PlatformECKey should use a std::unique_ptr
authorddkilzer@apple.com <ddkilzer@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 7 Jan 2019 20:30:10 +0000 (20:30 +0000)
committerddkilzer@apple.com <ddkilzer@apple.com@268f45cc-cd09-0410-ab3c-d52691b4dbfc>
Mon, 7 Jan 2019 20:30:10 +0000 (20:30 +0000)
<https://webkit.org/b/193170>

Reviewed by Brent Fulgham.

Broadly:
- Switch from using raw pointers to using std::unique_ptr<> to
  hold PlatformECKey.
- Introduce PlatformECKeyContainer type to handle different
  std::unique_ptr<> types on each platform.
- Get rid of custom CryptoKeyEC destructors since the
  std::unique_ptr<> handles that with a Deleter.
- Initialize stack variables to nullptr.

* crypto/gcrypt/CryptoKeyECGCrypt.cpp:
(WebCore::CryptoKeyEC::keySizeInBits const):
(WebCore::CryptoKeyEC::platformGeneratePair):
(WebCore::CryptoKeyEC::platformImportRaw):
(WebCore::CryptoKeyEC::platformImportJWKPublic):
(WebCore::CryptoKeyEC::platformImportJWKPrivate):
(WebCore::CryptoKeyEC::platformImportSpki):
(WebCore::CryptoKeyEC::platformImportPkcs8):
(WebCore::CryptoKeyEC::platformExportRaw const):
(WebCore::CryptoKeyEC::platformAddFieldElements const):
(WebCore::CryptoKeyEC::platformExportSpki const):
(WebCore::CryptoKeyEC::platformExportPkcs8 const):
(WebCore::CryptoKeyEC::~CryptoKeyEC): Deleted.
* crypto/keys/CryptoKeyEC.cpp:
(WebCore::CryptoKeyEC::CryptoKeyEC):
* crypto/keys/CryptoKeyEC.h:
(WebCore::CCECCryptorRefDeleter::operator() const):
* crypto/mac/CryptoKeyECMac.cpp:
(WebCore::CryptoKeyEC::keySizeInBits const):
(WebCore::CryptoKeyEC::platformGeneratePair):
(WebCore::CryptoKeyEC::platformImportRaw):
(WebCore::CryptoKeyEC::platformExportRaw const):
(WebCore::CryptoKeyEC::platformImportJWKPublic):
(WebCore::CryptoKeyEC::platformImportJWKPrivate):
(WebCore::CryptoKeyEC::platformAddFieldElements const):
(WebCore::CryptoKeyEC::platformImportSpki):
(WebCore::CryptoKeyEC::platformExportSpki const):
(WebCore::CryptoKeyEC::platformImportPkcs8):
(WebCore::CryptoKeyEC::platformExportPkcs8 const):
(WebCore::CryptoKeyEC::~CryptoKeyEC): Deleted.

git-svn-id: https://svn.webkit.org/repository/webkit/trunk@239692 268f45cc-cd09-0410-ab3c-d52691b4dbfc

Source/WebCore/ChangeLog
Source/WebCore/crypto/gcrypt/CryptoKeyECGCrypt.cpp
Source/WebCore/crypto/keys/CryptoKeyEC.cpp
Source/WebCore/crypto/keys/CryptoKeyEC.h
Source/WebCore/crypto/mac/CryptoKeyECMac.cpp

index b6677d6..7f29aa7 100644 (file)
@@ -1,3 +1,50 @@
+2019-01-07  David Kilzer  <ddkilzer@apple.com>
+
+        PlatformECKey should use a std::unique_ptr
+        <https://webkit.org/b/193170>
+
+        Reviewed by Brent Fulgham.
+
+        Broadly:
+        - Switch from using raw pointers to using std::unique_ptr<> to
+          hold PlatformECKey.
+        - Introduce PlatformECKeyContainer type to handle different
+          std::unique_ptr<> types on each platform.
+        - Get rid of custom CryptoKeyEC destructors since the
+          std::unique_ptr<> handles that with a Deleter.
+        - Initialize stack variables to nullptr.
+
+        * crypto/gcrypt/CryptoKeyECGCrypt.cpp:
+        (WebCore::CryptoKeyEC::keySizeInBits const):
+        (WebCore::CryptoKeyEC::platformGeneratePair):
+        (WebCore::CryptoKeyEC::platformImportRaw):
+        (WebCore::CryptoKeyEC::platformImportJWKPublic):
+        (WebCore::CryptoKeyEC::platformImportJWKPrivate):
+        (WebCore::CryptoKeyEC::platformImportSpki):
+        (WebCore::CryptoKeyEC::platformImportPkcs8):
+        (WebCore::CryptoKeyEC::platformExportRaw const):
+        (WebCore::CryptoKeyEC::platformAddFieldElements const):
+        (WebCore::CryptoKeyEC::platformExportSpki const):
+        (WebCore::CryptoKeyEC::platformExportPkcs8 const):
+        (WebCore::CryptoKeyEC::~CryptoKeyEC): Deleted.
+        * crypto/keys/CryptoKeyEC.cpp:
+        (WebCore::CryptoKeyEC::CryptoKeyEC):
+        * crypto/keys/CryptoKeyEC.h:
+        (WebCore::CCECCryptorRefDeleter::operator() const):
+        * crypto/mac/CryptoKeyECMac.cpp:
+        (WebCore::CryptoKeyEC::keySizeInBits const):
+        (WebCore::CryptoKeyEC::platformGeneratePair):
+        (WebCore::CryptoKeyEC::platformImportRaw):
+        (WebCore::CryptoKeyEC::platformExportRaw const):
+        (WebCore::CryptoKeyEC::platformImportJWKPublic):
+        (WebCore::CryptoKeyEC::platformImportJWKPrivate):
+        (WebCore::CryptoKeyEC::platformAddFieldElements const):
+        (WebCore::CryptoKeyEC::platformImportSpki):
+        (WebCore::CryptoKeyEC::platformExportSpki const):
+        (WebCore::CryptoKeyEC::platformImportPkcs8):
+        (WebCore::CryptoKeyEC::platformExportPkcs8 const):
+        (WebCore::CryptoKeyEC::~CryptoKeyEC): Deleted.
+
 2019-01-07  Antti Koivisto  <antti@apple.com>
 
         UI process side scrollbars for UI side compositing on Mac
index e862b3a..f749808 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -31,7 +31,6 @@
 #include "CryptoKeyPair.h"
 #include "GCryptUtilities.h"
 #include "JsonWebKey.h"
-#include <pal/crypto/gcrypt/Handle.h>
 #include <pal/crypto/gcrypt/Utilities.h>
 #include <pal/crypto/tasn1/Utilities.h>
 #include <wtf/text/Base64.h>
@@ -103,16 +102,10 @@ static unsigned curveUncompressedPointSize(CryptoKeyEC::NamedCurve curve)
     return 2 * curveUncompressedFieldElementSize(curve) + 1;
 }
 
-CryptoKeyEC::~CryptoKeyEC()
-{
-    if (m_platformKey)
-        PAL::GCrypt::HandleDeleter<gcry_sexp_t>()(m_platformKey);
-}
-
 size_t CryptoKeyEC::keySizeInBits() const
 {
     size_t size = curveSize(m_curve);
-    ASSERT(size == gcry_pk_get_nbits(m_platformKey));
+    ASSERT(size == gcry_pk_get_nbits(m_platformKey.get()));
     return size;
 }
 
@@ -142,8 +135,8 @@ Optional<CryptoKeyPair> CryptoKeyEC::platformGeneratePair(CryptoAlgorithmIdentif
     if (!publicKeySexp || !privateKeySexp)
         return WTF::nullopt;
 
-    auto publicKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Public, publicKeySexp.release(), true, usages);
-    auto privateKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Private, privateKeySexp.release(), extractable, usages);
+    auto publicKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Public, PlatformECKeyContainer(publicKeySexp.release()), true, usages);
+    auto privateKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Private, PlatformECKeyContainer(privateKeySexp.release()), extractable, usages);
     return CryptoKeyPair { WTFMove(publicKey), WTFMove(privateKey) };
 }
 
@@ -160,7 +153,7 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportRaw(CryptoAlgorithmIdentifier ide
         return nullptr;
     }
 
-    return create(identifier, curve, CryptoKeyType::Public, platformKey.release(), extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Public, PlatformECKeyContainer(platformKey.release()), extractable, usages);
 }
 
 RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportJWKPublic(CryptoAlgorithmIdentifier identifier, NamedCurve curve, Vector<uint8_t>&& x, Vector<uint8_t>&& y, bool extractable, CryptoKeyUsageBitmap usages)
@@ -184,7 +177,7 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportJWKPublic(CryptoAlgorithmIdentifi
         return nullptr;
     }
 
-    return create(identifier, curve, CryptoKeyType::Public, platformKey.release(), extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Public, PlatformECKeyContainer(platformKey.release()), extractable, usages);
 }
 
 RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportJWKPrivate(CryptoAlgorithmIdentifier identifier, NamedCurve curve, Vector<uint8_t>&& x, Vector<uint8_t>&& y, Vector<uint8_t>&& d, bool extractable, CryptoKeyUsageBitmap usages)
@@ -208,7 +201,7 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportJWKPrivate(CryptoAlgorithmIdentif
         return nullptr;
     }
 
-    return create(identifier, curve, CryptoKeyType::Private, platformKey.release(), extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Private, PlatformECKeyContainer(platformKey.release()), extractable, usages);
 }
 
 static bool supportedAlgorithmIdentifier(CryptoAlgorithmIdentifier keyIdentifier, const Vector<uint8_t>& identifier)
@@ -345,7 +338,7 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier id
     }
 
     // Finally create a new CryptoKeyEC object, transferring to it ownership of the `public-key` s-expression.
-    return create(identifier, curve, CryptoKeyType::Public, platformKey.release(), extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Public, PlatformECKeyContainer(platformKey.release()), extractable, usages);
 }
 
 RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportPkcs8(CryptoAlgorithmIdentifier identifier, NamedCurve curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap usages)
@@ -490,13 +483,13 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportPkcs8(CryptoAlgorithmIdentifier i
             return nullptr;
     }
 
-    return create(identifier, curve, CryptoKeyType::Private, platformKey.release(), extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Private, PlatformECKeyContainer(platformKey.release()), extractable, usages);
 }
 
 Vector<uint8_t> CryptoKeyEC::platformExportRaw() const
 {
     PAL::GCrypt::Handle<gcry_ctx_t> context;
-    gcry_error_t error = gcry_mpi_ec_new(&context, m_platformKey, nullptr);
+    gcry_error_t error = gcry_mpi_ec_new(&context, m_platformKey.get(), nullptr);
     if (error != GPG_ERR_NO_ERROR) {
         PAL::GCrypt::logError(error);
         return { };
@@ -516,7 +509,7 @@ Vector<uint8_t> CryptoKeyEC::platformExportRaw() const
 bool CryptoKeyEC::platformAddFieldElements(JsonWebKey& jwk) const
 {
     PAL::GCrypt::Handle<gcry_ctx_t> context;
-    gcry_error_t error = gcry_mpi_ec_new(&context, m_platformKey, nullptr);
+    gcry_error_t error = gcry_mpi_ec_new(&context, m_platformKey.get(), nullptr);
     if (error != GPG_ERR_NO_ERROR) {
         PAL::GCrypt::logError(error);
         return false;
@@ -595,7 +588,7 @@ Vector<uint8_t> CryptoKeyEC::platformExportSpki() const
         }
 
         // Retrieve the `q` s-expression, which should contain the public key data.
-        PAL::GCrypt::Handle<gcry_sexp_t> qSexp(gcry_sexp_find_token(m_platformKey, "q", 0));
+        PAL::GCrypt::Handle<gcry_sexp_t> qSexp(gcry_sexp_find_token(m_platformKey.get(), "q", 0));
         if (!qSexp)
             return { };
 
@@ -649,7 +642,7 @@ Vector<uint8_t> CryptoKeyEC::platformExportPkcs8() const
 
         // Construct the EC context that we'll use to retrieve private and public key data.
         PAL::GCrypt::Handle<gcry_ctx_t> context;
-        gcry_error_t error = gcry_mpi_ec_new(&context, m_platformKey, nullptr);
+        gcry_error_t error = gcry_mpi_ec_new(&context, m_platformKey.get(), nullptr);
         if (error != GPG_ERR_NO_ERROR)
             return { };
 
index 369b97f..7ea4132 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -50,9 +50,9 @@ static Optional<CryptoKeyEC::NamedCurve> toNamedCurve(const String& curve)
     return WTF::nullopt;
 }
 
-CryptoKeyEC::CryptoKeyEC(CryptoAlgorithmIdentifier identifier, NamedCurve curve, CryptoKeyType type, PlatformECKey platformKey, bool extractable, CryptoKeyUsageBitmap usages)
+CryptoKeyEC::CryptoKeyEC(CryptoAlgorithmIdentifier identifier, NamedCurve curve, CryptoKeyType type, PlatformECKeyContainer&& platformKey, bool extractable, CryptoKeyUsageBitmap usages)
     : CryptoKey(identifier, type, extractable, usages)
-    , m_platformKey(platformKey)
+    , m_platformKey(WTFMove(platformKey))
     , m_curve(curve)
 {
     // Only CryptoKeyEC objects for supported curves should be created.
index 42004e7..4203da6 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
 #if ENABLE(WEB_CRYPTO)
 
 #if OS(DARWIN) && !PLATFORM(GTK)
-typedef struct _CCECCryptor *CCECCryptorRef;
+#include "CommonCryptoUtilities.h"
+
 typedef CCECCryptorRef PlatformECKey;
+namespace WebCore {
+struct CCECCryptorRefDeleter {
+    void operator()(CCECCryptorRef key) const { CCECCryptorRelease(key); }
+};
+}
+typedef std::unique_ptr<typename std::remove_pointer<CCECCryptorRef>::type, WebCore::CCECCryptorRefDeleter> PlatformECKeyContainer;
 #endif
 
 #if PLATFORM(GTK) || PLATFORM(WPE)
-// gcry_sexp* equates gcry_sexp_t.
-struct gcry_sexp;
-typedef gcry_sexp* PlatformECKey;
+#include <pal/crypto/gcrypt/Handle.h>
+
+typedef gcry_sexp_t PlatformECKey;
+typedef std::unique_ptr<typename std::remove_pointer<gcry_sexp_t>::type, PAL::GCrypt::HandleDeleter<gcry_sexp_t>> PlatformECKeyContainer;
 #endif
 
 
@@ -55,11 +63,11 @@ public:
         P521,
     };
 
-    static Ref<CryptoKeyEC> create(CryptoAlgorithmIdentifier identifier, NamedCurve curve, CryptoKeyType type, PlatformECKey platformKey, bool extractable, CryptoKeyUsageBitmap usages)
+    static Ref<CryptoKeyEC> create(CryptoAlgorithmIdentifier identifier, NamedCurve curve, CryptoKeyType type, PlatformECKeyContainer&& platformKey, bool extractable, CryptoKeyUsageBitmap usages)
     {
-        return adoptRef(*new CryptoKeyEC(identifier, curve, type, platformKey, extractable, usages));
+        return adoptRef(*new CryptoKeyEC(identifier, curve, type, WTFMove(platformKey), extractable, usages));
     }
-    virtual ~CryptoKeyEC();
+    virtual ~CryptoKeyEC() = default;
 
     static ExceptionOr<CryptoKeyPair> generatePair(CryptoAlgorithmIdentifier, const String& curve, bool extractable, CryptoKeyUsageBitmap);
     static RefPtr<CryptoKeyEC> importRaw(CryptoAlgorithmIdentifier, const String& curve, Vector<uint8_t>&& keyData, bool extractable, CryptoKeyUsageBitmap);
@@ -75,11 +83,11 @@ public:
     size_t keySizeInBits() const;
     NamedCurve namedCurve() const { return m_curve; }
     String namedCurveString() const;
-    PlatformECKey platformKey() const { return m_platformKey; }
+    PlatformECKey platformKey() const { return m_platformKey.get(); }
     static bool isValidECAlgorithm(CryptoAlgorithmIdentifier);
 
 private:
-    CryptoKeyEC(CryptoAlgorithmIdentifier, NamedCurve, CryptoKeyType, PlatformECKey, bool extractable, CryptoKeyUsageBitmap);
+    CryptoKeyEC(CryptoAlgorithmIdentifier, NamedCurve, CryptoKeyType, PlatformECKeyContainer&&, bool extractable, CryptoKeyUsageBitmap);
 
     CryptoKeyClass keyClass() const final { return CryptoKeyClass::EC; }
 
@@ -97,7 +105,7 @@ private:
     Vector<uint8_t> platformExportSpki() const;
     Vector<uint8_t> platformExportPkcs8() const;
 
-    PlatformECKey m_platformKey;
+    PlatformECKeyContainer m_platformKey;
     NamedCurve m_curve;
 };
 
index 3960b74..445df19 100644 (file)
@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017-2019 Apple Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions
@@ -29,7 +29,6 @@
 #if ENABLE(WEB_CRYPTO)
 
 #include "CommonCryptoDERUtilities.h"
-#include "CommonCryptoUtilities.h"
 #include "JsonWebKey.h"
 #include <wtf/text/Base64.h>
 
@@ -95,14 +94,9 @@ static size_t getKeySizeFromNamedCurve(CryptoKeyEC::NamedCurve curve)
     return 0;
 }
 
-CryptoKeyEC::~CryptoKeyEC()
-{
-    CCECCryptorRelease(m_platformKey);
-}
-
 size_t CryptoKeyEC::keySizeInBits() const
 {
-    int result = CCECGetKeySize(m_platformKey);
+    int result = CCECGetKeySize(m_platformKey.get());
     return result ? result : 0;
 }
 
@@ -114,13 +108,13 @@ bool CryptoKeyEC::platformSupportedCurve(NamedCurve curve)
 Optional<CryptoKeyPair> CryptoKeyEC::platformGeneratePair(CryptoAlgorithmIdentifier identifier, NamedCurve curve, bool extractable, CryptoKeyUsageBitmap usages)
 {
     size_t size = getKeySizeFromNamedCurve(curve);
-    CCECCryptorRef ccPublicKey;
-    CCECCryptorRef ccPrivateKey;
+    CCECCryptorRef ccPublicKey = nullptr;
+    CCECCryptorRef ccPrivateKey = nullptr;
     if (CCECCryptorGeneratePair(size, &ccPublicKey, &ccPrivateKey))
         return WTF::nullopt;
 
-    auto publicKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Public, ccPublicKey, true, usages);
-    auto privateKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Private, ccPrivateKey, extractable, usages);
+    auto publicKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Public, PlatformECKeyContainer(ccPublicKey), true, usages);
+    auto privateKey = CryptoKeyEC::create(identifier, curve, CryptoKeyType::Private, PlatformECKeyContainer(ccPrivateKey), extractable, usages);
     return CryptoKeyPair { WTFMove(publicKey), WTFMove(privateKey) };
 }
 
@@ -129,11 +123,11 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportRaw(CryptoAlgorithmIdentifier ide
     if (!doesUncompressedPointMatchNamedCurve(curve, keyData.size()))
         return nullptr;
 
-    CCECCryptorRef ccPublicKey;
+    CCECCryptorRef ccPublicKey = nullptr;
     if (CCECCryptorImportKey(kCCImportKeyBinary, keyData.data(), keyData.size(), ccECKeyPublic, &ccPublicKey))
         return nullptr;
 
-    return create(identifier, curve, CryptoKeyType::Public, ccPublicKey, extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Public, PlatformECKeyContainer(ccPublicKey), extractable, usages);
 }
 
 Vector<uint8_t> CryptoKeyEC::platformExportRaw() const
@@ -141,7 +135,7 @@ Vector<uint8_t> CryptoKeyEC::platformExportRaw() const
     size_t expectedSize = keySizeInBits() / 4 + 1; // Per Section 2.3.4 of http://www.secg.org/sec1-v2.pdf
     Vector<uint8_t> result(expectedSize);
     size_t size = result.size();
-    if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, result.data(), &size, ccECKeyPublic, m_platformKey) || size != expectedSize))
+    if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, result.data(), &size, ccECKeyPublic, m_platformKey.get()) || size != expectedSize))
         return { };
     return result;
 }
@@ -152,11 +146,11 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportJWKPublic(CryptoAlgorithmIdentifi
         return nullptr;
 
     size_t size = getKeySizeFromNamedCurve(curve);
-    CCECCryptorRef ccPublicKey;
+    CCECCryptorRef ccPublicKey = nullptr;
     if (CCECCryptorCreateFromData(size, x.data(), x.size(), y.data(), y.size(), &ccPublicKey))
         return nullptr;
 
-    return create(identifier, curve, CryptoKeyType::Public, ccPublicKey, extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Public, PlatformECKeyContainer(ccPublicKey), extractable, usages);
 }
 
 RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportJWKPrivate(CryptoAlgorithmIdentifier identifier, NamedCurve curve, Vector<uint8_t>&& x, Vector<uint8_t>&& y, Vector<uint8_t>&& d, bool extractable, CryptoKeyUsageBitmap usages)
@@ -172,11 +166,11 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportJWKPrivate(CryptoAlgorithmIdentif
     binaryInput.appendVector(y);
     binaryInput.appendVector(d);
 
-    CCECCryptorRef ccPrivateKey;
+    CCECCryptorRef ccPrivateKey = nullptr;
     if (CCECCryptorImportKey(kCCImportKeyBinary, binaryInput.data(), binaryInput.size(), ccECKeyPrivate, &ccPrivateKey))
         return nullptr;
 
-    return create(identifier, curve, CryptoKeyType::Private, ccPrivateKey, extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Private, PlatformECKeyContainer(ccPrivateKey), extractable, usages);
 }
 
 bool CryptoKeyEC::platformAddFieldElements(JsonWebKey& jwk) const
@@ -189,11 +183,11 @@ bool CryptoKeyEC::platformAddFieldElements(JsonWebKey& jwk) const
     size_t size = result.size();
     switch (type()) {
     case CryptoKeyType::Public:
-        if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, result.data(), &size, ccECKeyPublic, m_platformKey)))
+        if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, result.data(), &size, ccECKeyPublic, m_platformKey.get())))
             return false;
         break;
     case CryptoKeyType::Private:
-        if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, result.data(), &size, ccECKeyPrivate, m_platformKey)))
+        if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, result.data(), &size, ccECKeyPrivate, m_platformKey.get())))
             return false;
         break;
     default:
@@ -269,11 +263,11 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportSpki(CryptoAlgorithmIdentifier id
     if (!doesUncompressedPointMatchNamedCurve(curve, keyData.size() - index))
         return nullptr;
 
-    CCECCryptorRef ccPublicKey;
+    CCECCryptorRef ccPublicKey = nullptr;
     if (CCECCryptorImportKey(kCCImportKeyBinary, keyData.data() + index, keyData.size() - index, ccECKeyPublic, &ccPublicKey))
         return nullptr;
 
-    return create(identifier, curve, CryptoKeyType::Public, ccPublicKey, extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Public, PlatformECKeyContainer(ccPublicKey), extractable, usages);
 }
 
 Vector<uint8_t> CryptoKeyEC::platformExportSpki() const
@@ -281,7 +275,7 @@ Vector<uint8_t> CryptoKeyEC::platformExportSpki() const
     size_t expectedKeySize = keySizeInBits() / 4 + 1; // Per Section 2.3.4 of http://www.secg.org/sec1-v2.pdf
     Vector<uint8_t> keyBytes(expectedKeySize);
     size_t keySize = keyBytes.size();
-    if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, keyBytes.data(), &keySize, ccECKeyPublic, m_platformKey) || keySize != expectedKeySize))
+    if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, keyBytes.data(), &keySize, ccECKeyPublic, m_platformKey.get()) || keySize != expectedKeySize))
         return { };
 
     // The following addes SPKI header to a raw EC public key.
@@ -366,11 +360,11 @@ RefPtr<CryptoKeyEC> CryptoKeyEC::platformImportPkcs8(CryptoAlgorithmIdentifier i
         return nullptr;
     keyBinary.append(keyData.data() + privateKeyPos, getKeySizeFromNamedCurve(curve) / 8);
 
-    CCECCryptorRef ccPrivateKey;
+    CCECCryptorRef ccPrivateKey = nullptr;
     if (CCECCryptorImportKey(kCCImportKeyBinary, keyBinary.data(), keyBinary.size(), ccECKeyPrivate, &ccPrivateKey))
         return nullptr;
 
-    return create(identifier, curve, CryptoKeyType::Private, ccPrivateKey, extractable, usages);
+    return create(identifier, curve, CryptoKeyType::Private, PlatformECKeyContainer(ccPrivateKey), extractable, usages);
 }
 
 Vector<uint8_t> CryptoKeyEC::platformExportPkcs8() const
@@ -379,7 +373,7 @@ Vector<uint8_t> CryptoKeyEC::platformExportPkcs8() const
     size_t expectedKeySize = keySizeInBytes * 3 + 1; // 04 + X + Y + D
     Vector<uint8_t> keyBytes(expectedKeySize);
     size_t keySize = keyBytes.size();
-    if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, keyBytes.data(), &keySize, ccECKeyPrivate, m_platformKey) || keySize != expectedKeySize))
+    if (UNLIKELY(CCECCryptorExportKey(kCCImportKeyBinary, keyBytes.data(), &keySize, ccECKeyPrivate, m_platformKey.get()) || keySize != expectedKeySize))
         return { };
 
     // The following addes PKCS8 header to a raw EC private key.