Add a quic::CryptoBuffers class to own a std::vector<CRYPTO_BUFFER*> and the buffers the elements point to. Use it in TlsServerHandshaker.
PiperOrigin-RevId: 333578828
Change-Id: I51e976d776691f583c8d3cbc2c0b64952b1c407a
diff --git a/quic/core/crypto/proof_source.cc b/quic/core/crypto/proof_source.cc
index 73f1672..3a98029 100644
--- a/quic/core/crypto/proof_source.cc
+++ b/quic/core/crypto/proof_source.cc
@@ -8,9 +8,26 @@
namespace quic {
+CryptoBuffers::~CryptoBuffers() {
+ for (size_t i = 0; i < value.size(); i++) {
+ CRYPTO_BUFFER_free(value[i]);
+ }
+}
+
ProofSource::Chain::Chain(const std::vector<std::string>& certs)
: certs(certs) {}
ProofSource::Chain::~Chain() {}
+CryptoBuffers ProofSource::Chain::ToCryptoBuffers() const {
+ CryptoBuffers crypto_buffers;
+ crypto_buffers.value.reserve(certs.size());
+ for (size_t i = 0; i < certs.size(); i++) {
+ crypto_buffers.value.push_back(
+ CRYPTO_BUFFER_new(reinterpret_cast<const uint8_t*>(certs[i].data()),
+ certs[i].length(), nullptr));
+ }
+ return crypto_buffers;
+}
+
} // namespace quic
diff --git a/quic/core/crypto/proof_source.h b/quic/core/crypto/proof_source.h
index c4224f4..637dd0c 100644
--- a/quic/core/crypto/proof_source.h
+++ b/quic/core/crypto/proof_source.h
@@ -9,6 +9,7 @@
#include <string>
#include <vector>
+#include "third_party/boringssl/src/include/openssl/ssl.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_proof.h"
#include "net/third_party/quiche/src/quic/core/quic_versions.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_export.h"
@@ -18,6 +19,17 @@
namespace quic {
+// CryptoBuffers is a RAII class to own a std::vector<CRYPTO_BUFFER*> and the
+// buffers the elements point to.
+struct QUIC_EXPORT_PRIVATE CryptoBuffers {
+ CryptoBuffers() = default;
+ CryptoBuffers(const CryptoBuffers&) = delete;
+ CryptoBuffers(CryptoBuffers&&) = default;
+ ~CryptoBuffers();
+
+ std::vector<CRYPTO_BUFFER*> value;
+};
+
// ProofSource is an interface by which a QUIC server can obtain certificate
// chains and signatures that prove its identity.
class QUIC_EXPORT_PRIVATE ProofSource {
@@ -29,6 +41,8 @@
Chain(const Chain&) = delete;
Chain& operator=(const Chain&) = delete;
+ CryptoBuffers ToCryptoBuffers() const;
+
const std::vector<std::string> certs;
protected:
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index 51ff77d..af937c5 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc
@@ -546,19 +546,8 @@
return SSL_TLSEXT_ERR_ALERT_FATAL;
}
- std::vector<CRYPTO_BUFFER*> certs;
- certs.resize(chain->certs.size());
- for (size_t i = 0; i < certs.size(); i++) {
- certs[i] = CRYPTO_BUFFER_new(
- reinterpret_cast<const uint8_t*>(chain->certs[i].data()),
- chain->certs[i].length(), nullptr);
- }
-
- tls_connection_.SetCertChain(certs);
-
- for (size_t i = 0; i < certs.size(); i++) {
- CRYPTO_BUFFER_free(certs[i]);
- }
+ CryptoBuffers cert_buffers = chain->ToCryptoBuffers();
+ tls_connection_.SetCertChain(cert_buffers.value);
std::string error_details;
if (!ProcessTransportParameters(&error_details)) {
