Free the context in case of openssl failure

Change-Id: Ia2e387f70a50b090641f6bf6fb509d7d54dfdd8f

1 files changed, 19 insertions, 20 deletions

diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp
index 8168fda1..29c8ee49 100644
--- a/src/manager/service/key-provider.cpp
+++ b/src/manager/service/key-provider.cpp
@@ -20,6 +20,7 @@
 #include <string.h>
 
 #include <array>
+#include <memory>
 
 using namespace CKM;
 
@@ -45,41 +46,41 @@ RawBuffer toRawBuffer(T *)
 	return RawBuffer();
 }
 
+typedef std::unique_ptr<EVP_CIPHER_CTX, decltype(&EVP_CIPHER_CTX_free)> CipherCtxPtr;
+
 int encryptAes256Gcm(const unsigned char *plaintext,
                      int plaintext_len, const unsigned char *key, const unsigned char *iv,
                      unsigned char *ciphertext, unsigned char *tag)
 {
-	EVP_CIPHER_CTX *ctx;
 	int len;
 	int ciphertext_len = 0;
 
-	if (!(ctx = EVP_CIPHER_CTX_new()))
+	CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+	if (!ctx)
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+	if (!EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL))
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+	if (!EVP_EncryptInit_ex(ctx.get(), NULL, NULL, key, iv))
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+	if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
+	if (!EVP_EncryptUpdate(ctx.get(), ciphertext, &len, plaintext, plaintext_len))
 		return OPENSSL_ENGINE_ERROR;
 
 	ciphertext_len = len;
 
-	if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
+	if (!EVP_EncryptFinal_ex(ctx.get(), ciphertext + len, &len))
 		return OPENSSL_ENGINE_ERROR;
 
 	ciphertext_len += len;
 
-	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
+	if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
 		return OPENSSL_ENGINE_ERROR;
 
-	EVP_CIPHER_CTX_free(ctx);
-
 	return ciphertext_len;
 }
 
@@ -87,36 +88,34 @@ int decryptAes256Gcm(const unsigned char *ciphertext,
                      int ciphertext_len, unsigned char *tag, const unsigned char *key,
                      const unsigned char *iv, unsigned char *plaintext)
 {
-	EVP_CIPHER_CTX *ctx;
 	int len;
 	int plaintext_len;
 	int ret;
 
-	if (!(ctx = EVP_CIPHER_CTX_new()))
+	CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+	if (!ctx)
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+	if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL))
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+	if (!EVP_DecryptInit_ex(ctx.get(), NULL, NULL, key, iv))
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+	if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
+	if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
 		return OPENSSL_ENGINE_ERROR;
 
-	if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
+	if (!EVP_DecryptUpdate(ctx.get(), plaintext, &len, ciphertext, ciphertext_len))
 		return OPENSSL_ENGINE_ERROR;
 
 	plaintext_len = len;
 
-	if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
+	if (!(ret = EVP_DecryptFinal_ex(ctx.get(), plaintext + len, &len)))
 		return OPENSSL_ENGINE_ERROR;
 
-	EVP_CIPHER_CTX_free(ctx);
-
 	if (ret > 0) {
 		plaintext_len += len;
 		return plaintext_len;