Switch OpenSSLClientKeyStore::ScopedEVP_PKEY to crypto::ScopedEVP_PKEY.

BUG=none Review URL: https://codereview.chromium.org/388683002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@282684 0039d316-1c4b-4281-b951-d872f2087c98

Switch OpenSSLClientKeyStore::ScopedEVP_PKEY to crypto::ScopedEVP_PKEY.
BUG=none Review URL: https://codereview.chromium.org/388683002 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@282684 0039d316-1c4b-4281-b951-d872f2087c98
c5077667 · davidben@chromium.org · 4e72e787 · c5077667 · c5077667 · c5077667
Commit c5077667 authored Jul 11, 2014 by davidben@chromium.org
8 changed files
--- a/android_webview/DEPS
+++ b/android_webview/DEPS
@@ -9,6 +9,7 @@ include_rules = [

  "+components/data_reduction_proxy",
  "+content/public/common",
+  "+crypto",
  "+gpu",
  "+jni",
  "+net",

--- a/android_webview/native/aw_contents_client_bridge.cc
+++ b/android_webview/native/aw_contents_client_bridge.cc
@@ -14,6 +14,7 @@
 #include "content/public/browser/render_process_host.h"
 #include "content/public/browser/render_view_host.h"
 #include "content/public/browser/web_contents.h"
+#include "crypto/scoped_openssl_types.h"
 #include "jni/AwContentsClientBridge_jni.h"
 #include "net/android/keystore_openssl.h"
 #include "net/cert/x509_certificate.h"
@@ -32,15 +33,13 @@ using content::BrowserThread;

 namespace android_webview {

-typedef net::OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
-
 namespace {

 // Must be called on the I/O thread to record a client certificate
 // and its private key in the OpenSSLClientKeyStore.
 void RecordClientCertificateKey(
    const scoped_refptr<net::X509Certificate>& client_cert,
-    ScopedEVP_PKEY private_key) {
+    crypto::ScopedEVP_PKEY private_key) {
  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey(
      client_cert.get(), private_key.get());
@@ -230,7 +229,7 @@ void AwContentsClientBridge::ProvideClientCertificateResponse(
  }

  // Create an EVP_PKEY wrapper for the private key JNI reference.
-  ScopedEVP_PKEY private_key(
+  crypto::ScopedEVP_PKEY private_key(
      net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref));
  if (!private_key.get()) {
    LOG(ERROR) << "Could not create OpenSSL wrapper for private key";

--- a/chrome/browser/ui/android/ssl_client_certificate_request.cc
+++ b/chrome/browser/ui/android/ssl_client_certificate_request.cc
@@ -15,6 +15,7 @@
 #include "chrome/browser/ssl/ssl_client_certificate_selector.h"
 #include "chrome/browser/ui/android/window_android_helper.h"
 #include "content/public/browser/browser_thread.h"
+#include "crypto/scoped_openssl_types.h"
 #include "jni/SSLClientCertificateRequest_jni.h"
 #include "net/android/keystore_openssl.h"
 #include "net/base/host_port_pair.h"
@@ -30,13 +31,11 @@ namespace chrome {

 namespace {

-typedef net::OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
-
 // Must be called on the I/O thread to record a client certificate
 // and its private key in the OpenSSLClientKeyStore.
 void RecordClientCertificateKey(
    const scoped_refptr<net::X509Certificate>& client_cert,
-    ScopedEVP_PKEY private_key) {
+    crypto::ScopedEVP_PKEY private_key) {
  DCHECK_CURRENTLY_ON(content::BrowserThread::IO);
  net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey(
      client_cert.get(), private_key.get());
@@ -184,7 +183,7 @@ static void OnSystemRequestCompletion(
  }

  // Create an EVP_PKEY wrapper for the private key JNI reference.
-  ScopedEVP_PKEY private_key(
+  crypto::ScopedEVP_PKEY private_key(
      net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref));
  if (!private_key.get()) {
    LOG(ERROR) << "Could not create OpenSSL wrapper for private key";

--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -1354,7 +1354,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl,
    // the reference count of the EVP_PKEY. Ownership of this reference
    // is passed directly to OpenSSL, which will release the reference
    // using EVP_PKEY_free() when the SSL object is destroyed.
-    OpenSSLClientKeyStore::ScopedEVP_PKEY privkey;
+    crypto::ScopedEVP_PKEY privkey;
    if (OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey(
            ssl_config_.client_cert.get(), &privkey)) {
      // TODO(joth): (copied from NSS) We should wait for server certificate

--- a/net/socket/ssl_client_socket_openssl_unittest.cc
+++ b/net/socket/ssl_client_socket_openssl_unittest.cc
@@ -58,7 +58,7 @@ const SSLConfig kDefaultSSLConfig;
 // Returns true on success, false on failure.
 bool LoadPrivateKeyOpenSSL(
    const base::FilePath& filepath,
-    OpenSSLClientKeyStore::ScopedEVP_PKEY* pkey) {
+    crypto::ScopedEVP_PKEY* pkey) {
  std::string data;
  if (!base::ReadFileToString(filepath, &data)) {
    LOG(ERROR) << "Could not read private key file: "
@@ -250,7 +250,7 @@ TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendGoodCert) {

  // This is required to ensure that signing works with the client
  // certificate's private key.
-  OpenSSLClientKeyStore::ScopedEVP_PKEY client_private_key;
+  crypto::ScopedEVP_PKEY client_private_key;
  ASSERT_TRUE(LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"),
                                    &client_private_key));
  EXPECT_TRUE(RecordPrivateKey(ssl_config, client_private_key.get()));

--- a/net/ssl/openssl_client_key_store.cc
+++ b/net/ssl/openssl_client_key_store.cc
@@ -15,8 +15,6 @@ namespace net {

 namespace {

-typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
-
 // Increment the reference count of a given EVP_PKEY. This function
 // is similar to EVP_PKEY_dup which is not available from the OpenSSL
 // version used by Chromium at the moment. Its name is distinct to
@@ -31,14 +29,14 @@ EVP_PKEY* CopyEVP_PKEY(EVP_PKEY* key) {
 // Return the EVP_PKEY holding the public key of a given certificate.
 // |cert| is a certificate.
 // Returns a scoped EVP_PKEY for it.
-ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {
+crypto::ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) {
  // X509_PUBKEY_get() increments the reference count of its result.
  // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer.
  EVP_PKEY* pkey =
      X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle()));
  if (!pkey)
    LOG(ERROR) << "Can't extract private key from certificate!";
-  return ScopedEVP_PKEY(pkey);
+  return crypto::ScopedEVP_PKEY(pkey);
 }

 }  // namespace
@@ -101,7 +99,7 @@ bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(
    return false;

  // Get public key from certificate.
-  ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
+  crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
  if (!pub_key.get())
    return false;

@@ -111,11 +109,11 @@ bool OpenSSLClientKeyStore::RecordClientCertPrivateKey(

 bool OpenSSLClientKeyStore::FetchClientCertPrivateKey(
    const X509Certificate* client_cert,
-    ScopedEVP_PKEY* private_key) {
+    crypto::ScopedEVP_PKEY* private_key) {
  if (!client_cert)
    return false;

-  ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
+  crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert));
  if (!pub_key.get())
    return false;


--- a/net/ssl/openssl_client_key_store.h
+++ b/net/ssl/openssl_client_key_store.h
@@ -13,6 +13,7 @@
 #include "base/memory/scoped_ptr.h"
 #include "base/memory/singleton.h"
 #include "crypto/openssl_util.h"
+#include "crypto/scoped_openssl_types.h"
 #include "net/base/net_export.h"

 namespace net {
@@ -31,14 +32,6 @@ class NET_EXPORT OpenSSLClientKeyStore {
  // Platforms must define this factory function as appropriate.
  static OpenSSLClientKeyStore* GetInstance();

-  struct EVP_PKEY_Deleter {
-    inline void operator()(EVP_PKEY* ptr) const {
-      EVP_PKEY_free(ptr);
-    }
-  };
-
-  typedef scoped_ptr<EVP_PKEY, EVP_PKEY_Deleter> ScopedEVP_PKEY;
-
  // Record the association between a certificate and its
  // private key. This method should be called _before_
  // FetchClientCertPrivateKey to ensure that the private key is returned
@@ -60,7 +53,7 @@ class NET_EXPORT OpenSSLClientKeyStore {
  // Returns true on success, false otherwise. This increments the reference
  // count of the private key on success.
  bool FetchClientCertPrivateKey(const X509Certificate* cert,
-                                 ScopedEVP_PKEY* private_key);
+                                 crypto::ScopedEVP_PKEY* private_key);

  // Flush all recorded keys.
  void Flush();

--- a/net/ssl/openssl_client_key_store_unittest.cc
+++ b/net/ssl/openssl_client_key_store_unittest.cc
@@ -5,6 +5,7 @@
 #include "net/ssl/openssl_client_key_store.h"

 #include "base/memory/ref_counted.h"
+#include "crypto/scoped_openssl_types.h"
 #include "net/base/test_data_directory.h"
 #include "net/test/cert_test_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
@@ -13,8 +14,6 @@ namespace net {

 namespace {

-typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY;
-
 // Return the internal reference count of a given EVP_PKEY.
 int EVP_PKEY_get_refcount(EVP_PKEY* pkey) {
  return pkey->references;
@@ -50,7 +49,7 @@ TEST_F(OpenSSLClientKeyStoreTest, Flush) {
      ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
  ASSERT_TRUE(cert_1.get());

-  ScopedEVP_PKEY priv_key(EVP_PKEY_new());
+  crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new());
  ASSERT_TRUE(priv_key.get());

  ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(),
@@ -60,7 +59,7 @@ TEST_F(OpenSSLClientKeyStoreTest, Flush) {

  // Retrieve the private key. This should fail because the store
  // was flushed.
-  ScopedEVP_PKEY pkey;
+  crypto::ScopedEVP_PKEY pkey;
  ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey));
  ASSERT_FALSE(pkey.get());
 }
@@ -76,7 +75,7 @@ TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) {

  // Retrieve the private key now. This should fail because it was
  // never recorded in the store.
-  ScopedEVP_PKEY pkey;
+  crypto::ScopedEVP_PKEY pkey;
  ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey));
  ASSERT_FALSE(pkey.get());
 }
@@ -94,7 +93,7 @@ TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) {
      ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem"));
  ASSERT_TRUE(cert_1.get());

-  ScopedEVP_PKEY priv_key(EVP_PKEY_new());
+  crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new());
  ASSERT_TRUE(priv_key.get());
  ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key.get()));

@@ -111,7 +110,7 @@ TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) {

  // Retrieve the private key. This should increment the private key's
  // reference count.
-  ScopedEVP_PKEY pkey2;
+  crypto::ScopedEVP_PKEY pkey2;
  ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey2));
  ASSERT_EQ(pkey2.get(), priv_key.get());
  ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get()));
@@ -132,11 +131,11 @@ TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) {
      ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem"));
  ASSERT_TRUE(cert_2.get());

-  ScopedEVP_PKEY priv_key1(EVP_PKEY_new());
+  crypto::ScopedEVP_PKEY priv_key1(EVP_PKEY_new());
  ASSERT_TRUE(priv_key1.get());
  ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key1.get()));

-  ScopedEVP_PKEY priv_key2(EVP_PKEY_new());
+  crypto::ScopedEVP_PKEY priv_key2(EVP_PKEY_new());
  ASSERT_TRUE(priv_key2.get());
  ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key2.get()));

@@ -153,10 +152,10 @@ TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) {

  // Retrieve the private key now. This shall succeed and increment
  // the private key's reference count.
-  ScopedEVP_PKEY fetch_key1;
+  crypto::ScopedEVP_PKEY fetch_key1;
  ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(),
                                                &fetch_key1));
-  ScopedEVP_PKEY fetch_key2;
+  crypto::ScopedEVP_PKEY fetch_key2;
  ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_2.get(),
                                                &fetch_key2));
  EXPECT_TRUE(fetch_key1.get());