Remove now unnecessary EnsureOpenSSLInit and CRYPTO_library_init calls
BoringSSL now initializes itself internally, so there is no need to
initialize it before calling into it. (In fact, CRYPTO_library_init is
now a no-op.)
Fixed: 348923058
Change-Id: I09a69c3d1f76f9ac3eb7c93bae225f188a008205
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/5650103
Reviewed-by: Brando Socarras <[email protected]>
Reviewed-by: Daniel Cheng <[email protected]>
Reviewed-by: Mark Rowe <[email protected]>
Reviewed-by: Colin Blundell <[email protected]>
Commit-Queue: David Benjamin <[email protected]>
Reviewed-by: Maks Orlovich <[email protected]>
Reviewed-by: Jon Mann <[email protected]>
Cr-Commit-Position: refs/heads/main@{#1321077}
diff --git a/base/hash/sha1_boringssl.cc b/base/hash/sha1_boringssl.cc
index 2b7a1d0..957ee47e 100644
--- a/base/hash/sha1_boringssl.cc
+++ b/base/hash/sha1_boringssl.cc
@@ -12,7 +12,6 @@
#include "base/containers/span.h"
#include "base/hash/sha1.h"
-#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/sha.h"
namespace base {
@@ -20,14 +19,12 @@
"SHA-1 digest length mismatch.");
SHA1Digest SHA1Hash(span<const uint8_t> data) {
- CRYPTO_library_init();
SHA1Digest digest;
SHA1(data.data(), data.size(), digest.data());
return digest;
}
std::string SHA1HashString(std::string_view str) {
- CRYPTO_library_init();
std::string digest(kSHA1Length, '\0');
SHA1(reinterpret_cast<const uint8_t*>(str.data()), str.size(),
reinterpret_cast<uint8_t*>(digest.data()));
diff --git a/base/rand_util_fuchsia.cc b/base/rand_util_fuchsia.cc
index cea0a17..4026dd8c 100644
--- a/base/rand_util_fuchsia.cc
+++ b/base/rand_util_fuchsia.cc
@@ -15,7 +15,6 @@
#include "base/containers/span.h"
#include "base/feature_list.h"
-#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/rand.h"
namespace base {
@@ -47,8 +46,6 @@
void RandBytes(span<uint8_t> output) {
if (internal::UseBoringSSLForRandBytes()) {
- // Ensure BoringSSL is initialized so it can use things like RDRAND.
- CRYPTO_library_init();
// BoringSSL's RAND_bytes always returns 1. Any error aborts the program.
(void)RAND_bytes(output.data(), output.size());
return;
diff --git a/base/rand_util_posix.cc b/base/rand_util_posix.cc
index d7dc274..00fcb85 100644
--- a/base/rand_util_posix.cc
+++ b/base/rand_util_posix.cc
@@ -37,7 +37,6 @@
#endif
#if !BUILDFLAG(IS_NACL)
-#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/rand.h"
#endif
@@ -185,8 +184,6 @@
#if !BUILDFLAG(IS_NACL)
// The BoringSSL experiment takes priority over everything else.
if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) {
- // Ensure BoringSSL is initialized so it can use things like RDRAND.
- CRYPTO_library_init();
// BoringSSL's RAND_bytes always returns 1. Any error aborts the program.
(void)RAND_bytes(output.data(), output.size());
return;
diff --git a/base/rand_util_win.cc b/base/rand_util_win.cc
index 6961e0ef..9c2ae83 100644
--- a/base/rand_util_win.cc
+++ b/base/rand_util_win.cc
@@ -20,7 +20,6 @@
#include "base/check.h"
#include "base/feature_list.h"
-#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/rand.h"
// Prototype for ProcessPrng.
@@ -72,8 +71,6 @@
void RandBytesInternal(span<uint8_t> output, bool avoid_allocation) {
if (!avoid_allocation && internal::UseBoringSSLForRandBytes()) {
- // Ensure BoringSSL is initialized so it can use things like RDRAND.
- CRYPTO_library_init();
// BoringSSL's RAND_bytes always returns 1. Any error aborts the program.
(void)RAND_bytes(output.data(), output.size());
return;
diff --git a/base/win/sid.cc b/base/win/sid.cc
index dd063382d..2f250ba 100644
--- a/base/win/sid.cc
+++ b/base/win/sid.cc
@@ -29,7 +29,6 @@
#include "base/win/scoped_handle.h"
#include "base/win/scoped_localalloc.h"
#include "base/win/windows_version.h"
-#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/sha.h"
namespace base::win {
@@ -131,7 +130,6 @@
if (known_cap != known_capabilities->end()) {
return FromKnownCapability(known_cap->second);
}
- CRYPTO_library_init();
static_assert((SHA256_DIGEST_LENGTH / sizeof(DWORD)) ==
SECURITY_APP_PACKAGE_RID_COUNT);
DWORD rids[(SHA256_DIGEST_LENGTH / sizeof(DWORD)) + 2];
diff --git a/chrome/browser/ash/attestation/soft_bind_attestation_flow_impl.cc b/chrome/browser/ash/attestation/soft_bind_attestation_flow_impl.cc
index 60c5093..061bd46 100644
--- a/chrome/browser/ash/attestation/soft_bind_attestation_flow_impl.cc
+++ b/chrome/browser/ash/attestation/soft_bind_attestation_flow_impl.cc
@@ -437,7 +437,6 @@
base::Time not_valid_before,
base::Time not_valid_after,
std::string* der_encoded_cert) {
- crypto::EnsureOpenSSLInit();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
bssl::ScopedCBB cbb;
diff --git a/chromeos/ash/services/quick_pair/fast_pair_data_parser.cc b/chromeos/ash/services/quick_pair/fast_pair_data_parser.cc
index 0c9e2cd..da567d5 100644
--- a/chromeos/ash/services/quick_pair/fast_pair_data_parser.cc
+++ b/chromeos/ash/services/quick_pair/fast_pair_data_parser.cc
@@ -19,7 +19,6 @@
#include "chromeos/ash/services/quick_pair/public/cpp/not_discoverable_advertisement.h"
#include "chromeos/ash/services/quick_pair/public/mojom/fast_pair_data_parser.mojom.h"
#include "components/cross_device/logging/logging.h"
-#include "crypto/openssl_util.h"
#include "device/bluetooth/public/cpp/bluetooth_address.h"
#include "mojo/public/cpp/bindings/pending_receiver.h"
@@ -146,9 +145,7 @@
FastPairDataParser::FastPairDataParser(
mojo::PendingReceiver<mojom::FastPairDataParser> receiver)
- : receiver_(this, std::move(receiver)) {
- crypto::EnsureOpenSSLInit();
-}
+ : receiver_(this, std::move(receiver)) {}
FastPairDataParser::~FastPairDataParser() = default;
diff --git a/components/reporting/encryption/primitives.cc b/components/reporting/encryption/primitives.cc
index e13c2e3..f6359dd 100644
--- a/components/reporting/encryption/primitives.cc
+++ b/components/reporting/encryption/primitives.cc
@@ -12,7 +12,6 @@
#include "base/check_op.h"
#include "crypto/aead.h"
-#include "crypto/openssl_util.h"
#include "third_party/boringssl/src/include/openssl/curve25519.h"
#include "third_party/boringssl/src/include/openssl/digest.h"
#include "third_party/boringssl/src/include/openssl/hkdf.h"
@@ -30,9 +29,6 @@
bool ComputeSharedSecret(const uint8_t peer_public_value[kKeySize],
uint8_t shared_secret[kKeySize],
uint8_t generated_public_value[kKeySize]) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
// Generate new pair of private key and public value.
uint8_t out_private_key[kKeySize];
X25519_keypair(generated_public_value, out_private_key);
@@ -48,9 +44,6 @@
bool ProduceSymmetricKey(const uint8_t shared_secret[kKeySize],
uint8_t symmetric_key[kKeySize]) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
// Produce symmetric key from shared secret using HKDF.
// Since the original keys were only used once, no salt and context is needed.
// Since the keys above are only used once, no salt and context is provided.
@@ -68,9 +61,6 @@
bool PerformSymmetricEncryption(const uint8_t symmetric_key[kKeySize],
std::string_view input_data,
std::string* output_data) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
// Encrypt the data with symmetric key using AEAD interface.
crypto::Aead aead(crypto::Aead::CHACHA20_POLY1305);
CHECK_EQ(aead.KeyLength(), kKeySize);
@@ -97,9 +87,6 @@
bool VerifySignature(const uint8_t verification_key[kKeySize],
std::string_view message,
const uint8_t signature[kSignatureSize]) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
// Verify message
if (1 != ED25519_verify(reinterpret_cast<const uint8_t*>(message.data()),
message.size(), signature, verification_key)) {
diff --git a/components/reporting/encryption/testing_primitives.cc b/components/reporting/encryption/testing_primitives.cc
index 195ea2e0..bfec4dad 100644
--- a/components/reporting/encryption/testing_primitives.cc
+++ b/components/reporting/encryption/testing_primitives.cc
@@ -11,7 +11,6 @@
#include "components/reporting/encryption/primitives.h"
#include "crypto/aead.h"
-#include "crypto/openssl_util.h"
#include "testing/gmock/include/gmock/gmock.h"
#include "testing/gtest/include/gtest/gtest.h"
#include "third_party/boringssl/src/include/openssl/curve25519.h"
@@ -28,27 +27,18 @@
void GenerateEncryptionKeyPair(uint8_t private_key[kKeySize],
uint8_t public_value[kKeySize]) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
X25519_keypair(public_value, private_key);
}
void RestoreSharedSecret(const uint8_t private_key[kKeySize],
const uint8_t peer_public_value[kKeySize],
uint8_t shared_secret[kKeySize]) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
ASSERT_TRUE(X25519(shared_secret, private_key, peer_public_value));
}
void PerformSymmetricDecryption(const uint8_t symmetric_key[kKeySize],
std::string_view input_data,
std::string* output_data) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
// Decrypt the data with symmetric key using AEAD interface.
crypto::Aead aead(crypto::Aead::CHACHA20_POLY1305);
CHECK_EQ(aead.KeyLength(), kKeySize);
@@ -68,18 +58,12 @@
void GenerateSigningKeyPair(uint8_t private_key[kSignKeySize],
uint8_t public_value[kKeySize]) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
ED25519_keypair(public_value, private_key);
}
void SignMessage(const uint8_t signing_key[kSignKeySize],
std::string_view message,
uint8_t signature[kSignatureSize]) {
- // Make sure OpenSSL is initialized, in order to avoid data races later.
- crypto::EnsureOpenSSLInit();
-
ASSERT_THAT(
ED25519_sign(signature, reinterpret_cast<const uint8_t*>(message.data()),
message.size(), signing_key),
diff --git a/components/webcrypto/algorithm_implementation.h b/components/webcrypto/algorithm_implementation.h
index 63738f4..7051512 100644
--- a/components/webcrypto/algorithm_implementation.h
+++ b/components/webcrypto/algorithm_implementation.h
@@ -38,10 +38,6 @@
// * The key usages have already been verified. In fact in the case of calls
// to Encrypt()/Decrypt() the corresponding key usages may not be present
// (when wrapping/unwrapping).
-//
-// An AlgorithmImplementation can also assume that crypto::EnsureOpenSSLInit()
-// will be called before any of its methods are invoked (except the
-// constructor).
class AlgorithmImplementation {
public:
virtual ~AlgorithmImplementation();
diff --git a/components/webcrypto/algorithm_registry.cc b/components/webcrypto/algorithm_registry.cc
index adb54962..50edb72 100644
--- a/components/webcrypto/algorithm_registry.cc
+++ b/components/webcrypto/algorithm_registry.cc
@@ -8,7 +8,6 @@
#include "components/webcrypto/algorithm_implementation.h"
#include "components/webcrypto/algorithm_implementations.h"
#include "components/webcrypto/status.h"
-#include "crypto/openssl_util.h"
namespace webcrypto {
@@ -32,9 +31,7 @@
hkdf_(CreateHkdfImplementation()),
pbkdf2_(CreatePbkdf2Implementation()),
ed25519_(CreateEd25519Implementation()),
- x25519_(CreateX25519Implementation()) {
- crypto::EnsureOpenSSLInit();
- }
+ x25519_(CreateX25519Implementation()) {}
const AlgorithmImplementation* GetAlgorithm(
blink::WebCryptoAlgorithmId id) const {
diff --git a/content/browser/interest_group/additional_bids_util_unittest.cc b/content/browser/interest_group/additional_bids_util_unittest.cc
index d270394..c133a5a1 100644
--- a/content/browser/interest_group/additional_bids_util_unittest.cc
+++ b/content/browser/interest_group/additional_bids_util_unittest.cc
@@ -28,7 +28,6 @@
#include "components/ukm/test_ukm_recorder.h"
#include "content/browser/interest_group/auction_metrics_recorder.h"
#include "content/services/auction_worklet/public/mojom/bidder_worklet.mojom-forward.h"
-#include "crypto/openssl_util.h"
#include "services/metrics/public/cpp/ukm_builders.h"
#include "services/metrics/public/cpp/ukm_source_id.h"
#include "testing/gmock/include/gmock/gmock-matchers.h"
@@ -63,8 +62,6 @@
// }
//
// TEST_F(AdditionalBidsUtilTest, GenerateKeyPair) {
-// crypto::EnsureOpenSSLInit();
-//
// uint8_t public_key[32];
// uint8_t private_key[64];
// ED25519_keypair(public_key, private_key);
@@ -1129,8 +1126,6 @@
TEST_F(AdditionalBidsUtilTest, VerifySignature) {
const int kKeys = 4;
- crypto::EnsureOpenSSLInit();
-
struct {
uint8_t public_key[32];
uint8_t private_key[64];
diff --git a/content/browser/sandbox_mac_unittest.mm b/content/browser/sandbox_mac_unittest.mm
index 3715ffe5..90578e5 100644
--- a/content/browser/sandbox_mac_unittest.mm
+++ b/content/browser/sandbox_mac_unittest.mm
@@ -26,7 +26,6 @@
#include "base/test/multiprocess_test.h"
#include "base/test/test_timeouts.h"
#include "content/browser/sandbox_parameters_mac.h"
-#include "crypto/openssl_util.h"
#include "ppapi/buildflags/buildflags.h"
#include "sandbox/mac/sandbox_compiler.h"
#include "sandbox/mac/seatbelt.h"
@@ -193,7 +192,6 @@
MULTIPROCESS_TEST_MAIN(SSLProcess) {
CheckCreateSeatbeltServer();
- crypto::EnsureOpenSSLInit();
// Ensure that RAND_bytes is functional within the sandbox.
uint8_t byte;
CHECK(RAND_bytes(&byte, 1) == 1);
diff --git a/crypto/aead.cc b/crypto/aead.cc
index dfadecf..933d94b3 100644
--- a/crypto/aead.cc
+++ b/crypto/aead.cc
@@ -10,14 +10,12 @@
#include "base/containers/span.h"
#include "base/numerics/checked_math.h"
-#include "crypto/openssl_util.h"
#include "third_party/boringssl/src/include/openssl/aes.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
namespace crypto {
Aead::Aead(AeadAlgorithm algorithm) {
- EnsureOpenSSLInit();
switch (algorithm) {
case AES_128_CTR_HMAC_SHA256:
aead_ = EVP_aead_aes_128_ctr_hmac_sha256();
diff --git a/crypto/ec_signature_creator_impl.cc b/crypto/ec_signature_creator_impl.cc
index 3129ef48..6eab8f4 100644
--- a/crypto/ec_signature_creator_impl.cc
+++ b/crypto/ec_signature_creator_impl.cc
@@ -17,10 +17,7 @@
namespace crypto {
-ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key)
- : key_(key) {
- EnsureOpenSSLInit();
-}
+ECSignatureCreatorImpl::ECSignatureCreatorImpl(ECPrivateKey* key) : key_(key) {}
ECSignatureCreatorImpl::~ECSignatureCreatorImpl() = default;
diff --git a/crypto/encryptor.cc b/crypto/encryptor.cc
index ade03b2..5b079ef 100644
--- a/crypto/encryptor.cc
+++ b/crypto/encryptor.cc
@@ -46,7 +46,6 @@
DCHECK(key);
DCHECK(mode == CBC || mode == CTR);
- EnsureOpenSSLInit();
if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
return false;
// CTR mode passes the starting counter separately, via SetCounter().
diff --git a/crypto/openssl_util.cc b/crypto/openssl_util.cc
index 04025a2..18a77a33 100644
--- a/crypto/openssl_util.cc
+++ b/crypto/openssl_util.cc
@@ -10,7 +10,6 @@
#include <string_view>
#include "base/logging.h"
-#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/err.h"
namespace crypto {
@@ -33,8 +32,6 @@
} // namespace
-void EnsureOpenSSLInit() {}
-
void ClearOpenSSLERRStack(const base::Location& location) {
if (DCHECK_IS_ON() && VLOG_IS_ON(1)) {
uint32_t error_num = ERR_peek_error();
diff --git a/crypto/openssl_util.h b/crypto/openssl_util.h
index 2c270dc..4b76ae3 100644
--- a/crypto/openssl_util.h
+++ b/crypto/openssl_util.h
@@ -56,12 +56,6 @@
unsigned char min_sized_buffer_[MIN_SIZE];
};
-// Deprecated. This function was historically needed to initialize BoringSSL,
-// but BoringSSL now initializes itself internally.
-//
-// TODO(crbug.com/348923058): Remove calls to this function.
-CRYPTO_EXPORT void EnsureOpenSSLInit();
-
// Drains the OpenSSL ERR_get_error stack. On a debug build the error codes
// are send to VLOG(1), on a release build they are disregarded. In most
// cases you should pass FROM_HERE as the |location|.
@@ -77,9 +71,7 @@
// messages. Note any diagnostic emitted will be tagged with the location of
// the constructor call as it's not possible to trace a destructor's callsite.
explicit OpenSSLErrStackTracer(const base::Location& location)
- : location_(location) {
- EnsureOpenSSLInit();
- }
+ : location_(location) {}
OpenSSLErrStackTracer(const OpenSSLErrStackTracer&) = delete;
OpenSSLErrStackTracer& operator=(const OpenSSLErrStackTracer&) = delete;
diff --git a/crypto/secure_hash.cc b/crypto/secure_hash.cc
index b1f26e1..6f81ebe8 100644
--- a/crypto/secure_hash.cc
+++ b/crypto/secure_hash.cc
@@ -19,12 +19,7 @@
class SecureHashSHA256 : public SecureHash {
public:
- SecureHashSHA256() {
- // Ensure that CPU features detection is performed before using
- // BoringSSL. This will enable hw accelerated implementations.
- EnsureOpenSSLInit();
- SHA256_Init(&ctx_);
- }
+ SecureHashSHA256() { SHA256_Init(&ctx_); }
SecureHashSHA256(const SecureHashSHA256& other) {
memcpy(&ctx_, &other.ctx_, sizeof(ctx_));
@@ -56,12 +51,7 @@
class SecureHashSHA512 : public SecureHash {
public:
- SecureHashSHA512() {
- // Ensure that CPU features detection is performed before using
- // BoringSSL. This will enable hw accelerated implementations.
- EnsureOpenSSLInit();
- SHA512_Init(&ctx_);
- }
+ SecureHashSHA512() { SHA512_Init(&ctx_); }
SecureHashSHA512(const SecureHashSHA512& other) {
memcpy(&ctx_, &other.ctx_, sizeof(ctx_));
diff --git a/media/cdm/aes_cbc_crypto.cc b/media/cdm/aes_cbc_crypto.cc
index 158a0c6..baaff286 100644
--- a/media/cdm/aes_cbc_crypto.cc
+++ b/media/cdm/aes_cbc_crypto.cc
@@ -9,7 +9,6 @@
#include "crypto/openssl_util.h"
#include "crypto/symmetric_key.h"
#include "third_party/boringssl/src/include/openssl/aes.h"
-#include "third_party/boringssl/src/include/openssl/crypto.h"
#include "third_party/boringssl/src/include/openssl/err.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
@@ -35,16 +34,8 @@
namespace media {
-AesCbcCrypto::AesCbcCrypto() {
- // Ensure the crypto library is initialized. CRYPTO_library_init may be
- // safely called concurrently.
- CRYPTO_library_init();
- EVP_CIPHER_CTX_init(&ctx_);
-}
-
-AesCbcCrypto::~AesCbcCrypto() {
- EVP_CIPHER_CTX_cleanup(&ctx_);
-}
+AesCbcCrypto::AesCbcCrypto() = default;
+AesCbcCrypto::~AesCbcCrypto() = default;
bool AesCbcCrypto::Initialize(const crypto::SymmetricKey& key,
base::span<const uint8_t> iv) {
@@ -64,12 +55,12 @@
return false;
}
- if (!EVP_DecryptInit_ex(&ctx_, cipher, nullptr, key_data, iv.data())) {
+ if (!EVP_DecryptInit_ex(ctx_.get(), cipher, nullptr, key_data, iv.data())) {
DVLOG(1) << "EVP_DecryptInit_ex() failed.";
return false;
}
- if (!EVP_CIPHER_CTX_set_padding(&ctx_, 0)) {
+ if (!EVP_CIPHER_CTX_set_padding(ctx_.get(), 0)) {
DVLOG(1) << "EVP_CIPHER_CTX_set_padding() failed.";
return false;
}
@@ -81,13 +72,14 @@
uint8_t* decrypted_data) {
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
- if (encrypted_data.size_bytes() % EVP_CIPHER_CTX_block_size(&ctx_) != 0) {
+ if (encrypted_data.size_bytes() % EVP_CIPHER_CTX_block_size(ctx_.get()) !=
+ 0) {
DVLOG(1) << "Encrypted bytes not a multiple of block size.";
return false;
}
int out_length;
- if (!EVP_DecryptUpdate(&ctx_, decrypted_data, &out_length,
+ if (!EVP_DecryptUpdate(ctx_.get(), decrypted_data, &out_length,
encrypted_data.data(), encrypted_data.size_bytes())) {
DVLOG(1) << "EVP_DecryptUpdate() failed.";
return false;
diff --git a/media/cdm/aes_cbc_crypto.h b/media/cdm/aes_cbc_crypto.h
index b4da960e..5b4fd270 100644
--- a/media/cdm/aes_cbc_crypto.h
+++ b/media/cdm/aes_cbc_crypto.h
@@ -44,7 +44,7 @@
uint8_t* decrypted_data);
private:
- EVP_CIPHER_CTX ctx_;
+ bssl::ScopedEVP_CIPHER_CTX ctx_;
};
} // namespace media
diff --git a/media/formats/mp2t/mp2t_stream_parser_unittest.cc b/media/formats/mp2t/mp2t_stream_parser_unittest.cc
index a800f12..98cf6e9 100644
--- a/media/formats/mp2t/mp2t_stream_parser_unittest.cc
+++ b/media/formats/mp2t/mp2t_stream_parser_unittest.cc
@@ -79,7 +79,6 @@
bool has_pattern) {
DCHECK(input);
EXPECT_EQ(input_size % 16, 0);
- crypto::EnsureOpenSSLInit();
std::string result;
const EVP_CIPHER* cipher = EVP_aes_128_cbc();
ScopedCipherCTX ctx;
diff --git a/net/cert/x509_util.cc b/net/cert/x509_util.cc
index f0805098..521f0ee 100644
--- a/net/cert/x509_util.cc
+++ b/net/cert/x509_util.cc
@@ -15,7 +15,6 @@
#include <memory>
#include <string_view>
-#include "base/lazy_instance.h"
#include "base/logging.h"
#include "base/memory/raw_ptr.h"
#include "base/notreached.h"
@@ -98,24 +97,6 @@
return nullptr;
}
-class BufferPoolSingleton {
- public:
- BufferPoolSingleton() {
- crypto::EnsureOpenSSLInit();
-
- pool_ = CRYPTO_BUFFER_POOL_new();
- }
-
- CRYPTO_BUFFER_POOL* pool() { return pool_; }
-
- private:
- // The singleton is leaky, so there is no need to use a smart pointer.
- raw_ptr<CRYPTO_BUFFER_POOL> pool_;
-};
-
-base::LazyInstance<BufferPoolSingleton>::Leaky g_buffer_pool_singleton =
- LAZY_INSTANCE_INITIALIZER;
-
} // namespace
// Adds an X.509 Name with the specified distinguished name to |cbb|.
@@ -347,7 +328,6 @@
std::string_view issuer,
EVP_PKEY* issuer_key,
std::string* der_encoded) {
- crypto::EnsureOpenSSLInit();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
// See RFC 5280, section 4.1. First, construct the TBSCertificate.
@@ -449,7 +429,8 @@
}
CRYPTO_BUFFER_POOL* GetBufferPool() {
- return g_buffer_pool_singleton.Get().pool();
+ static CRYPTO_BUFFER_POOL* const kSharedPool = CRYPTO_BUFFER_POOL_new();
+ return kSharedPool;
}
bssl::UniquePtr<CRYPTO_BUFFER> CreateCryptoBuffer(
@@ -510,7 +491,6 @@
bool CreateCertBuffersFromPKCS7Bytes(
base::span<const uint8_t> data,
std::vector<bssl::UniquePtr<CRYPTO_BUFFER>>* handles) {
- crypto::EnsureOpenSSLInit();
crypto::OpenSSLErrStackTracer err_cleaner(FROM_HERE);
CBS der_data;
diff --git a/net/http/transport_security_state_unittest.cc b/net/http/transport_security_state_unittest.cc
index cddd69f..f62328d 100644
--- a/net/http/transport_security_state_unittest.cc
+++ b/net/http/transport_security_state_unittest.cc
@@ -33,7 +33,6 @@
#include "base/time/time.h"
#include "base/values.h"
#include "build/build_config.h"
-#include "crypto/openssl_util.h"
#include "crypto/sha2.h"
#include "net/base/features.h"
#include "net/base/hash_value.h"
@@ -140,8 +139,6 @@
SetTransportSecurityStateSourceForTesting(nullptr);
}
- void SetUp() override { crypto::EnsureOpenSSLInit(); }
-
static void DisableStaticPins(TransportSecurityState* state) {
state->enable_static_pins_ = false;
}
diff --git a/net/quic/crypto/proof_source_chromium.cc b/net/quic/crypto/proof_source_chromium.cc
index 0cdfb9ed..3cd5870 100644
--- a/net/quic/crypto/proof_source_chromium.cc
+++ b/net/quic/crypto/proof_source_chromium.cc
@@ -28,8 +28,6 @@
bool ProofSourceChromium::Initialize(const base::FilePath& cert_path,
const base::FilePath& key_path,
const base::FilePath& sct_path) {
- crypto::EnsureOpenSSLInit();
-
std::string cert_data;
if (!base::ReadFileToString(cert_path, &cert_data)) {
DLOG(FATAL) << "Unable to read certificates.";
diff --git a/net/socket/ssl_client_socket_impl.cc b/net/socket/ssl_client_socket_impl.cc
index 623c7b5e..961dca5 100644
--- a/net/socket/ssl_client_socket_impl.cc
+++ b/net/socket/ssl_client_socket_impl.cc
@@ -193,7 +193,6 @@
friend struct base::DefaultSingletonTraits<SSLContext>;
SSLContext() {
- crypto::EnsureOpenSSLInit();
ssl_socket_data_index_ =
SSL_get_ex_new_index(0, nullptr, nullptr, nullptr, nullptr);
DCHECK_NE(ssl_socket_data_index_, -1);
diff --git a/net/socket/ssl_server_socket_impl.cc b/net/socket/ssl_server_socket_impl.cc
index d47f345..6e866064 100644
--- a/net/socket/ssl_server_socket_impl.cc
+++ b/net/socket/ssl_server_socket_impl.cc
@@ -943,7 +943,6 @@
}
void SSLServerContextImpl::Init() {
- crypto::EnsureOpenSSLInit();
ssl_ctx_.reset(SSL_CTX_new(TLS_with_buffers_method()));
SSL_CTX_set_session_cache_mode(ssl_ctx_.get(), SSL_SESS_CACHE_SERVER);
uint8_t session_ctx_id = 0;
diff --git a/net/ssl/openssl_ssl_util.cc b/net/ssl/openssl_ssl_util.cc
index 76639ed9..aa9e794 100644
--- a/net/ssl/openssl_ssl_util.cc
+++ b/net/ssl/openssl_ssl_util.cc
@@ -37,8 +37,6 @@
class OpenSSLNetErrorLibSingleton {
public:
OpenSSLNetErrorLibSingleton() {
- crypto::EnsureOpenSSLInit();
-
// Allocate a new error library value for inserting net errors into
// OpenSSL. This does not register any ERR_STRING_DATA for the errors, so
// stringifying error codes through OpenSSL will return NULL.
diff --git a/net/test/cert_builder.cc b/net/test/cert_builder.cc
index 0b0aa70..b19ffe6 100644
--- a/net/test/cert_builder.cc
+++ b/net/test/cert_builder.cc
@@ -26,7 +26,6 @@
#include "base/strings/string_util.h"
#include "base/time/time.h"
#include "crypto/ec_private_key.h"
-#include "crypto/openssl_util.h"
#include "crypto/rsa_private_key.h"
#include "crypto/sha2.h"
#include "net/cert/asn1_util.h"
@@ -1089,7 +1088,6 @@
if (!issuer_)
issuer_ = this;
- crypto::EnsureOpenSSLInit();
if (orig_cert)
InitFromCert(
bssl::der::Input(x509_util::CryptoBufferAsStringPiece(orig_cert)));
diff --git a/net/tools/root_store_tool/root_store_tool.cc b/net/tools/root_store_tool/root_store_tool.cc
index fa1eb69..f0e258b 100644
--- a/net/tools/root_store_tool/root_store_tool.cc
+++ b/net/tools/root_store_tool/root_store_tool.cc
@@ -31,7 +31,6 @@
#include "base/strings/stringprintf.h"
#include "base/strings/utf_string_conversions.h"
#include "build/build_config.h"
-#include "crypto/openssl_util.h"
#include "crypto/sha2.h"
#include "net/cert/root_store_proto_full/root_store.pb.h"
#include "third_party/boringssl/src/include/openssl/bio.h"
@@ -338,8 +337,6 @@
logging::LOG_TO_SYSTEM_DEBUG_LOG | logging::LOG_TO_STDERR;
logging::InitLogging(settings);
- crypto::EnsureOpenSSLInit();
-
base::CommandLine& command_line = *base::CommandLine::ForCurrentProcess();
base::FilePath proto_path = command_line.GetSwitchValuePath("write-proto");
base::FilePath root_store_cpp_path =
diff --git a/net/tools/transport_security_state_generator/transport_security_state_generator.cc b/net/tools/transport_security_state_generator/transport_security_state_generator.cc
index 1332a27..4360cb8b 100644
--- a/net/tools/transport_security_state_generator/transport_security_state_generator.cc
+++ b/net/tools/transport_security_state_generator/transport_security_state_generator.cc
@@ -21,7 +21,6 @@
#include "base/strings/utf_string_conversions.h"
#include "base/time/time.h"
#include "build/build_config.h"
-#include "crypto/openssl_util.h"
#include "net/tools/transport_security_state_generator/input_file_parsers.h"
#include "net/tools/transport_security_state_generator/pinsets.h"
#include "net/tools/transport_security_state_generator/preloaded_state_generator.h"
@@ -193,8 +192,6 @@
} // namespace
int main(int argc, char* argv[]) {
- crypto::EnsureOpenSSLInit();
-
base::AtExitManager at_exit_manager;
base::CommandLine::Init(argc, argv);
const base::CommandLine& command_line =
diff --git a/services/network/network_service.cc b/services/network/network_service.cc
index ad00490..d2f76cd 100644
--- a/services/network/network_service.cc
+++ b/services/network/network_service.cc
@@ -95,7 +95,6 @@
#include "services/network/url_loader.h"
#if BUILDFLAG(IS_ANDROID) && defined(ARCH_CPU_ARMEL)
-#include "crypto/openssl_util.h"
#include "third_party/boringssl/src/include/openssl/cpu.h"
#endif
@@ -391,9 +390,6 @@
initialized_ = true;
#if BUILDFLAG(IS_ANDROID) && defined(ARCH_CPU_ARMEL)
- // Make sure OpenSSL is initialized before using it to histogram data.
- crypto::EnsureOpenSSLInit();
-
// Measure Android kernels with missing AT_HWCAP2 auxv fields. See
// https://crbug.com/boringssl/46.
UMA_HISTOGRAM_BOOLEAN("Net.NeedsHWCAP2Workaround",
diff --git a/third_party/blink/renderer/platform/crypto.cc b/third_party/blink/renderer/platform/crypto.cc
index aac12cbb..f25bc80 100644
--- a/third_party/blink/renderer/platform/crypto.cc
+++ b/third_party/blink/renderer/platform/crypto.cc
@@ -12,7 +12,6 @@
namespace blink {
Digestor::Digestor(HashAlgorithm algorithm) {
- crypto::EnsureOpenSSLInit();
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
const EVP_MD* evp_md = nullptr;
