Use BoringSSL scopers in //net.

net/cert/ct_objects_extractor.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/ct_objects_extractor.h"
 
 #include <string.h>
 
 #include <openssl/bytestring.h>
 #include <openssl/obj.h>
 #include <openssl/x509.h>
 
 #include "base/logging.h"
 #include "base/sha1.h"
 #include "base/strings/string_util.h"
-#include "crypto/scoped_openssl_types.h"
 #include "crypto/sha2.h"
 #include "net/cert/asn1_util.h"
 #include "net/cert/signed_certificate_timestamp.h"
-#include "net/ssl/scoped_openssl_types.h"
 
 namespace net {
 
 namespace ct {
 
 namespace {
 
-void FreeX509_EXTENSIONS(X509_EXTENSIONS* ptr) {
-  sk_X509_EXTENSION_pop_free(ptr, X509_EXTENSION_free);
-}
-
-using ScopedX509_EXTENSIONS =
-    crypto::ScopedOpenSSL<X509_EXTENSIONS, FreeX509_EXTENSIONS>;
-
 // The wire form of the OID 1.3.6.1.4.1.11129.2.4.2. See Section 3.3 of
 // RFC6962.
 const uint8_t kEmbeddedSCTOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
                                    0xD6, 0x79, 0x02, 0x04, 0x02};
 
 // The wire form of the OID 1.3.6.1.4.1.11129.2.4.5 - OCSP SingleExtension for
 // X.509v3 Certificate Transparency Signed Certificate Timestamp List, see
 // Section 3.3 of RFC6962.
 const uint8_t kOCSPExtensionOid[] = {0x2B, 0x06, 0x01, 0x04, 0x01,
                                      0xD6, 0x79, 0x02, 0x04, 0x05};
 
 bool StringEqualToCBS(const std::string& value1, const CBS* value2) {
   if (CBS_len(value2) != value1.size())
     return false;
   return memcmp(value1.data(), CBS_data(value2), CBS_len(value2)) == 0;
 }
 
-ScopedX509 OSCertHandleToOpenSSL(X509Certificate::OSCertHandle os_handle) {
+bssl::UniquePtr<X509> OSCertHandleToOpenSSL(
+    X509Certificate::OSCertHandle os_handle) {
 #if defined(USE_OPENSSL_CERTS)
-  return ScopedX509(X509Certificate::DupOSCertHandle(os_handle));
+  return bssl::UniquePtr<X509>(X509Certificate::DupOSCertHandle(os_handle));
 #else
   std::string der_encoded;
   if (!X509Certificate::GetDEREncoded(os_handle, &der_encoded))
-    return ScopedX509();
+    return bssl::UniquePtr<X509>();
   const uint8_t* bytes = reinterpret_cast<const uint8_t*>(der_encoded.data());
-  return ScopedX509(d2i_X509(NULL, &bytes, der_encoded.size()));
+  return bssl::UniquePtr<X509>(d2i_X509(NULL, &bytes, der_encoded.size()));
 #endif
 }
 
 // Finds the SignedCertificateTimestampList in an extension with OID |oid| in
 // |x509_exts|. If found, returns true and sets |*out_sct_list| to the encoded
 // SCT list. |out_sct_list| may be NULL.
 bool GetSCTListFromX509_EXTENSIONS(const X509_EXTENSIONS* x509_exts,
                                    const uint8_t* oid,
                                    size_t oid_len,
                                    std::string* out_sct_list) {
@@ skipping 93 matching lines @@
     }
   }
 
   return false;
 }
 
 }  // namespace
 
 bool ExtractEmbeddedSCTList(X509Certificate::OSCertHandle cert,
                             std::string* sct_list) {
-  ScopedX509 x509(OSCertHandleToOpenSSL(cert));
+  bssl::UniquePtr<X509> x509(OSCertHandleToOpenSSL(cert));
   if (!x509)
     return false;
   X509_EXTENSIONS* x509_exts = x509->cert_info->extensions;
   if (!x509_exts)
     return false;
   return GetSCTListFromX509_EXTENSIONS(x509->cert_info->extensions,
                                        kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid),
                                        sct_list);
 }
 
 bool GetPrecertLogEntry(X509Certificate::OSCertHandle leaf,
                         X509Certificate::OSCertHandle issuer,
                         LogEntry* result) {
   result->Reset();
 
-  ScopedX509 leaf_x509(OSCertHandleToOpenSSL(leaf));
+  bssl::UniquePtr<X509> leaf_x509(OSCertHandleToOpenSSL(leaf));
   if (!leaf_x509)
     return false;
 
   // XXX(rsleevi): This check may be overkill, since we should be able to
   // generate precerts for certs without the extension. For now, just a sanity
   // check to match the reference implementation.
   if (!leaf_x509->cert_info->extensions ||
       !GetSCTListFromX509_EXTENSIONS(leaf_x509->cert_info->extensions,
                                      kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid),
                                      NULL)) {
     return false;
   }
 
   // The Precertificate log entry is the final certificate's TBSCertificate
   // without the SCT extension (RFC6962, section 3.2).
-  ScopedX509 leaf_copy(X509_dup(leaf_x509.get()));
+  bssl::UniquePtr<X509> leaf_copy(X509_dup(leaf_x509.get()));
   if (!leaf_copy || !leaf_copy->cert_info->extensions) {
     NOTREACHED();
     return false;
   }
   X509_EXTENSIONS* leaf_copy_exts = leaf_copy->cert_info->extensions;
   for (size_t i = 0; i < sk_X509_EXTENSION_num(leaf_copy_exts); i++) {
     X509_EXTENSION* ext = sk_X509_EXTENSION_value(leaf_copy_exts, i);
     if (static_cast<size_t>(ext->object->length) == sizeof(kEmbeddedSCTOid) &&
         memcmp(ext->object->data, kEmbeddedSCTOid, sizeof(kEmbeddedSCTOid)) ==
             0) {
@@ skipping 122 matching lines @@
   if (CBS_len(&single_response) > 0 &&
       CBS_data(&single_response)[0] == kNextUpdateTag &&
       !CBS_get_asn1(&single_response, NULL /* nextUpdate */, kNextUpdateTag)) {
     return false;
   }
 
   CBS extensions;
   if (!CBS_get_asn1(&single_response, &extensions, kSingleExtensionsTag))
     return false;
   const uint8_t* ptr = CBS_data(&extensions);
-  ScopedX509_EXTENSIONS x509_exts(
+  bssl::UniquePtr<X509_EXTENSIONS> x509_exts(
       d2i_X509_EXTENSIONS(NULL, &ptr, CBS_len(&extensions)));
   if (!x509_exts || ptr != CBS_data(&extensions) + CBS_len(&extensions))
     return false;
 
   return GetSCTListFromX509_EXTENSIONS(x509_exts.get(), kOCSPExtensionOid,
                                        sizeof(kOCSPExtensionOid), sct_list);
 }
 
 }  // namespace ct
 
 }  // namespace net