diff options
| -rw-r--r-- | src/manager/service/key-provider.cpp | 39 |
1 files changed, 19 insertions, 20 deletions
diff --git a/src/manager/service/key-provider.cpp b/src/manager/service/key-provider.cpp index 8168fda1..29c8ee49 100644 --- a/src/manager/service/key-provider.cpp +++ b/src/manager/service/key-provider.cpp @@ -20,6 +20,7 @@ #include <string.h> #include <array> +#include <memory> using namespace CKM; @@ -45,41 +46,41 @@ RawBuffer toRawBuffer(T *) return RawBuffer(); } +typedef std::unique_ptr<EVP_CIPHER_CTX, decltype(&EVP_CIPHER_CTX_free)> CipherCtxPtr; + int encryptAes256Gcm(const unsigned char *plaintext, int plaintext_len, const unsigned char *key, const unsigned char *iv, unsigned char *ciphertext, unsigned char *tag) { - EVP_CIPHER_CTX *ctx; int len; int ciphertext_len = 0; - if (!(ctx = EVP_CIPHER_CTX_new())) + CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free); + if (!ctx) return OPENSSL_ENGINE_ERROR; - if (!EVP_EncryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) + if (!EVP_EncryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL)) return OPENSSL_ENGINE_ERROR; - if (!EVP_EncryptInit_ex(ctx, NULL, NULL, key, iv)) + if (!EVP_EncryptInit_ex(ctx.get(), NULL, NULL, key, iv)) return OPENSSL_ENGINE_ERROR; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) + if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) return OPENSSL_ENGINE_ERROR; - if (!EVP_EncryptUpdate(ctx, ciphertext, &len, plaintext, plaintext_len)) + if (!EVP_EncryptUpdate(ctx.get(), ciphertext, &len, plaintext, plaintext_len)) return OPENSSL_ENGINE_ERROR; ciphertext_len = len; - if (!EVP_EncryptFinal_ex(ctx, ciphertext + len, &len)) + if (!EVP_EncryptFinal_ex(ctx.get(), ciphertext + len, &len)) return OPENSSL_ENGINE_ERROR; ciphertext_len += len; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag)) + if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_GET_TAG, MAX_IV_SIZE, tag)) return OPENSSL_ENGINE_ERROR; - EVP_CIPHER_CTX_free(ctx); - return ciphertext_len; } @@ -87,36 +88,34 @@ int decryptAes256Gcm(const unsigned char *ciphertext, int ciphertext_len, unsigned char *tag, const unsigned char *key, const unsigned char *iv, unsigned char *plaintext) { - EVP_CIPHER_CTX *ctx; int len; int plaintext_len; int ret; - if (!(ctx = EVP_CIPHER_CTX_new())) + CipherCtxPtr ctx(EVP_CIPHER_CTX_new(), EVP_CIPHER_CTX_free); + if (!ctx) return OPENSSL_ENGINE_ERROR; - if (!EVP_DecryptInit_ex(ctx, EVP_aes_256_gcm(), NULL, NULL, NULL)) + if (!EVP_DecryptInit_ex(ctx.get(), EVP_aes_256_gcm(), NULL, NULL, NULL)) return OPENSSL_ENGINE_ERROR; - if (!EVP_DecryptInit_ex(ctx, NULL, NULL, key, iv)) + if (!EVP_DecryptInit_ex(ctx.get(), NULL, NULL, key, iv)) return OPENSSL_ENGINE_ERROR; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) + if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_IVLEN, MAX_IV_SIZE, NULL)) return OPENSSL_ENGINE_ERROR; - if (!EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag)) + if (!EVP_CIPHER_CTX_ctrl(ctx.get(), EVP_CTRL_GCM_SET_TAG, MAX_IV_SIZE, tag)) return OPENSSL_ENGINE_ERROR; - if (!EVP_DecryptUpdate(ctx, plaintext, &len, ciphertext, ciphertext_len)) + if (!EVP_DecryptUpdate(ctx.get(), plaintext, &len, ciphertext, ciphertext_len)) return OPENSSL_ENGINE_ERROR; plaintext_len = len; - if (!(ret = EVP_DecryptFinal_ex(ctx, plaintext + len, &len))) + if (!(ret = EVP_DecryptFinal_ex(ctx.get(), plaintext + len, &len))) return OPENSSL_ENGINE_ERROR; - EVP_CIPHER_CTX_free(ctx); - if (ret > 0) { plaintext_len += len; return plaintext_len; |