5 files changed, 24 insertions, 57 deletions

diff --git a/net/base/openssl_private_key_store_memory.cc b/net/base/openssl_private_key_store_memory.cc
index 0913e46..4d6a287 100644
--- a/net/base/openssl_private_key_store_memory.cc
+++ b/net/base/openssl_private_key_store_memory.cc
@@ -36,7 +36,7 @@ class MemoryKeyPairStore {
   }
 
   bool StoreKeyPair(EVP_PKEY* pkey) {
-    CRYPTO_add(&pkey->references, 1, CRYPTO_LOCK_EVP_PKEY);
+    EVP_PKEY_dup(pkey);
     base::AutoLock lock(lock_);
     keys_.push_back(pkey);
     return true;
diff --git a/net/cert/x509_certificate_openssl.cc b/net/cert/x509_certificate_openssl.cc
index 504f3ae..fdd0e48 100644
--- a/net/cert/x509_certificate_openssl.cc
+++ b/net/cert/x509_certificate_openssl.cc
@@ -241,13 +241,7 @@ void sk_X509_NAME_free_all(STACK_OF(X509_NAME)* sk) {
 X509Certificate::OSCertHandle X509Certificate::DupOSCertHandle(
     OSCertHandle cert_handle) {
   DCHECK(cert_handle);
-  // Using X509_dup causes the entire certificate to be reparsed. This
-  // conversion, besides being non-trivial, drops any associated
-  // application-specific data set by X509_set_ex_data. Using CRYPTO_add
-  // just bumps up the ref-count for the cert, without causing any allocations
-  // or deallocations.
-  CRYPTO_add(&cert_handle->references, 1, CRYPTO_LOCK_X509);
-  return cert_handle;
+  return X509_up_ref(cert_handle);
 }
 
 // static
diff --git a/net/socket/ssl_client_socket_openssl.cc b/net/socket/ssl_client_socket_openssl.cc
index 89cb405..ed1138f 100644
--- a/net/socket/ssl_client_socket_openssl.cc
+++ b/net/socket/ssl_client_socket_openssl.cc
@@ -244,12 +244,8 @@ SSLClientSocketOpenSSL::PeerCertificateChain::operator=(
   // os_chain_ is reference counted by scoped_refptr;
   os_chain_ = other.os_chain_;
 
-  // Must increase the reference count manually for sk_X509_dup
-  openssl_chain_.reset(sk_X509_dup(other.openssl_chain_.get()));
-  for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
-    X509* x = sk_X509_value(openssl_chain_.get(), i);
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-  }
+  openssl_chain_.reset(X509_chain_up_ref(other.openssl_chain_.get()));
+
   return *this;
 }
 
@@ -271,15 +267,7 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
   os_chain_ =
       X509Certificate::CreateFromHandle(sk_X509_value(chain, 0), intermediates);
 
-  // sk_X509_dup does not increase reference count on the certs in the stack.
-  openssl_chain_.reset(sk_X509_dup(chain));
-
-  std::vector<base::StringPiece> der_chain;
-  for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
-    X509* x = sk_X509_value(openssl_chain_.get(), i);
-    // Increase the reference count for the certs in openssl_chain_.
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-  }
+  openssl_chain_.reset(X509_chain_up_ref(chain));
 }
 #else  // !defined(USE_OPENSSL_CERTS)
 void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
@@ -290,16 +278,12 @@ void SSLClientSocketOpenSSL::PeerCertificateChain::Reset(
   if (!chain)
     return;
 
-  // sk_X509_dup does not increase reference count on the certs in the stack.
-  openssl_chain_.reset(sk_X509_dup(chain));
+  openssl_chain_.reset(X509_chain_up_ref(chain));
 
   std::vector<base::StringPiece> der_chain;
   for (size_t i = 0; i < sk_X509_num(openssl_chain_.get()); ++i) {
     X509* x = sk_X509_value(openssl_chain_.get(), i);
 
-    // Increase the reference count for the certs in openssl_chain_.
-    CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-
     unsigned char* cert_data = NULL;
     int cert_data_length = i2d_X509(x, &cert_data);
     if (cert_data_length && cert_data)
diff --git a/net/ssl/openssl_client_key_store.cc b/net/ssl/openssl_client_key_store.cc
index ef38da6..b0b5eb3 100644
--- a/net/ssl/openssl_client_key_store.cc
+++ b/net/ssl/openssl_client_key_store.cc
@@ -15,17 +15,6 @@ namespace net {
 
 namespace {
 
-// Increment the reference count of a given EVP_PKEY. This function
-// is similar to EVP_PKEY_dup which is not available from the OpenSSL
-// version used by Chromium at the moment. Its name is distinct to
-// avoid compiler warnings about ambiguous function calls at caller
-// sites.
-EVP_PKEY* CopyEVP_PKEY(EVP_PKEY* key) {
-  if (key)
-    CRYPTO_add(&key->references, 1, CRYPTO_LOCK_EVP_PKEY);
-  return key;
-}
-
 // Return the EVP_PKEY holding the public key of a given certificate.
 // |cert| is a certificate.
 // Returns a scoped EVP_PKEY for it.
@@ -48,35 +37,35 @@ OpenSSLClientKeyStore::~OpenSSLClientKeyStore() {
 }
 
 OpenSSLClientKeyStore::KeyPair::KeyPair(EVP_PKEY* pub_key,
-                                        EVP_PKEY* priv_key) {
-  public_key = CopyEVP_PKEY(pub_key);
-  private_key = CopyEVP_PKEY(priv_key);
+                                        EVP_PKEY* priv_key)
+    : public_key(EVP_PKEY_dup(pub_key)),
+      private_key(EVP_PKEY_dup(priv_key)) {
 }
 
 OpenSSLClientKeyStore::KeyPair::~KeyPair() {
-  EVP_PKEY_free(public_key);
-  EVP_PKEY_free(private_key);
 }
 
-OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other) {
-  public_key = CopyEVP_PKEY(other.public_key);
-  private_key = CopyEVP_PKEY(other.private_key);
+OpenSSLClientKeyStore::KeyPair::KeyPair(const KeyPair& other)
+    : public_key(EVP_PKEY_dup(other.public_key.get())),
+      private_key(EVP_PKEY_dup(other.private_key.get())) {
 }
 
 void OpenSSLClientKeyStore::KeyPair::operator=(const KeyPair& other) {
-  EVP_PKEY* old_public_key = public_key;
-  EVP_PKEY* old_private_key = private_key;
-  public_key = CopyEVP_PKEY(other.public_key);
-  private_key = CopyEVP_PKEY(other.private_key);
-  EVP_PKEY_free(old_private_key);
-  EVP_PKEY_free(old_public_key);
+  // Use a temporary ScopedEVP_PKEY because scoped_ptr does not allow resetting
+  // to the current value, even though it's safe here.
+  crypto::ScopedEVP_PKEY public_key_tmp(EVP_PKEY_dup(other.public_key.get()));
+  crypto::ScopedEVP_PKEY private_key_tmp(EVP_PKEY_dup(other.private_key.get()));
+  public_key.reset();
+  public_key = public_key_tmp.Pass();
+  private_key.reset();
+  private_key = private_key_tmp.Pass();
 }
 
 int OpenSSLClientKeyStore::FindKeyPairIndex(EVP_PKEY* public_key) {
   if (!public_key)
     return -1;
   for (size_t n = 0; n < pairs_.size(); ++n) {
-    if (EVP_PKEY_cmp(pairs_[n].public_key, public_key) == 1)
+    if (EVP_PKEY_cmp(pairs_[n].public_key.get(), public_key) == 1)
       return static_cast<int>(n);
   }
   return -1;
@@ -120,7 +109,7 @@ crypto::ScopedEVP_PKEY OpenSSLClientKeyStore::FetchClientCertPrivateKey(
   if (index < 0)
     return crypto::ScopedEVP_PKEY();
 
-  return crypto::ScopedEVP_PKEY(CopyEVP_PKEY(pairs_[index].private_key));
+  return crypto::ScopedEVP_PKEY(EVP_PKEY_dup(pairs_[index].private_key.get()));
 }
 
 void OpenSSLClientKeyStore::Flush() {
diff --git a/net/ssl/openssl_client_key_store.h b/net/ssl/openssl_client_key_store.h
index 1cf2ced..0cbb23a 100644
--- a/net/ssl/openssl_client_key_store.h
+++ b/net/ssl/openssl_client_key_store.h
@@ -76,8 +76,8 @@ class NET_EXPORT OpenSSLClientKeyStore {
     void operator=(const KeyPair& other);
     ~KeyPair();
 
-    EVP_PKEY* public_key;
-    EVP_PKEY* private_key;
+    crypto::ScopedEVP_PKEY public_key;
+    crypto::ScopedEVP_PKEY private_key;
 
    private:
     KeyPair();  // intentionally not implemented.