diff options
| author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2016-08-01 12:59:39 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2016-08-04 12:40:43 +0000 |
| commit | 28b1110370900897ab652cb420c371fab8857ad4 (patch) | |
| tree | 41b32127d23b0df4f2add2a27e12dc87bddb260e /chromium/crypto | |
| parent | 399c965b6064c440ddcf4015f5f8e9d131c7a0a6 (diff) | |
| download | qtwebengine-chromium-28b1110370900897ab652cb420c371fab8857ad4.tar.gz | |
BASELINE: Update Chromium to 53.0.2785.41
Also adds a few extra files for extensions.
Change-Id: Iccdd55d98660903331cf8b7b29188da781830af4
Reviewed-by: Michael BrĂ¼ning <michael.bruning@qt.io>
Diffstat (limited to 'chromium/crypto')
29 files changed, 459 insertions, 395 deletions
diff --git a/chromium/crypto/ec_private_key.cc b/chromium/crypto/ec_private_key.cc index 5e8d0549a85..8f3c4110ace 100644 --- a/chromium/crypto/ec_private_key.cc +++ b/chromium/crypto/ec_private_key.cc @@ -13,8 +13,6 @@ #include <stddef.h> #include <stdint.h> -#include <memory> - #include "base/logging.h" #include "crypto/auto_cbb.h" #include "crypto/openssl_util.h" @@ -43,13 +41,13 @@ bool ExportKeyWithBio(const void* key, return false; ScopedBIO bio(BIO_new(BIO_s_mem())); - if (!bio.get()) + if (!bio) return false; if (!export_fn(bio.get(), key)) return false; - char* data = NULL; + char* data = nullptr; long len = BIO_get_mem_data(bio.get(), &data); if (!data || len < 0) return false; @@ -65,32 +63,41 @@ ECPrivateKey::~ECPrivateKey() { EVP_PKEY_free(key_); } -ECPrivateKey* ECPrivateKey::Copy() const { - std::unique_ptr<ECPrivateKey> copy(new ECPrivateKey); - if (key_) - copy->key_ = EVP_PKEY_up_ref(key_); - return copy.release(); -} - // static -ECPrivateKey* ECPrivateKey::Create() { +std::unique_ptr<ECPrivateKey> ECPrivateKey::Create() { OpenSSLErrStackTracer err_tracer(FROM_HERE); ScopedEC_KEY ec_key(EC_KEY_new_by_curve_name(NID_X9_62_prime256v1)); - if (!ec_key.get() || !EC_KEY_generate_key(ec_key.get())) - return NULL; + if (!ec_key || !EC_KEY_generate_key(ec_key.get())) + return nullptr; std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); result->key_ = EVP_PKEY_new(); if (!result->key_ || !EVP_PKEY_set1_EC_KEY(result->key_, ec_key.get())) - return NULL; + return nullptr; + + CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_id(result->key_)); + return result; +} + +// static +std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromPrivateKeyInfo( + const std::vector<uint8_t>& input) { + OpenSSLErrStackTracer err_tracer(FROM_HERE); + + CBS cbs; + CBS_init(&cbs, input.data(), input.size()); + ScopedEVP_PKEY pkey(EVP_parse_private_key(&cbs)); + if (!pkey || CBS_len(&cbs) != 0 || EVP_PKEY_id(pkey.get()) != EVP_PKEY_EC) + return nullptr; - CHECK_EQ(EVP_PKEY_EC, EVP_PKEY_type(result->key_->type)); - return result.release(); + std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); + result->key_ = pkey.release(); + return result; } // static -ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( +std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( const std::string& password, const std::vector<uint8_t>& encrypted_private_key_info, const std::vector<uint8_t>& subject_public_key_info) { @@ -98,16 +105,16 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( // useful for the NSS implementation (which uses the public key's SHA1 // as a lookup key when storing the private one in its store). if (encrypted_private_key_info.empty()) - return NULL; + return nullptr; OpenSSLErrStackTracer err_tracer(FROM_HERE); const uint8_t* data = &encrypted_private_key_info[0]; const uint8_t* ptr = data; ScopedX509_SIG p8_encrypted( - d2i_X509_SIG(NULL, &ptr, encrypted_private_key_info.size())); + d2i_X509_SIG(nullptr, &ptr, encrypted_private_key_info.size())); if (!p8_encrypted || ptr != data + encrypted_private_key_info.size()) - return NULL; + return nullptr; ScopedPKCS8_PRIV_KEY_INFO p8_decrypted; if (password.empty()) { @@ -126,24 +133,46 @@ ECPrivateKey* ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( } if (!p8_decrypted) - return NULL; + return nullptr; // Create a new EVP_PKEY for it. - std::unique_ptr<ECPrivateKey> result(new ECPrivateKey); + std::unique_ptr<ECPrivateKey> result(new ECPrivateKey()); result->key_ = EVP_PKCS82PKEY(p8_decrypted.get()); - if (!result->key_ || EVP_PKEY_type(result->key_->type) != EVP_PKEY_EC) - return NULL; + if (!result->key_ || EVP_PKEY_id(result->key_) != EVP_PKEY_EC) + return nullptr; + + return result; +} - return result.release(); +std::unique_ptr<ECPrivateKey> ECPrivateKey::Copy() const { + std::unique_ptr<ECPrivateKey> copy(new ECPrivateKey()); + if (key_) + copy->key_ = EVP_PKEY_up_ref(key_); + return copy; } -bool ECPrivateKey::ExportEncryptedPrivateKey(const std::string& password, - int iterations, - std::vector<uint8_t>* output) { +bool ECPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { + OpenSSLErrStackTracer err_tracer(FROM_HERE); + uint8_t* der; + size_t der_len; + AutoCBB cbb; + if (!CBB_init(cbb.get(), 0) || !EVP_marshal_private_key(cbb.get(), key_) || + !CBB_finish(cbb.get(), &der, &der_len)) { + return false; + } + output->assign(der, der + der_len); + OPENSSL_free(der); + return true; +} + +bool ECPrivateKey::ExportEncryptedPrivateKey( + const std::string& password, + int iterations, + std::vector<uint8_t>* output) const { OpenSSLErrStackTracer err_tracer(FROM_HERE); // Convert into a PKCS#8 object. ScopedPKCS8_PRIV_KEY_INFO pkcs8(EVP_PKEY2PKCS8(key_)); - if (!pkcs8.get()) + if (!pkcs8) return false; // Encrypt the object. @@ -159,7 +188,7 @@ bool ECPrivateKey::ExportEncryptedPrivateKey(const std::string& password, 0, iterations, pkcs8.get())); - if (!encrypted.get()) + if (!encrypted) return false; // Write it into |*output| @@ -168,7 +197,7 @@ bool ECPrivateKey::ExportEncryptedPrivateKey(const std::string& password, output); } -bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) { +bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const { OpenSSLErrStackTracer err_tracer(FROM_HERE); uint8_t *der; size_t der_len; @@ -183,7 +212,7 @@ bool ECPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) { return true; } -bool ECPrivateKey::ExportRawPublicKey(std::string* output) { +bool ECPrivateKey::ExportRawPublicKey(std::string* output) const { OpenSSLErrStackTracer err_tracer(FROM_HERE); // Export the x and y field elements as 32-byte, big-endian numbers. (This is @@ -205,22 +234,6 @@ bool ECPrivateKey::ExportRawPublicKey(std::string* output) { return true; } -bool ECPrivateKey::ExportValueForTesting(std::vector<uint8_t>* output) { - OpenSSLErrStackTracer err_tracer(FROM_HERE); - EC_KEY* ec_key = EVP_PKEY_get0_EC_KEY(key_); - uint8_t *der; - size_t der_len; - AutoCBB cbb; - if (!CBB_init(cbb.get(), 0) || - !EC_KEY_marshal_private_key(cbb.get(), ec_key, 0 /* enc_flags */) || - !CBB_finish(cbb.get(), &der, &der_len)) { - return false; - } - output->assign(der, der + der_len); - OPENSSL_free(der); - return true; -} - -ECPrivateKey::ECPrivateKey() : key_(NULL) {} +ECPrivateKey::ECPrivateKey() : key_(nullptr) {} } // namespace crypto diff --git a/chromium/crypto/ec_private_key.h b/chromium/crypto/ec_private_key.h index 6ebe21d0102..9cdb453e1d3 100644 --- a/chromium/crypto/ec_private_key.h +++ b/chromium/crypto/ec_private_key.h @@ -8,6 +8,7 @@ #include <stddef.h> #include <stdint.h> +#include <memory> #include <string> #include <vector> @@ -29,43 +30,54 @@ class CRYPTO_EXPORT ECPrivateKey { public: ~ECPrivateKey(); - // Creates a new random instance. Can return NULL if initialization fails. + // Creates a new random instance. Can return nullptr if initialization fails. // The created key will use the NIST P-256 curve. // TODO(mattm): Add a curve parameter. - static ECPrivateKey* Create(); + static std::unique_ptr<ECPrivateKey> Create(); + + // Create a new instance by importing an existing private key. The format is + // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return + // nullptr if initialization fails. + static std::unique_ptr<ECPrivateKey> CreateFromPrivateKeyInfo( + const std::vector<uint8_t>& input); // Creates a new instance by importing an existing key pair. // The key pair is given as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo // block and an X.509 SubjectPublicKeyInfo block. - // Returns NULL if initialization fails. - static ECPrivateKey* CreateFromEncryptedPrivateKeyInfo( + // Returns nullptr if initialization fails. + // + // This function is deprecated. Use CreateFromPrivateKeyInfo for new code. + // See https://crbug.com/603319. + static std::unique_ptr<ECPrivateKey> CreateFromEncryptedPrivateKeyInfo( const std::string& password, const std::vector<uint8_t>& encrypted_private_key_info, const std::vector<uint8_t>& subject_public_key_info); // Returns a copy of the object. - ECPrivateKey* Copy() const; + std::unique_ptr<ECPrivateKey> Copy() const; EVP_PKEY* key() { return key_; } + // Exports the private key to a PKCS #8 PrivateKeyInfo block. + bool ExportPrivateKey(std::vector<uint8_t>* output) const; + // Exports the private key as an ASN.1-encoded PKCS #8 EncryptedPrivateKeyInfo // block and the public key as an X.509 SubjectPublicKeyInfo block. // The |password| and |iterations| are used as inputs to the key derivation // function for generating the encryption key. PKCS #5 recommends a minimum // of 1000 iterations, on modern systems a larger value may be preferrable. + // + // This function is deprecated. Use ExportPrivateKey for new code. See + // https://crbug.com/603319. bool ExportEncryptedPrivateKey(const std::string& password, int iterations, - std::vector<uint8_t>* output); + std::vector<uint8_t>* output) const; // Exports the public key to an X.509 SubjectPublicKeyInfo block. - bool ExportPublicKey(std::vector<uint8_t>* output); + bool ExportPublicKey(std::vector<uint8_t>* output) const; // Exports the public key as an EC point in the uncompressed point format. - bool ExportRawPublicKey(std::string* output); - - // Exports private key data for testing. The format of data stored into output - // doesn't matter other than that it is consistent for the same key. - bool ExportValueForTesting(std::vector<uint8_t>* output); + bool ExportRawPublicKey(std::string* output) const; private: // Constructor is private. Use one of the Create*() methods above instead. diff --git a/chromium/crypto/ec_private_key_unittest.cc b/chromium/crypto/ec_private_key_unittest.cc index 00bd77c94f7..386844cd5a6 100644 --- a/chromium/crypto/ec_private_key_unittest.cc +++ b/chromium/crypto/ec_private_key_unittest.cc @@ -12,94 +12,192 @@ #include "base/macros.h" #include "testing/gtest/include/gtest/gtest.h" -// Generate random private keys. Export, then re-import. We should get -// back the same exact public key, and the private key should have the same -// value and elliptic curve params. -TEST(ECPrivateKeyUnitTest, InitRandomTest) { - const std::string password1; - const std::string password2 = "test"; - - std::unique_ptr<crypto::ECPrivateKey> keypair1( - crypto::ECPrivateKey::Create()); - std::unique_ptr<crypto::ECPrivateKey> keypair2( - crypto::ECPrivateKey::Create()); - ASSERT_TRUE(keypair1.get()); - ASSERT_TRUE(keypair2.get()); - - std::vector<uint8_t> key1value; - std::vector<uint8_t> key2value; - EXPECT_TRUE(keypair1->ExportValueForTesting(&key1value)); - EXPECT_TRUE(keypair2->ExportValueForTesting(&key2value)); +namespace { +void ExpectKeysEqual(const crypto::ECPrivateKey* keypair1, + const crypto::ECPrivateKey* keypair2) { std::vector<uint8_t> privkey1; std::vector<uint8_t> privkey2; + EXPECT_TRUE(keypair1->ExportPrivateKey(&privkey1)); + EXPECT_TRUE(keypair2->ExportPrivateKey(&privkey2)); + EXPECT_EQ(privkey1, privkey2); + std::vector<uint8_t> pubkey1; std::vector<uint8_t> pubkey2; - std::string raw_pubkey1; - std::string raw_pubkey2; - ASSERT_TRUE(keypair1->ExportEncryptedPrivateKey(password1, 1, &privkey1)); - ASSERT_TRUE(keypair2->ExportEncryptedPrivateKey(password2, 1, &privkey2)); EXPECT_TRUE(keypair1->ExportPublicKey(&pubkey1)); EXPECT_TRUE(keypair2->ExportPublicKey(&pubkey2)); + EXPECT_EQ(pubkey1, pubkey2); + + std::string raw_pubkey1; + std::string raw_pubkey2; EXPECT_TRUE(keypair1->ExportRawPublicKey(&raw_pubkey1)); EXPECT_TRUE(keypair2->ExportRawPublicKey(&raw_pubkey2)); + EXPECT_EQ(raw_pubkey1, raw_pubkey2); +} - std::unique_ptr<crypto::ECPrivateKey> keypair3( - crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( - password1, privkey1, pubkey1)); - std::unique_ptr<crypto::ECPrivateKey> keypair4( - crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( - password2, privkey2, pubkey2)); - ASSERT_TRUE(keypair3.get()); - ASSERT_TRUE(keypair4.get()); - - std::vector<uint8_t> key3value; - std::vector<uint8_t> key4value; - EXPECT_TRUE(keypair3->ExportValueForTesting(&key3value)); - EXPECT_TRUE(keypair4->ExportValueForTesting(&key4value)); - - EXPECT_EQ(key1value, key3value); - EXPECT_EQ(key2value, key4value); - - std::vector<uint8_t> pubkey3; - std::vector<uint8_t> pubkey4; - std::string raw_pubkey3; - std::string raw_pubkey4; - EXPECT_TRUE(keypair3->ExportPublicKey(&pubkey3)); - EXPECT_TRUE(keypair4->ExportPublicKey(&pubkey4)); - EXPECT_TRUE(keypair3->ExportRawPublicKey(&raw_pubkey3)); - EXPECT_TRUE(keypair4->ExportRawPublicKey(&raw_pubkey4)); - - EXPECT_EQ(pubkey1, pubkey3); - EXPECT_EQ(pubkey2, pubkey4); - EXPECT_EQ(raw_pubkey1, raw_pubkey3); - EXPECT_EQ(raw_pubkey2, raw_pubkey4); +} // namespace + +// Generate random private keys. Export, then re-import in several ways. We +// should get back the same exact public key, and the private key should have +// the same value and elliptic curve params. +TEST(ECPrivateKeyUnitTest, InitRandomTest) { + static const char kPassword1[] = ""; + static const char kPassword2[] = "test"; + + std::unique_ptr<crypto::ECPrivateKey> keypair(crypto::ECPrivateKey::Create()); + ASSERT_TRUE(keypair); + + // Re-import as a PrivateKeyInfo. + std::vector<uint8_t> privkey; + EXPECT_TRUE(keypair->ExportPrivateKey(&privkey)); + std::unique_ptr<crypto::ECPrivateKey> keypair_copy = + crypto::ECPrivateKey::CreateFromPrivateKeyInfo(privkey); + ASSERT_TRUE(keypair_copy); + ExpectKeysEqual(keypair.get(), keypair_copy.get()); + + // Re-import as an EncryptedPrivateKeyInfo with kPassword1. + std::vector<uint8_t> encrypted_privkey; + std::vector<uint8_t> pubkey; + EXPECT_TRUE( + keypair->ExportEncryptedPrivateKey(kPassword1, 1, &encrypted_privkey)); + EXPECT_TRUE(keypair->ExportPublicKey(&pubkey)); + keypair_copy = crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( + kPassword1, encrypted_privkey, pubkey); + ASSERT_TRUE(keypair_copy); + ExpectKeysEqual(keypair.get(), keypair_copy.get()); + + // Re-import as an EncryptedPrivateKeyInfo with kPassword2. + EXPECT_TRUE( + keypair->ExportEncryptedPrivateKey(kPassword2, 1, &encrypted_privkey)); + keypair_copy = crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( + kPassword2, encrypted_privkey, pubkey); + ASSERT_TRUE(keypair_copy); + ExpectKeysEqual(keypair.get(), keypair_copy.get()); } TEST(ECPrivateKeyUnitTest, Copy) { std::unique_ptr<crypto::ECPrivateKey> keypair1( crypto::ECPrivateKey::Create()); std::unique_ptr<crypto::ECPrivateKey> keypair2(keypair1->Copy()); - ASSERT_TRUE(keypair1.get()); - ASSERT_TRUE(keypair2.get()); + ASSERT_TRUE(keypair1); + ASSERT_TRUE(keypair2); - std::vector<uint8_t> key1value; - std::vector<uint8_t> key2value; - EXPECT_TRUE(keypair1->ExportValueForTesting(&key1value)); - EXPECT_TRUE(keypair2->ExportValueForTesting(&key2value)); - EXPECT_EQ(key1value, key2value); + ExpectKeysEqual(keypair1.get(), keypair2.get()); +} - std::vector<uint8_t> pubkey1; - std::vector<uint8_t> pubkey2; - EXPECT_TRUE(keypair1->ExportPublicKey(&pubkey1)); - EXPECT_TRUE(keypair2->ExportPublicKey(&pubkey2)); - EXPECT_EQ(pubkey1, pubkey2); +TEST(ECPrivateKeyUnitTest, CreateFromPrivateKeyInfo) { + static const uint8_t kPrivateKeyInfo[] = { + 0x30, 0x81, 0x87, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, + 0x48, 0xce, 0x3d, 0x02, 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, + 0x03, 0x01, 0x07, 0x04, 0x6d, 0x30, 0x6b, 0x02, 0x01, 0x01, 0x04, 0x20, + 0x07, 0x0f, 0x08, 0x72, 0x7a, 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, + 0x4d, 0x89, 0x68, 0x77, 0x08, 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, + 0xe8, 0xd1, 0xc9, 0xce, 0x0a, 0x8b, 0xb4, 0x6a, 0xa1, 0x44, 0x03, 0x42, + 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, + 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, + 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, + 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, + 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, + 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, + }; + static const uint8_t kSubjectPublicKeyInfo[] = { + 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02, + 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03, + 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, + 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, + 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, + 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, + 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, + 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, + }; + static const uint8_t kRawPublicKey[] = { + 0xe6, 0x2b, 0x69, 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, + 0x0d, 0x94, 0x8a, 0x4c, 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, + 0x46, 0xfb, 0xdd, 0xa9, 0xa9, 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, + 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18, 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, + 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16, 0x1a, 0x1c, 0xf5, 0x1d, + 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22, 0xc1, + }; - std::string raw_pubkey1; - std::string raw_pubkey2; - EXPECT_TRUE(keypair1->ExportRawPublicKey(&raw_pubkey1)); - EXPECT_TRUE(keypair2->ExportRawPublicKey(&raw_pubkey2)); - EXPECT_EQ(raw_pubkey1, raw_pubkey2); + std::unique_ptr<crypto::ECPrivateKey> key = + crypto::ECPrivateKey::CreateFromPrivateKeyInfo(std::vector<uint8_t>( + std::begin(kPrivateKeyInfo), std::end(kPrivateKeyInfo))); + ASSERT_TRUE(key); + + std::vector<uint8_t> public_key; + ASSERT_TRUE(key->ExportPublicKey(&public_key)); + EXPECT_EQ(std::vector<uint8_t>(std::begin(kSubjectPublicKeyInfo), + std::end(kSubjectPublicKeyInfo)), + public_key); + + std::string raw_public_key; + ASSERT_TRUE(key->ExportRawPublicKey(&raw_public_key)); + EXPECT_EQ(std::string(reinterpret_cast<const char*>(kRawPublicKey), + sizeof(kRawPublicKey)), + raw_public_key); +} + +TEST(ECPrivateKeyUnitTest, RSAPrivateKeyInfo) { + static const uint8_t kPrivateKeyInfo[] = { + 0x30, 0x82, 0x02, 0x78, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a, + 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82, + 0x02, 0x62, 0x30, 0x82, 0x02, 0x5e, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, + 0x00, 0xb8, 0x7f, 0x2b, 0x20, 0xdc, 0x7c, 0x9b, 0x0c, 0xdc, 0x51, 0x61, + 0x99, 0x0d, 0x36, 0x0f, 0xd4, 0x66, 0x88, 0x08, 0x55, 0x84, 0xd5, 0x3a, + 0xbf, 0x2b, 0xa4, 0x64, 0x85, 0x7b, 0x0c, 0x04, 0x13, 0x3f, 0x8d, 0xf4, + 0xbc, 0x38, 0x0d, 0x49, 0xfe, 0x6b, 0xc4, 0x5a, 0xb0, 0x40, 0x53, 0x3a, + 0xd7, 0x66, 0x09, 0x0f, 0x9e, 0x36, 0x74, 0x30, 0xda, 0x8a, 0x31, 0x4f, + 0x1f, 0x14, 0x50, 0xd7, 0xc7, 0x20, 0x94, 0x17, 0xde, 0x4e, 0xb9, 0x57, + 0x5e, 0x7e, 0x0a, 0xe5, 0xb2, 0x65, 0x7a, 0x89, 0x4e, 0xb6, 0x47, 0xff, + 0x1c, 0xbd, 0xb7, 0x38, 0x13, 0xaf, 0x47, 0x85, 0x84, 0x32, 0x33, 0xf3, + 0x17, 0x49, 0xbf, 0xe9, 0x96, 0xd0, 0xd6, 0x14, 0x6f, 0x13, 0x8d, 0xc5, + 0xfc, 0x2c, 0x72, 0xba, 0xac, 0xea, 0x7e, 0x18, 0x53, 0x56, 0xa6, 0x83, + 0xa2, 0xce, 0x93, 0x93, 0xe7, 0x1f, 0x0f, 0xe6, 0x0f, 0x02, 0x03, 0x01, + 0x00, 0x01, 0x02, 0x81, 0x80, 0x03, 0x61, 0x89, 0x37, 0xcb, 0xf2, 0x98, + 0xa0, 0xce, 0xb4, 0xcb, 0x16, 0x13, 0xf0, 0xe6, 0xaf, 0x5c, 0xc5, 0xa7, + 0x69, 0x71, 0xca, 0xba, 0x8d, 0xe0, 0x4d, 0xdd, 0xed, 0xb8, 0x48, 0x8b, + 0x16, 0x93, 0x36, 0x95, 0xc2, 0x91, 0x40, 0x65, 0x17, 0xbd, 0x7f, 0xd6, + 0xad, 0x9e, 0x30, 0x28, 0x46, 0xe4, 0x3e, 0xcc, 0x43, 0x78, 0xf9, 0xfe, + 0x1f, 0x33, 0x23, 0x1e, 0x31, 0x12, 0x9d, 0x3c, 0xa7, 0x08, 0x82, 0x7b, + 0x7d, 0x25, 0x4e, 0x5e, 0x19, 0xa8, 0x9b, 0xed, 0x86, 0xb2, 0xcb, 0x3c, + 0xfe, 0x4e, 0xa1, 0xfa, 0x62, 0x87, 0x3a, 0x17, 0xf7, 0x60, 0xec, 0x38, + 0x29, 0xe8, 0x4f, 0x34, 0x9f, 0x76, 0x9d, 0xee, 0xa3, 0xf6, 0x85, 0x6b, + 0x84, 0x43, 0xc9, 0x1e, 0x01, 0xff, 0xfd, 0xd0, 0x29, 0x4c, 0xfa, 0x8e, + 0x57, 0x0c, 0xc0, 0x71, 0xa5, 0xbb, 0x88, 0x46, 0x29, 0x5c, 0xc0, 0x4f, + 0x01, 0x02, 0x41, 0x00, 0xf5, 0x83, 0xa4, 0x64, 0x4a, 0xf2, 0xdd, 0x8c, + 0x2c, 0xed, 0xa8, 0xd5, 0x60, 0x5a, 0xe4, 0xc7, 0xcc, 0x61, 0xcd, 0x38, + 0x42, 0x20, 0xd3, 0x82, 0x18, 0xf2, 0x35, 0x00, 0x72, 0x2d, 0xf7, 0x89, + 0x80, 0x67, 0xb5, 0x93, 0x05, 0x5f, 0xdd, 0x42, 0xba, 0x16, 0x1a, 0xea, + 0x15, 0xc6, 0xf0, 0xb8, 0x8c, 0xbc, 0xbf, 0x54, 0x9e, 0xf1, 0xc1, 0xb2, + 0xb3, 0x8b, 0xb6, 0x26, 0x02, 0x30, 0xc4, 0x81, 0x02, 0x41, 0x00, 0xc0, + 0x60, 0x62, 0x80, 0xe1, 0x22, 0x78, 0xf6, 0x9d, 0x83, 0x18, 0xeb, 0x72, + 0x45, 0xd7, 0xc8, 0x01, 0x7f, 0xa9, 0xca, 0x8f, 0x7d, 0xd6, 0xb8, 0x31, + 0x2b, 0x84, 0x7f, 0x62, 0xd9, 0xa9, 0x22, 0x17, 0x7d, 0x06, 0x35, 0x6c, + 0xf3, 0xc1, 0x94, 0x17, 0x85, 0x5a, 0xaf, 0x9c, 0x5c, 0x09, 0x3c, 0xcf, + 0x2f, 0x44, 0x9d, 0xb6, 0x52, 0x68, 0x5f, 0xf9, 0x59, 0xc8, 0x84, 0x2b, + 0x39, 0x22, 0x8f, 0x02, 0x41, 0x00, 0xb2, 0x04, 0xe2, 0x0e, 0x56, 0xca, + 0x03, 0x1a, 0xc0, 0xf9, 0x12, 0x92, 0xa5, 0x6b, 0x42, 0xb8, 0x1c, 0xda, + 0x4d, 0x93, 0x9d, 0x5f, 0x6f, 0xfd, 0xc5, 0x58, 0xda, 0x55, 0x98, 0x74, + 0xfc, 0x28, 0x17, 0x93, 0x1b, 0x75, 0x9f, 0x50, 0x03, 0x7f, 0x7e, 0xae, + 0xc8, 0x95, 0x33, 0x75, 0x2c, 0xd6, 0xa4, 0x35, 0xb8, 0x06, 0x03, 0xba, + 0x08, 0x59, 0x2b, 0x17, 0x02, 0xdc, 0x4c, 0x7a, 0x50, 0x01, 0x02, 0x41, + 0x00, 0x9d, 0xdb, 0x39, 0x59, 0x09, 0xe4, 0x30, 0xa0, 0x24, 0xf5, 0xdb, + 0x2f, 0xf0, 0x2f, 0xf1, 0x75, 0x74, 0x0d, 0x5e, 0xb5, 0x11, 0x73, 0xb0, + 0x0a, 0xaa, 0x86, 0x4c, 0x0d, 0xff, 0x7e, 0x1d, 0xb4, 0x14, 0xd4, 0x09, + 0x91, 0x33, 0x5a, 0xfd, 0xa0, 0x58, 0x80, 0x9b, 0xbe, 0x78, 0x2e, 0x69, + 0x82, 0x15, 0x7c, 0x72, 0xf0, 0x7b, 0x18, 0x39, 0xff, 0x6e, 0xeb, 0xc6, + 0x86, 0xf5, 0xb4, 0xc7, 0x6f, 0x02, 0x41, 0x00, 0x8d, 0x1a, 0x37, 0x0f, + 0x76, 0xc4, 0x82, 0xfa, 0x5c, 0xc3, 0x79, 0x35, 0x3e, 0x70, 0x8a, 0xbf, + 0x27, 0x49, 0xb0, 0x99, 0x63, 0xcb, 0x77, 0x5f, 0xa8, 0x82, 0x65, 0xf6, + 0x03, 0x52, 0x51, 0xf1, 0xae, 0x2e, 0x05, 0xb3, 0xc6, 0xa4, 0x92, 0xd1, + 0xce, 0x6c, 0x72, 0xfb, 0x21, 0xb3, 0x02, 0x87, 0xe4, 0xfd, 0x61, 0xca, + 0x00, 0x42, 0x19, 0xf0, 0xda, 0x5a, 0x53, 0xe3, 0xb1, 0xc5, 0x15, 0xf3, + }; + + std::unique_ptr<crypto::ECPrivateKey> key = + crypto::ECPrivateKey::CreateFromPrivateKeyInfo(std::vector<uint8_t>( + std::begin(kPrivateKeyInfo), std::end(kPrivateKeyInfo))); + EXPECT_FALSE(key); } TEST(ECPrivateKeyUnitTest, BadPasswordTest) { @@ -108,7 +206,7 @@ TEST(ECPrivateKeyUnitTest, BadPasswordTest) { std::unique_ptr<crypto::ECPrivateKey> keypair1( crypto::ECPrivateKey::Create()); - ASSERT_TRUE(keypair1.get()); + ASSERT_TRUE(keypair1); std::vector<uint8_t> privkey1; std::vector<uint8_t> pubkey1; @@ -119,7 +217,7 @@ TEST(ECPrivateKeyUnitTest, BadPasswordTest) { std::unique_ptr<crypto::ECPrivateKey> keypair2( crypto::ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( password2, privkey1, pubkey1)); - ASSERT_FALSE(keypair2.get()); + ASSERT_FALSE(keypair2); } TEST(ECPrivateKeyUnitTest, LoadNSSKeyTest) { @@ -158,7 +256,7 @@ TEST(ECPrivateKeyUnitTest, LoadNSSKeyTest) { std::vector<uint8_t>(std::begin(kNSSPublicKey), std::end(kNSSPublicKey)))); - EXPECT_TRUE(keypair_nss.get()); + EXPECT_TRUE(keypair_nss); } TEST(ECPrivateKeyUnitTest, LoadOpenSSLKeyTest) { @@ -205,7 +303,7 @@ TEST(ECPrivateKeyUnitTest, LoadOpenSSLKeyTest) { std::vector<uint8_t>(std::begin(kOpenSSLPublicKey), std::end(kOpenSSLPublicKey)))); - EXPECT_TRUE(keypair_openssl.get()); + EXPECT_TRUE(keypair_openssl); std::vector<uint8_t> public_key; EXPECT_TRUE(keypair_openssl->ExportPublicKey(&public_key)); @@ -300,5 +398,5 @@ TEST(ECPrivateKeyUnitTest, LoadOldOpenSSLKeyTest) { std::vector<uint8_t>(std::begin(kOpenSSLPublicKey), std::end(kOpenSSLPublicKey)))); - EXPECT_TRUE(keypair_openssl.get()); + EXPECT_TRUE(keypair_openssl); } diff --git a/chromium/crypto/ec_signature_creator.cc b/chromium/crypto/ec_signature_creator.cc index a6887bc117b..34e5181d518 100644 --- a/chromium/crypto/ec_signature_creator.cc +++ b/chromium/crypto/ec_signature_creator.cc @@ -5,21 +5,23 @@ #include "crypto/ec_signature_creator.h" #include "base/logging.h" +#include "base/memory/ptr_util.h" #include "crypto/ec_signature_creator_impl.h" namespace crypto { namespace { -ECSignatureCreatorFactory* g_factory_ = NULL; +ECSignatureCreatorFactory* g_factory_ = nullptr; } // namespace // static -ECSignatureCreator* ECSignatureCreator::Create(ECPrivateKey* key) { +std::unique_ptr<ECSignatureCreator> ECSignatureCreator::Create( + ECPrivateKey* key) { if (g_factory_) return g_factory_->Create(key); - return new ECSignatureCreatorImpl(key); + return base::MakeUnique<ECSignatureCreatorImpl>(key); } // static diff --git a/chromium/crypto/ec_signature_creator.h b/chromium/crypto/ec_signature_creator.h index 47128fed1b8..72e09dfe9d7 100644 --- a/chromium/crypto/ec_signature_creator.h +++ b/chromium/crypto/ec_signature_creator.h @@ -7,6 +7,7 @@ #include <stdint.h> +#include <memory> #include <string> #include <vector> @@ -21,7 +22,7 @@ class CRYPTO_EXPORT ECSignatureCreatorFactory { public: virtual ~ECSignatureCreatorFactory() {} - virtual ECSignatureCreator* Create(ECPrivateKey* key) = 0; + virtual std::unique_ptr<ECSignatureCreator> Create(ECPrivateKey* key) = 0; }; // Signs data using a bare private key (as opposed to a full certificate). @@ -35,7 +36,7 @@ class CRYPTO_EXPORT ECSignatureCreator { // instance outlives the created ECSignatureCreator. // TODO(rch): This is currently hard coded to use SHA256. Ideally, we should // pass in the hash algorithm identifier. - static ECSignatureCreator* Create(ECPrivateKey* key); + static std::unique_ptr<ECSignatureCreator> Create(ECPrivateKey* key); // Set a factory to make the Create function return non-standard // ECSignatureCreator objects. Because the ECDSA algorithm involves diff --git a/chromium/crypto/ec_signature_creator_impl.cc b/chromium/crypto/ec_signature_creator_impl.cc index e80a7fbc09f..c22efdab4b4 100644 --- a/chromium/crypto/ec_signature_creator_impl.cc +++ b/chromium/crypto/ec_signature_creator_impl.cc @@ -33,9 +33,10 @@ bool ECSignatureCreatorImpl::Sign(const uint8_t* data, ScopedEVP_MD_CTX ctx(EVP_MD_CTX_create()); size_t sig_len = 0; if (!ctx.get() || - !EVP_DigestSignInit(ctx.get(), NULL, EVP_sha256(), NULL, key_->key()) || + !EVP_DigestSignInit(ctx.get(), nullptr, EVP_sha256(), nullptr, + key_->key()) || !EVP_DigestSignUpdate(ctx.get(), data, data_len) || - !EVP_DigestSignFinal(ctx.get(), NULL, &sig_len)) { + !EVP_DigestSignFinal(ctx.get(), nullptr, &sig_len)) { return false; } @@ -43,9 +44,9 @@ bool ECSignatureCreatorImpl::Sign(const uint8_t* data, if (!EVP_DigestSignFinal(ctx.get(), &signature->front(), &sig_len)) return false; - // NOTE: A call to EVP_DigestSignFinal() with a NULL second parameter returns - // a maximum allocation size, while the call without a NULL returns the real - // one, which may be smaller. + // NOTE: A call to EVP_DigestSignFinal() with a nullptr second parameter + // returns a maximum allocation size, while the call without a nullptr + // returns the real one, which may be smaller. signature->resize(sig_len); return true; } diff --git a/chromium/crypto/encryptor.cc b/chromium/crypto/encryptor.cc index a9f9a9d5dce..06bf00cce94 100644 --- a/chromium/crypto/encryptor.cc +++ b/chromium/crypto/encryptor.cc @@ -23,7 +23,8 @@ const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) { switch (key->key().length()) { case 16: return EVP_aes_128_cbc(); case 32: return EVP_aes_256_cbc(); - default: return NULL; + default: + return nullptr; } } @@ -84,10 +85,7 @@ size_t Encryptor::Counter::GetLengthInBytes() const { ///////////////////////////////////////////////////////////////////////////// // Encryptor Implementation. -Encryptor::Encryptor() - : key_(NULL), - mode_(CBC) { -} +Encryptor::Encryptor() : key_(nullptr), mode_(CBC) {} Encryptor::~Encryptor() { } @@ -102,7 +100,7 @@ bool Encryptor::Init(SymmetricKey* key, if (mode == CBC && iv.size() != AES_BLOCK_SIZE) return false; - if (GetCipherForKey(key) == NULL) + if (GetCipherForKey(key) == nullptr) return false; key_ = key; @@ -191,9 +189,10 @@ bool Encryptor::Crypt(bool do_encrypt, DCHECK_EQ(EVP_CIPHER_key_length(cipher), key.length()); ScopedCipherCTX ctx; - if (!EVP_CipherInit_ex( - ctx.get(), cipher, NULL, reinterpret_cast<const uint8_t*>(key.data()), - reinterpret_cast<const uint8_t*>(iv_.data()), do_encrypt)) + if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, + reinterpret_cast<const uint8_t*>(key.data()), + reinterpret_cast<const uint8_t*>(iv_.data()), + do_encrypt)) return false; // When encrypting, add another block size of space to allow for any padding. diff --git a/chromium/crypto/encryptor_unittest.cc b/chromium/crypto/encryptor_unittest.cc index 547b7469dab..7166c74f6e6 100644 --- a/chromium/crypto/encryptor_unittest.cc +++ b/chromium/crypto/encryptor_unittest.cc @@ -95,11 +95,9 @@ TEST(EncryptorTest, DecryptWrongKey) { // determine the padding length without checking every padding byte, // Encryptor::Decrypt() will still return true. This is the case for NSS // (crbug.com/124434). -#if !defined(USE_NSS_CERTS) && !defined(OS_WIN) && !defined(OS_MACOSX) crypto::Encryptor decryptor; EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv)); EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decrypted)); -#endif // This demonstrates that not all wrong keys can be detected by padding // error. This wrong key causes the last padding byte to be 1, which is diff --git a/chromium/crypto/hmac.cc b/chromium/crypto/hmac.cc index c3c43da84e5..fa91628e33b 100644 --- a/chromium/crypto/hmac.cc +++ b/chromium/crypto/hmac.cc @@ -63,10 +63,10 @@ bool HMAC::Sign(const base::StringPiece& data, DCHECK(initialized_); ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length); - return !!::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(), - key_.data(), key_.size(), + return !!::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(), key_.data(), + key_.size(), reinterpret_cast<const unsigned char*>(data.data()), - data.size(), result.safe_buffer(), NULL); + data.size(), result.safe_buffer(), nullptr); } bool HMAC::Verify(const base::StringPiece& data, diff --git a/chromium/crypto/hmac_unittest.cc b/chromium/crypto/hmac_unittest.cc index f8dbd5a6ffe..9c42dad2b41 100644 --- a/chromium/crypto/hmac_unittest.cc +++ b/chromium/crypto/hmac_unittest.cc @@ -287,7 +287,7 @@ TEST(HMACTest, EmptyKey) { base::StringPiece data(""); crypto::HMAC hmac(crypto::HMAC::SHA1); - ASSERT_TRUE(hmac.Init(NULL, 0)); + ASSERT_TRUE(hmac.Init(nullptr, 0)); unsigned char digest[kSHA1DigestSize]; EXPECT_TRUE(hmac.Sign(data, digest, kSHA1DigestSize)); diff --git a/chromium/crypto/mock_apple_keychain.h b/chromium/crypto/mock_apple_keychain.h index f36e982dc09..db4fcd8e043 100644 --- a/chromium/crypto/mock_apple_keychain.h +++ b/chromium/crypto/mock_apple_keychain.h @@ -209,7 +209,7 @@ class CRYPTO_EXPORT MockAppleKeychain : public AppleKeychain { bool locked_; typedef struct KeychainPasswordData { - KeychainPasswordData() : data(NULL), length(0) {} + KeychainPasswordData() : data(nullptr), length(0) {} void* data; UInt32 length; } KeychainPasswordData; diff --git a/chromium/crypto/nss_key_util.cc b/chromium/crypto/nss_key_util.cc index 1f726674ec8..da8d9c39b15 100644 --- a/chromium/crypto/nss_key_util.cc +++ b/chromium/crypto/nss_key_util.cc @@ -7,24 +7,19 @@ #include <cryptohi.h> #include <keyhi.h> #include <pk11pub.h> +#include <secmod.h> #include <stdint.h> #include <memory> #include "base/logging.h" #include "crypto/nss_util.h" - -#if defined(USE_NSS_CERTS) -#include <secmod.h> #include "crypto/nss_util_internal.h" -#endif namespace crypto { namespace { -#if defined(USE_NSS_CERTS) - struct PublicKeyInfoDeleter { inline void operator()(CERTSubjectPublicKeyInfo* spki) { SECKEY_DestroySubjectPublicKeyInfo(spki); @@ -59,8 +54,6 @@ ScopedSECItem MakeIDFromSPKI(const std::vector<uint8_t>& input) { return ScopedSECItem(PK11_MakeIDFromPubKey(&result->u.rsa.modulus)); } -#endif // defined(USE_NSS_CERTS) - } // namespace bool GenerateRSAKeyPairNSS(PK11SlotInfo* slot, @@ -118,8 +111,6 @@ ScopedSECKEYPrivateKey ImportNSSKeyFromPrivateKeyInfo( return ScopedSECKEYPrivateKey(key_raw); } -#if defined(USE_NSS_CERTS) - ScopedSECKEYPrivateKey FindNSSKeyFromPublicKeyInfo( const std::vector<uint8_t>& input) { EnsureNSSInit(); @@ -160,6 +151,4 @@ ScopedSECKEYPrivateKey FindNSSKeyFromPublicKeyInfoInSlot( PK11_FindKeyByKeyID(slot, cka_id.get(), nullptr)); } -#endif // defined(USE_NSS_CERTS) - } // namespace crypto diff --git a/chromium/crypto/nss_key_util.h b/chromium/crypto/nss_key_util.h index 12b948d25bb..86934dd0036 100644 --- a/chromium/crypto/nss_key_util.h +++ b/chromium/crypto/nss_key_util.h @@ -36,8 +36,6 @@ ImportNSSKeyFromPrivateKeyInfo(PK11SlotInfo* slot, const std::vector<uint8_t>& input, bool permanent); -#if defined(USE_NSS_CERTS) - // Decodes |input| as a DER-encoded X.509 SubjectPublicKeyInfo and searches for // the private key half in the key database. Returns the private key on success // or nullptr on error. @@ -51,8 +49,6 @@ CRYPTO_EXPORT ScopedSECKEYPrivateKey FindNSSKeyFromPublicKeyInfoInSlot(const std::vector<uint8_t>& input, PK11SlotInfo* slot); -#endif // defined(USE_NSS_CERTS) - } // namespace crypto #endif // CRYPTO_NSS_KEY_UTIL_H_ diff --git a/chromium/crypto/nss_key_util_unittest.cc b/chromium/crypto/nss_key_util_unittest.cc index 99b52a9891b..ced9850aa3e 100644 --- a/chromium/crypto/nss_key_util_unittest.cc +++ b/chromium/crypto/nss_key_util_unittest.cc @@ -46,7 +46,6 @@ TEST_F(NSSKeyUtilTest, GenerateRSAKeyPairNSS) { PK11_GetPrivateModulusLen(private_key.get())); } -#if defined(USE_NSS_CERTS) TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) { // Create an NSS keypair, which will put the keys in the user's NSSDB. ScopedSECKEYPublicKey public_key; @@ -83,6 +82,5 @@ TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) { EXPECT_FALSE(FindNSSKeyFromPublicKeyInfo(public_key_der)); } -#endif // defined(USE_NSS_CERTS) } // namespace crypto diff --git a/chromium/crypto/nss_util.cc b/chromium/crypto/nss_util.cc index 359f78fb87a..66114cd0e0c 100644 --- a/chromium/crypto/nss_util.cc +++ b/chromium/crypto/nss_util.cc @@ -15,6 +15,9 @@ #include <memory> #include <utility> +#include "base/location.h" +#include "base/single_thread_task_runner.h" +#include "base/threading/thread_task_runner_handle.h" #include "crypto/nss_util_internal.h" #if defined(OS_OPENBSD) @@ -39,23 +42,16 @@ #include "base/files/file_util.h" #include "base/lazy_instance.h" #include "base/logging.h" -#include "base/message_loop/message_loop.h" #include "base/native_library.h" #include "base/path_service.h" #include "base/stl_util.h" #include "base/strings/stringprintf.h" +#include "base/synchronization/lock.h" #include "base/threading/thread_checker.h" #include "base/threading/thread_restrictions.h" #include "base/threading/worker_pool.h" #include "build/build_config.h" - -// USE_NSS_CERTS means NSS is used for certificates and platform integration. -// This requires additional support to manage the platform certificate and key -// stores. -#if defined(USE_NSS_CERTS) -#include "base/synchronization/lock.h" #include "crypto/nss_crypto_module_delegate.h" -#endif // defined(USE_NSS_CERTS) namespace crypto { @@ -85,7 +81,6 @@ std::string GetNSSErrorMessage() { return result; } -#if defined(USE_NSS_CERTS) #if !defined(OS_CHROMEOS) base::FilePath GetDefaultConfigDirectory() { base::FilePath dir; @@ -131,13 +126,13 @@ char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { retry != PR_FALSE, &cancelled); if (cancelled) - return NULL; + return nullptr; char* result = PORT_Strdup(password.c_str()); password.replace(0, password.size(), password.size(), 0); return result; } - DLOG(ERROR) << "PK11 password requested with NULL arg"; - return NULL; + DLOG(ERROR) << "PK11 password requested with nullptr arg"; + return nullptr; } // NSS creates a local cache of the sqlite database if it detects that the @@ -147,10 +142,6 @@ char* PKCS11PasswordFunc(PK11SlotInfo* slot, PRBool retry, void* arg) { // the NSS environment variable NSS_SDB_USE_CACHE to "yes" to override NSS's // detection when database_dir is on NFS. See http://crbug.com/48585. // -// TODO(wtc): port this function to other USE_NSS_CERTS platforms. It is -// defined only for OS_LINUX and OS_OPENBSD simply because the statfs structure -// is OS-specific. -// // Because this function sets an environment variable it must be run before we // go multi-threaded. void UseLocalCacheOfNSSDatabaseIfNFS(const base::FilePath& database_dir) { @@ -175,8 +166,6 @@ void UseLocalCacheOfNSSDatabaseIfNFS(const base::FilePath& database_dir) { } } -#endif // defined(USE_NSS_CERTS) - // A singleton to initialize/deinitialize NSPR. // Separate from the NSS singleton because we initialize NSPR on the UI thread. // Now that we're leaking the singleton, we could merge back with the NSS @@ -229,8 +218,8 @@ class ChromeOSUserData { } ScopedPK11Slot GetPublicSlot() { - return ScopedPK11Slot( - public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) : NULL); + return ScopedPK11Slot(public_slot_ ? PK11_ReferenceSlot(public_slot_.get()) + : nullptr); } ScopedPK11Slot GetPrivateSlot( @@ -357,17 +346,17 @@ class NSSInitSingleton { DCHECK(!initializing_tpm_token_); // If EnableTPMTokenForNSS hasn't been called, return false. if (!tpm_token_enabled_for_nss_) { - base::MessageLoop::current()->PostTask(FROM_HERE, - base::Bind(callback, false)); + base::ThreadTaskRunnerHandle::Get()->PostTask( + FROM_HERE, base::Bind(callback, false)); return; } // If everything is already initialized, then return true. // Note that only |tpm_slot_| is checked, since |chaps_module_| could be - // NULL in tests while |tpm_slot_| has been set to the test DB. + // nullptr in tests while |tpm_slot_| has been set to the test DB. if (tpm_slot_) { - base::MessageLoop::current()->PostTask(FROM_HERE, - base::Bind(callback, true)); + base::ThreadTaskRunnerHandle::Get()->PostTask(FROM_HERE, + base::Bind(callback, true)); return; } @@ -389,8 +378,8 @@ class NSSInitSingleton { )) { initializing_tpm_token_ = true; } else { - base::MessageLoop::current()->PostTask(FROM_HERE, - base::Bind(callback, false)); + base::ThreadTaskRunnerHandle::Get()->PostTask( + FROM_HERE, base::Bind(callback, false)); } } @@ -598,7 +587,7 @@ class NSSInitSingleton { if (username_hash.empty()) { DVLOG(2) << "empty username_hash"; if (!callback.is_null()) { - base::MessageLoop::current()->PostTask( + base::ThreadTaskRunnerHandle::Get()->PostTask( FROM_HERE, base::Bind(callback, base::Passed(ScopedPK11Slot()))); } return ScopedPK11Slot(); @@ -619,7 +608,7 @@ class NSSInitSingleton { void SetSystemKeySlotForTesting(ScopedPK11Slot slot) { // Ensure that a previous value of test_system_slot_ is not overwritten. - // Unsetting, i.e. setting a NULL, however is allowed. + // Unsetting, i.e. setting a nullptr, however is allowed. DCHECK(!slot || !test_system_slot_); test_system_slot_ = std::move(slot); if (test_system_slot_) { @@ -655,7 +644,7 @@ class NSSInitSingleton { // TODO(mattm): chromeos::TPMTokenloader always calls // InitializeTPMTokenAndSystemSlot with slot 0. If the system slot is // disabled, tpm_slot_ will be the first user's slot instead. Can that be - // detected and return NULL instead? + // detected and return nullptr instead? base::Closure wrapped_callback; if (!callback.is_null()) { @@ -670,11 +659,9 @@ class NSSInitSingleton { } #endif -#if defined(USE_NSS_CERTS) base::Lock* write_lock() { return &write_lock_; } -#endif // defined(USE_NSS_CERTS) private: friend struct base::DefaultLazyInstanceTraits<NSSInitSingleton>; @@ -682,8 +669,8 @@ class NSSInitSingleton { NSSInitSingleton() : tpm_token_enabled_for_nss_(false), initializing_tpm_token_(false), - chaps_module_(NULL), - root_(NULL) { + chaps_module_(nullptr), + root_(nullptr) { // It's safe to construct on any thread, since LazyInstance will prevent any // other threads from accessing until the constructor is done. thread_checker_.DetachFromThread(); @@ -706,73 +693,53 @@ class NSSInitSingleton { } SECStatus status = SECFailure; - bool nodb_init = false; - -#if !defined(USE_NSS_CERTS) - // Use the system certificate store, so initialize NSS without database. - nodb_init = true; -#endif - - if (nodb_init) { - status = NSS_NoDB_Init(NULL); - if (status != SECSuccess) { - CrashOnNSSInitFailure(); - return; - } -#if defined(OS_IOS) - root_ = InitDefaultRootCerts(); -#endif // defined(OS_IOS) - } else { -#if defined(USE_NSS_CERTS) - base::FilePath database_dir = GetInitialConfigDirectory(); - if (!database_dir.empty()) { - // This duplicates the work which should have been done in - // EarlySetupForNSSInit. However, this function is idempotent so - // there's no harm done. - UseLocalCacheOfNSSDatabaseIfNFS(database_dir); - - // Initialize with a persistent database (likely, ~/.pki/nssdb). - // Use "sql:" which can be shared by multiple processes safely. - std::string nss_config_dir = - base::StringPrintf("sql:%s", database_dir.value().c_str()); + base::FilePath database_dir = GetInitialConfigDirectory(); + if (!database_dir.empty()) { + // This duplicates the work which should have been done in + // EarlySetupForNSSInit. However, this function is idempotent so + // there's no harm done. + UseLocalCacheOfNSSDatabaseIfNFS(database_dir); + + // Initialize with a persistent database (likely, ~/.pki/nssdb). + // Use "sql:" which can be shared by multiple processes safely. + std::string nss_config_dir = + base::StringPrintf("sql:%s", database_dir.value().c_str()); #if defined(OS_CHROMEOS) - status = NSS_Init(nss_config_dir.c_str()); + status = NSS_Init(nss_config_dir.c_str()); #else - status = NSS_InitReadWrite(nss_config_dir.c_str()); + status = NSS_InitReadWrite(nss_config_dir.c_str()); #endif - if (status != SECSuccess) { - LOG(ERROR) << "Error initializing NSS with a persistent " - "database (" << nss_config_dir - << "): " << GetNSSErrorMessage(); - } - } if (status != SECSuccess) { - VLOG(1) << "Initializing NSS without a persistent database."; - status = NSS_NoDB_Init(NULL); - if (status != SECSuccess) { - CrashOnNSSInitFailure(); - return; - } + LOG(ERROR) << "Error initializing NSS with a persistent " + "database (" << nss_config_dir + << "): " << GetNSSErrorMessage(); } - - PK11_SetPasswordFunc(PKCS11PasswordFunc); - - // If we haven't initialized the password for the NSS databases, - // initialize an empty-string password so that we don't need to - // log in. - PK11SlotInfo* slot = PK11_GetInternalKeySlot(); - if (slot) { - // PK11_InitPin may write to the keyDB, but no other thread can use NSS - // yet, so we don't need to lock. - if (PK11_NeedUserInit(slot)) - PK11_InitPin(slot, NULL, NULL); - PK11_FreeSlot(slot); + } + if (status != SECSuccess) { + VLOG(1) << "Initializing NSS without a persistent database."; + status = NSS_NoDB_Init(nullptr); + if (status != SECSuccess) { + CrashOnNSSInitFailure(); + return; } + } - root_ = InitDefaultRootCerts(); -#endif // defined(USE_NSS_CERTS) + PK11_SetPasswordFunc(PKCS11PasswordFunc); + + // If we haven't initialized the password for the NSS databases, + // initialize an empty-string password so that we don't need to + // log in. + PK11SlotInfo* slot = PK11_GetInternalKeySlot(); + if (slot) { + // PK11_InitPin may write to the keyDB, but no other thread can use NSS + // yet, so we don't need to lock. + if (PK11_NeedUserInit(slot)) + PK11_InitPin(slot, nullptr, nullptr); + PK11_FreeSlot(slot); } + root_ = InitDefaultRootCerts(); + // Disable MD5 certificate signatures. (They are disabled by default in // NSS 3.14.) NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); @@ -791,12 +758,12 @@ class NSSInitSingleton { if (root_) { SECMOD_UnloadUserModule(root_); SECMOD_DestroyModule(root_); - root_ = NULL; + root_ = nullptr; } if (chaps_module_) { SECMOD_UnloadUserModule(chaps_module_); SECMOD_DestroyModule(chaps_module_); - chaps_module_ = NULL; + chaps_module_ = nullptr; } SECStatus status = NSS_Shutdown(); @@ -809,14 +776,14 @@ class NSSInitSingleton { // Load nss's built-in root certs. SECMODModule* InitDefaultRootCerts() { - SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", NULL); + SECMODModule* root = LoadModule("Root Certs", "libnssckbi.so", nullptr); if (root) return root; // Aw, snap. Can't find/load root cert shared library. // This will make it hard to talk to anybody via https. // TODO(mattm): Re-add the NOTREACHED here when crbug.com/310972 is fixed. - return NULL; + return nullptr; } // Load the given module for this NSS session. @@ -832,17 +799,17 @@ class NSSInitSingleton { // https://bugzilla.mozilla.org/show_bug.cgi?id=642546 was filed // on NSS codebase to address this. SECMODModule* module = SECMOD_LoadUserModule( - const_cast<char*>(modparams.c_str()), NULL, PR_FALSE); + const_cast<char*>(modparams.c_str()), nullptr, PR_FALSE); if (!module) { LOG(ERROR) << "Error loading " << name << " module into NSS: " << GetNSSErrorMessage(); - return NULL; + return nullptr; } if (!module->loaded) { LOG(ERROR) << "After loading " << name << ", loaded==false: " << GetNSSErrorMessage(); SECMOD_DestroyModule(module); - return NULL; + return nullptr; } return module; } @@ -859,11 +826,9 @@ class NSSInitSingleton { ChromeOSUserMap chromeos_user_map_; ScopedPK11Slot test_system_slot_; #endif -#if defined(USE_NSS_CERTS) // TODO(davidben): When https://bugzilla.mozilla.org/show_bug.cgi?id=564011 // is fixed, we will no longer need the lock. base::Lock write_lock_; -#endif // defined(USE_NSS_CERTS) base::ThreadChecker thread_checker_; }; @@ -872,7 +837,6 @@ base::LazyInstance<NSSInitSingleton>::Leaky g_nss_singleton = LAZY_INSTANCE_INITIALIZER; } // namespace -#if defined(USE_NSS_CERTS) ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, const std::string& description) { const std::string modspec = @@ -882,7 +846,7 @@ ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, PK11SlotInfo* db_slot = SECMOD_OpenUserDB(modspec.c_str()); if (db_slot) { if (PK11_NeedUserInit(db_slot)) - PK11_InitPin(db_slot, NULL, NULL); + PK11_InitPin(db_slot, nullptr, nullptr); } else { LOG(ERROR) << "Error opening persistent database (" << modspec << "): " << GetNSSErrorMessage(); @@ -895,7 +859,6 @@ void EarlySetupForNSSInit() { if (!database_dir.empty()) UseLocalCacheOfNSSDatabaseIfNFS(database_dir); } -#endif void EnsureNSPRInit() { g_nspr_singleton.Get(); @@ -913,13 +876,12 @@ bool CheckNSSVersion(const char* version) { return !!NSS_VersionCheck(version); } -#if defined(USE_NSS_CERTS) base::Lock* GetNSSWriteLock() { return g_nss_singleton.Get().write_lock(); } AutoNSSWriteLock::AutoNSSWriteLock() : lock_(GetNSSWriteLock()) { - // May be NULL if the lock is not needed in our version of NSS. + // May be nullptr if the lock is not needed in our version of NSS. if (lock_) lock_->Acquire(); } @@ -939,7 +901,6 @@ AutoSECMODListReadLock::AutoSECMODListReadLock() AutoSECMODListReadLock::~AutoSECMODListReadLock() { SECMOD_ReleaseReadLock(lock_); } -#endif // defined(USE_NSS_CERTS) #if defined(OS_CHROMEOS) ScopedPK11Slot GetSystemNSSKeySlot( diff --git a/chromium/crypto/nss_util.h b/chromium/crypto/nss_util.h index 71e5a67b3a0..a8b57ff9f0e 100644 --- a/chromium/crypto/nss_util.h +++ b/chromium/crypto/nss_util.h @@ -24,12 +24,10 @@ class Time; // initialization functions. namespace crypto { -#if defined(USE_NSS_CERTS) // EarlySetupForNSSInit performs lightweight setup which must occur before the // process goes multithreaded. This does not initialise NSS. For test, see // EnsureNSSInit. CRYPTO_EXPORT void EarlySetupForNSSInit(); -#endif // Initialize NRPR if it isn't already initialized. This function is // thread-safe, and NSPR will only ever be initialized once. @@ -81,7 +79,6 @@ CRYPTO_EXPORT base::Time PRTimeToBaseTime(int64_t prtime); // We use a int64_t instead of PRTime here to avoid depending on NSPR headers. CRYPTO_EXPORT int64_t BaseTimeToPRTime(base::Time time); -#if defined(USE_NSS_CERTS) // NSS has a bug which can cause a deadlock or stall in some cases when writing // to the certDB and keyDB. It also has a bug which causes concurrent key pair // generations to scribble over each other. To work around this, we synchronize @@ -102,7 +99,6 @@ class CRYPTO_EXPORT AutoNSSWriteLock { base::Lock *lock_; DISALLOW_COPY_AND_ASSIGN(AutoNSSWriteLock); }; -#endif // defined(USE_NSS_CERTS) } // namespace crypto diff --git a/chromium/crypto/nss_util_internal.h b/chromium/crypto/nss_util_internal.h index 0982a6e8c74..697e376e5a5 100644 --- a/chromium/crypto/nss_util_internal.h +++ b/chromium/crypto/nss_util_internal.h @@ -24,7 +24,7 @@ namespace crypto { // Opens an NSS software database in folder |path|, with the (potentially) // user-visible description |description|. Returns the slot for the opened -// database, or NULL if the database could not be opened. +// database, or nullptr if the database could not be opened. CRYPTO_EXPORT ScopedPK11Slot OpenSoftwareNSSDB(const base::FilePath& path, const std::string& description); @@ -57,8 +57,8 @@ CRYPTO_EXPORT ScopedPK11Slot GetSystemNSSKeySlot( // through |GetSystemNSSKeySlot| and |IsTPMTokenReady| will return true. // |InitializeTPMTokenAndSystemSlot|, which triggers the TPM initialization, // does not have to be called if the test system slot is set. -// This must must not be called consecutively with a |slot| != NULL. If |slot| -// is NULL, the test system slot is unset. +// This must must not be called consecutively with a |slot| != nullptr. If +// |slot| is nullptr, the test system slot is unset. CRYPTO_EXPORT void SetSystemKeySlotForTesting(ScopedPK11Slot slot); // Prepare per-user NSS slot mapping. It is safe to call this function multiple diff --git a/chromium/crypto/nss_util_unittest.cc b/chromium/crypto/nss_util_unittest.cc index 28591916d3f..729d5bf1b35 100644 --- a/chromium/crypto/nss_util_unittest.cc +++ b/chromium/crypto/nss_util_unittest.cc @@ -34,7 +34,8 @@ TEST(NSSUtilTest, PRTimeConversion) { prxtime.tm_usec = 342000; PRTime pr_time = PR_ImplodeTime(&prxtime); - base::Time base_time = base::Time::FromUTCExploded(exploded); + base::Time base_time; + EXPECT_TRUE(base::Time::FromUTCExploded(exploded, &base_time)); EXPECT_EQ(base_time, PRTimeToBaseTime(pr_time)); EXPECT_EQ(pr_time, BaseTimeToPRTime(base_time)); diff --git a/chromium/crypto/rsa_private_key.cc b/chromium/crypto/rsa_private_key.cc index bca4b24015c..746bf28bd74 100644 --- a/chromium/crypto/rsa_private_key.cc +++ b/chromium/crypto/rsa_private_key.cc @@ -21,27 +21,27 @@ namespace crypto { // static -RSAPrivateKey* RSAPrivateKey::Create(uint16_t num_bits) { +std::unique_ptr<RSAPrivateKey> RSAPrivateKey::Create(uint16_t num_bits) { OpenSSLErrStackTracer err_tracer(FROM_HERE); ScopedRSA rsa_key(RSA_new()); ScopedBIGNUM bn(BN_new()); if (!rsa_key.get() || !bn.get() || !BN_set_word(bn.get(), 65537L)) - return NULL; + return nullptr; - if (!RSA_generate_key_ex(rsa_key.get(), num_bits, bn.get(), NULL)) - return NULL; + if (!RSA_generate_key_ex(rsa_key.get(), num_bits, bn.get(), nullptr)) + return nullptr; std::unique_ptr<RSAPrivateKey> result(new RSAPrivateKey); result->key_ = EVP_PKEY_new(); if (!result->key_ || !EVP_PKEY_set1_RSA(result->key_, rsa_key.get())) - return NULL; + return nullptr; - return result.release(); + return result; } // static -RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( +std::unique_ptr<RSAPrivateKey> RSAPrivateKey::CreateFromPrivateKeyInfo( const std::vector<uint8_t>& input) { OpenSSLErrStackTracer err_tracer(FROM_HERE); @@ -53,40 +53,39 @@ RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( std::unique_ptr<RSAPrivateKey> result(new RSAPrivateKey); result->key_ = pkey.release(); - return result.release(); + return result; } // static -RSAPrivateKey* RSAPrivateKey::CreateFromKey(EVP_PKEY* key) { +std::unique_ptr<RSAPrivateKey> RSAPrivateKey::CreateFromKey(EVP_PKEY* key) { DCHECK(key); if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) - return NULL; - RSAPrivateKey* copy = new RSAPrivateKey(); + return nullptr; + std::unique_ptr<RSAPrivateKey> copy(new RSAPrivateKey); copy->key_ = EVP_PKEY_up_ref(key); return copy; } -RSAPrivateKey::RSAPrivateKey() - : key_(NULL) { -} +RSAPrivateKey::RSAPrivateKey() : key_(nullptr) {} RSAPrivateKey::~RSAPrivateKey() { if (key_) EVP_PKEY_free(key_); } -RSAPrivateKey* RSAPrivateKey::Copy() const { - std::unique_ptr<RSAPrivateKey> copy(new RSAPrivateKey()); +std::unique_ptr<RSAPrivateKey> RSAPrivateKey::Copy() const { + std::unique_ptr<RSAPrivateKey> copy(new RSAPrivateKey); ScopedRSA rsa(EVP_PKEY_get1_RSA(key_)); if (!rsa) - return NULL; + return nullptr; copy->key_ = EVP_PKEY_new(); if (!EVP_PKEY_set1_RSA(copy->key_, rsa.get())) - return NULL; - return copy.release(); + return nullptr; + return copy; } bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { + OpenSSLErrStackTracer err_tracer(FROM_HERE); uint8_t *der; size_t der_len; AutoCBB cbb; @@ -101,6 +100,7 @@ bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8_t>* output) const { } bool RSAPrivateKey::ExportPublicKey(std::vector<uint8_t>* output) const { + OpenSSLErrStackTracer err_tracer(FROM_HERE); uint8_t *der; size_t der_len; AutoCBB cbb; diff --git a/chromium/crypto/rsa_private_key.h b/chromium/crypto/rsa_private_key.h index 0304a8c5322..f0b9efaa58f 100644 --- a/chromium/crypto/rsa_private_key.h +++ b/chromium/crypto/rsa_private_key.h @@ -8,7 +8,7 @@ #include <stddef.h> #include <stdint.h> -#include <list> +#include <memory> #include <vector> #include "base/macros.h" @@ -28,23 +28,23 @@ class CRYPTO_EXPORT RSAPrivateKey { ~RSAPrivateKey(); // Create a new random instance. Can return NULL if initialization fails. - static RSAPrivateKey* Create(uint16_t num_bits); + static std::unique_ptr<RSAPrivateKey> Create(uint16_t num_bits); // Create a new instance by importing an existing private key. The format is // an ASN.1-encoded PrivateKeyInfo block from PKCS #8. This can return NULL if // initialization fails. - static RSAPrivateKey* CreateFromPrivateKeyInfo( + static std::unique_ptr<RSAPrivateKey> CreateFromPrivateKeyInfo( const std::vector<uint8_t>& input); // Create a new instance from an existing EVP_PKEY, taking a // reference to it. |key| must be an RSA key. Returns NULL on // failure. - static RSAPrivateKey* CreateFromKey(EVP_PKEY* key); + static std::unique_ptr<RSAPrivateKey> CreateFromKey(EVP_PKEY* key); EVP_PKEY* key() { return key_; } // Creates a copy of the object. - RSAPrivateKey* Copy() const; + std::unique_ptr<RSAPrivateKey> Copy() const; // Exports the private key to a PKCS #8 PrivateKeyInfo block. bool ExportPrivateKey(std::vector<uint8_t>* output) const; diff --git a/chromium/crypto/secure_hash.cc b/chromium/crypto/secure_hash.cc index 2a5a1f02089..76d42d33f72 100644 --- a/chromium/crypto/secure_hash.cc +++ b/chromium/crypto/secure_hash.cc @@ -9,6 +9,7 @@ #include <stddef.h> #include "base/logging.h" +#include "base/memory/ptr_util.h" #include "base/pickle.h" #include "crypto/openssl_util.h" @@ -40,8 +41,8 @@ class SecureHashSHA256 : public SecureHash { SHA256_Final(result.safe_buffer(), &ctx_); } - SecureHash* Clone() const override { - return new SecureHashSHA256(*this); + std::unique_ptr<SecureHash> Clone() const override { + return base::MakeUnique<SecureHashSHA256>(*this); } size_t GetHashLength() const override { return SHA256_DIGEST_LENGTH; } @@ -52,13 +53,13 @@ class SecureHashSHA256 : public SecureHash { } // namespace -SecureHash* SecureHash::Create(Algorithm algorithm) { +std::unique_ptr<SecureHash> SecureHash::Create(Algorithm algorithm) { switch (algorithm) { case SHA256: - return new SecureHashSHA256(); + return base::MakeUnique<SecureHashSHA256>(); default: NOTIMPLEMENTED(); - return NULL; + return nullptr; } } diff --git a/chromium/crypto/secure_hash.h b/chromium/crypto/secure_hash.h index a5590e5d0b5..30b9fdc5f28 100644 --- a/chromium/crypto/secure_hash.h +++ b/chromium/crypto/secure_hash.h @@ -7,6 +7,8 @@ #include <stddef.h> +#include <memory> + #include "base/macros.h" #include "crypto/crypto_export.h" @@ -21,7 +23,7 @@ class CRYPTO_EXPORT SecureHash { }; virtual ~SecureHash() {} - static SecureHash* Create(Algorithm type); + static std::unique_ptr<SecureHash> Create(Algorithm type); virtual void Update(const void* input, size_t len) = 0; virtual void Finish(void* output, size_t len) = 0; @@ -30,7 +32,7 @@ class CRYPTO_EXPORT SecureHash { // Create a clone of this SecureHash. The returned clone and this both // represent the same hash state. But from this point on, calling // Update()/Finish() on either doesn't affect the state of the other. - virtual SecureHash* Clone() const = 0; + virtual std::unique_ptr<SecureHash> Clone() const = 0; protected: SecureHash() {} diff --git a/chromium/crypto/signature_creator.cc b/chromium/crypto/signature_creator.cc index 6543e63186b..bb4019ef729 100644 --- a/chromium/crypto/signature_creator.cc +++ b/chromium/crypto/signature_creator.cc @@ -9,8 +9,6 @@ #include <stddef.h> #include <stdint.h> -#include <memory> - #include "base/logging.h" #include "crypto/openssl_util.h" #include "crypto/rsa_private_key.h" @@ -27,7 +25,7 @@ const EVP_MD* ToOpenSSLDigest(SignatureCreator::HashAlgorithm hash_alg) { case SignatureCreator::SHA256: return EVP_sha256(); } - return NULL; + return nullptr; } int ToOpenSSLDigestType(SignatureCreator::HashAlgorithm hash_alg) { @@ -42,21 +40,26 @@ int ToOpenSSLDigestType(SignatureCreator::HashAlgorithm hash_alg) { } // namespace +SignatureCreator::~SignatureCreator() { + EVP_MD_CTX_destroy(sign_context_); +} + // static -SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key, - HashAlgorithm hash_alg) { +std::unique_ptr<SignatureCreator> SignatureCreator::Create( + RSAPrivateKey* key, + HashAlgorithm hash_alg) { OpenSSLErrStackTracer err_tracer(FROM_HERE); std::unique_ptr<SignatureCreator> result(new SignatureCreator); const EVP_MD* const digest = ToOpenSSLDigest(hash_alg); DCHECK(digest); if (!digest) { - return NULL; + return nullptr; } - if (!EVP_DigestSignInit(result->sign_context_, NULL, digest, NULL, + if (!EVP_DigestSignInit(result->sign_context_, nullptr, digest, nullptr, key->key())) { - return NULL; + return nullptr; } - return result.release(); + return result; } // static @@ -80,14 +83,6 @@ bool SignatureCreator::Sign(RSAPrivateKey* key, return true; } -SignatureCreator::SignatureCreator() - : sign_context_(EVP_MD_CTX_create()) { -} - -SignatureCreator::~SignatureCreator() { - EVP_MD_CTX_destroy(sign_context_); -} - bool SignatureCreator::Update(const uint8_t* data_part, int data_part_len) { OpenSSLErrStackTracer err_tracer(FROM_HERE); return !!EVP_DigestSignUpdate(sign_context_, data_part, data_part_len); @@ -98,7 +93,7 @@ bool SignatureCreator::Final(std::vector<uint8_t>* signature) { // Determine the maximum length of the signature. size_t len = 0; - if (!EVP_DigestSignFinal(sign_context_, NULL, &len)) { + if (!EVP_DigestSignFinal(sign_context_, nullptr, &len)) { signature->clear(); return false; } @@ -113,4 +108,6 @@ bool SignatureCreator::Final(std::vector<uint8_t>* signature) { return true; } +SignatureCreator::SignatureCreator() : sign_context_(EVP_MD_CTX_create()) {} + } // namespace crypto diff --git a/chromium/crypto/signature_creator.h b/chromium/crypto/signature_creator.h index 98329b883a7..674bd4cccb2 100644 --- a/chromium/crypto/signature_creator.h +++ b/chromium/crypto/signature_creator.h @@ -7,6 +7,7 @@ #include <stdint.h> +#include <memory> #include <vector> #include "base/macros.h" @@ -35,8 +36,8 @@ class CRYPTO_EXPORT SignatureCreator { // Create an instance. The caller must ensure that the provided PrivateKey // instance outlives the created SignatureCreator. Uses the HashAlgorithm // specified. - static SignatureCreator* Create(RSAPrivateKey* key, HashAlgorithm hash_alg); - + static std::unique_ptr<SignatureCreator> Create(RSAPrivateKey* key, + HashAlgorithm hash_alg); // Signs the precomputed |hash_alg| digest |data| using private |key| as // specified in PKCS #1 v1.5. diff --git a/chromium/crypto/signature_verifier.cc b/chromium/crypto/signature_verifier.cc index f4a3d4f0f19..236b64c594d 100644 --- a/chromium/crypto/signature_verifier.cc +++ b/chromium/crypto/signature_verifier.cc @@ -27,7 +27,7 @@ const EVP_MD* ToOpenSSLDigest(SignatureVerifier::HashAlgorithm hash_alg) { case SignatureVerifier::SHA256: return EVP_sha256(); } - return NULL; + return nullptr; } } // namespace @@ -36,9 +36,7 @@ struct SignatureVerifier::VerifyContext { ScopedEVP_MD_CTX ctx; }; -SignatureVerifier::SignatureVerifier() - : verify_context_(NULL) { -} +SignatureVerifier::SignatureVerifier() : verify_context_(nullptr) {} SignatureVerifier::~SignatureVerifier() { Reset(); @@ -153,7 +151,7 @@ bool SignatureVerifier::CommonInit(int pkey_type, void SignatureVerifier::Reset() { delete verify_context_; - verify_context_ = NULL; + verify_context_ = nullptr; signature_.clear(); } diff --git a/chromium/crypto/symmetric_key.cc b/chromium/crypto/symmetric_key.cc index 4da8bd8662f..e3ecf624bcd 100644 --- a/chromium/crypto/symmetric_key.cc +++ b/chromium/crypto/symmetric_key.cc @@ -10,7 +10,7 @@ #include <stdint.h> #include <algorithm> -#include <memory> +#include <utility> #include "base/logging.h" #include "base/strings/string_util.h" @@ -23,21 +23,22 @@ SymmetricKey::~SymmetricKey() { } // static -SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, - size_t key_size_in_bits) { +std::unique_ptr<SymmetricKey> SymmetricKey::GenerateRandomKey( + Algorithm algorithm, + size_t key_size_in_bits) { DCHECK_EQ(AES, algorithm); // Whitelist supported key sizes to avoid accidentaly relying on // algorithms available in NSS but not BoringSSL and vice // versa. Note that BoringSSL does not support AES-192. if (key_size_in_bits != 128 && key_size_in_bits != 256) - return NULL; + return nullptr; size_t key_size_in_bytes = key_size_in_bits / 8; DCHECK_EQ(key_size_in_bits, key_size_in_bytes * 8); if (key_size_in_bytes == 0) - return NULL; + return nullptr; OpenSSLErrStackTracer err_tracer(FROM_HERE); std::unique_ptr<SymmetricKey> key(new SymmetricKey); @@ -45,15 +46,16 @@ SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, base::WriteInto(&key->key_, key_size_in_bytes + 1)); int rv = RAND_bytes(key_data, static_cast<int>(key_size_in_bytes)); - return rv == 1 ? key.release() : NULL; + return rv == 1 ? std::move(key) : nullptr; } // static -SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, - const std::string& password, - const std::string& salt, - size_t iterations, - size_t key_size_in_bits) { +std::unique_ptr<SymmetricKey> SymmetricKey::DeriveKeyFromPassword( + Algorithm algorithm, + const std::string& password, + const std::string& salt, + size_t iterations, + size_t key_size_in_bits) { DCHECK(algorithm == AES || algorithm == HMAC_SHA1); if (algorithm == AES) { @@ -61,14 +63,14 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, // algorithms available in NSS but not BoringSSL and vice // versa. Note that BoringSSL does not support AES-192. if (key_size_in_bits != 128 && key_size_in_bits != 256) - return NULL; + return nullptr; } size_t key_size_in_bytes = key_size_in_bits / 8; DCHECK_EQ(key_size_in_bits, key_size_in_bytes * 8); if (key_size_in_bytes == 0) - return NULL; + return nullptr; OpenSSLErrStackTracer err_tracer(FROM_HERE); std::unique_ptr<SymmetricKey> key(new SymmetricKey); @@ -79,23 +81,23 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, reinterpret_cast<const uint8_t*>(salt.data()), salt.length(), static_cast<unsigned>(iterations), key_size_in_bytes, key_data); - return rv == 1 ? key.release() : NULL; + return rv == 1 ? std::move(key) : nullptr; } // static -SymmetricKey* SymmetricKey::Import(Algorithm algorithm, - const std::string& raw_key) { +std::unique_ptr<SymmetricKey> SymmetricKey::Import(Algorithm algorithm, + const std::string& raw_key) { if (algorithm == AES) { // Whitelist supported key sizes to avoid accidentaly relying on // algorithms available in NSS but not BoringSSL and vice // versa. Note that BoringSSL does not support AES-192. if (raw_key.size() != 128/8 && raw_key.size() != 256/8) - return NULL; + return nullptr; } std::unique_ptr<SymmetricKey> key(new SymmetricKey); key->key_ = raw_key; - return key.release(); + return key; } bool SymmetricKey::GetRawKey(std::string* raw_key) { @@ -103,4 +105,6 @@ bool SymmetricKey::GetRawKey(std::string* raw_key) { return true; } +SymmetricKey::SymmetricKey() = default; + } // namespace crypto diff --git a/chromium/crypto/symmetric_key.h b/chromium/crypto/symmetric_key.h index 2b2e2ce304f..7494634b5ef 100644 --- a/chromium/crypto/symmetric_key.h +++ b/chromium/crypto/symmetric_key.h @@ -7,6 +7,7 @@ #include <stddef.h> +#include <memory> #include <string> #include "base/macros.h" @@ -31,25 +32,28 @@ class CRYPTO_EXPORT SymmetricKey { // Generates a random key suitable to be used with |algorithm| and of // |key_size_in_bits| bits. |key_size_in_bits| must be a multiple of 8. // The caller is responsible for deleting the returned SymmetricKey. - static SymmetricKey* GenerateRandomKey(Algorithm algorithm, - size_t key_size_in_bits); + static std::unique_ptr<SymmetricKey> GenerateRandomKey( + Algorithm algorithm, + size_t key_size_in_bits); // Derives a key from the supplied password and salt using PBKDF2, suitable // for use with specified |algorithm|. Note |algorithm| is not the algorithm // used to derive the key from the password. |key_size_in_bits| must be a // multiple of 8. The caller is responsible for deleting the returned // SymmetricKey. - static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm, - const std::string& password, - const std::string& salt, - size_t iterations, - size_t key_size_in_bits); + static std::unique_ptr<SymmetricKey> DeriveKeyFromPassword( + Algorithm algorithm, + const std::string& password, + const std::string& salt, + size_t iterations, + size_t key_size_in_bits); // Imports an array of key bytes in |raw_key|. This key may have been // generated by GenerateRandomKey or DeriveKeyFromPassword and exported with // GetRawKey, or via another compatible method. The key must be of suitable // size for use with |algorithm|. The caller owns the returned SymmetricKey. - static SymmetricKey* Import(Algorithm algorithm, const std::string& raw_key); + static std::unique_ptr<SymmetricKey> Import(Algorithm algorithm, + const std::string& raw_key); const std::string& key() { return key_; } @@ -59,7 +63,8 @@ class CRYPTO_EXPORT SymmetricKey { bool GetRawKey(std::string* raw_key); private: - SymmetricKey() {} + SymmetricKey(); + std::string key_; DISALLOW_COPY_AND_ASSIGN(SymmetricKey); diff --git a/chromium/crypto/symmetric_key_unittest.cc b/chromium/crypto/symmetric_key_unittest.cc index 7cd47cd73c1..d954761d75a 100644 --- a/chromium/crypto/symmetric_key_unittest.cc +++ b/chromium/crypto/symmetric_key_unittest.cc @@ -14,7 +14,7 @@ TEST(SymmetricKeyTest, GenerateRandomKey) { std::unique_ptr<crypto::SymmetricKey> key( crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 256)); - ASSERT_TRUE(NULL != key.get()); + ASSERT_TRUE(key); std::string raw_key; EXPECT_TRUE(key->GetRawKey(&raw_key)); EXPECT_EQ(32U, raw_key.size()); @@ -23,7 +23,7 @@ TEST(SymmetricKeyTest, GenerateRandomKey) { // (Note: this has a one-in-10^77 chance of failure!) std::unique_ptr<crypto::SymmetricKey> key2( crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 256)); - ASSERT_TRUE(NULL != key2.get()); + ASSERT_TRUE(key2); std::string raw_key2; EXPECT_TRUE(key2->GetRawKey(&raw_key2)); EXPECT_EQ(32U, raw_key2.size()); @@ -33,13 +33,13 @@ TEST(SymmetricKeyTest, GenerateRandomKey) { TEST(SymmetricKeyTest, ImportGeneratedKey) { std::unique_ptr<crypto::SymmetricKey> key1( crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 256)); - ASSERT_TRUE(NULL != key1.get()); + ASSERT_TRUE(key1); std::string raw_key1; EXPECT_TRUE(key1->GetRawKey(&raw_key1)); std::unique_ptr<crypto::SymmetricKey> key2( crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key1)); - ASSERT_TRUE(NULL != key2.get()); + ASSERT_TRUE(key2); std::string raw_key2; EXPECT_TRUE(key2->GetRawKey(&raw_key2)); @@ -51,13 +51,13 @@ TEST(SymmetricKeyTest, ImportDerivedKey) { std::unique_ptr<crypto::SymmetricKey> key1( crypto::SymmetricKey::DeriveKeyFromPassword( crypto::SymmetricKey::HMAC_SHA1, "password", "somesalt", 1024, 160)); - ASSERT_TRUE(NULL != key1.get()); + ASSERT_TRUE(key1); std::string raw_key1; EXPECT_TRUE(key1->GetRawKey(&raw_key1)); std::unique_ptr<crypto::SymmetricKey> key2( crypto::SymmetricKey::Import(crypto::SymmetricKey::HMAC_SHA1, raw_key1)); - ASSERT_TRUE(NULL != key2.get()); + ASSERT_TRUE(key2); std::string raw_key2; EXPECT_TRUE(key2->GetRawKey(&raw_key2)); @@ -80,20 +80,11 @@ class SymmetricKeyDeriveKeyFromPasswordTest TEST_P(SymmetricKeyDeriveKeyFromPasswordTest, DeriveKeyFromPassword) { PBKDF2TestVector test_data(GetParam()); -#if defined(OS_MACOSX) && !defined(OS_IOS) - // The OS X crypto libraries have minimum salt and iteration requirements - // so some of the tests below will cause them to barf. Skip these. - if (strlen(test_data.salt) < 8 || test_data.rounds < 1000) { - VLOG(1) << "Skipped test vector for " << test_data.expected; - return; - } -#endif // OS_MACOSX - std::unique_ptr<crypto::SymmetricKey> key( crypto::SymmetricKey::DeriveKeyFromPassword( test_data.algorithm, test_data.password, test_data.salt, test_data.rounds, test_data.key_size_in_bits)); - ASSERT_TRUE(NULL != key.get()); + ASSERT_TRUE(key); std::string raw_key; key->GetRawKey(&raw_key); diff --git a/chromium/crypto/wincrypt_shim.h b/chromium/crypto/wincrypt_shim.h index 799ac49feeb..48d4b5c5fab 100644 --- a/chromium/crypto/wincrypt_shim.h +++ b/chromium/crypto/wincrypt_shim.h @@ -22,4 +22,4 @@ #define WINCRYPT_X509_EXTENSIONS ((LPCSTR) 5) #define WINCRYPT_X509_NAME ((LPCSTR) 7) -#endif // NET_CRYPTO_WINCRYPT_SHIM_H_
\ No newline at end of file +#endif // NET_CRYPTO_WINCRYPT_SHIM_H_ |