Import Cronet version 114.0.5735.53

Project import generated by Copybara.

FolderOrigin-RevId: /tmp/copybara-origin/src
Test: none
Change-Id: Ia2e49afefcd2e9ee2014009a31ac2d6786f86fbd

3 files changed, 50 insertions, 27 deletions

diff --git a/crypto/nss_key_util.cc b/crypto/nss_key_util.cc
index 7bd39120d..a3e7c0ff6 100644
--- a/crypto/nss_key_util.cc
+++ b/crypto/nss_key_util.cc
@@ -19,30 +19,36 @@
 
 namespace crypto {
 
-namespace {
+crypto::ScopedSECItem MakeNssIdFromPublicKey(SECKEYPublicKey* public_key) {
+  CHECK(public_key);
+
+  // See pk11_MakeIDFromPublicKey from NSS. For now, only RSA and EC public_keys
+  // are supported.
+  if (SECKEY_GetPublicKeyType(public_key) == rsaKey) {
+    return crypto::ScopedSECItem(
+        PK11_MakeIDFromPubKey(&public_key->u.rsa.modulus));
+  }
+  if (SECKEY_GetPublicKeyType(public_key) == ecKey) {
+    return crypto::ScopedSECItem(
+        PK11_MakeIDFromPubKey(&public_key->u.ec.publicValue));
+  }
+  return nullptr;
+}
 
-// Decodes |input| as a SubjectPublicKeyInfo and returns a SECItem containing
-// the CKA_ID of that public key or nullptr on error.
-ScopedSECItem MakeIDFromSPKI(base::span<const uint8_t> input) {
+ScopedSECItem MakeNssIdFromSpki(base::span<const uint8_t> input) {
   ScopedCERTSubjectPublicKeyInfo spki = DecodeSubjectPublicKeyInfoNSS(input);
-  if (!spki)
+  if (!spki) {
     return nullptr;
+  }
 
-  ScopedSECKEYPublicKey result(SECKEY_ExtractPublicKey(spki.get()));
-  if (!result)
+  ScopedSECKEYPublicKey public_key(SECKEY_ExtractPublicKey(spki.get()));
+  if (!public_key) {
     return nullptr;
+  }
 
-  // See pk11_MakeIDFromPublicKey from NSS. For now, only RSA and EC keys are
-  // supported.
-  if (SECKEY_GetPublicKeyType(result.get()) == rsaKey)
-    return ScopedSECItem(PK11_MakeIDFromPubKey(&result->u.rsa.modulus));
-  if (SECKEY_GetPublicKeyType(result.get()) == ecKey)
-    return ScopedSECItem(PK11_MakeIDFromPubKey(&result->u.ec.publicValue));
-  return nullptr;
+  return MakeNssIdFromPublicKey(public_key.get());
 }
 
-}  // namespace
-
 bool GenerateRSAKeyPairNSS(PK11SlotInfo* slot,
                            uint16_t num_bits,
                            bool permanent,
@@ -57,8 +63,9 @@ bool GenerateRSAKeyPairNSS(PK11SlotInfo* slot,
   private_key->reset(PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN,
                                           &param, &public_key_raw, permanent,
                                           permanent /* sensitive */, nullptr));
-  if (!*private_key)
+  if (!*private_key) {
     return false;
+  }
 
   public_key->reset(public_key_raw);
   return true;
@@ -95,8 +102,9 @@ bool GenerateECKeyPairNSS(PK11SlotInfo* slot,
   private_key->reset(PK11_GenerateKeyPair(slot, CKM_EC_KEY_PAIR_GEN,
                                           &ec_parameters, &public_key_raw,
                                           permanent, permanent, nullptr));
-  if (!*private_key)
+  if (!*private_key) {
     return false;
+  }
 
   public_key->reset(public_key_raw);
   return true;
@@ -120,8 +128,9 @@ ScopedSECKEYPrivateKey ImportNSSKeyFromPrivateKeyInfo(
   SECStatus rv =
       SEC_QuickDERDecodeItem(arena.get(), &der_private_key_info,
                              SEC_ASN1_GET(SEC_AnyTemplate), &input_item);
-  if (rv != SECSuccess)
+  if (rv != SECSuccess) {
     return nullptr;
+  }
 
   // Allow the private key to be used for key unwrapping, data decryption,
   // and signature generation.
@@ -131,8 +140,9 @@ ScopedSECKEYPrivateKey ImportNSSKeyFromPrivateKeyInfo(
   rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
       slot, &der_private_key_info, nullptr, nullptr, permanent,
       permanent /* sensitive */, key_usage, &key_raw, nullptr);
-  if (rv != SECSuccess)
+  if (rv != SECSuccess) {
     return nullptr;
+  }
   return ScopedSECKEYPrivateKey(key_raw);
 }
 
@@ -140,9 +150,10 @@ ScopedSECKEYPrivateKey FindNSSKeyFromPublicKeyInfo(
     base::span<const uint8_t> input) {
   EnsureNSSInit();
 
-  ScopedSECItem cka_id(MakeIDFromSPKI(input));
-  if (!cka_id)
+  ScopedSECItem cka_id(MakeNssIdFromSpki(input));
+  if (!cka_id) {
     return nullptr;
+  }
 
   // Search all slots in all modules for the key with the given ID.
   AutoSECMODListReadLock auto_lock;
@@ -154,8 +165,9 @@ ScopedSECKEYPrivateKey FindNSSKeyFromPublicKeyInfo(
       // Look for the key in slot |i|.
       ScopedSECKEYPrivateKey key(
           PK11_FindKeyByKeyID(item->module->slots[i], cka_id.get(), nullptr));
-      if (key)
+      if (key) {
         return key;
+      }
     }
   }
 
@@ -168,9 +180,10 @@ ScopedSECKEYPrivateKey FindNSSKeyFromPublicKeyInfoInSlot(
     PK11SlotInfo* slot) {
   DCHECK(slot);
 
-  ScopedSECItem cka_id(MakeIDFromSPKI(input));
-  if (!cka_id)
+  ScopedSECItem cka_id(MakeNssIdFromSpki(input));
+  if (!cka_id) {
     return nullptr;
+  }
 
   return ScopedSECKEYPrivateKey(
       PK11_FindKeyByKeyID(slot, cka_id.get(), nullptr));
diff --git a/crypto/nss_key_util.h b/crypto/nss_key_util.h
index cbc3ea1c3..bb28f1d1f 100644
--- a/crypto/nss_key_util.h
+++ b/crypto/nss_key_util.h
@@ -17,6 +17,15 @@ typedef struct PK11SlotInfoStr PK11SlotInfo;
 
 namespace crypto {
 
+// Returns a SECItem containing the CKA_ID of the `public_key` or nullptr on
+// error.
+CRYPTO_EXPORT crypto::ScopedSECItem MakeNssIdFromPublicKey(
+    SECKEYPublicKey* public_key);
+
+// Decodes |input| as a SubjectPublicKeyInfo and returns a SECItem containing
+// the CKA_ID of that public key or nullptr on error.
+CRYPTO_EXPORT ScopedSECItem MakeNssIdFromSpki(base::span<const uint8_t> input);
+
 // Generates a new RSA key pair of size |num_bits| in |slot|. Returns true on
 // success and false on failure. If |permanent| is true, the resulting key is
 // permanent and is not exportable in plaintext form.
diff --git a/crypto/nss_util_chromeos.cc b/crypto/nss_util_chromeos.cc
index 760884079..a33e7c297 100644
--- a/crypto/nss_util_chromeos.cc
+++ b/crypto/nss_util_chromeos.cc
@@ -25,6 +25,7 @@
 #include "base/lazy_instance.h"
 #include "base/location.h"
 #include "base/logging.h"
+#include "base/memory/raw_ptr.h"
 #include "base/no_destructor.h"
 #include "base/path_service.h"
 #include "base/strings/string_piece.h"
@@ -148,7 +149,7 @@ class ChromeOSTokenManager {
     explicit TPMModuleAndSlot(SECMODModule* init_chaps_module)
         : chaps_module(init_chaps_module) {}
 
-    SECMODModule* chaps_module;
+    raw_ptr<SECMODModule, ExperimentalAsh> chaps_module;
     ScopedPK11Slot tpm_slot;
   };
 
@@ -487,7 +488,7 @@ class ChromeOSTokenManager {
   std::unique_ptr<base::OnceClosureList> tpm_ready_callback_list_ =
       std::make_unique<base::OnceClosureList>();
 
-  SECMODModule* chaps_module_ = nullptr;
+  raw_ptr<SECMODModule, ExperimentalAsh> chaps_module_ = nullptr;
   ScopedPK11Slot system_slot_;
   std::map<std::string, std::unique_ptr<ChromeOSUserData>> chromeos_user_map_;
   ScopedPK11Slot prepared_test_private_slot_;