From 7e94b64ae7a841b68044df568c50988c4eb7a2ef Mon Sep 17 00:00:00 2001 From: Andrew Gaul Date: Sat, 19 Aug 2023 23:29:00 +0900 Subject: [PATCH] Use unique_ptr in SSL functions (#2282) References #2261. --- src/curl.cpp | 31 ++++++++--------------- src/gnutls_auth.cpp | 60 +++++++++++++++++++++----------------------- src/nss_auth.cpp | 28 ++++++++++----------- src/openssl_auth.cpp | 22 ++++++++-------- src/s3fs_auth.h | 5 ++-- 5 files changed, 66 insertions(+), 80 deletions(-) diff --git a/src/curl.cpp b/src/curl.cpp index ffb3a06..5a0ec37 100644 --- a/src/curl.cpp +++ b/src/curl.cpp @@ -2736,20 +2736,18 @@ std::string S3fsCurl::CalcSignatureV2(const std::string& method, const std::stri size_t key_len = secret_access_key.size(); const unsigned char* sdata = reinterpret_cast(StringToSign.data()); size_t sdata_len = StringToSign.size(); - unsigned char* md = nullptr; - unsigned int md_len = 0;; + unsigned int md_len = 0; - s3fs_HMAC(key, key_len, sdata, sdata_len, &md, &md_len); + std::unique_ptr md = s3fs_HMAC(key, key_len, sdata, sdata_len, &md_len); - Signature = s3fs_base64(md, md_len); - delete[] md; + Signature = s3fs_base64(md.get(), md_len); return Signature; } std::string S3fsCurl::CalcSignature(const std::string& method, const std::string& canonical_uri, const std::string& query_string, const std::string& strdate, const std::string& payload_hash, const std::string& date8601, const std::string& secret_access_key, const std::string& access_token) { - std::string Signature, StringCQ, StringToSign; + std::string StringCQ, StringToSign; std::string uriencode; if(!access_token.empty()){ @@ -2775,16 +2773,12 @@ std::string S3fsCurl::CalcSignature(const std::string& method, const std::string StringCQ += payload_hash; std::string kSecret = "AWS4" + secret_access_key; - unsigned char *kDate, *kRegion, *kService, *kSigning = nullptr; unsigned int kDate_len,kRegion_len, kService_len, kSigning_len = 0; - s3fs_HMAC256(kSecret.c_str(), kSecret.size(), reinterpret_cast(strdate.data()), strdate.size(), &kDate, &kDate_len); - s3fs_HMAC256(kDate, kDate_len, reinterpret_cast(endpoint.c_str()), endpoint.size(), &kRegion, &kRegion_len); - s3fs_HMAC256(kRegion, kRegion_len, reinterpret_cast("s3"), sizeof("s3") - 1, &kService, &kService_len); - s3fs_HMAC256(kService, kService_len, reinterpret_cast("aws4_request"), sizeof("aws4_request") - 1, &kSigning, &kSigning_len); - delete[] kDate; - delete[] kRegion; - delete[] kService; + std::unique_ptr kDate = s3fs_HMAC256(kSecret.c_str(), kSecret.size(), reinterpret_cast(strdate.data()), strdate.size(), &kDate_len); + std::unique_ptr kRegion = s3fs_HMAC256(kDate.get(), kDate_len, reinterpret_cast(endpoint.c_str()), endpoint.size(), &kRegion_len); + std::unique_ptr kService = s3fs_HMAC256(kRegion.get(), kRegion_len, reinterpret_cast("s3"), sizeof("s3") - 1, &kService_len); + std::unique_ptr kSigning = s3fs_HMAC256(kService.get(), kService_len, reinterpret_cast("aws4_request"), sizeof("aws4_request") - 1, &kSigning_len); const unsigned char* cRequest = reinterpret_cast(StringCQ.c_str()); size_t cRequest_len = StringCQ.size(); @@ -2798,16 +2792,11 @@ std::string S3fsCurl::CalcSignature(const std::string& method, const std::string const unsigned char* cscope = reinterpret_cast(StringToSign.c_str()); size_t cscope_len = StringToSign.size(); - unsigned char* md = nullptr; unsigned int md_len = 0; - s3fs_HMAC256(kSigning, kSigning_len, cscope, cscope_len, &md, &md_len); - delete[] kSigning; + std::unique_ptr md = s3fs_HMAC256(kSigning.get(), kSigning_len, cscope, cscope_len, &md_len); - Signature = s3fs_hex_lower(md, md_len); - delete[] md; - - return Signature; + return s3fs_hex_lower(md.get(), md_len); } void S3fsCurl::insertV4Headers(const std::string& access_key_id, const std::string& secret_access_key, const std::string& access_token) diff --git a/src/gnutls_auth.cpp b/src/gnutls_auth.cpp index 5b5f8f1..1c5228c 100644 --- a/src/gnutls_auth.cpp +++ b/src/gnutls_auth.cpp @@ -106,76 +106,72 @@ bool s3fs_destroy_crypt_mutex() //------------------------------------------------------------------- #ifdef USE_GNUTLS_NETTLE -bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) +std::unique_ptr s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen) { - if(!key || !data || !digest || !digestlen){ - return false; + if(!key || !data || !digestlen){ + return nullptr; } - *digest = new unsigned char[SHA1_DIGEST_SIZE]; + std::unique_ptr digest(new unsigned char[SHA1_DIGEST_SIZE]); struct hmac_sha1_ctx ctx_hmac; hmac_sha1_set_key(&ctx_hmac, keylen, reinterpret_cast(key)); hmac_sha1_update(&ctx_hmac, datalen, reinterpret_cast(data)); - hmac_sha1_digest(&ctx_hmac, SHA1_DIGEST_SIZE, reinterpret_cast(*digest)); + hmac_sha1_digest(&ctx_hmac, SHA1_DIGEST_SIZE, reinterpret_cast(digest.get())); *digestlen = SHA1_DIGEST_SIZE; - return true; + return digest; } -bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) +std::unique_ptr s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen) { - if(!key || !data || !digest || !digestlen){ - return false; + if(!key || !data || !digestlen){ + return nullptr; } - *digest = new unsigned char[SHA256_DIGEST_SIZE]; + std::unique_ptr digest(new unsigned char[SHA256_DIGEST_SIZE]); struct hmac_sha256_ctx ctx_hmac; hmac_sha256_set_key(&ctx_hmac, keylen, reinterpret_cast(key)); hmac_sha256_update(&ctx_hmac, datalen, reinterpret_cast(data)); - hmac_sha256_digest(&ctx_hmac, SHA256_DIGEST_SIZE, reinterpret_cast(*digest)); + hmac_sha256_digest(&ctx_hmac, SHA256_DIGEST_SIZE, reinterpret_cast(digest.get())); *digestlen = SHA256_DIGEST_SIZE; - return true; + return digest; } #else // USE_GNUTLS_NETTLE -bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) +std::unique_ptr s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen) { - if(!key || !data || !digest || !digestlen){ - return false; + if(!key || !data || !digestlen){ + return nullptr; } if(0 == (*digestlen = gnutls_hmac_get_len(GNUTLS_MAC_SHA1))){ - return false; + return nullptr; } - *digest = new unsigned char[*digestlen + 1]; - if(0 > gnutls_hmac_fast(GNUTLS_MAC_SHA1, key, keylen, data, datalen, *digest)){ - delete[] *digest; - *digest = nullptr; - return false; + std::unique_ptr digest(new unsigned char[*digestlen + 1]); + if(0 > gnutls_hmac_fast(GNUTLS_MAC_SHA1, key, keylen, data, datalen, digest.get())){ + return nullptr; } - return true; + return digest; } -bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) +std::unique_ptr s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen) { - if(!key || !data || !digest || !digestlen){ - return false; + if(!key || !data || !digestlen){ + return nullptr; } if(0 == (*digestlen = gnutls_hmac_get_len(GNUTLS_MAC_SHA256))){ - return false; + return nullptr; } - *digest = new unsigned char[*digestlen + 1]; - if(0 > gnutls_hmac_fast(GNUTLS_MAC_SHA256, key, keylen, data, datalen, *digest)){ - delete[] *digest; - *digest = nullptr; - return false; + std::unique_ptr digest(new unsigned char[*digestlen + 1]); + if(0 > gnutls_hmac_fast(GNUTLS_MAC_SHA256, key, keylen, data, datalen, digest.get())){ + return nullptr; } - return true; + return digest; } #endif // USE_GNUTLS_NETTLE diff --git a/src/nss_auth.cpp b/src/nss_auth.cpp index 8f3c2b2..106cd41 100644 --- a/src/nss_auth.cpp +++ b/src/nss_auth.cpp @@ -87,10 +87,10 @@ bool s3fs_destroy_crypt_mutex() //------------------------------------------------------------------- // Utility Function for HMAC //------------------------------------------------------------------- -static bool s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen, bool is_sha256) +static std::unique_ptr s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen, bool is_sha256) { - if(!key || !data || !digest || !digestlen){ - return false; + if(!key || !data || !digestlen){ + return nullptr; } PK11SlotInfo* Slot; @@ -101,16 +101,16 @@ static bool s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* d SECItem NullSecItem = {siBuffer, nullptr, 0}; if(nullptr == (Slot = PK11_GetInternalKeySlot())){ - return false; + return nullptr; } if(nullptr == (pKey = PK11_ImportSymKey(Slot, (is_sha256 ? CKM_SHA256_HMAC : CKM_SHA_1_HMAC), PK11_OriginUnwrap, CKA_SIGN, &KeySecItem, nullptr))){ PK11_FreeSlot(Slot); - return false; + return nullptr; } if(nullptr == (Context = PK11_CreateContextBySymKey((is_sha256 ? CKM_SHA256_HMAC : CKM_SHA_1_HMAC), CKA_SIGN, pKey, &NullSecItem))){ PK11_FreeSymKey(pKey); PK11_FreeSlot(Slot); - return false; + return nullptr; } *digestlen = 0; @@ -121,26 +121,26 @@ static bool s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* d PK11_DestroyContext(Context, PR_TRUE); PK11_FreeSymKey(pKey); PK11_FreeSlot(Slot); - return false; + return nullptr; } PK11_DestroyContext(Context, PR_TRUE); PK11_FreeSymKey(pKey); PK11_FreeSlot(Slot); - *digest = new unsigned char[*digestlen]; - memcpy(*digest, tmpdigest, *digestlen); + std::unique_ptr digest(new unsigned char[*digestlen]); + memcpy(digest.get(), tmpdigest, *digestlen); - return true; + return digest; } -bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) +std::unique_ptr s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen) { - return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, false); + return s3fs_HMAC_RAW(key, keylen, data, datalen, digestlen, false); } -bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) +std::unique_ptr s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen) { - return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, true); + return s3fs_HMAC_RAW(key, keylen, data, datalen, digestlen, true); } //------------------------------------------------------------------- diff --git a/src/openssl_auth.cpp b/src/openssl_auth.cpp index 74952c9..4dd3805 100644 --- a/src/openssl_auth.cpp +++ b/src/openssl_auth.cpp @@ -224,30 +224,30 @@ bool s3fs_destroy_crypt_mutex() //------------------------------------------------------------------- // Utility Function for HMAC //------------------------------------------------------------------- -static bool s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen, bool is_sha256) +static std::unique_ptr s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen, bool is_sha256) { - if(!key || !data || !digest || !digestlen){ - return false; + if(!key || !data || !digestlen){ + return nullptr; } (*digestlen) = EVP_MAX_MD_SIZE * sizeof(unsigned char); - *digest = new unsigned char[*digestlen]; + std::unique_ptr digest(new unsigned char[*digestlen]); if(is_sha256){ - HMAC(EVP_sha256(), key, static_cast(keylen), data, datalen, *digest, digestlen); + HMAC(EVP_sha256(), key, static_cast(keylen), data, datalen, digest.get(), digestlen); }else{ - HMAC(EVP_sha1(), key, static_cast(keylen), data, datalen, *digest, digestlen); + HMAC(EVP_sha1(), key, static_cast(keylen), data, datalen, digest.get(), digestlen); } - return true; + return digest; } -bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) +std::unique_ptr s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen) { - return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, false); + return s3fs_HMAC_RAW(key, keylen, data, datalen, digestlen, false); } -bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) +std::unique_ptr s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen) { - return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, true); + return s3fs_HMAC_RAW(key, keylen, data, datalen, digestlen, true); } #ifdef USE_OPENSSL_30 diff --git a/src/s3fs_auth.h b/src/s3fs_auth.h index 2d412bd..f8eba06 100644 --- a/src/s3fs_auth.h +++ b/src/s3fs_auth.h @@ -22,6 +22,7 @@ #define S3FS_AUTH_H_ #include +#include #include #include @@ -45,8 +46,8 @@ bool s3fs_init_global_ssl(); bool s3fs_destroy_global_ssl(); bool s3fs_init_crypt_mutex(); bool s3fs_destroy_crypt_mutex(); -bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen); -bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen); +std::unique_ptr s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen); +std::unique_ptr s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen); bool s3fs_md5(const unsigned char* data, size_t datalen, md5_t* result); bool s3fs_md5_fd(int fd, off_t start, off_t size, md5_t* result); bool s3fs_sha256(const unsigned char* data, size_t datalen, sha256_t* digest);