diff options
author | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-11 20:26:35 +0000 |
---|---|---|
committer | davidben@chromium.org <davidben@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-07-11 20:26:35 +0000 |
commit | c5077667ba6701297447fb5359cfa6d15285d632 (patch) | |
tree | 79a39cbe30420a03844e54e5dd2394025ff12016 | |
parent | 4e72e787a8120681c4c7c96071ff5f2c0fa9f7fd (diff) | |
download | chromium_src-c5077667ba6701297447fb5359cfa6d15285d632.zip chromium_src-c5077667ba6701297447fb5359cfa6d15285d632.tar.gz chromium_src-c5077667ba6701297447fb5359cfa6d15285d632.tar.bz2 |
Switch OpenSSLClientKeyStore::ScopedEVP_PKEY to crypto::ScopedEVP_PKEY.
BUG=none
Review URL: https://codereview.chromium.org/388683002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@282684 0039d316-1c4b-4281-b951-d872f2087c98
-rw-r--r-- | android_webview/DEPS | 1 | ||||
-rw-r--r-- | android_webview/native/aw_contents_client_bridge.cc | 7 | ||||
-rw-r--r-- | chrome/browser/ui/android/ssl_client_certificate_request.cc | 7 | ||||
-rw-r--r-- | net/socket/ssl_client_socket_openssl.cc | 2 | ||||
-rw-r--r-- | net/socket/ssl_client_socket_openssl_unittest.cc | 4 | ||||
-rw-r--r-- | net/ssl/openssl_client_key_store.cc | 12 | ||||
-rw-r--r-- | net/ssl/openssl_client_key_store.h | 11 | ||||
-rw-r--r-- | net/ssl/openssl_client_key_store_unittest.cc | 21 |
8 files changed, 27 insertions, 38 deletions
diff --git a/android_webview/DEPS b/android_webview/DEPS index ed5c849..97888c1 100644 --- a/android_webview/DEPS +++ b/android_webview/DEPS @@ -9,6 +9,7 @@ include_rules = [ "+components/data_reduction_proxy", "+content/public/common", + "+crypto", "+gpu", "+jni", "+net", diff --git a/android_webview/native/aw_contents_client_bridge.cc b/android_webview/native/aw_contents_client_bridge.cc index a4f87d3..5431be7 100644 --- a/android_webview/native/aw_contents_client_bridge.cc +++ b/android_webview/native/aw_contents_client_bridge.cc @@ -14,6 +14,7 @@ #include "content/public/browser/render_process_host.h" #include "content/public/browser/render_view_host.h" #include "content/public/browser/web_contents.h" +#include "crypto/scoped_openssl_types.h" #include "jni/AwContentsClientBridge_jni.h" #include "net/android/keystore_openssl.h" #include "net/cert/x509_certificate.h" @@ -32,15 +33,13 @@ using content::BrowserThread; namespace android_webview { -typedef net::OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY; - namespace { // Must be called on the I/O thread to record a client certificate // and its private key in the OpenSSLClientKeyStore. void RecordClientCertificateKey( const scoped_refptr<net::X509Certificate>& client_cert, - ScopedEVP_PKEY private_key) { + crypto::ScopedEVP_PKEY private_key) { DCHECK_CURRENTLY_ON(content::BrowserThread::IO); net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey( client_cert.get(), private_key.get()); @@ -230,7 +229,7 @@ void AwContentsClientBridge::ProvideClientCertificateResponse( } // Create an EVP_PKEY wrapper for the private key JNI reference. - ScopedEVP_PKEY private_key( + crypto::ScopedEVP_PKEY private_key( net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref)); if (!private_key.get()) { LOG(ERROR) << "Could not create OpenSSL wrapper for private key"; diff --git a/chrome/browser/ui/android/ssl_client_certificate_request.cc b/chrome/browser/ui/android/ssl_client_certificate_request.cc index 51d0549..ac9616a 100644 --- a/chrome/browser/ui/android/ssl_client_certificate_request.cc +++ b/chrome/browser/ui/android/ssl_client_certificate_request.cc @@ -15,6 +15,7 @@ #include "chrome/browser/ssl/ssl_client_certificate_selector.h" #include "chrome/browser/ui/android/window_android_helper.h" #include "content/public/browser/browser_thread.h" +#include "crypto/scoped_openssl_types.h" #include "jni/SSLClientCertificateRequest_jni.h" #include "net/android/keystore_openssl.h" #include "net/base/host_port_pair.h" @@ -30,13 +31,11 @@ namespace chrome { namespace { -typedef net::OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY; - // Must be called on the I/O thread to record a client certificate // and its private key in the OpenSSLClientKeyStore. void RecordClientCertificateKey( const scoped_refptr<net::X509Certificate>& client_cert, - ScopedEVP_PKEY private_key) { + crypto::ScopedEVP_PKEY private_key) { DCHECK_CURRENTLY_ON(content::BrowserThread::IO); net::OpenSSLClientKeyStore::GetInstance()->RecordClientCertPrivateKey( client_cert.get(), private_key.get()); @@ -184,7 +183,7 @@ static void OnSystemRequestCompletion( } // Create an EVP_PKEY wrapper for the private key JNI reference. - ScopedEVP_PKEY private_key( + crypto::ScopedEVP_PKEY private_key( net::android::GetOpenSSLPrivateKeyWrapper(private_key_ref)); if (!private_key.get()) { LOG(ERROR) << "Could not create OpenSSL wrapper for private key"; diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc index 8bdc314..87331ff 100644 --- a/net/socket/ssl_client_socket_openssl.cc +++ b/net/socket/ssl_client_socket_openssl.cc @@ -1354,7 +1354,7 @@ int SSLClientSocketOpenSSL::ClientCertRequestCallback(SSL* ssl, // the reference count of the EVP_PKEY. Ownership of this reference // is passed directly to OpenSSL, which will release the reference // using EVP_PKEY_free() when the SSL object is destroyed. - OpenSSLClientKeyStore::ScopedEVP_PKEY privkey; + crypto::ScopedEVP_PKEY privkey; if (OpenSSLClientKeyStore::GetInstance()->FetchClientCertPrivateKey( ssl_config_.client_cert.get(), &privkey)) { // TODO(joth): (copied from NSS) We should wait for server certificate diff --git a/net/socket/ssl_client_socket_openssl_unittest.cc b/net/socket/ssl_client_socket_openssl_unittest.cc index 52758e3..f89bae9 100644 --- a/net/socket/ssl_client_socket_openssl_unittest.cc +++ b/net/socket/ssl_client_socket_openssl_unittest.cc @@ -58,7 +58,7 @@ const SSLConfig kDefaultSSLConfig; // Returns true on success, false on failure. bool LoadPrivateKeyOpenSSL( const base::FilePath& filepath, - OpenSSLClientKeyStore::ScopedEVP_PKEY* pkey) { + crypto::ScopedEVP_PKEY* pkey) { std::string data; if (!base::ReadFileToString(filepath, &data)) { LOG(ERROR) << "Could not read private key file: " @@ -250,7 +250,7 @@ TEST_F(SSLClientSocketOpenSSLClientAuthTest, SendGoodCert) { // This is required to ensure that signing works with the client // certificate's private key. - OpenSSLClientKeyStore::ScopedEVP_PKEY client_private_key; + crypto::ScopedEVP_PKEY client_private_key; ASSERT_TRUE(LoadPrivateKeyOpenSSL(certs_dir.AppendASCII("client_1.key"), &client_private_key)); EXPECT_TRUE(RecordPrivateKey(ssl_config, client_private_key.get())); diff --git a/net/ssl/openssl_client_key_store.cc b/net/ssl/openssl_client_key_store.cc index 9ea044e..d7a32e8 100644 --- a/net/ssl/openssl_client_key_store.cc +++ b/net/ssl/openssl_client_key_store.cc @@ -15,8 +15,6 @@ namespace net { namespace { -typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY; - // Increment the reference count of a given EVP_PKEY. This function // is similar to EVP_PKEY_dup which is not available from the OpenSSL // version used by Chromium at the moment. Its name is distinct to @@ -31,14 +29,14 @@ EVP_PKEY* CopyEVP_PKEY(EVP_PKEY* key) { // Return the EVP_PKEY holding the public key of a given certificate. // |cert| is a certificate. // Returns a scoped EVP_PKEY for it. -ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) { +crypto::ScopedEVP_PKEY GetOpenSSLPublicKey(const X509Certificate* cert) { // X509_PUBKEY_get() increments the reference count of its result. // Unlike X509_get_X509_PUBKEY() which simply returns a direct pointer. EVP_PKEY* pkey = X509_PUBKEY_get(X509_get_X509_PUBKEY(cert->os_cert_handle())); if (!pkey) LOG(ERROR) << "Can't extract private key from certificate!"; - return ScopedEVP_PKEY(pkey); + return crypto::ScopedEVP_PKEY(pkey); } } // namespace @@ -101,7 +99,7 @@ bool OpenSSLClientKeyStore::RecordClientCertPrivateKey( return false; // Get public key from certificate. - ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert)); + crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert)); if (!pub_key.get()) return false; @@ -111,11 +109,11 @@ bool OpenSSLClientKeyStore::RecordClientCertPrivateKey( bool OpenSSLClientKeyStore::FetchClientCertPrivateKey( const X509Certificate* client_cert, - ScopedEVP_PKEY* private_key) { + crypto::ScopedEVP_PKEY* private_key) { if (!client_cert) return false; - ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert)); + crypto::ScopedEVP_PKEY pub_key(GetOpenSSLPublicKey(client_cert)); if (!pub_key.get()) return false; diff --git a/net/ssl/openssl_client_key_store.h b/net/ssl/openssl_client_key_store.h index e2b57a3..d1d09c4 100644 --- a/net/ssl/openssl_client_key_store.h +++ b/net/ssl/openssl_client_key_store.h @@ -13,6 +13,7 @@ #include "base/memory/scoped_ptr.h" #include "base/memory/singleton.h" #include "crypto/openssl_util.h" +#include "crypto/scoped_openssl_types.h" #include "net/base/net_export.h" namespace net { @@ -31,14 +32,6 @@ class NET_EXPORT OpenSSLClientKeyStore { // Platforms must define this factory function as appropriate. static OpenSSLClientKeyStore* GetInstance(); - struct EVP_PKEY_Deleter { - inline void operator()(EVP_PKEY* ptr) const { - EVP_PKEY_free(ptr); - } - }; - - typedef scoped_ptr<EVP_PKEY, EVP_PKEY_Deleter> ScopedEVP_PKEY; - // Record the association between a certificate and its // private key. This method should be called _before_ // FetchClientCertPrivateKey to ensure that the private key is returned @@ -60,7 +53,7 @@ class NET_EXPORT OpenSSLClientKeyStore { // Returns true on success, false otherwise. This increments the reference // count of the private key on success. bool FetchClientCertPrivateKey(const X509Certificate* cert, - ScopedEVP_PKEY* private_key); + crypto::ScopedEVP_PKEY* private_key); // Flush all recorded keys. void Flush(); diff --git a/net/ssl/openssl_client_key_store_unittest.cc b/net/ssl/openssl_client_key_store_unittest.cc index 70d2d7a..b04e109 100644 --- a/net/ssl/openssl_client_key_store_unittest.cc +++ b/net/ssl/openssl_client_key_store_unittest.cc @@ -5,6 +5,7 @@ #include "net/ssl/openssl_client_key_store.h" #include "base/memory/ref_counted.h" +#include "crypto/scoped_openssl_types.h" #include "net/base/test_data_directory.h" #include "net/test/cert_test_util.h" #include "testing/gtest/include/gtest/gtest.h" @@ -13,8 +14,6 @@ namespace net { namespace { -typedef OpenSSLClientKeyStore::ScopedEVP_PKEY ScopedEVP_PKEY; - // Return the internal reference count of a given EVP_PKEY. int EVP_PKEY_get_refcount(EVP_PKEY* pkey) { return pkey->references; @@ -50,7 +49,7 @@ TEST_F(OpenSSLClientKeyStoreTest, Flush) { ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); ASSERT_TRUE(cert_1.get()); - ScopedEVP_PKEY priv_key(EVP_PKEY_new()); + crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new()); ASSERT_TRUE(priv_key.get()); ASSERT_TRUE(store_->RecordClientCertPrivateKey(cert_1.get(), @@ -60,7 +59,7 @@ TEST_F(OpenSSLClientKeyStoreTest, Flush) { // Retrieve the private key. This should fail because the store // was flushed. - ScopedEVP_PKEY pkey; + crypto::ScopedEVP_PKEY pkey; ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey)); ASSERT_FALSE(pkey.get()); } @@ -76,7 +75,7 @@ TEST_F(OpenSSLClientKeyStoreTest, FetchEmptyPrivateKey) { // Retrieve the private key now. This should fail because it was // never recorded in the store. - ScopedEVP_PKEY pkey; + crypto::ScopedEVP_PKEY pkey; ASSERT_FALSE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey)); ASSERT_FALSE(pkey.get()); } @@ -94,7 +93,7 @@ TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) { ImportCertFromFile(GetTestCertsDirectory(), "client_1.pem")); ASSERT_TRUE(cert_1.get()); - ScopedEVP_PKEY priv_key(EVP_PKEY_new()); + crypto::ScopedEVP_PKEY priv_key(EVP_PKEY_new()); ASSERT_TRUE(priv_key.get()); ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key.get())); @@ -111,7 +110,7 @@ TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchPrivateKey) { // Retrieve the private key. This should increment the private key's // reference count. - ScopedEVP_PKEY pkey2; + crypto::ScopedEVP_PKEY pkey2; ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), &pkey2)); ASSERT_EQ(pkey2.get(), priv_key.get()); ASSERT_EQ(3, EVP_PKEY_get_refcount(priv_key.get())); @@ -132,11 +131,11 @@ TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) { ImportCertFromFile(GetTestCertsDirectory(), "client_2.pem")); ASSERT_TRUE(cert_2.get()); - ScopedEVP_PKEY priv_key1(EVP_PKEY_new()); + crypto::ScopedEVP_PKEY priv_key1(EVP_PKEY_new()); ASSERT_TRUE(priv_key1.get()); ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key1.get())); - ScopedEVP_PKEY priv_key2(EVP_PKEY_new()); + crypto::ScopedEVP_PKEY priv_key2(EVP_PKEY_new()); ASSERT_TRUE(priv_key2.get()); ASSERT_EQ(1, EVP_PKEY_get_refcount(priv_key2.get())); @@ -153,10 +152,10 @@ TEST_F(OpenSSLClientKeyStoreTest, RecordAndFetchTwoPrivateKeys) { // Retrieve the private key now. This shall succeed and increment // the private key's reference count. - ScopedEVP_PKEY fetch_key1; + crypto::ScopedEVP_PKEY fetch_key1; ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_1.get(), &fetch_key1)); - ScopedEVP_PKEY fetch_key2; + crypto::ScopedEVP_PKEY fetch_key2; ASSERT_TRUE(store_->FetchClientCertPrivateKey(cert_2.get(), &fetch_key2)); EXPECT_TRUE(fetch_key1.get()); |