Cut down on usage of deprecated APIs in //crypto.

crypto/ec_private_key_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/ec_private_key.h"
 
+#include <openssl/bytestring.h>
 #include <openssl/ec.h>
 #include <openssl/evp.h>
+#include <openssl/mem.h>
 #include <openssl/pkcs12.h>
 #include <openssl/x509.h>
 #include <stddef.h>
 #include <stdint.h>
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
+#include "crypto/auto_cbb.h"
 #include "crypto/openssl_util.h"
 #include "crypto/scoped_openssl_types.h"
 
 namespace crypto {
 
 namespace {
 
 // Function pointer definition, for injecting the required key export function
 // into ExportKeyWithBio, below. |bio| is a temporary memory BIO object, and
 // |key| is a handle to the input key object. Return 1 on success, 0 otherwise.
@@ skipping 21 matching lines @@
 
   char* data = NULL;
   long len = BIO_get_mem_data(bio.get(), &data);
   if (!data || len < 0)
     return false;
 
   output->assign(data, data + len);
   return true;
 }
 
-// Function pointer definition, for injecting the required key export function
-// into ExportKey below. |key| is a pointer to the input key object,
-// and |data| is either NULL, or the address of an 'unsigned char*' pointer
-// that points to the start of the output buffer. The function must return
-// the number of bytes required to export the data, or -1 in case of error.
-typedef int (*ExportDataFunction)(const void* key, unsigned char** data);
-
-// Helper to export |key| into |output| via the specified export function.
-bool ExportKey(const void* key,
-               ExportDataFunction export_fn,
-               std::vector<uint8_t>* output) {
-  if (!key)
-    return false;
-
-  int data_len = export_fn(key, NULL);
-  if (data_len < 0)
-    return false;
-
-  output->resize(static_cast<size_t>(data_len));
-  unsigned char* data = &(*output)[0];
-  if (export_fn(key, &data) < 0)
-    return false;
-
-  return true;
-}
-
 }  // namespace
 
 ECPrivateKey::~ECPrivateKey() {
   if (key_)
     EVP_PKEY_free(key_);
 }
 
 ECPrivateKey* ECPrivateKey::Copy() const {
   scoped_ptr<ECPrivateKey> copy(new ECPrivateKey);
   if (key_)
@@ skipping 92 matching lines @@
     return false;
 
   // Write it into |*output|
   return ExportKeyWithBio(encrypted.get(),
                           reinterpret_cast<ExportBioFunction>(i2d_PKCS8_bio),
                           output);
 }
 
 bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);
-  return ExportKeyWithBio(
-      key_, reinterpret_cast<ExportBioFunction>(i2d_PUBKEY_bio), output);
+  uint8_t *der;
+  size_t der_len;
+  AutoCBB cbb;
+  if (!CBB_init(cbb.get(), 0) ||
+      !EVP_marshal_public_key(cbb.get(), key_) ||
+      !CBB_finish(cbb.get(), &der, &der_len)) {
+    return false;
+  }
+  output->assign(der, der + der_len);
+  OPENSSL_free(der);
+  return true;
 }
 
 bool ECPrivateKey::ExportRawPublicKey(std::string* output) {
-  // i2d_PublicKey will produce an ANSI X9.62 public key which, for a P-256
-  // key, is 0x04 (meaning uncompressed) followed by the x and y field
-  // elements as 32-byte, big-endian numbers.
-  static const int kExpectedKeyLength = 65;
+  // Export the x and y field elements as 32-byte, big-endian numbers. (This is
+  // the same as X9.62 uncompressed form without the leading 0x04 byte.)
+  EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_);
+  ScopedBIGNUM x(BN_new());
+  ScopedBIGNUM y(BN_new());
+  uint8_t buf[64];
+  if (!x || !y ||
+      !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key),
+                                           EC_KEY_get0_public_key(ec_key),
+                                           x.get(), y.get(), nullptr) ||
+      !BN_bn2bin_padded(buf, 32, x.get()) ||
+      !BN_bn2bin_padded(buf + 32, 32, x.get())) {
+    return false;
+  }
 
-  int len = i2d_PublicKey(key_, NULL);
-  if (len != kExpectedKeyLength)
-    return false;
-
-  uint8_t buf[kExpectedKeyLength];
-  uint8_t* derp = buf;
-  len = i2d_PublicKey(key_, &derp);
-  if (len != kExpectedKeyLength)
-    return false;
-
-  output->assign(reinterpret_cast<char*>(buf + 1), kExpectedKeyLength - 1);
+  output->assign(reinterpret_cast<const char*>(buf), sizeof(buf));
   return true;
 }
 
-bool ECPrivateKey::ExportValue(std::vector<uint8_t>* output) {
+bool ECPrivateKey::ExportValueForTesting(std::vector<uint8_t>* output) {
   OpenSSLErrStackTracer err_tracer(FROM_HERE);

[Ryan Sleevi, 2016/02/26 23:16:08]

Did we also need this for line 186?

[davidben, 2016/02/26 23:45:35]

Done. (One of these days, we'll figure out how to make that thing
unnecessary...)

-  ScopedEC_KEY ec_key(EVP_PKEY_get1_EC_KEY(key_));
-  return ExportKey(ec_key.get(),
-                   reinterpret_cast<ExportDataFunction>(i2d_ECPrivateKey),
-                   output);
-}
-
-bool ECPrivateKey::ExportECParams(std::vector<uint8_t>* output) {
-  OpenSSLErrStackTracer err_tracer(FROM_HERE);
-  ScopedEC_KEY ec_key(EVP_PKEY_get1_EC_KEY(key_));
-  return ExportKey(ec_key.get(),
-                   reinterpret_cast<ExportDataFunction>(i2d_ECParameters),
-                   output);
+  EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_);
+  uint8_t *der;
+  size_t der_len;
+  AutoCBB cbb;
+  if (!CBB_init(cbb.get(), 0) ||
+      !EC_KEY_marshal_private_key(cbb.get(), ec_key, 0 /* enc_flags */) ||
+      !CBB_finish(cbb.get(), &der, &der_len)) {
+    return false;
+  }
+  output->assign(der, der + der_len);
+  OPENSSL_free(der);
+  return true;
 }
 
 ECPrivateKey::ECPrivateKey() : key_(NULL) {}
 
 }  // namespace crypto