src: move more crypto code to ncrypto

Author: jasnell

deps/ncrypto/ncrypto.cc

@@ -703,4 +703,46 @@ bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) {
   return ok;
 }
 
+// ============================================================================
+// BIOPointer
+
+BIOPointer::BIOPointer(BIO* bio) : bio_(bio) {}
+
+BIOPointer::BIOPointer(BIOPointer&& other) noexcept : bio_(other.release()) {}
+
+BIOPointer& BIOPointer::operator=(BIOPointer&& other) noexcept {
+  if (this == &other) return *this;
+  this->~BIOPointer();
+  return *new (this) BIOPointer(std::move(other));
+}
+
+BIOPointer::~BIOPointer() { reset(); }
+
+void BIOPointer::reset(BIO* bio) { bio_.reset(bio); }
+
+BIO* BIOPointer::release() { return bio_.release(); }
+
+BIOPointer BIOPointer::NewMem() {
+  return BIOPointer(BIO_new(BIO_s_mem()));
+}
+
+BIOPointer BIOPointer::NewSecMem() {
+  return BIOPointer(BIO_new(BIO_s_secmem()));
+}
+
+BIOPointer BIOPointer::New(const BIO_METHOD* method) {
+  return BIOPointer(BIO_new(method));
+}
+
+BIOPointer BIOPointer::New(const void* data, size_t len) {
+  return BIOPointer(BIO_new_mem_buf(data, len));
+}
+
+BIOPointer BIOPointer::NewFile(std::string_view filename, std::string_view mode) {
+  return BIOPointer(BIO_new_file(filename.data(), mode.data()));
+}
+
+BIOPointer BIOPointer::NewFd(int fd, int close_flag) {
+  return BIOPointer(BIO_new_fp(fd, close_flag));
+}
 }  // namespace ncrypto

deps/ncrypto/ncrypto.h

@@ -177,7 +177,6 @@ template <typename T, void (*function)(T*)>
 using DeleteFnPtr = typename FunctionDeleter<T, function>::Pointer;
 
 using BignumCtxPointer = DeleteFnPtr<BN_CTX, BN_CTX_free>;
-using BIOPointer = DeleteFnPtr<BIO, BIO_free_all>;
 using CipherCtxPointer = DeleteFnPtr<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>;
 using DHPointer = DeleteFnPtr<DH, DH_free>;
 using DSAPointer = DeleteFnPtr<DSA, DSA_free>;
@@ -244,6 +243,33 @@ class DataPointer final {
   size_t len_ = 0;
 };
 
+class BIOPointer final {
+public:
+  static BIOPointer NewMem();
+  static BIOPointer NewSecMem();
+  static BIOPointer New(const BIO_METHOD* method);
+  static BIOPointer New(const void* data, size_t len);
+  static BIOPointer NewFile(std::string_view filename, std::string_view mode);
+  static BIOPointer NewFd(int fd, int flags);
+
+  BIOPointer() = default;
+  explicit BIOPointer(BIO* bio);
+  BIOPointer(BIOPointer&& other) noexcept;
+  BIOPointer& operator=(BIOPointer&& other) noexcept;
+  NCRYPTO_DISALLOW_COPY(BIOPointer)
+  ~BIOPointer();
+
+  inline bool operator==(std::nullptr_t) noexcept { return bio_ == nullptr; }
+  inline operator bool() const { return bio_ != nullptr; }
+  inline BIO* get() const noexcept { return bio_.get(); }
+
+  void reset(BIO* bio = nullptr);
+  BIO* release();
+
+private:
+  DeleteFnPtr<BIO, BIO_free_all> bio_;
+};
+
 class BignumPointer final {
  public:
   BignumPointer() = default;

src/crypto/crypto_bio.cc

@@ -33,7 +33,7 @@ namespace node {
 namespace crypto {
 
 BIOPointer NodeBIO::New(Environment* env) {
-  BIOPointer bio(BIO_new(GetMethod()));
+  auto bio = BIOPointer::New(GetMethod());
   if (bio && env != nullptr)
     NodeBIO::FromBIO(bio.get())->env_ = env;
   return bio;

src/crypto/crypto_common.cc

@@ -967,7 +967,7 @@ MaybeLocal<Object> X509ToObject(
   Local<Context> context = env->context();
   Local<Object> info = Object::New(env->isolate());
 
-  BIOPointer bio(BIO_new(BIO_s_mem()));
+  auto bio = BIOPointer::NewMem();
   CHECK(bio);
 
   // X509_check_ca() returns a range of values. Only 1 means "is a CA"

src/crypto/crypto_context.cc

@@ -64,13 +64,13 @@ X509_STORE* GetOrCreateRootCertStore() {
 // Caller responsible for BIO_free_all-ing the returned object.
 BIOPointer LoadBIO(Environment* env, Local<Value> v) {
   if (v->IsString() || v->IsArrayBufferView()) {
-    BIOPointer bio(BIO_new(BIO_s_secmem()));
-    if (!bio) return nullptr;
+    auto bio = BIOPointer::NewSecMem();
+    if (!bio) return {};
     ByteSource bsrc = ByteSource::FromStringOrBuffer(env, v);
-    if (bsrc.size() > INT_MAX) return nullptr;
+    if (bsrc.size() > INT_MAX) return {};
     int written = BIO_write(bio.get(), bsrc.data<char>(), bsrc.size());
-    if (written < 0) return nullptr;
-    if (static_cast<size_t>(written) != bsrc.size()) return nullptr;
+    if (written < 0) return {};
+    if (static_cast<size_t>(written) != bsrc.size()) return {};
     return bio;
   }
   return nullptr;
@@ -202,7 +202,7 @@ unsigned long LoadCertsFromFile(  // NOLINT(runtime/int)
     const char* file) {
   MarkPopErrorOnReturn mark_pop_error_on_return;
 
-  BIOPointer bio(BIO_new_file(file, "r"));
+  auto bio = BIOPointer::NewFile(file, "r");
   if (!bio) return ERR_get_error();
 
   while (X509* x509 = PEM_read_bio_X509(
@@ -1015,7 +1015,7 @@ void SecureContext::SetSessionIdContext(
   BUF_MEM* mem;
   Local<String> message;
 
-  BIOPointer bio(BIO_new(BIO_s_mem()));
+  auto bio = BIOPointer::NewMem();
   if (!bio) {
     message = FIXED_ONE_BYTE_STRING(env->isolate(),
                                     "SSL_CTX_set_session_id_context error");

src/crypto/crypto_ec.cc

@@ -736,7 +736,7 @@ WebCryptoKeyExportStatus ECKeyExportTraits::DoExport(
         CHECK_EQ(1, EC_KEY_set_public_key(ec.get(), uncompressed.get()));
         EVPKeyPointer pkey(EVP_PKEY_new());
         CHECK_EQ(1, EVP_PKEY_set1_EC_KEY(pkey.get(), ec.get()));
-        BIOPointer bio(BIO_new(BIO_s_mem()));
+        auto bio = BIOPointer::NewMem();
         CHECK(bio);
         if (!i2d_PUBKEY_bio(bio.get(), pkey.get()))
           return WebCryptoKeyExportStatus::FAILED;

src/crypto/crypto_keys.cc

@@ -104,7 +104,7 @@ ParseKeyResult TryParsePublicKey(EVPKeyPointer* pkey,
 ParseKeyResult ParsePublicKeyPEM(EVPKeyPointer* pkey,
                                  const char* key_pem,
                                  int key_pem_len) {
-  BIOPointer bp(BIO_new_mem_buf(const_cast<char*>(key_pem), key_pem_len));
+  auto bp = BIOPointer::New(key_pem, key_pem_len);
   if (!bp)
     return ParseKeyResult::kParseKeyFailed;
 
@@ -218,7 +218,7 @@ ParseKeyResult ParsePrivateKey(EVPKeyPointer* pkey,
   const ByteSource* passphrase = config.passphrase_.get();
 
   if (config.format_ == kKeyFormatPEM) {
-    BIOPointer bio(BIO_new_mem_buf(key, key_len));
+    auto bio = BIOPointer::New(key, key_len);
     if (!bio)
       return ParseKeyResult::kParseKeyFailed;
 
@@ -233,7 +233,7 @@ ParseKeyResult ParsePrivateKey(EVPKeyPointer* pkey,
       const unsigned char* p = reinterpret_cast<const unsigned char*>(key);
       pkey->reset(d2i_PrivateKey(EVP_PKEY_RSA, nullptr, &p, key_len));
     } else if (config.type_.ToChecked() == kKeyEncodingPKCS8) {
-      BIOPointer bio(BIO_new_mem_buf(key, key_len));
+      auto bio = BIOPointer::New(key, key_len);
       if (!bio)
         return ParseKeyResult::kParseKeyFailed;
 
@@ -292,7 +292,7 @@ MaybeLocal<Value> BIOToStringOrBuffer(
 MaybeLocal<Value> WritePrivateKey(Environment* env,
                                   OSSL3_CONST EVP_PKEY* pkey,
                                   const PrivateKeyEncodingConfig& config) {
-  BIOPointer bio(BIO_new(BIO_s_mem()));
+  auto bio = BIOPointer::NewMem();
   CHECK(bio);
 
   // If an empty string was passed as the passphrase, the ByteSource might
@@ -422,7 +422,7 @@ bool WritePublicKeyInner(OSSL3_CONST EVP_PKEY* pkey,
 MaybeLocal<Value> WritePublicKey(Environment* env,
                                  OSSL3_CONST EVP_PKEY* pkey,
                                  const PublicKeyEncodingConfig& config) {
-  BIOPointer bio(BIO_new(BIO_s_mem()));
+  auto bio = BIOPointer::NewMem();
   CHECK(bio);
 
   if (!WritePublicKeyInner(pkey, bio, config)) {
@@ -1448,7 +1448,7 @@ WebCryptoKeyExportStatus PKEY_SPKI_Export(
   CHECK_EQ(key_data->GetKeyType(), kKeyTypePublic);
   ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
   Mutex::ScopedLock lock(*m_pkey.mutex());
-  BIOPointer bio(BIO_new(BIO_s_mem()));
+  auto bio = BIOPointer::NewMem();
   CHECK(bio);
   if (!i2d_PUBKEY_bio(bio.get(), m_pkey.get()))
     return WebCryptoKeyExportStatus::FAILED;
@@ -1464,7 +1464,7 @@ WebCryptoKeyExportStatus PKEY_PKCS8_Export(
   ManagedEVPPKey m_pkey = key_data->GetAsymmetricKey();
   Mutex::ScopedLock lock(*m_pkey.mutex());
 
-  BIOPointer bio(BIO_new(BIO_s_mem()));
+  auto bio = BIOPointer::NewMem();
   CHECK(bio);
   PKCS8Pointer p8inf(EVP_PKEY2PKCS8(m_pkey.get()));
   if (!i2d_PKCS8_PRIV_KEY_INFO_bio(bio.get(), p8inf.get()))

src/crypto/crypto_tls.cc

@@ -1244,7 +1244,7 @@ void TLSWrap::EnableTrace(const FunctionCallbackInfo<Value>& args) {
 
 #if HAVE_SSL_TRACE
   if (wrap->ssl_) {
-    wrap->bio_trace_.reset(BIO_new_fp(stderr,  BIO_NOCLOSE | BIO_FP_TEXT));
+    wrap->bio_trace_ = BIOPointer::NewFd(stderr, BIO_NOCLOSE | BIO_FP_TEXT);
     SSL_set_msg_callback(wrap->ssl_.get(), [](int write_p, int version, int
           content_type, const void* buf, size_t len, SSL* ssl, void* arg)
         -> void {

src/crypto/crypto_x509.cc

@@ -209,7 +209,7 @@ static void ReturnPropertyThroughBIO(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
   X509Certificate* cert;
   ASSIGN_OR_RETURN_UNWRAP(&cert, args.This());
-  BIOPointer bio(BIO_new(BIO_s_mem()));
+  auto bio = BIOPointer::NewMem();
   CHECK(bio);
   Local<Value> ret;
   if (Property(env, cert->get(), bio).ToLocal(&ret))
@@ -284,7 +284,7 @@ void X509Certificate::Pem(const FunctionCallbackInfo<Value>& args) {
   Environment* env = Environment::GetCurrent(args);
   X509Certificate* cert;
   ASSIGN_OR_RETURN_UNWRAP(&cert, args.This());
-  BIOPointer bio(BIO_new(BIO_s_mem()));
+  auto bio = BIOPointer::NewMem();
   CHECK(bio);
   if (PEM_write_bio_X509(bio.get(), cert->get()))
     args.GetReturnValue().Set(ToV8Value(env, bio));