Move crypto files out of base, to a top level directory.

net/base/x509_certificate_openssl.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/base/x509_certificate.h"
 
 #include <openssl/asn1.h>
 #include <openssl/crypto.h>
 #include <openssl/obj_mac.h>
 #include <openssl/pem.h>
 #include <openssl/pkcs7.h>
 #include <openssl/sha.h>
 #include <openssl/ssl.h>
 #include <openssl/x509v3.h>
 
 #include "base/memory/singleton.h"
-#include "base/openssl_util.h"
 #include "base/pickle.h"
 #include "base/string_number_conversions.h"
+#include "crypto/openssl_util.h"
 #include "net/base/cert_status_flags.h"
 #include "net/base/cert_verify_result.h"
 #include "net/base/net_errors.h"
 #include "net/base/x509_openssl_util.h"
 
 namespace net {
 
 namespace nxou = net::x509_openssl_util;
 
 namespace {
 
 void CreateOSCertHandlesFromPKCS7Bytes(
     const char* data, int length,
     X509Certificate::OSCertHandles* handles) {
-  base::EnsureOpenSSLInit();
+  crypto::EnsureOpenSSLInit();
   const unsigned char* der_data = reinterpret_cast<const unsigned char*>(data);
-  base::ScopedOpenSSL<PKCS7, PKCS7_free> pkcs7_cert(
+  crypto::ScopedOpenSSL<PKCS7, PKCS7_free> pkcs7_cert(
       d2i_PKCS7(NULL, &der_data, length));
   if (!pkcs7_cert.get())
     return;
 
   STACK_OF(X509)* certs = NULL;
   int nid = OBJ_obj2nid(pkcs7_cert.get()->type);
   if (nid == NID_pkcs7_signed) {
     certs = pkcs7_cert.get()->d.sign->cert;
   } else if (nid == NID_pkcs7_signedAndEnveloped) {
     certs = pkcs7_cert.get()->d.signed_and_enveloped->cert;
@@ skipping 45 matching lines @@
                                  &principal->country_name);
 }
 
 void ParseSubjectAltNames(X509Certificate::OSCertHandle cert,
                           std::vector<std::string>* dns_names) {
   int index = X509_get_ext_by_NID(cert, NID_subject_alt_name, -1);
   X509_EXTENSION* alt_name_ext = X509_get_ext(cert, index);
   if (!alt_name_ext)
     return;
 
-  base::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names(
+  crypto::ScopedOpenSSL<GENERAL_NAMES, GENERAL_NAMES_free> alt_names(
       reinterpret_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(alt_name_ext)));
   if (!alt_names.get())
     return;
 
   for (int i = 0; i < sk_GENERAL_NAME_num(alt_names.get()); ++i) {
     const GENERAL_NAME* name = sk_GENERAL_NAME_value(alt_names.get(), i);
     if (name->type == GEN_DNS) {
       unsigned char* dns_name = ASN1_STRING_data(name->d.dNSName);
       if (!dns_name)
         continue;
@@ skipping 106 matching lines @@
   void ResetCertStore() {
     store_.reset(X509_STORE_new());
     DCHECK(store_.get());
     X509_STORE_set_default_paths(store_.get());
     // TODO(joth): Enable CRL (see X509_STORE_set_flags(X509_V_FLAG_CRL_CHECK)).
   }
 
  private:
   friend struct DefaultSingletonTraits<X509InitSingleton>;
   X509InitSingleton() {
-    base::EnsureOpenSSLInit();
+    crypto::EnsureOpenSSLInit();
     der_cache_ex_index_ = X509_get_ex_new_index(0, 0, 0, 0, DERCache_free);
     DCHECK_NE(der_cache_ex_index_, -1);
     ResetCertStore();
   }
 
   int der_cache_ex_index_;
-  base::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_;
+  crypto::ScopedOpenSSL<X509_STORE, X509_STORE_free> store_;
 
   DISALLOW_COPY_AND_ASSIGN(X509InitSingleton);
 };
 
 // Takes ownership of |data| (which must have been allocated by OpenSSL).
 DERCache* SetDERCache(X509Certificate::OSCertHandle cert,
                       int x509_der_cache_index,
                       unsigned char* data,
                       int data_length) {
   DERCache* internal_cache = static_cast<DERCache*>(
@@ skipping 54 matching lines @@
 
 // static
 void X509Certificate::FreeOSCertHandle(OSCertHandle cert_handle) {
   // Decrement the ref-count for the cert and, if all references are gone,
   // free the memory and any application-specific data associated with the
   // certificate.
   X509_free(cert_handle);
 }
 
 void X509Certificate::Initialize() {
-  base::EnsureOpenSSLInit();
+  crypto::EnsureOpenSSLInit();
   fingerprint_ = CalculateFingerprint(cert_handle_);
 
   ASN1_INTEGER* num = X509_get_serialNumber(cert_handle_);
   if (num) {
     serial_number_ = std::string(
         reinterpret_cast<char*>(num->data),
         num->length);
     // Remove leading zeros.
     while (serial_number_.size() > 1 && serial_number_[0] == 0)
       serial_number_ = serial_number_.substr(1, serial_number_.size() - 1);
@@ skipping 17 matching lines @@
   CHECK(ret);
   CHECK_EQ(sha1_size, sizeof(sha1.data));
   return sha1;
 }
 
 // static
 X509Certificate::OSCertHandle X509Certificate::CreateOSCertHandleFromBytes(
     const char* data, int length) {
   if (length < 0)
     return NULL;
-  base::EnsureOpenSSLInit();
+  crypto::EnsureOpenSSLInit();
   const unsigned char* d2i_data =
       reinterpret_cast<const unsigned char*>(data);
   // Don't cache this data via SetDERCache as this wire format may be not be
   // identical from the i2d_X509 roundtrip.
   X509* cert = d2i_X509(NULL, &d2i_data, length);
   return cert;
 }
 
 // static
 X509Certificate::OSCertHandles X509Certificate::CreateOSCertHandlesFromBytes(
@@ skipping 28 matching lines @@
   const char* data;
   int length;
   if (!pickle.ReadData(pickle_iter, &data, &length))
     return NULL;
 
   return CreateFromBytes(data, length);
 }
 
 // static
 X509Certificate* X509Certificate::CreateSelfSigned(
-    base::RSAPrivateKey* key,
+    crypto::RSAPrivateKey* key,
     const std::string& subject,
     uint32 serial_number,
     base::TimeDelta valid_duration) {
   // TODO(port): Implement.
   return NULL;
 }
 
 void X509Certificate::Persist(Pickle* pickle) {
   DERCache der_cache;
   if (!GetDERAndCacheIfNeeded(cert_handle_, &der_cache))
@@ skipping 28 matching lines @@
   }
 
   // TODO(joth): We should fetch the subjectAltNames directly rather than via
   // GetDNSNames, so we can apply special handling for IP addresses vs DNS
   // names, etc. See http://crbug.com/62973.
   std::vector<std::string> cert_names;
   GetDNSNames(&cert_names);
   if (!VerifyHostname(hostname, cert_names))
     verify_result->cert_status |= CERT_STATUS_COMMON_NAME_INVALID;
 
-  base::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx(
+  crypto::ScopedOpenSSL<X509_STORE_CTX, X509_STORE_CTX_free> ctx(
       X509_STORE_CTX_new());
 
-  base::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates(
+  crypto::ScopedOpenSSL<STACK_OF(X509), sk_X509_free_fn> intermediates(
       sk_X509_new_null());
   if (!intermediates.get())
     return ERR_OUT_OF_MEMORY;
 
   for (OSCertHandles::const_iterator it = intermediate_ca_certs_.begin();
        it != intermediate_ca_certs_.end(); ++it) {
     if (!sk_X509_push(intermediates.get(), *it))
       return ERR_OUT_OF_MEMORY;
   }
   int rv = X509_STORE_CTX_init(ctx.get(), cert_store(),
@@ skipping 41 matching lines @@
   // cache the DER (if not already cached via X509_set_ex_data).
   DERCache der_cache_a, der_cache_b;
 
   return GetDERAndCacheIfNeeded(a, &der_cache_a) &&
       GetDERAndCacheIfNeeded(b, &der_cache_b) &&
       der_cache_a.data_length == der_cache_b.data_length &&
       memcmp(der_cache_a.data, der_cache_b.data, der_cache_a.data_length) == 0;
 }
 
 } // namespace net