octoleo
/
s3fs-fuse
mirror of https://github.com/s3fs-fuse/s3fs-fuse.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Use unique_ptr in SSL functions (#2282) 

References #2261.
This commit is contained in:
Andrew Gaul 2023-08-19 23:29:00 +09:00 committed by GitHub
parent 64a142723a
commit 7e94b64ae7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 66 additions and 80 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
src/curl.cpp
View File

@ -2736,20 +2736,18 @@ std::string S3fsCurl::CalcSignatureV2(const std::string& method, const std::stri
size_t key_len = secret_access_key.size(); size_t key_len = secret_access_key.size();
const unsigned char* sdata = reinterpret_cast<const unsigned char*>(StringToSign.data()); const unsigned char* sdata = reinterpret_cast<const unsigned char*>(StringToSign.data());
size_t sdata_len = StringToSign.size(); size_t sdata_len = StringToSign.size();
unsigned char* md = nullptr; unsigned int md_len = 0;
unsigned int md_len = 0;;
s3fs_HMAC(key, key_len, sdata, sdata_len, &md, &md_len); std::unique_ptr<unsigned char[]> md = s3fs_HMAC(key, key_len, sdata, sdata_len, &md_len);
Signature = s3fs_base64(md, md_len); Signature = s3fs_base64(md.get(), md_len);
delete[] md;
return Signature; return Signature;
} }
std::string S3fsCurl::CalcSignature(const std::string& method, const std::string& canonical_uri, const std::string& query_string, const std::string& strdate, const std::string& payload_hash, const std::string& date8601, const std::string& secret_access_key, const std::string& access_token) std::string S3fsCurl::CalcSignature(const std::string& method, const std::string& canonical_uri, const std::string& query_string, const std::string& strdate, const std::string& payload_hash, const std::string& date8601, const std::string& secret_access_key, const std::string& access_token)
{ {
std::string Signature, StringCQ, StringToSign; std::string StringCQ, StringToSign;
std::string uriencode; std::string uriencode;
if(!access_token.empty()){ if(!access_token.empty()){
@ -2775,16 +2773,12 @@ std::string S3fsCurl::CalcSignature(const std::string& method, const std::string
StringCQ += payload_hash; StringCQ += payload_hash;
std::string kSecret = "AWS4" + secret_access_key; std::string kSecret = "AWS4" + secret_access_key;
unsigned char *kDate, *kRegion, *kService, *kSigning = nullptr;
unsigned int kDate_len,kRegion_len, kService_len, kSigning_len = 0; unsigned int kDate_len,kRegion_len, kService_len, kSigning_len = 0;
s3fs_HMAC256(kSecret.c_str(), kSecret.size(), reinterpret_cast<const unsigned char*>(strdate.data()), strdate.size(), &kDate, &kDate_len); std::unique_ptr<unsigned char[]> kDate = s3fs_HMAC256(kSecret.c_str(), kSecret.size(), reinterpret_cast<const unsigned char*>(strdate.data()), strdate.size(), &kDate_len);
s3fs_HMAC256(kDate, kDate_len, reinterpret_cast<const unsigned char*>(endpoint.c_str()), endpoint.size(), &kRegion, &kRegion_len); std::unique_ptr<unsigned char[]> kRegion = s3fs_HMAC256(kDate.get(), kDate_len, reinterpret_cast<const unsigned char*>(endpoint.c_str()), endpoint.size(), &kRegion_len);
s3fs_HMAC256(kRegion, kRegion_len, reinterpret_cast<const unsigned char*>("s3"), sizeof("s3") - 1, &kService, &kService_len); std::unique_ptr<unsigned char[]> kService = s3fs_HMAC256(kRegion.get(), kRegion_len, reinterpret_cast<const unsigned char*>("s3"), sizeof("s3") - 1, &kService_len);
s3fs_HMAC256(kService, kService_len, reinterpret_cast<const unsigned char*>("aws4_request"), sizeof("aws4_request") - 1, &kSigning, &kSigning_len); std::unique_ptr<unsigned char[]> kSigning = s3fs_HMAC256(kService.get(), kService_len, reinterpret_cast<const unsigned char*>("aws4_request"), sizeof("aws4_request") - 1, &kSigning_len);
delete[] kDate;
delete[] kRegion;
delete[] kService;
const unsigned char* cRequest = reinterpret_cast<const unsigned char*>(StringCQ.c_str()); const unsigned char* cRequest = reinterpret_cast<const unsigned char*>(StringCQ.c_str());
size_t cRequest_len = StringCQ.size(); size_t cRequest_len = StringCQ.size();
@ -2798,16 +2792,11 @@ std::string S3fsCurl::CalcSignature(const std::string& method, const std::string
const unsigned char* cscope = reinterpret_cast<const unsigned char*>(StringToSign.c_str()); const unsigned char* cscope = reinterpret_cast<const unsigned char*>(StringToSign.c_str());
size_t cscope_len = StringToSign.size(); size_t cscope_len = StringToSign.size();
unsigned char* md = nullptr;
unsigned int md_len = 0; unsigned int md_len = 0;
s3fs_HMAC256(kSigning, kSigning_len, cscope, cscope_len, &md, &md_len); std::unique_ptr<unsigned char[]> md = s3fs_HMAC256(kSigning.get(), kSigning_len, cscope, cscope_len, &md_len);
delete[] kSigning;
Signature = s3fs_hex_lower(md, md_len); return s3fs_hex_lower(md.get(), md_len);
delete[] md;
return Signature;
} }
void S3fsCurl::insertV4Headers(const std::string& access_key_id, const std::string& secret_access_key, const std::string& access_token) void S3fsCurl::insertV4Headers(const std::string& access_key_id, const std::string& secret_access_key, const std::string& access_token)

60
src/gnutls_auth.cpp
View File

@ -106,76 +106,72 @@ bool s3fs_destroy_crypt_mutex()
//------------------------------------------------------------------- //-------------------------------------------------------------------
#ifdef USE_GNUTLS_NETTLE #ifdef USE_GNUTLS_NETTLE
bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) std::unique_ptr<unsigned char[]> s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen)
{ {
if(!key || !data || !digest || !digestlen){ if(!key || !data || !digestlen){
return false; return nullptr;
} }
*digest = new unsigned char[SHA1_DIGEST_SIZE]; std::unique_ptr<unsigned char[]> digest(new unsigned char[SHA1_DIGEST_SIZE]);
struct hmac_sha1_ctx ctx_hmac; struct hmac_sha1_ctx ctx_hmac;
hmac_sha1_set_key(&ctx_hmac, keylen, reinterpret_cast<const uint8_t*>(key)); hmac_sha1_set_key(&ctx_hmac, keylen, reinterpret_cast<const uint8_t*>(key));
hmac_sha1_update(&ctx_hmac, datalen, reinterpret_cast<const uint8_t*>(data)); hmac_sha1_update(&ctx_hmac, datalen, reinterpret_cast<const uint8_t*>(data));
hmac_sha1_digest(&ctx_hmac, SHA1_DIGEST_SIZE, reinterpret_cast<uint8_t*>(*digest)); hmac_sha1_digest(&ctx_hmac, SHA1_DIGEST_SIZE, reinterpret_cast<uint8_t*>(digest.get()));
*digestlen = SHA1_DIGEST_SIZE; *digestlen = SHA1_DIGEST_SIZE;
return true; return digest;
} }
bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) std::unique_ptr<unsigned char[]> s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen)
{ {
if(!key || !data || !digest || !digestlen){ if(!key || !data || !digestlen){
return false; return nullptr;
} }
*digest = new unsigned char[SHA256_DIGEST_SIZE]; std::unique_ptr<unsigned char[]> digest(new unsigned char[SHA256_DIGEST_SIZE]);
struct hmac_sha256_ctx ctx_hmac; struct hmac_sha256_ctx ctx_hmac;
hmac_sha256_set_key(&ctx_hmac, keylen, reinterpret_cast<const uint8_t*>(key)); hmac_sha256_set_key(&ctx_hmac, keylen, reinterpret_cast<const uint8_t*>(key));
hmac_sha256_update(&ctx_hmac, datalen, reinterpret_cast<const uint8_t*>(data)); hmac_sha256_update(&ctx_hmac, datalen, reinterpret_cast<const uint8_t*>(data));
hmac_sha256_digest(&ctx_hmac, SHA256_DIGEST_SIZE, reinterpret_cast<uint8_t*>(*digest)); hmac_sha256_digest(&ctx_hmac, SHA256_DIGEST_SIZE, reinterpret_cast<uint8_t*>(digest.get()));
*digestlen = SHA256_DIGEST_SIZE; *digestlen = SHA256_DIGEST_SIZE;
return true; return digest;
} }
#else // USE_GNUTLS_NETTLE #else // USE_GNUTLS_NETTLE
bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) std::unique_ptr<unsigned char[]> s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen)
{ {
if(!key || !data || !digest || !digestlen){ if(!key || !data || !digestlen){
return false; return nullptr;
} }
if(0 == (*digestlen = gnutls_hmac_get_len(GNUTLS_MAC_SHA1))){ if(0 == (*digestlen = gnutls_hmac_get_len(GNUTLS_MAC_SHA1))){
return false; return nullptr;
} }
*digest = new unsigned char[*digestlen + 1]; std::unique_ptr<unsigned char[]> digest(new unsigned char[*digestlen + 1]);
if(0 > gnutls_hmac_fast(GNUTLS_MAC_SHA1, key, keylen, data, datalen, *digest)){ if(0 > gnutls_hmac_fast(GNUTLS_MAC_SHA1, key, keylen, data, datalen, digest.get())){
delete[] *digest; return nullptr;
*digest = nullptr;
return false;
} }
return true; return digest;
} }
bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) std::unique_ptr<unsigned char[]> s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen)
{ {
if(!key || !data || !digest || !digestlen){ if(!key || !data || !digestlen){
return false; return nullptr;
} }
if(0 == (*digestlen = gnutls_hmac_get_len(GNUTLS_MAC_SHA256))){ if(0 == (*digestlen = gnutls_hmac_get_len(GNUTLS_MAC_SHA256))){
return false; return nullptr;
} }
*digest = new unsigned char[*digestlen + 1]; std::unique_ptr<unsigned char[]> digest(new unsigned char[*digestlen + 1]);
if(0 > gnutls_hmac_fast(GNUTLS_MAC_SHA256, key, keylen, data, datalen, *digest)){ if(0 > gnutls_hmac_fast(GNUTLS_MAC_SHA256, key, keylen, data, datalen, digest.get())){
delete[] *digest; return nullptr;
*digest = nullptr;
return false;
} }
return true; return digest;
} }
#endif // USE_GNUTLS_NETTLE #endif // USE_GNUTLS_NETTLE

28
src/nss_auth.cpp
View File

@ -87,10 +87,10 @@ bool s3fs_destroy_crypt_mutex()
//------------------------------------------------------------------- //-------------------------------------------------------------------
// Utility Function for HMAC // Utility Function for HMAC
//------------------------------------------------------------------- //-------------------------------------------------------------------
static bool s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen, bool is_sha256) static std::unique_ptr<unsigned char[]> s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen, bool is_sha256)
{ {
if(!key || !data || !digest || !digestlen){ if(!key || !data || !digestlen){
return false; return nullptr;
} }
PK11SlotInfo* Slot; PK11SlotInfo* Slot;
@ -101,16 +101,16 @@ static bool s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* d
SECItem NullSecItem = {siBuffer, nullptr, 0}; SECItem NullSecItem = {siBuffer, nullptr, 0};
if(nullptr == (Slot = PK11_GetInternalKeySlot())){ if(nullptr == (Slot = PK11_GetInternalKeySlot())){
return false; return nullptr;
} }
if(nullptr == (pKey = PK11_ImportSymKey(Slot, (is_sha256 ? CKM_SHA256_HMAC : CKM_SHA_1_HMAC), PK11_OriginUnwrap, CKA_SIGN, &KeySecItem, nullptr))){ if(nullptr == (pKey = PK11_ImportSymKey(Slot, (is_sha256 ? CKM_SHA256_HMAC : CKM_SHA_1_HMAC), PK11_OriginUnwrap, CKA_SIGN, &KeySecItem, nullptr))){
PK11_FreeSlot(Slot); PK11_FreeSlot(Slot);
return false; return nullptr;
} }
if(nullptr == (Context = PK11_CreateContextBySymKey((is_sha256 ? CKM_SHA256_HMAC : CKM_SHA_1_HMAC), CKA_SIGN, pKey, &NullSecItem))){ if(nullptr == (Context = PK11_CreateContextBySymKey((is_sha256 ? CKM_SHA256_HMAC : CKM_SHA_1_HMAC), CKA_SIGN, pKey, &NullSecItem))){
PK11_FreeSymKey(pKey); PK11_FreeSymKey(pKey);
PK11_FreeSlot(Slot); PK11_FreeSlot(Slot);
return false; return nullptr;
} }
*digestlen = 0; *digestlen = 0;
@ -121,26 +121,26 @@ static bool s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* d
PK11_DestroyContext(Context, PR_TRUE); PK11_DestroyContext(Context, PR_TRUE);
PK11_FreeSymKey(pKey); PK11_FreeSymKey(pKey);
PK11_FreeSlot(Slot); PK11_FreeSlot(Slot);
return false; return nullptr;
} }
PK11_DestroyContext(Context, PR_TRUE); PK11_DestroyContext(Context, PR_TRUE);
PK11_FreeSymKey(pKey); PK11_FreeSymKey(pKey);
PK11_FreeSlot(Slot); PK11_FreeSlot(Slot);
*digest = new unsigned char[*digestlen]; std::unique_ptr<unsigned char[]> digest(new unsigned char[*digestlen]);
memcpy(*digest, tmpdigest, *digestlen); memcpy(digest.get(), tmpdigest, *digestlen);
return true; return digest;
} }
bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) std::unique_ptr<unsigned char[]> s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen)
{ {
return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, false); return s3fs_HMAC_RAW(key, keylen, data, datalen, digestlen, false);
} }
bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) std::unique_ptr<unsigned char[]> s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen)
{ {
return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, true); return s3fs_HMAC_RAW(key, keylen, data, datalen, digestlen, true);
} }
//------------------------------------------------------------------- //-------------------------------------------------------------------

22
src/openssl_auth.cpp
View File

@ -224,30 +224,30 @@ bool s3fs_destroy_crypt_mutex()
//------------------------------------------------------------------- //-------------------------------------------------------------------
// Utility Function for HMAC // Utility Function for HMAC
//------------------------------------------------------------------- //-------------------------------------------------------------------
static bool s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen, bool is_sha256) static std::unique_ptr<unsigned char[]> s3fs_HMAC_RAW(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen, bool is_sha256)
{ {
if(!key || !data || !digest || !digestlen){ if(!key || !data || !digestlen){
return false; return nullptr;
} }
(*digestlen) = EVP_MAX_MD_SIZE * sizeof(unsigned char); (*digestlen) = EVP_MAX_MD_SIZE * sizeof(unsigned char);
*digest = new unsigned char[*digestlen]; std::unique_ptr<unsigned char[]> digest(new unsigned char[*digestlen]);
if(is_sha256){ if(is_sha256){
HMAC(EVP_sha256(), key, static_cast<int>(keylen), data, datalen, *digest, digestlen); HMAC(EVP_sha256(), key, static_cast<int>(keylen), data, datalen, digest.get(), digestlen);
}else{ }else{
HMAC(EVP_sha1(), key, static_cast<int>(keylen), data, datalen, *digest, digestlen); HMAC(EVP_sha1(), key, static_cast<int>(keylen), data, datalen, digest.get(), digestlen);
} }
return true; return digest;
} }
bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) std::unique_ptr<unsigned char[]> s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen)
{ {
return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, false); return s3fs_HMAC_RAW(key, keylen, data, datalen, digestlen, false);
} }
bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen) std::unique_ptr<unsigned char[]> s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen)
{ {
return s3fs_HMAC_RAW(key, keylen, data, datalen, digest, digestlen, true); return s3fs_HMAC_RAW(key, keylen, data, datalen, digestlen, true);
} }
#ifdef USE_OPENSSL_30 #ifdef USE_OPENSSL_30

5
src/s3fs_auth.h
View File

@ -22,6 +22,7 @@
#define S3FS_AUTH_H_ #define S3FS_AUTH_H_
#include <array> #include <array>
#include <memory>
#include <string> #include <string>
#include <sys/types.h> #include <sys/types.h>
@ -45,8 +46,8 @@ bool s3fs_init_global_ssl();
bool s3fs_destroy_global_ssl(); bool s3fs_destroy_global_ssl();
bool s3fs_init_crypt_mutex(); bool s3fs_init_crypt_mutex();
bool s3fs_destroy_crypt_mutex(); bool s3fs_destroy_crypt_mutex();
bool s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen); std::unique_ptr<unsigned char[]> s3fs_HMAC(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen);
bool s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned char** digest, unsigned int* digestlen); std::unique_ptr<unsigned char[]> s3fs_HMAC256(const void* key, size_t keylen, const unsigned char* data, size_t datalen, unsigned int* digestlen);
bool s3fs_md5(const unsigned char* data, size_t datalen, md5_t* result); bool s3fs_md5(const unsigned char* data, size_t datalen, md5_t* result);
bool s3fs_md5_fd(int fd, off_t start, off_t size, md5_t* result); bool s3fs_md5_fd(int fd, off_t start, off_t size, md5_t* result);
bool s3fs_sha256(const unsigned char* data, size_t datalen, sha256_t* digest); bool s3fs_sha256(const unsigned char* data, size_t datalen, sha256_t* digest);