Google Git
Sign in
pigweed / third_party / boringssl / boringssl / 855dabc9df2da6d0f34ebc272194df268c1037b5^! / .
commit855dabc9df2da6d0f34ebc272194df268c1037b5[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Apr 25 17:34:24 2018 -0400
committerCQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>Fri Apr 27 17:14:38 2018 +0000
tree2fe289fd502ac35fddf4155253b325253c963ccb
parentbf4bcdf16e042d75ba29768496c2d03dd7a1d675 [diff]
Add an accessor for session->certs.

Chromium has some code which reaches into this field for memory
accounting.

This fixes a bug in doc.go where this line-wrapping confuses it. doc.go
needs a bit of a rewrite, but this is a bit better.

Change-Id: Ic9cc2c2fe9329d7bc366ccf91e0c9a92eae08ed2
Reviewed-on: https://boringssl-review.googlesource.com/27764
Commit-Queue: Steven Valdez <svaldez@google.com>
Reviewed-by: Steven Valdez <svaldez@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h
index 51162ea..77bd4de 100644
--- a/include/openssl/ssl.h
+++ b/include/openssl/ssl.h

@@ -1694,6 +1694,13 @@
 // TODO(davidben): This should return a const X509 *.
 OPENSSL_EXPORT X509 *SSL_SESSION_get0_peer(const SSL_SESSION *session);
 
+// SSL_SESSION_get0_peer_certificates returns the peer certificate chain stored
+// in |session|, or NULL if the peer did not use certificates. This is the
+// unverified list of certificates as sent by the peer, not the final chain
+// built during verification. The caller does not take ownership of the result.
+OPENSSL_EXPORT const STACK_OF(CRYPTO_BUFFER) *
+    SSL_SESSION_get0_peer_certificates(const SSL_SESSION *session);
+
 // SSL_SESSION_get_master_key writes up to |max_out| bytes of |session|'s master
 // secret to |out| and returns the number of bytes written. If |max_out| is
 // zero, it returns the size of the master secret.

diff --git a/ssl/ssl_session.cc b/ssl/ssl_session.cc
index a18ddd1..272fc55 100644
--- a/ssl/ssl_session.cc
+++ b/ssl/ssl_session.cc

@@ -913,6 +913,11 @@
   return session->x509_peer;
 }
 
+const STACK_OF(CRYPTO_BUFFER) *
+    SSL_SESSION_get0_peer_certificates(const SSL_SESSION *session) {
+  return session->certs;
+}
+
 size_t SSL_SESSION_get_master_key(const SSL_SESSION *session, uint8_t *out,
                                   size_t max_out) {
   // TODO(davidben): Fix master_key_length's type and remove these casts.

diff --git a/util/doc.go b/util/doc.go
index 2d5a297..040ac79 100644
--- a/util/doc.go
+++ b/util/doc.go

@@ -17,6 +17,7 @@
 	"io/ioutil"
 	"os"
 	"path/filepath"
+	"regexp"
 	"strings"
 )
 
@@ -216,6 +217,9 @@
 	return ""
 }
 
+var stackOfRegexp = regexp.MustCompile(`STACK_OF\(([^)]*)\)`)
+var lhashOfRegexp = regexp.MustCompile(`LHASH_OF\(([^)]*)\)`)
+
 func getNameFromDecl(decl string) (string, bool) {
 	for strings.HasPrefix(decl, "#if") || strings.HasPrefix(decl, "#elif") {
 		decl = skipLine(decl)
@@ -249,8 +253,9 @@
 		return decl[:i], true
 	}
 	decl = strings.TrimPrefix(decl, "OPENSSL_EXPORT ")
-	decl = strings.TrimPrefix(decl, "STACK_OF(")
-	decl = strings.TrimPrefix(decl, "LHASH_OF(")
+	decl = strings.TrimPrefix(decl, "const ")
+	decl = stackOfRegexp.ReplaceAllString(decl, "STACK_OF_$1")
+	decl = lhashOfRegexp.ReplaceAllString(decl, "LHASH_OF_$1")
 	i := strings.Index(decl, "(")
 	if i < 0 {
 		return "", false