Roll src/third_party/boringssl/src 10f97f3bf..8d315d705

net/socket/ssl_client_socket_impl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/socket/ssl_client_socket_impl.h"
 
 #include <errno.h>
 #include <openssl/bio.h>
 #include <openssl/bytestring.h>
 #include <openssl/err.h>
@@ skipping 328 matching lines @@
   static int PrivateKeyTypeCallback(SSL* ssl) {
     SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeyTypeCallback();
   }
 
   static size_t PrivateKeyMaxSignatureLenCallback(SSL* ssl) {
     SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
     return socket->PrivateKeyMaxSignatureLenCallback();
   }
 
-  static ssl_private_key_result_t PrivateKeySignCallback(SSL* ssl,
-                                                         uint8_t* out,
-                                                         size_t* out_len,
-                                                         size_t max_out,
-                                                         const EVP_MD* md,
-                                                         const uint8_t* in,
-                                                         size_t in_len) {
-    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
-    return socket->PrivateKeySignCallback(out, out_len, max_out, md, in,
-                                          in_len);
-  }
-
-  static ssl_private_key_result_t PrivateKeySignCompleteCallback(
+  static ssl_private_key_result_t PrivateKeySignDigestCallback(
       SSL* ssl,
       uint8_t* out,
       size_t* out_len,
-      size_t max_out) {
+      size_t max_out,
+      const EVP_MD* md,
+      const uint8_t* in,
+      size_t in_len) {
     SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
-    return socket->PrivateKeySignCompleteCallback(out, out_len, max_out);
+    return socket->PrivateKeySignDigestCallback(out, out_len, max_out, md, in,
+                                                in_len);
+  }
+
+  static ssl_private_key_result_t PrivateKeyCompleteCallback(SSL* ssl,
+                                                             uint8_t* out,
+                                                             size_t* out_len,
+                                                             size_t max_out) {
+    SSLClientSocketImpl* socket = GetInstance()->GetClientSocketFromSSL(ssl);
+    return socket->PrivateKeyCompleteCallback(out, out_len, max_out);
   }
 
 #if !defined(OS_NACL)
   static void KeyLogCallback(const SSL* ssl, const char* line) {
     GetInstance()->ssl_key_logger_->WriteLine(line);
   }
 #endif
 
   // This is the index used with SSL_get_ex_data to retrieve the owner
   // SSLClientSocketImpl object from an SSL instance.
   int ssl_socket_data_index_;
 
   ScopedSSL_CTX ssl_ctx_;
 
 #if !defined(OS_NACL)
   std::unique_ptr<SSLKeyLogger> ssl_key_logger_;
 #endif
 
   // TODO(davidben): Use a separate cache per URLRequestContext.
   // https://crbug.com/458365
   //
   // TODO(davidben): Sessions should be invalidated on fatal
   // alerts. https://crbug.com/466352
   SSLClientSessionCache session_cache_;
 };
 
+// TODO(davidben): Switch from sign_digest to sign.
 const SSL_PRIVATE_KEY_METHOD
     SSLClientSocketImpl::SSLContext::kPrivateKeyMethod = {
         &SSLClientSocketImpl::SSLContext::PrivateKeyTypeCallback,
         &SSLClientSocketImpl::SSLContext::PrivateKeyMaxSignatureLenCallback,
-        &SSLClientSocketImpl::SSLContext::PrivateKeySignCallback,
-        &SSLClientSocketImpl::SSLContext::PrivateKeySignCompleteCallback,
+        nullptr /* sign */,
+        &SSLClientSocketImpl::SSLContext::PrivateKeySignDigestCallback,
+        nullptr /* decrypt */,
+        &SSLClientSocketImpl::SSLContext::PrivateKeyCompleteCallback,
 };
 
 // PeerCertificateChain is a helper object which extracts the certificate
 // chain, as given by the server, from an OpenSSL socket and performs the needed
 // resource management. The first element of the chain is the leaf certificate
 // and the other elements are in the order given by the server.
 class SSLClientSocketImpl::PeerCertificateChain {
  public:
   explicit PeerCertificateChain(STACK_OF(X509) * chain) { Reset(chain); }
   PeerCertificateChain(const PeerCertificateChain& other) { *this = other; }
@@ skipping 1740 matching lines @@
       return EVP_PKEY_EC;
   }
   NOTREACHED();
   return EVP_PKEY_NONE;
 }
 
 size_t SSLClientSocketImpl::PrivateKeyMaxSignatureLenCallback() {
   return ssl_config_.client_private_key->GetMaxSignatureLengthInBytes();
 }
 
-ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCallback(
+ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignDigestCallback(
     uint8_t* out,
     size_t* out_len,
     size_t max_out,
     const EVP_MD* md,
     const uint8_t* in,
     size_t in_len) {
   DCHECK_EQ(kNoPendingResult, signature_result_);
   DCHECK(signature_.empty());
   DCHECK(ssl_config_.client_private_key);
 
   SSLPrivateKey::Hash hash;
   if (!EVP_MDToPrivateKeyHash(md, &hash)) {
     OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
     return ssl_private_key_failure;
   }
 
   net_log_.BeginEvent(
       NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION,
       base::Bind(&NetLogPrivateKeyOperationCallback,
                  ssl_config_.client_private_key->GetType(), hash));
 
   signature_result_ = ERR_IO_PENDING;
   ssl_config_.client_private_key->SignDigest(
       hash, base::StringPiece(reinterpret_cast<const char*>(in), in_len),
-      base::Bind(&SSLClientSocketImpl::OnPrivateKeySignComplete,
+      base::Bind(&SSLClientSocketImpl::OnPrivateKeyComplete,
                  weak_factory_.GetWeakPtr()));
   return ssl_private_key_retry;
 }
 
-ssl_private_key_result_t SSLClientSocketImpl::PrivateKeySignCompleteCallback(
+ssl_private_key_result_t SSLClientSocketImpl::PrivateKeyCompleteCallback(
     uint8_t* out,
     size_t* out_len,
     size_t max_out) {
   DCHECK_NE(kNoPendingResult, signature_result_);
   DCHECK(ssl_config_.client_private_key);
 
   if (signature_result_ == ERR_IO_PENDING)
     return ssl_private_key_retry;
   if (signature_result_ != OK) {
     OpenSSLPutNetError(FROM_HERE, signature_result_);
     return ssl_private_key_failure;
   }
   if (signature_.size() > max_out) {
     OpenSSLPutNetError(FROM_HERE, ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED);
     return ssl_private_key_failure;
   }
   memcpy(out, signature_.data(), signature_.size());
   *out_len = signature_.size();
   signature_.clear();
   return ssl_private_key_success;
 }
 
-void SSLClientSocketImpl::OnPrivateKeySignComplete(
+void SSLClientSocketImpl::OnPrivateKeyComplete(
     Error error,
     const std::vector<uint8_t>& signature) {
   DCHECK_EQ(ERR_IO_PENDING, signature_result_);
   DCHECK(signature_.empty());
   DCHECK(ssl_config_.client_private_key);
 
   net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_PRIVATE_KEY_OPERATION,
                                     error);
 
   signature_result_ = error;
@@ skipping 93 matching lines @@
   if (rv != OK) {
     net_log_.EndEventWithNetErrorCode(NetLog::TYPE_SSL_CONNECT, rv);
     return;
   }
 
   net_log_.EndEvent(NetLog::TYPE_SSL_CONNECT,
                     base::Bind(&NetLogSSLInfoCallback, base::Unretained(this)));
 }
 
 }  // namespace net