Use BoringSSL scopers in //net.

net/cert/x509_util_openssl.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/cert/x509_util_openssl.h"
 
 #include <limits.h>
 #include <openssl/asn1.h>
 #include <openssl/digest.h>
 #include <openssl/mem.h>
 
 #include <algorithm>
 #include <memory>
 
 #include "base/lazy_instance.h"
 #include "base/logging.h"
 #include "base/macros.h"
 #include "base/strings/string_piece.h"
 #include "base/strings/string_util.h"
 #include "crypto/ec_private_key.h"
 #include "crypto/openssl_util.h"
 #include "crypto/rsa_private_key.h"
-#include "crypto/scoped_openssl_types.h"
 #include "net/cert/internal/parse_certificate.h"
 #include "net/cert/internal/signature_algorithm.h"
 #include "net/cert/x509_cert_types.h"
 #include "net/cert/x509_certificate.h"
 #include "net/cert/x509_util.h"
-#include "net/ssl/scoped_openssl_types.h"
 
 namespace net {
 
 namespace {
 
-using ScopedASN1_INTEGER =
-    crypto::ScopedOpenSSL<ASN1_INTEGER, ASN1_INTEGER_free>;
-using ScopedASN1_OCTET_STRING =
-    crypto::ScopedOpenSSL<ASN1_OCTET_STRING, ASN1_OCTET_STRING_free>;
-using ScopedASN1_STRING = crypto::ScopedOpenSSL<ASN1_STRING, ASN1_STRING_free>;
-using ScopedASN1_TIME = crypto::ScopedOpenSSL<ASN1_TIME, ASN1_TIME_free>;
-using ScopedX509_EXTENSION =
-    crypto::ScopedOpenSSL<X509_EXTENSION, X509_EXTENSION_free>;
-
 const EVP_MD* ToEVP(x509_util::DigestAlgorithm alg) {
   switch (alg) {
     case x509_util::DIGEST_SHA1:
       return EVP_sha1();
     case x509_util::DIGEST_SHA256:
       return EVP_sha256();
   }
   return NULL;
 }
 
 }  // namespace
 
 namespace x509_util {
 
 namespace {
 
-X509* CreateCertificate(EVP_PKEY* key,
-                        DigestAlgorithm alg,
-                        const std::string& common_name,
-                        uint32_t serial_number,
-                        base::Time not_valid_before,
-                        base::Time not_valid_after) {
+bssl::UniquePtr<X509> CreateCertificate(EVP_PKEY* key,
+                                        DigestAlgorithm alg,
+                                        const std::string& common_name,
+                                        uint32_t serial_number,
+                                        base::Time not_valid_before,
+                                        base::Time not_valid_after) {
   // Put the serial number into an OpenSSL-friendly object.
-  ScopedASN1_INTEGER asn1_serial(ASN1_INTEGER_new());
+  bssl::UniquePtr<ASN1_INTEGER> asn1_serial(ASN1_INTEGER_new());
   if (!asn1_serial.get() ||
       !ASN1_INTEGER_set(asn1_serial.get(), static_cast<long>(serial_number))) {
     LOG(ERROR) << "Invalid serial number " << serial_number;
-    return NULL;
+    return nullptr;
   }
 
   // Do the same for the time stamps.
-  ScopedASN1_TIME asn1_not_before_time(
-      ASN1_TIME_set(NULL, not_valid_before.ToTimeT()));
+  bssl::UniquePtr<ASN1_TIME> asn1_not_before_time(
+      ASN1_TIME_set(nullptr, not_valid_before.ToTimeT()));
   if (!asn1_not_before_time.get()) {
     LOG(ERROR) << "Invalid not_valid_before time: "
                << not_valid_before.ToTimeT();
-    return NULL;
+    return nullptr;
   }
 
-  ScopedASN1_TIME asn1_not_after_time(
-      ASN1_TIME_set(NULL, not_valid_after.ToTimeT()));
+  bssl::UniquePtr<ASN1_TIME> asn1_not_after_time(
+      ASN1_TIME_set(nullptr, not_valid_after.ToTimeT()));
   if (!asn1_not_after_time.get()) {
     LOG(ERROR) << "Invalid not_valid_after time: " << not_valid_after.ToTimeT();
-    return NULL;
+    return nullptr;
   }
 
   // Because |common_name| only contains a common name and starts with 'CN=',
   // there is no need for a full RFC 2253 parser here. Do some sanity checks
   // though.
   static const char kCommonNamePrefix[] = "CN=";
   const size_t kCommonNamePrefixLen = sizeof(kCommonNamePrefix) - 1;
   if (common_name.size() < kCommonNamePrefixLen ||
       strncmp(common_name.c_str(), kCommonNamePrefix, kCommonNamePrefixLen)) {
     LOG(ERROR) << "Common name must begin with " << kCommonNamePrefix;
-    return NULL;
+    return nullptr;
   }
   if (common_name.size() > INT_MAX) {
     LOG(ERROR) << "Common name too long";
-    return NULL;
+    return nullptr;
   }
   unsigned char* common_name_str =
       reinterpret_cast<unsigned char*>(const_cast<char*>(common_name.data())) +
       kCommonNamePrefixLen;
   int common_name_len =
       static_cast<int>(common_name.size() - kCommonNamePrefixLen);
 
-  ScopedX509_NAME name(X509_NAME_new());
+  bssl::UniquePtr<X509_NAME> name(X509_NAME_new());
   if (!name.get() || !X509_NAME_add_entry_by_NID(name.get(),
                                                  NID_commonName,
                                                  MBSTRING_ASC,
                                                  common_name_str,
                                                  common_name_len,
                                                  -1,
                                                  0)) {
     LOG(ERROR) << "Can't parse common name: " << common_name.c_str();
-    return NULL;
+    return nullptr;
   }
 
   // Now create certificate and populate it.
-  ScopedX509 cert(X509_new());
+  bssl::UniquePtr<X509> cert(X509_new());
   if (!cert.get() || !X509_set_version(cert.get(), 2L) /* i.e. version 3 */ ||
       !X509_set_pubkey(cert.get(), key) ||
       !X509_set_serialNumber(cert.get(), asn1_serial.get()) ||
       !X509_set_notBefore(cert.get(), asn1_not_before_time.get()) ||
       !X509_set_notAfter(cert.get(), asn1_not_after_time.get()) ||
       !X509_set_subject_name(cert.get(), name.get()) ||
       !X509_set_issuer_name(cert.get(), name.get())) {
     LOG(ERROR) << "Could not create certificate";
-    return NULL;
+    return nullptr;
   }
 
-  return cert.release();
+  return cert;
 }
 
 // DER-encodes |x509|. On success, returns true and writes the
 // encoding to |*out_der|.
 bool DerEncodeCert(X509* x509, std::string* out_der) {
   int len = i2d_X509(x509, NULL);
   if (len < 0)
     return false;
 
   uint8_t* ptr = reinterpret_cast<uint8_t*>(base::WriteInto(out_der, len + 1));
@@ skipping 58 matching lines @@
 }  // namespace
 
 bool CreateSelfSignedCert(crypto::RSAPrivateKey* key,
                           DigestAlgorithm alg,
                           const std::string& common_name,
                           uint32_t serial_number,
                           base::Time not_valid_before,
                           base::Time not_valid_after,
                           std::string* der_encoded) {
   crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
-  ScopedX509 cert(CreateCertificate(key->key(),
-                                    alg,
-                                    common_name,
-                                    serial_number,
-                                    not_valid_before,
-                                    not_valid_after));
-  if (!cert.get())
+  bssl::UniquePtr<X509> cert =
+      CreateCertificate(key->key(), alg, common_name, serial_number,
+                        not_valid_before, not_valid_after);
+  if (!cert)
     return false;
 
   return SignAndDerEncodeCert(cert.get(), key->key(), alg, der_encoded);
 }
 
 bool ParsePrincipalKeyAndValue(X509_NAME_ENTRY* entry,
                                std::string* key,
                                std::string* value) {
   if (key) {
     ASN1_OBJECT* object = X509_NAME_ENTRY_get_object(entry);
@@ skipping 126 matching lines @@
 
   digest.resize(out_size);
   token->assign(kChannelBindingPrefix);
   token->append(digest.begin(), digest.end());
   return true;
 }
 
 }  // namespace x509_util
 
 }  // namespace net