| Index: crypto/ec_private_key.cc
|
| diff --git a/crypto/ec_private_key.cc b/crypto/ec_private_key.cc
|
| index a8005bcf68cbf63e604dfb76314fb82c27f5986f..4d7b0f61dca2fdca1eff8217f233987cccde85de 100644
|
| --- a/crypto/ec_private_key.cc
|
| +++ b/crypto/ec_private_key.cc
|
| @@ -4,8 +4,11 @@
|
|
|
| #include "crypto/ec_private_key.h"
|
|
|
| +#include <openssl/bio.h>
|
| +#include <openssl/bn.h>
|
| #include <openssl/bytestring.h>
|
| #include <openssl/ec.h>
|
| +#include <openssl/ec_key.h>
|
| #include <openssl/evp.h>
|
| #include <openssl/mem.h>
|
| #include <openssl/pkcs12.h>
|
| @@ -13,10 +16,10 @@
|
| #include <stddef.h>
|
| #include <stdint.h>
|
|
|
| +#include <utility>
|
| +
|
| #include "base/logging.h"
|
| -#include "crypto/auto_cbb.h"
|
| #include "crypto/openssl_util.h"
|
| -#include "crypto/scoped_openssl_types.h"
|
|
|
| namespace crypto {
|
|
|
| @@ -29,10 +32,6 @@ namespace {
|
| // style guide, hence the unusual parameter placement / types.
|
| typedef int (*ExportBioFunction)(BIO* bio, const void* key);
|
|
|
| -using ScopedPKCS8_PRIV_KEY_INFO =
|
| - ScopedOpenSSL<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>;
|
| -using ScopedX509_SIG = ScopedOpenSSL<X509_SIG, X509_SIG_free>;
|
| -
|
| // Helper to export |key| into |output| via the specified ExportBioFunction.
|
| bool ExportKeyWithBio(const void* key,
|
| ExportBioFunction export_fn,
|
| @@ -40,7 +39,7 @@ bool ExportKeyWithBio(const void* key,
|
| if (!key)
|
| return false;
|
|
|
| - ScopedBIO bio(BIO_new(BIO_s_mem()));
|
| + bssl::UniquePtr<BIO> bio(BIO_new(BIO_s_mem()));
|
| if (!bio)
|
| return false;
|
|
|
| @@ -58,25 +57,23 @@ bool ExportKeyWithBio(const void* key,
|
|
|
| } // namespace
|
|
|
| -ECPrivateKey::~ECPrivateKey() {
|
| - if (key_)
|
| - EVP_PKEY_free(key_);
|
| -}
|
| +ECPrivateKey::~ECPrivateKey() {}
|
|
|
| // static
|
| std::unique_ptr<ECPrivateKey> ECPrivateKey::Create() {
|
| OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
|
|
| - ScopedEC_KEY ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
|
| + bssl::UniquePtr<EC_KEY> ec_key(
|
| + EC_KEY_new_by_curve_name(NID_X9_62_prime256v1));
|
| if (!ec_key || !EC_KEY_generate_key(ec_key.get()))
|
| return nullptr;
|
|
|
| std::unique_ptr<ECPrivateKey> result(new ECPrivateKey());
|
| - result->key_ = EVP_PKEY_new();
|
| - if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get()))
|
| + result->key_.reset(EVP_PKEY_new());
|
| + if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_.get(), ec_key.get()))
|
| return nullptr;
|
|
|
| - CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_id(result->key_));
|
| + CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_id(result->key_.get()));
|
| return result;
|
| }
|
|
|
| @@ -87,12 +84,12 @@ std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromPrivateKeyInfo(
|
|
|
| CBS cbs;
|
| CBS_init(&cbs, input.data(), input.size());
|
| - ScopedEVP_PKEY pkey(EVP_parse_private_key(&cbs));
|
| + bssl::UniquePtr<EVP_PKEY> pkey(EVP_parse_private_key(&cbs));
|
| if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC)
|
| return nullptr;
|
|
|
| std::unique_ptr<ECPrivateKey> result(new ECPrivateKey());
|
| - result->key_ = pkey.release();
|
| + result->key_ = std::move(pkey);
|
| return result;
|
| }
|
|
|
| @@ -111,12 +108,12 @@ std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
|
|
|
| const uint8_t* data = &encrypted_private_key_info[0];
|
| const uint8_t* ptr = data;
|
| - ScopedX509_SIG p8_encrypted(
|
| + bssl::UniquePtr<X509_SIG> p8_encrypted(
|
| d2i_X509_SIG(nullptr, &ptr, encrypted_private_key_info.size()));
|
| if (!p8_encrypted || ptr != data + encrypted_private_key_info.size())
|
| return nullptr;
|
|
|
| - ScopedPKCS8_PRIV_KEY_INFO p8_decrypted;
|
| + bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> p8_decrypted;
|
| if (password.empty()) {
|
| // Hack for reading keys generated by an older version of the OpenSSL
|
| // code. OpenSSL used to use "\0\0" rather than the empty string because it
|
| @@ -137,8 +134,8 @@ std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
|
|
|
| // Create a new EVP_PKEY for it.
|
| std::unique_ptr<ECPrivateKey> result(new ECPrivateKey());
|
| - result->key_ = EVP_PKCS82PKEY(p8_decrypted.get());
|
| - if (!result->key_ || EVP_PKEY_id(result->key_) != EVP_PKEY_EC)
|
| + result->key_.reset(EVP_PKCS82PKEY(p8_decrypted.get()));
|
| + if (!result->key_ || EVP_PKEY_id(result->key_.get()) != EVP_PKEY_EC)
|
| return nullptr;
|
|
|
| return result;
|
| @@ -147,8 +144,8 @@ std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo(
|
| std::unique_ptr<ECPrivateKey> ECPrivateKey::Copy() const {
|
| std::unique_ptr<ECPrivateKey> copy(new ECPrivateKey());
|
| if (key_) {
|
| - EVP_PKEY_up_ref(key_);
|
| - copy->key_ = key_;
|
| + EVP_PKEY_up_ref(key_.get());
|
| + copy->key_.reset(key_.get());
|
| }
|
| return copy;
|
| }
|
| @@ -157,8 +154,9 @@ bool ECPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const {
|
| OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
| uint8_t* der;
|
| size_t der_len;
|
| - AutoCBB cbb;
|
| - if (!CBB_init(cbb.get(), 0) || !EVP_marshal_private_key(cbb.get(), key_) ||
|
| + bssl::ScopedCBB cbb;
|
| + if (!CBB_init(cbb.get(), 0) ||
|
| + !EVP_marshal_private_key(cbb.get(), key_.get()) ||
|
| !CBB_finish(cbb.get(), &der, &der_len)) {
|
| return false;
|
| }
|
| @@ -173,7 +171,7 @@ bool ECPrivateKey::ExportEncryptedPrivateKey(
|
| std::vector<uint8_t>* output) const {
|
| OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
| // Convert into a PKCS#8 object.
|
| - ScopedPKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(key_));
|
| + bssl::UniquePtr<PKCS8_PRIV_KEY_INFO> pkcs8(EVP_PKEY2PKCS8(key_.get()));
|
| if (!pkcs8)
|
| return false;
|
|
|
| @@ -181,15 +179,10 @@ bool ECPrivateKey::ExportEncryptedPrivateKey(
|
| // NOTE: NSS uses SEC_OID_PKCS12_V2_PBE_WITH_SHA1_AND_3KEY_TRIPLE_DES_CBC
|
| // so use NID_pbe_WithSHA1And3_Key_TripleDES_CBC which should be the OpenSSL
|
| // equivalent.
|
| - ScopedX509_SIG encrypted(PKCS8_encrypt_pbe(
|
| - NID_pbe_WithSHA1And3_Key_TripleDES_CBC,
|
| - nullptr,
|
| - reinterpret_cast<const uint8_t*>(password.data()),
|
| - password.size(),
|
| - nullptr,
|
| - 0,
|
| - iterations,
|
| - pkcs8.get()));
|
| + bssl::UniquePtr<X509_SIG> encrypted(
|
| + PKCS8_encrypt_pbe(NID_pbe_WithSHA1And3_Key_TripleDES_CBC, nullptr,
|
| + reinterpret_cast<const uint8_t*>(password.data()),
|
| + password.size(), nullptr, 0, iterations, pkcs8.get()));
|
| if (!encrypted)
|
| return false;
|
|
|
| @@ -203,9 +196,9 @@ bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const {
|
| OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
| uint8_t *der;
|
| size_t der_len;
|
| - AutoCBB cbb;
|
| + bssl::ScopedCBB cbb;
|
| if (!CBB_init(cbb.get(), 0) ||
|
| - !EVP_marshal_public_key(cbb.get(), key_) ||
|
| + !EVP_marshal_public_key(cbb.get(), key_.get()) ||
|
| !CBB_finish(cbb.get(), &der, &der_len)) {
|
| return false;
|
| }
|
| @@ -219,9 +212,9 @@ bool ECPrivateKey::ExportRawPublicKey(std::string* output) const {
|
|
|
| // Export the x and y field elements as 32-byte, big-endian numbers. (This is
|
| // the same as X9.62 uncompressed form without the leading 0x04 byte.)
|
| - EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_);
|
| - ScopedBIGNUM x(BN_new());
|
| - ScopedBIGNUM y(BN_new());
|
| + EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_.get());
|
| + bssl::UniquePtr<BIGNUM> x(BN_new());
|
| + bssl::UniquePtr<BIGNUM> y(BN_new());
|
| uint8_t buf[64];
|
| if (!x || !y ||
|
| !EC_POINT_get_affine_coordinates_GFp(EC_KEY_get0_group(ec_key),
|
| @@ -236,6 +229,6 @@ bool ECPrivateKey::ExportRawPublicKey(std::string* output) const {
|
| return true;
|
| }
|
|
|
| -ECPrivateKey::ECPrivateKey() : key_(nullptr) {}
|
| +ECPrivateKey::ECPrivateKey() {}
|
|
|
| } // namespace crypto
|
|
|
Chromium Code Reviews
Issue 2332473002:
Use new BoringSSL scopers in //crypto (Closed)
