summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorKrzysztof Jackiewicz <k.jackiewicz@samsung.com>2019-01-29 16:46:01 +0100
committerKrzysztof Jackiewicz <k.jackiewicz@samsung.com>2019-02-13 13:37:15 +0100
commit7765b5df357f4ad0203746eb6e99cd125d6da748 (patch)
treeea1e6ea5cd40ed02d1fd8867ec29b5058cc2ba6b
parent5e3b7607fa9ecbb685a8d7bbc9c7de10d2cdd3b8 (diff)
downloadkey-manager-7765b5df357f4ad0203746eb6e99cd125d6da748.tar.gz
key-manager-7765b5df357f4ad0203746eb6e99cd125d6da748.tar.bz2
key-manager-7765b5df357f4ad0203746eb6e99cd125d6da748.zip
Free the context in case of openssl failure
Change-Id: Ia2e387f70a50b090641f6bf6fb509d7d54dfdd8f
-rw-r--r--src/manager/service/key-provider.cpp39
1 files changed, 19 insertions, 20 deletions
diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp
index 8168fda..29c8ee4 100644
--- a/src/manager/service/key-provider.cpp
+++ b/src/manager/service/key-provider.cpp
@@ -20,6 +20,7 @@
#include <string.h>
#include <array>
+#include <memory>
using namespace CKM;
@@ -45,41 +46,41 @@ RawBuffer toRawBuffer(T *)
return RawBuffer();
}
+typedef std::unique_ptr<EVP_CIPHER_CTX, decltype(&EVP_CIPHER_CTX_free)> CipherCtxPtr;
+
int encryptAes256Gcm(const unsigned char *plaintext,
int plaintext_len, const unsigned char *key, const unsigned char *iv,
unsigned char *ciphertext, unsigned char *tag)
{
- EVP_CIPHER_CTX *ctx;
int len;
int ciphertext_len = 0;
- if (!(ctx = EVP_CIPHER_CTX_new()))
+ CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+ if (!ctx)
return OPENSSL_ENGINE_ERROR;
- if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ if (!EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv))
+ if (!EVP_EncryptInit_ex(ctx.get(), NULL, NULL, key, iv))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+ if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len))
+ if (!EVP_EncryptUpdate(ctx.get(), ciphertext, &len, plaintext, plaintext_len))
return OPENSSL_ENGINE_ERROR;
ciphertext_len = len;
- if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len))
+ if (!EVP_EncryptFinal_ex(ctx.get(), ciphertext + len, &len))
return OPENSSL_ENGINE_ERROR;
ciphertext_len += len;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
+ if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag))
return OPENSSL_ENGINE_ERROR;
- EVP_CIPHER_CTX_free(ctx);
-
return ciphertext_len;
}
@@ -87,36 +88,34 @@ int decryptAes256Gcm(const unsigned char *ciphertext,
int ciphertext_len, unsigned char *tag, const unsigned char *key,
const unsigned char *iv, unsigned char *plaintext)
{
- EVP_CIPHER_CTX *ctx;
int len;
int plaintext_len;
int ret;
- if (!(ctx = EVP_CIPHER_CTX_new()))
+ CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free);
+ if (!ctx)
return OPENSSL_ENGINE_ERROR;
- if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL))
+ if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv))
+ if (!EVP_DecryptInit_ex(ctx.get(), NULL, NULL, key, iv))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
+ if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
+ if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag))
return OPENSSL_ENGINE_ERROR;
- if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len))
+ if (!EVP_DecryptUpdate(ctx.get(), plaintext, &len, ciphertext, ciphertext_len))
return OPENSSL_ENGINE_ERROR;
plaintext_len = len;
- if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len)))
+ if (!(ret = EVP_DecryptFinal_ex(ctx.get(), plaintext + len, &len)))
return OPENSSL_ENGINE_ERROR;
- EVP_CIPHER_CTX_free(ctx);
-
if (ret > 0) {
plaintext_len += len;
return plaintext_len;