Use scopers in tool/
Change-Id: I4e61dc57d1ec65e892b1933f35663db164f017eb
Reviewed-on: https://boringssl-review.googlesource.com/11681
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/tool/digest.cc b/tool/digest.cc
index 2e3e608..6056b0f 100644
--- a/tool/digest.cc
+++ b/tool/digest.cc
@@ -132,12 +132,8 @@
static const size_t kBufSize = 8192;
std::unique_ptr<uint8_t[]> buf(new uint8_t[kBufSize]);
- EVP_MD_CTX ctx;
- EVP_MD_CTX_init(&ctx);
- std::unique_ptr<EVP_MD_CTX, func_delete<EVP_MD_CTX, int, EVP_MD_CTX_cleanup>>
- scoped_ctx(&ctx);
-
- if (!EVP_DigestInit_ex(&ctx, md, NULL)) {
+ bssl::ScopedEVP_MD_CTX ctx;
+ if (!EVP_DigestInit_ex(ctx.get(), md, NULL)) {
fprintf(stderr, "Failed to initialize EVP_MD_CTX.\n");
return false;
}
@@ -158,7 +154,7 @@
return false;
}
- if (!EVP_DigestUpdate(&ctx, buf.get(), n)) {
+ if (!EVP_DigestUpdate(ctx.get(), buf.get(), n)) {
fprintf(stderr, "Failed to update hash.\n");
return false;
}
@@ -166,7 +162,7 @@
uint8_t digest[EVP_MAX_MD_SIZE];
unsigned digest_len;
- if (!EVP_DigestFinal_ex(&ctx, digest, &digest_len)) {
+ if (!EVP_DigestFinal_ex(ctx.get(), digest, &digest_len)) {
fprintf(stderr, "Failed to finish hash.\n");
return false;
}
diff --git a/tool/pkcs12.cc b/tool/pkcs12.cc
index 15e32d3..7fd6f13 100644
--- a/tool/pkcs12.cc
+++ b/tool/pkcs12.cc
@@ -120,23 +120,22 @@
CBS_init(&pkcs12, contents.get(), size);
EVP_PKEY *key;
- STACK_OF(X509) *certs = sk_X509_new_null();
+ bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
- if (!PKCS12_get_key_and_certs(&key, certs, &pkcs12, password)) {
+ if (!PKCS12_get_key_and_certs(&key, certs.get(), &pkcs12, password)) {
fprintf(stderr, "Failed to parse PKCS#12 data:\n");
ERR_print_errors_fp(stderr);
return false;
}
+ bssl::UniquePtr<EVP_PKEY> key_owned(key);
if (key != NULL) {
PEM_write_PrivateKey(stdout, key, NULL, NULL, 0, NULL, NULL);
- EVP_PKEY_free(key);
}
- for (size_t i = 0; i < sk_X509_num(certs); i++) {
- PEM_write_X509(stdout, sk_X509_value(certs, i));
+ for (size_t i = 0; i < sk_X509_num(certs.get()); i++) {
+ PEM_write_X509(stdout, sk_X509_value(certs.get(), i));
}
- sk_X509_pop_free(certs, X509_free);
return true;
}
diff --git a/tool/server.cc b/tool/server.cc
index 012f671..d0213e9 100644
--- a/tool/server.cc
+++ b/tool/server.cc
@@ -103,25 +103,25 @@
return false;
}
- SSL_CTX *ctx = SSL_CTX_new(SSLv23_server_method());
- SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3);
+ bssl::UniquePtr<SSL_CTX> ctx(SSL_CTX_new(TLS_method()));
+ SSL_CTX_set_options(ctx.get(), SSL_OP_NO_SSLv3);
// Server authentication is required.
std::string key_file = "server.pem";
if (args_map.count("-key") != 0) {
key_file = args_map["-key"];
}
- if (!SSL_CTX_use_PrivateKey_file(ctx, key_file.c_str(), SSL_FILETYPE_PEM)) {
+ if (!SSL_CTX_use_PrivateKey_file(ctx.get(), key_file.c_str(), SSL_FILETYPE_PEM)) {
fprintf(stderr, "Failed to load private key: %s\n", key_file.c_str());
return false;
}
- if (!SSL_CTX_use_certificate_chain_file(ctx, key_file.c_str())) {
+ if (!SSL_CTX_use_certificate_chain_file(ctx.get(), key_file.c_str())) {
fprintf(stderr, "Failed to load cert chain: %s\n", key_file.c_str());
return false;
}
if (args_map.count("-cipher") != 0 &&
- !SSL_CTX_set_cipher_list(ctx, args_map["-cipher"].c_str())) {
+ !SSL_CTX_set_cipher_list(ctx.get(), args_map["-cipher"].c_str())) {
fprintf(stderr, "Failed setting cipher list\n");
return false;
}
@@ -133,7 +133,7 @@
args_map["-max-version"].c_str());
return false;
}
- if (!SSL_CTX_set_max_proto_version(ctx, version)) {
+ if (!SSL_CTX_set_max_proto_version(ctx.get(), version)) {
return false;
}
}
@@ -145,13 +145,13 @@
args_map["-min-version"].c_str());
return false;
}
- if (!SSL_CTX_set_min_proto_version(ctx, version)) {
+ if (!SSL_CTX_set_min_proto_version(ctx.get(), version)) {
return false;
}
}
if (args_map.count("-ocsp-response") != 0 &&
- !LoadOCSPResponse(ctx, args_map["-ocsp-response"].c_str())) {
+ !LoadOCSPResponse(ctx.get(), args_map["-ocsp-response"].c_str())) {
fprintf(stderr, "Failed to load OCSP response: %s\n", args_map["-ocsp-response"].c_str());
return false;
}
@@ -162,23 +162,19 @@
}
BIO *bio = BIO_new_socket(sock, BIO_CLOSE);
- SSL *ssl = SSL_new(ctx);
- SSL_set_bio(ssl, bio, bio);
+ bssl::UniquePtr<SSL> ssl(SSL_new(ctx.get()));
+ SSL_set_bio(ssl.get(), bio, bio);
- int ret = SSL_accept(ssl);
+ int ret = SSL_accept(ssl.get());
if (ret != 1) {
- int ssl_err = SSL_get_error(ssl, ret);
+ int ssl_err = SSL_get_error(ssl.get(), ret);
fprintf(stderr, "Error while connecting: %d\n", ssl_err);
ERR_print_errors_cb(PrintErrorCallback, stderr);
return false;
}
fprintf(stderr, "Connected.\n");
- PrintConnectionInfo(ssl);
+ PrintConnectionInfo(ssl.get());
- bool ok = TransferData(ssl, sock);
-
- SSL_free(ssl);
- SSL_CTX_free(ctx);
- return ok;
+ return TransferData(ssl.get(), sock);
}
diff --git a/tool/speed.cc b/tool/speed.cc
index d5f94e1..8c6a710 100644
--- a/tool/speed.cc
+++ b/tool/speed.cc
@@ -203,7 +203,7 @@
size_t chunk_len, size_t ad_len) {
static const unsigned kAlignment = 16;
- EVP_AEAD_CTX ctx;
+ bssl::ScopedEVP_AEAD_CTX ctx;
const size_t key_len = EVP_AEAD_key_length(aead);
const size_t nonce_len = EVP_AEAD_nonce_length(aead);
const size_t overhead_len = EVP_AEAD_max_overhead(aead);
@@ -222,7 +222,7 @@
uint8_t *const out = align(out_storage.get(), kAlignment);
memset(out, 0, chunk_len + overhead_len);
- if (!EVP_AEAD_CTX_init_with_direction(&ctx, aead, key.get(), key_len,
+ if (!EVP_AEAD_CTX_init_with_direction(ctx.get(), aead, key.get(), key_len,
EVP_AEAD_DEFAULT_TAG_LENGTH,
evp_aead_seal)) {
fprintf(stderr, "Failed to create EVP_AEAD_CTX.\n");
@@ -234,10 +234,9 @@
if (!TimeFunction(&results, [chunk_len, overhead_len, nonce_len, ad_len, in,
out, &ctx, &nonce, &ad]() -> bool {
size_t out_len;
-
- return EVP_AEAD_CTX_seal(
- &ctx, out, &out_len, chunk_len + overhead_len, nonce.get(),
- nonce_len, in, chunk_len, ad.get(), ad_len);
+ return EVP_AEAD_CTX_seal(ctx.get(), out, &out_len,
+ chunk_len + overhead_len, nonce.get(),
+ nonce_len, in, chunk_len, ad.get(), ad_len);
})) {
fprintf(stderr, "EVP_AEAD_CTX_seal failed.\n");
ERR_print_errors_fp(stderr);
@@ -245,9 +244,6 @@
}
results.PrintWithBytes(name + " seal", chunk_len);
-
- EVP_AEAD_CTX_cleanup(&ctx);
-
return true;
}
@@ -547,15 +543,16 @@
}
TimeResults results;
- NEWHOPE_POLY *sk = NEWHOPE_POLY_new();
+ bssl::UniquePtr<NEWHOPE_POLY> sk(NEWHOPE_POLY_new());
uint8_t acceptmsg[NEWHOPE_ACCEPTMSG_LENGTH];
RAND_bytes(acceptmsg, sizeof(acceptmsg));
- if (!TimeFunction(&results, [sk, &acceptmsg]() -> bool {
+ if (!TimeFunction(&results, [&sk, &acceptmsg]() -> bool {
uint8_t key[SHA256_DIGEST_LENGTH];
uint8_t offermsg[NEWHOPE_OFFERMSG_LENGTH];
- NEWHOPE_offer(offermsg, sk);
- if (!NEWHOPE_finish(key, sk, acceptmsg, NEWHOPE_ACCEPTMSG_LENGTH)) {
+ NEWHOPE_offer(offermsg, sk.get());
+ if (!NEWHOPE_finish(key, sk.get(), acceptmsg,
+ NEWHOPE_ACCEPTMSG_LENGTH)) {
return false;
}
return true;
@@ -564,7 +561,6 @@
return false;
}
- NEWHOPE_POLY_free(sk);
results.Print("newhope key exchange");
return true;
}
@@ -599,45 +595,43 @@
g_timeout_seconds = atoi(args_map["-timeout"].c_str());
}
- RSA *key = RSA_private_key_from_bytes(kDERRSAPrivate2048,
- kDERRSAPrivate2048Len);
- if (key == NULL) {
+ bssl::UniquePtr<RSA> key(
+ RSA_private_key_from_bytes(kDERRSAPrivate2048, kDERRSAPrivate2048Len));
+ if (key == nullptr) {
fprintf(stderr, "Failed to parse RSA key.\n");
ERR_print_errors_fp(stderr);
return false;
}
- if (!SpeedRSA("RSA 2048", key, selected)) {
+ if (!SpeedRSA("RSA 2048", key.get(), selected)) {
return false;
}
- RSA_free(key);
- key = RSA_private_key_from_bytes(kDERRSAPrivate3Prime2048,
- kDERRSAPrivate3Prime2048Len);
- if (key == NULL) {
+ key.reset(RSA_private_key_from_bytes(kDERRSAPrivate3Prime2048,
+ kDERRSAPrivate3Prime2048Len));
+ if (key == nullptr) {
fprintf(stderr, "Failed to parse RSA key.\n");
ERR_print_errors_fp(stderr);
return false;
}
- if (!SpeedRSA("RSA 2048 (3 prime, e=3)", key, selected)) {
+ if (!SpeedRSA("RSA 2048 (3 prime, e=3)", key.get(), selected)) {
return false;
}
- RSA_free(key);
- key = RSA_private_key_from_bytes(kDERRSAPrivate4096,
- kDERRSAPrivate4096Len);
- if (key == NULL) {
+ key.reset(
+ RSA_private_key_from_bytes(kDERRSAPrivate4096, kDERRSAPrivate4096Len));
+ if (key == nullptr) {
fprintf(stderr, "Failed to parse 4096-bit RSA key.\n");
ERR_print_errors_fp(stderr);
return 1;
}
- if (!SpeedRSA("RSA 4096", key, selected)) {
+ if (!SpeedRSA("RSA 4096", key.get(), selected)) {
return false;
}
- RSA_free(key);
+ key.reset();
// kTLSADLen is the number of bytes of additional data that TLS passes to
// AEADs.
diff --git a/tool/transport_common.cc b/tool/transport_common.cc
index d5326b5..8761fea 100644
--- a/tool/transport_common.cc
+++ b/tool/transport_common.cc
@@ -268,16 +268,15 @@
fprintf(stderr, " ALPN protocol: %.*s\n", alpn_len, alpn);
// Print the server cert subject and issuer names.
- X509 *peer = SSL_get_peer_certificate(ssl);
- if (peer != NULL) {
+ bssl::UniquePtr<X509> peer(SSL_get_peer_certificate(ssl));
+ if (peer != nullptr) {
fprintf(stderr, " Cert subject: ");
- X509_NAME_print_ex_fp(stderr, X509_get_subject_name(peer), 0,
+ X509_NAME_print_ex_fp(stderr, X509_get_subject_name(peer.get()), 0,
XN_FLAG_ONELINE);
fprintf(stderr, "\n Cert issuer: ");
- X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(peer), 0,
+ X509_NAME_print_ex_fp(stderr, X509_get_issuer_name(peer.get()), 0,
XN_FLAG_ONELINE);
fprintf(stderr, "\n");
- X509_free(peer);
}
}
