Removing crypto/third_party/nss/ and removing crypto _win files

crypto/hmac.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/hmac.h"
 
+#include <openssl/hmac.h>
 #include <stddef.h>
 
 #include <algorithm>
 #include <memory>
+#include <vector>
 
 #include "base/logging.h"
+#include "base/stl_util.h"
+#include "crypto/openssl_util.h"
 #include "crypto/secure_util.h"
 #include "crypto/symmetric_key.h"
 
 namespace crypto {
 
-bool HMAC::Init(SymmetricKey* key) {
-  std::string raw_key;
-  bool result = key->GetRawKey(&raw_key) && Init(raw_key);
-  // Zero out key copy.  This might get optimized away, but one can hope.
-  // Using std::string to store key info at all is a larger problem.
-  std::fill(raw_key.begin(), raw_key.end(), 0);
-  return result;
+struct HMACPlatformData {
+  std::vector<unsigned char> key;
+};

[Ryan Sleevi, 2016/04/28 21:06:58]

Can't we get rid of this entirely, since we're getting rid of the
platform-specific bits? That would avoid the extra heap allocation indirection.

just change the std::unique_ptr<HMACPlatformData> plat_ to be
std::vector<unsigned char> key_;

[svaldez, 2016/04/28 21:14:50]

Done.

+
+HMAC::HMAC(HashAlgorithm hash_alg) : hash_alg_(hash_alg) {
+  // Only SHA-1 and SHA-256 hash algorithms are supported now.
+  DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256);
+}
+
+HMAC::~HMAC() {
+  if (plat_) {
+    // Zero out key copy.
+    plat_->key.assign(plat_->key.size(), 0);
+    STLClearObject(&plat_->key);
+  }
 }
 
 size_t HMAC::DigestLength() const {
   switch (hash_alg_) {
     case SHA1:
       return 20;
     case SHA256:
       return 32;
     default:
       NOTREACHED();
       return 0;
   }
 }
 
+bool HMAC::Init(const unsigned char* key, size_t key_length) {
+  // Init must not be called more than once on the same HMAC object.
+  DCHECK(!plat_);
+  plat_.reset(new HMACPlatformData());
+  plat_->key.assign(key, key + key_length);
+  return true;
+}
+
+bool HMAC::Init(SymmetricKey* key) {
+  std::string raw_key;
+  bool result = key->GetRawKey(&raw_key) && Init(raw_key);
+  // Zero out key copy.  This might get optimized away, but one can hope.
+  // Using std::string to store key info at all is a larger problem.
+  std::fill(raw_key.begin(), raw_key.end(), 0);
+  return result;
+}
+
+bool HMAC::Sign(const base::StringPiece& data,
+                unsigned char* digest,
+                size_t digest_length) const {
+  DCHECK(plat_);  // Init must be called before Sign.
+
+  ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length);
+  return !!::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(),
+                  plat_->key.data(), plat_->key.size(),
+                  reinterpret_cast<const unsigned char*>(data.data()),
+                  data.size(), result.safe_buffer(), NULL);
+}
+
 bool HMAC::Verify(const base::StringPiece& data,
                   const base::StringPiece& digest) const {
   if (digest.size() != DigestLength())
     return false;
   return VerifyTruncated(data, digest);
 }
 
 bool HMAC::VerifyTruncated(const base::StringPiece& data,
                            const base::StringPiece& digest) const {
   if (digest.empty())
     return false;
   size_t digest_length = DigestLength();
   std::unique_ptr<unsigned char[]> computed_digest(
       new unsigned char[digest_length]);
   if (!Sign(data, computed_digest.get(), digest_length))
     return false;
 
   return SecureMemEqual(digest.data(), computed_digest.get(),
                         std::min(digest.size(), digest_length));
 }
 
 }  // namespace crypto