Use scopers in tool/ Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb Reviewed-on: https://boringssl-review.googlesource.com/11681 Commit-Queue: David Benjamin <davidben@google.com> Reviewed-by: Adam Langley <agl@google.com>
diff --git a/tool/digest.cc b/tool/digest.cc index 2e3e608..6056b0f 100644 --- a/tool/digest.cc +++ b/tool/digest.cc
@@ -132,12 +132,8 @@ static const size_t kBufSize = 8192; std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufSize]); - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); - std::unique_ptr<EVP_MD_CTX, func_delete<EVP_MD_CTX, int, EVP_MD_CTX_cleanup>> - scoped_ctx(&ctx); - - if (!EVP_DigestInit_ex(&ctx, md, NULL)) { + bssl::ScopedEVP_MD_CTX ctx; + if (!EVP_DigestInit_ex(ctx.get(), md, NULL)) { fprintf(stderr, "Failed to initialize EVP_MD_CTX.\n"); return false; } @@ -158,7 +154,7 @@ return false; } - if (!EVP_DigestUpdate(&ctx, buf.get(), n)) { + if (!EVP_DigestUpdate(ctx.get(), buf.get(), n)) { fprintf(stderr, "Failed to update hash.\n"); return false; } @@ -166,7 +162,7 @@ uint8_t digest[EVP_MAX_MD_SIZE]; unsigned digest_len; - if (!EVP_DigestFinal_ex(&ctx, digest, &digest_len)) { + if (!EVP_DigestFinal_ex(ctx.get(), digest, &digest_len)) { fprintf(stderr, "Failed to finish hash.\n"); return false; }
diff --git a/tool/pkcs12.cc b/tool/pkcs12.cc index 15e32d3..7fd6f13 100644 --- a/tool/pkcs12.cc +++ b/tool/pkcs12.cc
@@ -120,23 +120,22 @@ CBS_init(&pkcs12, contents.get(), size); EVP_PKEY *key; - STACK_OF(X509) *certs = sk_X509_new_null(); + bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null()); - if (!PKCS12_get_key_and_certs(&key, certs, &pkcs12, password)) { + if (!PKCS12_get_key_and_certs(&key, certs.get(), &pkcs12, password)) { fprintf(stderr, "Failed to parse PKCS#12 data:\n"); ERR_print_errors_fp(stderr); return false; } + bssl::UniquePtr<EVP_PKEY> key_owned(key); if (key != NULL) { PEM_write_PrivateKey(stdout, key, NULL, NULL, 0, NULL, NULL); - EVP_PKEY_free(key); } - for (size_t i = 0; i < sk_X509_num(certs); i++) { - PEM_write_X509(stdout, sk_X509_value(certs, i)); + for (size_t i = 0; i < sk_X509_num(certs.get()); i++) { + PEM_write_X509(stdout, sk_X509_value(certs.get(), i)); } - sk_X509_pop_free(certs, X509_free); return true; }
diff --git a/tool/server.cc b/tool/server.cc index 012f671..d0213e9 100644 --- a/tool/server.cc +++ b/tool/server.cc
@@ -103,25 +103,25 @@ return false; } - SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method()); - SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3); + bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method())); + SSL_CTX_set_options(ctx.get(), SSL_OP_NO_SSLv3); // Server authentication is required. std::string key_file = "server.pem"; if (args_map.count("-key") != 0) { key_file = args_map["-key"]; } - if (!SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM)) { + if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key_file.c_str(), SSL_FILETYPE_PEM)) { fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str()); return false; } - if (!SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str())) { + if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key_file.c_str())) { fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str()); return false; } if (args_map.count("-cipher") != 0 && - !SSL_CTX_set_cipher_list(ctx, args_map["-cipher"].c_str())) { + !SSL_CTX_set_cipher_list(ctx.get(), args_map["-cipher"].c_str())) { fprintf(stderr, "Failed setting cipher list\n"); return false; } @@ -133,7 +133,7 @@ args_map["-max-version"].c_str()); return false; } - if (!SSL_CTX_set_max_proto_version(ctx, version)) { + if (!SSL_CTX_set_max_proto_version(ctx.get(), version)) { return false; } } @@ -145,13 +145,13 @@ args_map["-min-version"].c_str()); return false; } - if (!SSL_CTX_set_min_proto_version(ctx, version)) { + if (!SSL_CTX_set_min_proto_version(ctx.get(), version)) { return false; } } if (args_map.count("-ocsp-response") != 0 && - !LoadOCSPResponse(ctx, args_map["-ocsp-response"].c_str())) { + !LoadOCSPResponse(ctx.get(), args_map["-ocsp-response"].c_str())) { fprintf(stderr, "Failed to load OCSP response: %s\n", args_map["-ocsp-response"].c_str()); return false; } @@ -162,23 +162,19 @@ } BIO *bio = BIO_new_socket(sock, BIO_CLOSE); - SSL *ssl = SSL_new(ctx); - SSL_set_bio(ssl, bio, bio); + bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get())); + SSL_set_bio(ssl.get(), bio, bio); - int ret = SSL_accept(ssl); + int ret = SSL_accept(ssl.get()); if (ret != 1) { - int ssl_err = SSL_get_error(ssl, ret); + int ssl_err = SSL_get_error(ssl.get(), ret); fprintf(stderr, "Error while connecting: %d\n", ssl_err); ERR_print_errors_cb(PrintErrorCallback, stderr); return false; } fprintf(stderr, "Connected.\n"); - PrintConnectionInfo(ssl); + PrintConnectionInfo(ssl.get()); - bool ok = TransferData(ssl, sock); - - SSL_free(ssl); - SSL_CTX_free(ctx); - return ok; + return TransferData(ssl.get(), sock); }
diff --git a/tool/speed.cc b/tool/speed.cc index d5f94e1..8c6a710 100644 --- a/tool/speed.cc +++ b/tool/speed.cc
@@ -203,7 +203,7 @@ size_t chunk_len, size_t ad_len) { static const unsigned kAlignment = 16; - EVP_AEAD_CTX ctx; + bssl::ScopedEVP_AEAD_CTX ctx; const size_t key_len = EVP_AEAD_key_length(aead); const size_t nonce_len = EVP_AEAD_nonce_length(aead); const size_t overhead_len = EVP_AEAD_max_overhead(aead); @@ -222,7 +222,7 @@ uint8_t *const out = align(out_storage.get(), kAlignment); memset(out, 0, chunk_len + overhead_len); - if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, key.get(), key_len, + if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.get(), key_len, EVP_AEAD_DEFAULT_TAG_LENGTH, evp_aead_seal)) { fprintf(stderr, "Failed to create EVP_AEAD_CTX.\n"); @@ -234,10 +234,9 @@ if (!TimeFunction(&results, [chunk_len, overhead_len, nonce_len, ad_len, in, out, &ctx, &nonce, &ad]() -> bool { size_t out_len; - - return EVP_AEAD_CTX_seal( - &ctx, out, &out_len, chunk_len + overhead_len, nonce.get(), - nonce_len, in, chunk_len, ad.get(), ad_len); + return EVP_AEAD_CTX_seal(ctx.get(), out, &out_len, + chunk_len + overhead_len, nonce.get(), + nonce_len, in, chunk_len, ad.get(), ad_len); })) { fprintf(stderr, "EVP_AEAD_CTX_seal failed.\n"); ERR_print_errors_fp(stderr); @@ -245,9 +244,6 @@ } results.PrintWithBytes(name + " seal", chunk_len); - - EVP_AEAD_CTX_cleanup(&ctx); - return true; } @@ -547,15 +543,16 @@ } TimeResults results; - NEWHOPE_POLY *sk = NEWHOPE_POLY_new(); + bssl::UniquePtr<NEWHOPE_POLY> sk(NEWHOPE_POLY_new()); uint8_t acceptmsg[NEWHOPE_ACCEPTMSG_LENGTH]; RAND_bytes(acceptmsg, sizeof(acceptmsg)); - if (!TimeFunction(&results, [sk, &acceptmsg]() -> bool { + if (!TimeFunction(&results, [&sk, &acceptmsg]() -> bool { uint8_t key[SHA256_DIGEST_LENGTH]; uint8_t offermsg[NEWHOPE_OFFERMSG_LENGTH]; - NEWHOPE_offer(offermsg, sk); - if (!NEWHOPE_finish(key, sk, acceptmsg, NEWHOPE_ACCEPTMSG_LENGTH)) { + NEWHOPE_offer(offermsg, sk.get()); + if (!NEWHOPE_finish(key, sk.get(), acceptmsg, + NEWHOPE_ACCEPTMSG_LENGTH)) { return false; } return true; @@ -564,7 +561,6 @@ return false; } - NEWHOPE_POLY_free(sk); results.Print("newhope key exchange"); return true; } @@ -599,45 +595,43 @@ g_timeout_seconds = atoi(args_map["-timeout"].c_str()); } - RSA *key = RSA_private_key_from_bytes(kDERRSAPrivate2048, - kDERRSAPrivate2048Len); - if (key == NULL) { + bssl::UniquePtr<RSA> key( + RSA_private_key_from_bytes(kDERRSAPrivate2048, kDERRSAPrivate2048Len)); + if (key == nullptr) { fprintf(stderr, "Failed to parse RSA key.\n"); ERR_print_errors_fp(stderr); return false; } - if (!SpeedRSA("RSA 2048", key, selected)) { + if (!SpeedRSA("RSA 2048", key.get(), selected)) { return false; } - RSA_free(key); - key = RSA_private_key_from_bytes(kDERRSAPrivate3Prime2048, - kDERRSAPrivate3Prime2048Len); - if (key == NULL) { + key.reset(RSA_private_key_from_bytes(kDERRSAPrivate3Prime2048, + kDERRSAPrivate3Prime2048Len)); + if (key == nullptr) { fprintf(stderr, "Failed to parse RSA key.\n"); ERR_print_errors_fp(stderr); return false; } - if (!SpeedRSA("RSA 2048 (3 prime, e=3)", key, selected)) { + if (!SpeedRSA("RSA 2048 (3 prime, e=3)", key.get(), selected)) { return false; } - RSA_free(key); - key = RSA_private_key_from_bytes(kDERRSAPrivate4096, - kDERRSAPrivate4096Len); - if (key == NULL) { + key.reset( + RSA_private_key_from_bytes(kDERRSAPrivate4096, kDERRSAPrivate4096Len)); + if (key == nullptr) { fprintf(stderr, "Failed to parse 4096-bit RSA key.\n"); ERR_print_errors_fp(stderr); return 1; } - if (!SpeedRSA("RSA 4096", key, selected)) { + if (!SpeedRSA("RSA 4096", key.get(), selected)) { return false; } - RSA_free(key); + key.reset(); // kTLSADLen is the number of bytes of additional data that TLS passes to // AEADs.
diff --git a/tool/transport_common.cc b/tool/transport_common.cc index d5326b5..8761fea 100644 --- a/tool/transport_common.cc +++ b/tool/transport_common.cc
@@ -268,16 +268,15 @@ fprintf(stderr, " ALPN protocol: %.*s\n", alpn_len, alpn); // Print the server cert subject and issuer names. - X509 *peer = SSL_get_peer_certificate(ssl); - if (peer != NULL) { + bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(ssl)); + if (peer != nullptr) { fprintf(stderr, " Cert subject: "); - X509_NAME_print_ex_fp(stderr, X509_get_subject_name(peer), 0, + X509_NAME_print_ex_fp(stderr, X509_get_subject_name(peer.get()), 0, XN_FLAG_ONELINE); fprintf(stderr, "\n Cert issuer: "); - X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(peer), 0, + X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(peer.get()), 0, XN_FLAG_ONELINE); fprintf(stderr, "\n"); - X509_free(peer); } }