@webrtc.org>
Commit-Queue: Philipp Hancke <phancke@nvidia.com>
Cr-Commit-Position: refs/heads/master@{#34383}
This commit is contained in:
Vojin Ilic
2021-06-23 11:53:43 +02:00
committed by WebRTC LUCI CQ
parent 37477b8f24
commit 06a88fedd0
1 changed files with 32 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

65
rtc_base/openssl_certificate.cc
View File

@ -59,27 +59,30 @@ static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) {
RTC_LOG(LS_INFO) << "Making certificate for " << params.common_name;
ASN1_INTEGER* asn1_serial_number = nullptr;
BIGNUM* serial_number = nullptr;
X509* x509 = nullptr;
X509_NAME* name = nullptr;
std::unique_ptr<BIGNUM, decltype(&::BN_free)> serial_number{nullptr,
::BN_free};
std::unique_ptr<X509, decltype(&::X509_free)> x509{nullptr, ::X509_free};
std::unique_ptr<X509_NAME, decltype(&::X509_NAME_free)> name{
nullptr, ::X509_NAME_free};
time_t epoch_off = 0; // Time offset since epoch.
if ((x509 = X509_new()) == nullptr) {
goto error;
x509.reset(X509_new());
if (x509 == nullptr) {
return nullptr;
}
if (!X509_set_pubkey(x509, pkey)) {
goto error;
if (!X509_set_pubkey(x509.get(), pkey)) {
return nullptr;
}
// serial number - temporary reference to serial number inside x509 struct
if ((serial_number = BN_new()) == nullptr ||
!BN_pseudo_rand(serial_number, SERIAL_RAND_BITS, 0, 0) ||
(asn1_serial_number = X509_get_serialNumber(x509)) == nullptr ||
!BN_to_ASN1_INTEGER(serial_number, asn1_serial_number)) {
goto error;
serial_number.reset(BN_new());
if (serial_number == nullptr ||
!BN_pseudo_rand(serial_number.get(), SERIAL_RAND_BITS, 0, 0) ||
(asn1_serial_number = X509_get_serialNumber(x509.get())) == nullptr ||
!BN_to_ASN1_INTEGER(serial_number.get(), asn1_serial_number)) {
return nullptr;
}
// Set version to X509.V3
if (!X509_set_version(x509, 2L)) {
goto error;
if (!X509_set_version(x509.get(), 2L)) {
return nullptr;
}
// There are a lot of possible components for the name entries. In
@ -89,31 +92,27 @@ static X509* MakeCertificate(EVP_PKEY* pkey, const SSLIdentityParams& params) {
// arbitrary common_name. Note that this certificate goes out in
// clear during SSL negotiation, so there may be a privacy issue in
// putting anything recognizable here.
if ((name = X509_NAME_new()) == nullptr ||
!X509_NAME_add_entry_by_NID(name, NID_commonName, MBSTRING_UTF8,
name.reset(X509_NAME_new());
if (name == nullptr ||
!X509_NAME_add_entry_by_NID(name.get(), NID_commonName, MBSTRING_UTF8,
(unsigned char*)params.common_name.c_str(),
-1, -1, 0) ||
!X509_set_subject_name(x509, name) || !X509_set_issuer_name(x509, name)) {
goto error;
!X509_set_subject_name(x509.get(), name.get()) ||
!X509_set_issuer_name(x509.get(), name.get())) {
return nullptr;
}
if (!X509_time_adj(X509_get_notBefore(x509), params.not_before, &epoch_off) ||
!X509_time_adj(X509_get_notAfter(x509), params.not_after, &epoch_off)) {
goto error;
if (!X509_time_adj(X509_get_notBefore(x509.get()), params.not_before,
&epoch_off) ||
!X509_time_adj(X509_get_notAfter(x509.get()), params.not_after,
&epoch_off)) {
return nullptr;
}
if (!X509_sign(x509, pkey, EVP_sha256())) {
goto error;
if (!X509_sign(x509.get(), pkey, EVP_sha256())) {
return nullptr;
}
BN_free(serial_number);
X509_NAME_free(name);
RTC_LOG(LS_INFO) << "Returning certificate";
return x509;
error:
BN_free(serial_number);
X509_NAME_free(name);
X509_free(x509);
return nullptr;
return x509.release();
}
} // namespace