Remove ENGINE indirection from Android SSLPrivateKey.

Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is also rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the wrapper object, but test all
hashes.

BUG=394131
Committed: https://crrev.com/1504dd71c6743e950147eca8f0ef06388d311073
Cr-Commit-Position: refs/heads/master@{#416258}

[davidben, 2016-08-30 16:36:25]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-30 16:36:49]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-30 17:03:00]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-30 17:03:01]

Dry run: Try jobs failed on following builders:
  android_compile_dbg on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/android_comp...)
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)

[davidben, 2016-08-30 20:00:06]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-30 20:00:49]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[davidben, 2016-08-30 20:04:53]

Description was changed from

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

OpenSSLClientKeyStore is rewritten to be much simpler as a result of
this. It's still not thread-safe, but that will be resolved by finishing
the SSLPrivateKey refactor and routing it up through //content.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the final key. We don't need more than
that.

BUG=394131
==========

to

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is als rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the final key. We don't need more than
that.

BUG=394131
==========

[davidben, 2016-08-30 20:05:15]

Description was changed from

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is als rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the final key. We don't need more than
that.

BUG=394131
==========

to

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is als rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the wrapper object, but test all
hashes.

BUG=394131
==========

[davidben, 2016-08-30 20:08:31]

davidben@chromium.org changed reviewers:
+ svaldez@chromium.org

[davidben, 2016-08-30 20:08:32]

https://codereview.chromium.org/2291213002/diff/20001/net/ssl/ssl_platform_ke...
File net/ssl/ssl_platform_key_android_unittest.cc (right):

https://codereview.chromium.org/2291213002/diff/20001/net/ssl/ssl_platform_ke...
net/ssl/ssl_platform_key_android_unittest.cc:1: // Copyright (c) 2013 The
Chromium Authors. All rights reserved.
This file is actually copied over from keystore_unittest.cc, but I guess it's
changed enough that you can't tell anymore? :-(

For the most part, I did not rewrite existing functions and just trimmed what
wasn't needed.

[commit-bot: I haz the power, 2016-08-30 20:33:50]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-30 20:33:50]

Dry run: Exceeded global retry quota

[davidben, 2016-08-30 20:38:59]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-30 20:40:12]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-30 20:58:37]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-30 20:58:38]

Dry run: Try jobs failed on following builders:
  linux_android_rel_ng on master.tryserver.chromium.android (JOB_FAILED,
https://build.chromium.org/p/tryserver.chromium.android/builders/linux_androi...)

[davidben, 2016-08-30 21:00:58]

Fix WebView build

[davidben, 2016-08-30 21:01:01]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-08-30 21:01:49]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-08-30 22:07:09]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-08-30 22:07:10]

Dry run: This issue passed the CQ dry run.

[svaldez, 2016-09-01 14:51:05]

lgtm

als->also in CL description and a few nits.

https://codereview.chromium.org/2291213002/diff/60001/android_webview/native/...
File android_webview/native/aw_contents_client_bridge.cc (right):

https://codereview.chromium.org/2291213002/diff/60001/android_webview/native/...
android_webview/native/aw_contents_client_bridge.cc:243: // Create an EVP_PKEY
wrapper for the private key JNI reference.
Update comment.

https://codereview.chromium.org/2291213002/diff/60001/chrome/browser/ui/andro...
File chrome/browser/ui/android/ssl_client_certificate_request.cc (right):

https://codereview.chromium.org/2291213002/diff/60001/chrome/browser/ui/andro...
chrome/browser/ui/android/ssl_client_certificate_request.cc:162: // Create an
EVP_PKEY wrapper for the private key JNI reference.
Update comment.

https://codereview.chromium.org/2291213002/diff/60001/net/ssl/ssl_platform_ke...
File net/ssl/ssl_platform_key_android.h (right):

https://codereview.chromium.org/2291213002/diff/60001/net/ssl/ssl_platform_ke...
net/ssl/ssl_platform_key_android.h:1: // Copyright 2015 The Chromium Authors.
All rights reserved.
Update

[davidben, 2016-09-01 19:30:24]

Description was changed from

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is als rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the wrapper object, but test all
hashes.

BUG=394131
==========

to

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is also rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the wrapper object, but test all
hashes.

BUG=394131
==========

[davidben, 2016-09-01 19:39:47]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-01 19:40:35]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[davidben, 2016-09-01 19:40:55]

davidben@chromium.org changed reviewers:
+ boliu@chromium.org, tedchoc@chromium.org

[davidben, 2016-09-01 19:40:56]

(Also removed some unnecessary .gets())

+tedchoc for chrome/browser/ui/android/ssl_client_certificate_request.cc
+boliu for android_webview/native/aw_contents_client_bridge.cc

https://codereview.chromium.org/2291213002/diff/60001/android_webview/native/...
File android_webview/native/aw_contents_client_bridge.cc (right):

https://codereview.chromium.org/2291213002/diff/60001/android_webview/native/...
android_webview/native/aw_contents_client_bridge.cc:243: // Create an EVP_PKEY
wrapper for the private key JNI reference.
On 2016/09/01 14:51:05, svaldez wrote:
> Update comment.

Done.

https://codereview.chromium.org/2291213002/diff/60001/chrome/browser/ui/andro...
File chrome/browser/ui/android/ssl_client_certificate_request.cc (right):

https://codereview.chromium.org/2291213002/diff/60001/chrome/browser/ui/andro...
chrome/browser/ui/android/ssl_client_certificate_request.cc:162: // Create an
EVP_PKEY wrapper for the private key JNI reference.
On 2016/09/01 14:51:05, svaldez wrote:
> Update comment.

Done.

https://codereview.chromium.org/2291213002/diff/60001/net/ssl/ssl_platform_ke...
File net/ssl/ssl_platform_key_android.h (right):

https://codereview.chromium.org/2291213002/diff/60001/net/ssl/ssl_platform_ke...
net/ssl/ssl_platform_key_android.h:1: // Copyright 2015 The Chromium Authors.
All rights reserved.
On 2016/09/01 14:51:05, svaldez wrote:
> Update

Done.

[commit-bot: I haz the power, 2016-09-01 19:43:06]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-09-01 19:43:07]

Dry run: Try jobs failed on following builders:
  ios-device on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-device/builds...)
  ios-simulator on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/ios-simulator/bui...)
  mac_chromium_rel_ng on master.tryserver.chromium.mac (JOB_FAILED,
http://build.chromium.org/p/tryserver.chromium.mac/builders/mac_chromium_rel_...)

[Ted C, 2016-09-01 20:13:02]

On 2016/09/01 19:40:56, davidben wrote:
> (Also removed some unnecessary .gets())
> 
> +tedchoc for chrome/browser/ui/android/ssl_client_certificate_request.cc
> +boliu for android_webview/native/aw_contents_client_bridge.cc
> 
>
https://codereview.chromium.org/2291213002/diff/60001/android_webview/native/...
> File android_webview/native/aw_contents_client_bridge.cc (right):
> 
>
https://codereview.chromium.org/2291213002/diff/60001/android_webview/native/...
> android_webview/native/aw_contents_client_bridge.cc:243: // Create an EVP_PKEY
> wrapper for the private key JNI reference.
> On 2016/09/01 14:51:05, svaldez wrote:
> > Update comment.
> 
> Done.
> 
>
https://codereview.chromium.org/2291213002/diff/60001/chrome/browser/ui/andro...
> File chrome/browser/ui/android/ssl_client_certificate_request.cc (right):
> 
>
https://codereview.chromium.org/2291213002/diff/60001/chrome/browser/ui/andro...
> chrome/browser/ui/android/ssl_client_certificate_request.cc:162: // Create an
> EVP_PKEY wrapper for the private key JNI reference.
> On 2016/09/01 14:51:05, svaldez wrote:
> > Update comment.
> 
> Done.
> 
>
https://codereview.chromium.org/2291213002/diff/60001/net/ssl/ssl_platform_ke...
> File net/ssl/ssl_platform_key_android.h (right):
> 
>
https://codereview.chromium.org/2291213002/diff/60001/net/ssl/ssl_platform_ke...
> net/ssl/ssl_platform_key_android.h:1: // Copyright 2015 The Chromium Authors.
> All rights reserved.
> On 2016/09/01 14:51:05, svaldez wrote:
> > Update
> 
> Done.

ssl_client_certificate_request.cc - lgtm

[boliu, 2016-09-01 20:22:30]

https://codereview.chromium.org/2291213002/diff/80001/android_webview/native/...
File android_webview/native/aw_contents_client_bridge.cc (right):

https://codereview.chromium.org/2291213002/diff/80001/android_webview/native/...
android_webview/native/aw_contents_client_bridge.cc:261:
base::Bind(&RecordClientCertificateKey, base::RetainedRef(client_cert),
is RetainedRef necessary here? (/me seeing it for the first time and read the
docs for it just now..)

[davidben, 2016-09-01 20:28:01]

https://codereview.chromium.org/2291213002/diff/80001/android_webview/native/...
File android_webview/native/aw_contents_client_bridge.cc (right):

https://codereview.chromium.org/2291213002/diff/80001/android_webview/native/...
android_webview/native/aw_contents_client_bridge.cc:261:
base::Bind(&RecordClientCertificateKey, base::RetainedRef(client_cert),
On 2016/09/01 20:22:30, boliu wrote:
> is RetainedRef necessary here? (/me seeing it for the first time and read the
> docs for it just now..)

It's possible I'm misunderstanding, but I think it's a recent-ish change for
this stuff:
https://crbug.com/589048

The change here is:
1. I believe we no longer like const scoped_refpr<T>& and prefer either T* if
not taking ownership or plain scoped_refptr<T> if you are. Since the
RecordClientCertificateKey didn't take ownership, I switched it to T*.

Per that bug, I *think* the intent is that they explicitly have a
base:RetainedRef is the base::Bind is to take ownership and then unwrap it when
passing to a function.

But it's possible I'm wrong here. Do you agree with this interpretation?

[boliu, 2016-09-01 20:35:53]

lgtm

https://codereview.chromium.org/2291213002/diff/80001/android_webview/native/...
File android_webview/native/aw_contents_client_bridge.cc (right):

https://codereview.chromium.org/2291213002/diff/80001/android_webview/native/...
android_webview/native/aw_contents_client_bridge.cc:261:
base::Bind(&RecordClientCertificateKey, base::RetainedRef(client_cert),
On 2016/09/01 20:28:01, davidben wrote:
> On 2016/09/01 20:22:30, boliu wrote:
> > is RetainedRef necessary here? (/me seeing it for the first time and read
the
> > docs for it just now..)
> 
> It's possible I'm misunderstanding, but I think it's a recent-ish change for
> this stuff:
> https://crbug.com/589048
> 
> The change here is:
> 1. I believe we no longer like const scoped_refpr<T>& and prefer either T* if
> not taking ownership or plain scoped_refptr<T> if you are. Since the
> RecordClientCertificateKey didn't take ownership, I switched it to T*.
> 
> Per that bug, I *think* the intent is that they explicitly have a
> base:RetainedRef is the base::Bind is to take ownership and then unwrap it
when
> passing to a function.

I *think* RetainedRef just does the second part of unwrapping before the
function call. Retaining a ref to a refcounted object in callbacks is the
default behavior (ie with no wrappers).

> 
> But it's possible I'm wrong here. Do you agree with this interpretation?

Ahh, oops, I missed this is the *first* parameter to RecordClientCertificateKey,
not the second :p

[davidben, 2016-09-01 20:56:17]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[davidben, 2016-09-01 20:56:57]

davidben@chromium.org changed reviewers:
+ torne@chromium.org

[davidben, 2016-09-01 20:56:57]

This ended up being a non-trivial rebase due to the JavaRef work. +torne, do you
mind giving this a quick pass to make sure I rebased across
https://codereview.chromium.org/2301553002 correctly? Thanks!

[commit-bot: I haz the power, 2016-09-01 20:57:12]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[davidben, 2016-09-01 20:57:42]

On 2016/09/01 20:56:57, davidben wrote:
> This ended up being a non-trivial rebase due to the JavaRef work. +torne, do
you
> mind giving this a quick pass to make sure I rebased across
> https://codereview.chromium.org/2301553002 correctly? Thanks!

Specifically net/ssl/ssl_platform_key_android*

[davidben, 2016-09-01 21:02:08]

The CQ bit was checked by davidben@chromium.org to run a CQ dry run

[commit-bot: I haz the power, 2016-09-01 21:03:13]

Dry run: CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-01 21:48:52]

The CQ bit was unchecked by commit-bot@chromium.org

[commit-bot: I haz the power, 2016-09-01 21:48:53]

Dry run: This issue passed the CQ dry run.

[Torne, 2016-09-02 12:04:31]

On 2016/09/01 20:57:42, davidben wrote:
> On 2016/09/01 20:56:57, davidben wrote:
> > This ended up being a non-trivial rebase due to the JavaRef work. +torne, do
> you
> > mind giving this a quick pass to make sure I rebased across
> > https://codereview.chromium.org/2301553002 correctly? Thanks!
> 
> Specifically net/ssl/ssl_platform_key_android*

LGTM - sorry about the midair collision. I don't see any problems in what you're
doing here. I'm going to be writing up some guidance on the best way to use java
references soon, once I'm done with the current refactor, and the final step in
the refactor will make some of the new conventions mandatory (so I'll clean up
any stragglers in the process).

[davidben, 2016-09-02 13:41:39]

The CQ bit was checked by davidben@chromium.org

[davidben, 2016-09-02 13:41:40]

The patchset sent to the CQ was uploaded after l-g-t-m from
svaldez@chromium.org, tedchoc@chromium.org, boliu@chromium.org
Link to the patchset: https://codereview.chromium.org/2291213002/#ps120001
(title: "re-delete undeleted files")

[commit-bot: I haz the power, 2016-09-02 13:41:52]

CQ is trying da patch. Follow status at
 
https://chromium-cq-status.appspot.com/v2/patch-status/codereview.chromium.or...

[commit-bot: I haz the power, 2016-09-02 13:45:33]

Description was changed from

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is also rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the wrapper object, but test all
hashes.

BUG=394131
==========

to

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is also rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the wrapper object, but test all
hashes.

BUG=394131
==========

[commit-bot: I haz the power, 2016-09-02 13:45:35]

Committed patchset #7 (id:120001)

[commit-bot: I haz the power, 2016-09-02 13:46:56]

Description was changed from

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is also rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the wrapper object, but test all
hashes.

BUG=394131
==========

to

==========
Remove ENGINE indirection from Android SSLPrivateKey.

Instead, implement ThreadedSSLPrivateKey::Delegate directly using the
JNI functions. This removes all of Chromium's uses of RSA_METHOD and
ECDSA_METHOD.

Rather than a function from jobject to EVP_PKEY exposed by
keystore_openssl.h, have SSLPlatformKeyAndroid expose a function from
jobject to SSLPrivateKey. That then gets routed through whereever
the EVP_PKEY used to be routed. In particular, OpenSSLClientKeyStore
now acts on a scoped_refptr<SSLPrivateKey> rather than a
crypto::ScopedEVP_PKEY.

OpenSSLClientKeyStore is also rewritten to be much simpler, but all its
problems (like not being thread-safe) still remain. That will be resolved
by finishing the SSLPrivateKey refactor and routing it up through
//content so we can do away with the inherently global
FetchClientCertPrivateKey.

Port the old keystore_unittests.cc tests to test the new wrapper. Trim
it down a little so it tests just the wrapper object, but test all
hashes.

BUG=394131

Committed: https://crrev.com/1504dd71c6743e950147eca8f0ef06388d311073
Cr-Commit-Position: refs/heads/master@{#416258}
==========

[commit-bot: I haz the power, 2016-09-02 13:46:57]

Patchset 7 (id:??) landed as
https://crrev.com/1504dd71c6743e950147eca8f0ef06388d311073
Cr-Commit-Position: refs/heads/master@{#416258}