Move crypto files out of base, to a top level directory.

net/socket/ssl_client_socket_openssl.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 // OpenSSL binding for SSLClientSocket. The class layout and general principle
 // of operation is derived from SSLClientSocketNSS.
 
 #include "net/socket/ssl_client_socket_openssl.h"
 
 #include <openssl/ssl.h>
 #include <openssl/err.h>
 
 #include "base/memory/singleton.h"
 #include "base/metrics/histogram.h"
-#include "base/openssl_util.h"
 #include "base/synchronization/lock.h"
+#include "crypto/openssl_util.h"
 #include "net/base/cert_verifier.h"
 #include "net/base/net_errors.h"
 #include "net/base/openssl_private_key_store.h"
 #include "net/base/ssl_cert_request_info.h"
 #include "net/base/ssl_connection_status_flags.h"
 #include "net/base/ssl_info.h"
 #include "net/socket/ssl_error_params.h"
 
 namespace net {
 
@@ skipping 138 matching lines @@
     default:
       LOG(WARNING) << "Unmapped error reason: " << ERR_GET_REASON(error_code);
       return ERR_FAILED;
   }
 }
 
 // Converts an OpenSSL error code into a net error code, walking the OpenSSL
 // error stack if needed. Note that |tracer| is not currently used in the
 // implementation, but is passed in anyway as this ensures the caller will clear
 // any residual codes left on the error stack.
-int MapOpenSSLError(int err, const base::OpenSSLErrStackTracer& tracer) {
+int MapOpenSSLError(int err, const crypto::OpenSSLErrStackTracer& tracer) {
   switch (err) {
     case SSL_ERROR_WANT_READ:
     case SSL_ERROR_WANT_WRITE:
       return ERR_IO_PENDING;
     case SSL_ERROR_SYSCALL:
       DVLOG(1) << "OpenSSL SYSCALL error, errno " << errno;
       return ERR_SSL_PROTOCOL_ERROR;
     case SSL_ERROR_SSL:
       return MapOpenSSLErrorSSL();
     default:
@@ skipping 13 matching lines @@
 // OpenSSL manages a cache of SSL_SESSION, this class provides the application
 // side policy for that cache about session re-use: we retain one session per
 // unique HostPortPair.
 class SSLSessionCache {
  public:
   SSLSessionCache() {}
 
   void OnSessionAdded(const HostPortPair& host_and_port, SSL_SESSION* session) {
     // Declare the session cleaner-upper before the lock, so any call into
     // OpenSSL to free the session will happen after the lock is released.
-    base::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free;
+    crypto::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free;
     base::AutoLock lock(lock_);
 
     DCHECK_EQ(0U, session_map_.count(session));
     std::pair<HostPortMap::iterator, bool> res =
         host_port_map_.insert(std::make_pair(host_and_port, session));
     if (!res.second) {  // Already exists: replace old entry.
       session_to_free.reset(res.first->second);
       session_map_.erase(session_to_free.get());
       res.first->second = session;
     }
     DVLOG(2) << "Adding session " << session << " => "
              << host_and_port.ToString() << ", new entry = " << res.second;
     DCHECK(host_port_map_[host_and_port] == session);
     session_map_[session] = res.first;
     DCHECK_EQ(host_port_map_.size(), session_map_.size());
     DCHECK_LE(host_port_map_.size(), kSessionCacheMaxEntires);
   }
 
   void OnSessionRemoved(SSL_SESSION* session) {
     // Declare the session cleaner-upper before the lock, so any call into
     // OpenSSL to free the session will happen after the lock is released.
-    base::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free;
+    crypto::ScopedOpenSSL<SSL_SESSION, SSL_SESSION_free> session_to_free;
     base::AutoLock lock(lock_);
 
     SessionMap::iterator it = session_map_.find(session);
     if (it == session_map_.end())
       return;
     DVLOG(2) << "Remove session " << session << " => "
              << it->second->first.ToString();
     DCHECK(it->second->second == session);
     host_port_map_.erase(it->second);
     session_map_.erase(it);
@@ skipping 52 matching lines @@
   }
 
   bool SetClientSocketForSSL(SSL* ssl, SSLClientSocketOpenSSL* socket) {
     return SSL_set_ex_data(ssl, ssl_socket_data_index_, socket) != 0;
   }
 
  private:
   friend struct DefaultSingletonTraits<SSLContext>;
 
   SSLContext() {
-    base::EnsureOpenSSLInit();
+    crypto::EnsureOpenSSLInit();
     ssl_socket_data_index_ = SSL_get_ex_new_index(0, 0, 0, 0, 0);
     DCHECK_NE(ssl_socket_data_index_, -1);
     ssl_ctx_.reset(SSL_CTX_new(SSLv23_client_method()));
     SSL_CTX_set_cert_verify_callback(ssl_ctx_.get(), NoOpVerifyCallback, NULL);
     SSL_CTX_set_session_cache_mode(ssl_ctx_.get(), SSL_SESS_CACHE_CLIENT);
     SSL_CTX_sess_set_new_cb(ssl_ctx_.get(), NewSessionCallbackStatic);
     SSL_CTX_sess_set_remove_cb(ssl_ctx_.get(), RemoveSessionCallbackStatic);
     SSL_CTX_set_timeout(ssl_ctx_.get(), kSessionCacheTimeoutSeconds);
     SSL_CTX_sess_set_cache_size(ssl_ctx_.get(), kSessionCacheMaxEntires);
     SSL_CTX_set_client_cert_cb(ssl_ctx_.get(), ClientCertCallback);
@@ skipping 36 matching lines @@
                                      const unsigned char* in,
                                      unsigned int inlen, void* arg) {
     SSLClientSocketOpenSSL* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->SelectNextProtoCallback(out, outlen, in, inlen);
   }
 
   // This is the index used with SSL_get_ex_data to retrieve the owner
   // SSLClientSocketOpenSSL object from an SSL instance.
   int ssl_socket_data_index_;
 
-  base::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx_;
+  crypto::ScopedOpenSSL<SSL_CTX, SSL_CTX_free> ssl_ctx_;
   SSLSessionCache session_cache_;
 };
 
 // Utility to construct the appropriate set & clear masks for use the OpenSSL
 // options and mode configuration functions. (SSL_set_options etc)
 struct SslSetClearMask {
   SslSetClearMask() : set_mask(0), clear_mask(0) {}
   void ConfigureFlag(long flag, bool state) {
     (state ? set_mask : clear_mask) |= flag;
     // Make sure we haven't got any intersection in the set & clear options.
@@ skipping 36 matching lines @@
 
 SSLClientSocketOpenSSL::~SSLClientSocketOpenSSL() {
   Disconnect();
 }
 
 bool SSLClientSocketOpenSSL::Init() {
   DCHECK(!ssl_);
   DCHECK(!transport_bio_);
 
   SSLContext* context = SSLContext::GetInstance();
-  base::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
 
   ssl_ = SSL_new(context->ssl_ctx());
   if (!ssl_ || !context->SetClientSocketForSSL(ssl_, this))
     return false;
 
   if (!SSL_set_tlsext_host_name(ssl_, host_and_port_.host().c_str()))
     return false;
 
   trying_cached_session_ =
       context->session_cache()->SetSSLSession(ssl_, host_and_port_);
@@ skipping 287 matching lines @@
       break;
 
     // Do the actual network I/O.
     network_moved = DoTransportIO();
   } while ((rv != ERR_IO_PENDING || network_moved) &&
             next_handshake_state_ != STATE_NONE);
   return rv;
 }
 
 int SSLClientSocketOpenSSL::DoHandshake() {
-  base::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int net_error = net::OK;
   int rv = SSL_do_handshake(ssl_);
 
   if (client_auth_cert_needed_) {
     net_error = ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
     // If the handshake already succeeded (because the server requests but
     // doesn't require a client cert), we need to invalidate the SSL session
     // so that we won't try to resume the non-client-authenticated session in
     // the next handshake.  This will cause the server to ask for a client
     // cert again.
@@ skipping 111 matching lines @@
   completed_handshake_ = true;
   // Exit DoHandshakeLoop and return the result to the caller to Connect.
   DCHECK_EQ(STATE_NONE, next_handshake_state_);
   return result;
 }
 
 X509Certificate* SSLClientSocketOpenSSL::UpdateServerCert() {
   if (server_cert_)
     return server_cert_;
 
-  base::ScopedOpenSSL<X509, X509_free> cert(SSL_get_peer_certificate(ssl_));
+  crypto::ScopedOpenSSL<X509, X509_free> cert(SSL_get_peer_certificate(ssl_));
   if (!cert.get()) {
     LOG(WARNING) << "SSL_get_peer_certificate returned NULL";
     return NULL;
   }
 
   // Unlike SSL_get_peer_certificate, SSL_get_peer_cert_chain does not
   // increment the reference so sk_X509_free does not need to be called.
   STACK_OF(X509)* chain = SSL_get_peer_cert_chain(ssl_);
   X509Certificate::OSCertHandles intermediates;
   if (chain) {
@@ skipping 289 matching lines @@
 
 bool SSLClientSocketOpenSSL::SetReceiveBufferSize(int32 size) {
   return transport_->socket()->SetReceiveBufferSize(size);
 }
 
 bool SSLClientSocketOpenSSL::SetSendBufferSize(int32 size) {
   return transport_->socket()->SetSendBufferSize(size);
 }
 
 int SSLClientSocketOpenSSL::DoPayloadRead() {
-  base::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = SSL_read(ssl_, user_read_buf_->data(), user_read_buf_len_);
   // We don't need to invalidate the non-client-authenticated SSL session
   // because the server will renegotiate anyway.
   if (client_auth_cert_needed_)
     return ERR_SSL_CLIENT_AUTH_CERT_NEEDED;
 
   if (rv >= 0)
     return rv;
 
   int err = SSL_get_error(ssl_, rv);
   return MapOpenSSLError(err, err_tracer);
 }
 
 int SSLClientSocketOpenSSL::DoPayloadWrite() {
-  base::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
   int rv = SSL_write(ssl_, user_write_buf_->data(), user_write_buf_len_);
 
   if (rv >= 0)
     return rv;
 
   int err = SSL_get_error(ssl_, rv);
   return MapOpenSSLError(err, err_tracer);
 }
 
 }  // namespace net