Skip to content

Commit 649a07a

Browse files
jasnelljasnell
committed
src: move more crypto to ncrypto
1 parent defd263 commit 649a07a

File tree

7 files changed

+204
-88
lines changed

7 files changed

+204
-88
lines changed

deps/ncrypto/ncrypto.cc

Lines changed: 87 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -815,7 +815,7 @@ bool PrintGeneralName(const BIOPointer& out, const GENERAL_NAME* gen) {
815815

816816
bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) {
817817
auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
818-
NCRYPTO_ASSERT_EQUAL(ret, NID_subject_alt_name, "unexpected extension type");
818+
if (ret != NID_subject_alt_name) return false;
819819

820820
GENERAL_NAMES* names = static_cast<GENERAL_NAMES*>(X509V3_EXT_d2i(ext));
821821
if (names == nullptr) return false;
@@ -838,7 +838,7 @@ bool SafeX509SubjectAltNamePrint(const BIOPointer& out, X509_EXTENSION* ext) {
838838

839839
bool SafeX509InfoAccessPrint(const BIOPointer& out, X509_EXTENSION* ext) {
840840
auto ret = OBJ_obj2nid(X509_EXTENSION_get_object(ext));
841-
NCRYPTO_ASSERT_EQUAL(ret, NID_info_access, "unexpected extension type");
841+
if (ret != NID_info_access) return false;
842842

843843
AUTHORITY_INFO_ACCESS* descs =
844844
static_cast<AUTHORITY_INFO_ACCESS*>(X509V3_EXT_d2i(ext));
@@ -1173,7 +1173,6 @@ bool X509View::enumUsages(UsageCallback callback) const {
11731173
const int count = sk_ASN1_OBJECT_num(eku.get());
11741174
char buf[256]{};
11751175

1176-
int j = 0;
11771176
for (int i = 0; i < count; i++) {
11781177
if (OBJ_obj2txt(buf, sizeof(buf), sk_ASN1_OBJECT_value(eku.get(), i), 1) >=
11791178
0) {
@@ -1186,7 +1185,6 @@ bool X509View::enumUsages(UsageCallback callback) const {
11861185
bool X509View::ifRsa(KeyCallback<Rsa> callback) const {
11871186
if (cert_ == nullptr) return true;
11881187
OSSL3_CONST EVP_PKEY* pkey = X509_get0_pubkey(cert_);
1189-
OSSL3_CONST RSA* rsa = nullptr;
11901188
auto id = EVP_PKEY_id(pkey);
11911189
if (id == EVP_PKEY_RSA || id == EVP_PKEY_RSA2 || id == EVP_PKEY_RSA_PSS) {
11921190
Rsa rsa(EVP_PKEY_get0_RSA(pkey));
@@ -1200,7 +1198,6 @@ bool X509View::ifRsa(KeyCallback<Rsa> callback) const {
12001198
bool X509View::ifEc(KeyCallback<Ec> callback) const {
12011199
if (cert_ == nullptr) return true;
12021200
OSSL3_CONST EVP_PKEY* pkey = X509_get0_pubkey(cert_);
1203-
OSSL3_CONST EC_KEY* ec = nullptr;
12041201
auto id = EVP_PKEY_id(pkey);
12051202
if (id == EVP_PKEY_EC) {
12061203
Ec ec(EVP_PKEY_get0_EC_KEY(pkey));
@@ -2383,7 +2380,7 @@ EVPKeyPointer::operator Rsa() const {
23832380

23842381
// TODO(tniessen): Remove the "else" branch once we drop support for OpenSSL
23852382
// versions older than 1.1.1e via FIPS / dynamic linking.
2386-
const RSA* rsa;
2383+
OSSL3_CONST RSA* rsa;
23872384
if (OPENSSL_VERSION_NUMBER >= 0x1010105fL) {
23882385
rsa = EVP_PKEY_get0_RSA(get());
23892386
} else {
@@ -3417,7 +3414,7 @@ DataPointer CipherImpl(const EVPKeyPointer& key,
34173414

34183415
Rsa::Rsa() : rsa_(nullptr) {}
34193416

3420-
Rsa::Rsa(const RSA* ptr) : rsa_(ptr) {}
3417+
Rsa::Rsa(OSSL3_CONST RSA* ptr) : rsa_(ptr) {}
34213418

34223419
const Rsa::PublicKey Rsa::getPublicKey() const {
34233420
if (rsa_ == nullptr) return {};
@@ -3553,7 +3550,7 @@ DataPointer Cipher::recover(const EVPKeyPointer& key,
35533550

35543551
Ec::Ec() : ec_(nullptr) {}
35553552

3556-
Ec::Ec(const EC_KEY* key) : ec_(key) {}
3553+
Ec::Ec(OSSL3_CONST EC_KEY* key) : ec_(key) {}
35573554

35583555
const EC_GROUP* Ec::getGroup() const {
35593556
return ECKeyPointer::GetGroup(ec_);
@@ -3615,7 +3612,7 @@ DataPointer EVPMDCtxPointer::digestFinal(size_t length) {
36153612
}
36163613

36173614
bool EVPMDCtxPointer::digestFinalInto(Buffer<void>* buf) {
3618-
if (!ctx_) false;
3615+
if (!ctx_) return false;
36193616

36203617
auto ptr = static_cast<unsigned char*>(buf->data);
36213618

@@ -3735,4 +3732,85 @@ bool extractP1363(const Buffer<const unsigned char>& buf,
37353732
BignumPointer::EncodePaddedInto(asn1_sig.s(), dest + n, n) > 0;
37363733
}
37373734

3735+
// ============================================================================
3736+
3737+
HMACCtxPointer::HMACCtxPointer() : ctx_(nullptr) {}
3738+
3739+
HMACCtxPointer::HMACCtxPointer(HMAC_CTX* ctx) : ctx_(ctx) {}
3740+
3741+
HMACCtxPointer::HMACCtxPointer(HMACCtxPointer&& other) noexcept
3742+
: ctx_(other.release()) {}
3743+
3744+
HMACCtxPointer& HMACCtxPointer::operator=(HMACCtxPointer&& other) noexcept {
3745+
ctx_.reset(other.release());
3746+
return *this;
3747+
}
3748+
3749+
HMACCtxPointer::~HMACCtxPointer() {
3750+
reset();
3751+
}
3752+
3753+
void HMACCtxPointer::reset(HMAC_CTX* ctx) {
3754+
ctx_.reset(ctx);
3755+
}
3756+
3757+
HMAC_CTX* HMACCtxPointer::release() {
3758+
return ctx_.release();
3759+
}
3760+
3761+
bool HMACCtxPointer::init(const Buffer<const void>& buf, const EVP_MD* md) {
3762+
if (!ctx_) return false;
3763+
return HMAC_Init_ex(ctx_.get(), buf.data, buf.len, md, nullptr) == 1;
3764+
}
3765+
3766+
bool HMACCtxPointer::update(const Buffer<const void>& buf) {
3767+
if (!ctx_) return false;
3768+
return HMAC_Update(ctx_.get(),
3769+
static_cast<const unsigned char*>(buf.data),
3770+
buf.len) == 1;
3771+
}
3772+
3773+
DataPointer HMACCtxPointer::digest() {
3774+
auto data = DataPointer::Alloc(EVP_MAX_MD_SIZE);
3775+
if (!data) return {};
3776+
Buffer<void> buf = data;
3777+
if (!digestInto(&buf)) return {};
3778+
return data.resize(buf.len);
3779+
}
3780+
3781+
bool HMACCtxPointer::digestInto(Buffer<void>* buf) {
3782+
if (!ctx_) return false;
3783+
3784+
unsigned int len = buf->len;
3785+
if (!HMAC_Final(ctx_.get(), static_cast<unsigned char*>(buf->data), &len)) {
3786+
return false;
3787+
}
3788+
buf->len = len;
3789+
return true;
3790+
}
3791+
3792+
HMACCtxPointer HMACCtxPointer::New() {
3793+
return HMACCtxPointer(HMAC_CTX_new());
3794+
}
3795+
3796+
DataPointer hashDigest(const Buffer<const unsigned char>& buf,
3797+
const EVP_MD* md) {
3798+
if (md == nullptr) return {};
3799+
size_t md_len = EVP_MD_size(md);
3800+
unsigned int result_size;
3801+
auto data = DataPointer::Alloc(md_len);
3802+
if (!data) return {};
3803+
3804+
if (!EVP_Digest(buf.data,
3805+
buf.len,
3806+
reinterpret_cast<unsigned char*>(data.get()),
3807+
&result_size,
3808+
md,
3809+
nullptr)) {
3810+
return {};
3811+
}
3812+
3813+
return data.resize(result_size);
3814+
}
3815+
37383816
} // namespace ncrypto

deps/ncrypto/ncrypto.h

Lines changed: 36 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -201,7 +201,6 @@ struct FunctionDeleter {
201201
template <typename T, void (*function)(T*)>
202202
using DeleteFnPtr = typename FunctionDeleter<T, function>::Pointer;
203203

204-
using HMACCtxPointer = DeleteFnPtr<HMAC_CTX, HMAC_CTX_free>;
205204
using PKCS8Pointer = DeleteFnPtr<PKCS8_PRIV_KEY_INFO, PKCS8_PRIV_KEY_INFO_free>;
206205
using RSAPointer = DeleteFnPtr<RSA, RSA_free>;
207206
using SSLSessionPointer = DeleteFnPtr<SSL_SESSION, SSL_SESSION_free>;
@@ -239,6 +238,9 @@ struct Buffer {
239238
size_t len = 0;
240239
};
241240

241+
DataPointer hashDigest(const Buffer<const unsigned char>& data,
242+
const EVP_MD* md);
243+
242244
class Cipher final {
243245
public:
244246
Cipher() = default;
@@ -300,11 +302,11 @@ class Cipher final {
300302
class Rsa final {
301303
public:
302304
Rsa();
303-
Rsa(const RSA* rsa);
305+
Rsa(OSSL3_CONST RSA* rsa);
304306
NCRYPTO_DISALLOW_COPY_AND_MOVE(Rsa)
305307

306308
inline operator bool() const { return rsa_ != nullptr; }
307-
inline operator const RSA*() const { return rsa_; }
309+
inline operator OSSL3_CONST RSA*() const { return rsa_; }
308310

309311
struct PublicKey {
310312
const BIGNUM* n;
@@ -346,23 +348,23 @@ class Rsa final {
346348
const Buffer<const void> in);
347349

348350
private:
349-
const RSA* rsa_;
351+
OSSL3_CONST RSA* rsa_;
350352
};
351353

352354
class Ec final {
353355
public:
354356
Ec();
355-
Ec(const EC_KEY* key);
357+
Ec(OSSL3_CONST EC_KEY* key);
356358
NCRYPTO_DISALLOW_COPY_AND_MOVE(Ec)
357359

358360
const EC_GROUP* getGroup() const;
359361
int getCurve() const;
360362

361363
inline operator bool() const { return ec_ != nullptr; }
362-
inline operator const EC_KEY*() const { return ec_; }
364+
inline operator OSSL3_CONST EC_KEY*() const { return ec_; }
363365

364366
private:
365-
const EC_KEY* ec_ = nullptr;
367+
OSSL3_CONST EC_KEY* ec_ = nullptr;
366368
};
367369

368370
// A managed pointer to a buffer of data. When destroyed the underlying
@@ -1185,6 +1187,33 @@ class EVPMDCtxPointer final {
11851187
DeleteFnPtr<EVP_MD_CTX, EVP_MD_CTX_free> ctx_;
11861188
};
11871189

1190+
class HMACCtxPointer final {
1191+
public:
1192+
HMACCtxPointer();
1193+
explicit HMACCtxPointer(HMAC_CTX* ctx);
1194+
HMACCtxPointer(HMACCtxPointer&& other) noexcept;
1195+
HMACCtxPointer& operator=(HMACCtxPointer&& other) noexcept;
1196+
NCRYPTO_DISALLOW_COPY(HMACCtxPointer)
1197+
~HMACCtxPointer();
1198+
1199+
inline bool operator==(std::nullptr_t) noexcept { return ctx_ == nullptr; }
1200+
inline operator bool() const { return ctx_ != nullptr; }
1201+
inline HMAC_CTX* get() const { return ctx_.get(); }
1202+
inline operator HMAC_CTX*() const { return ctx_.get(); }
1203+
void reset(HMAC_CTX* ctx = nullptr);
1204+
HMAC_CTX* release();
1205+
1206+
bool init(const Buffer<const void>& buf, const EVP_MD* md);
1207+
bool update(const Buffer<const void>& buf);
1208+
DataPointer digest();
1209+
bool digestInto(Buffer<void>* buf);
1210+
1211+
static HMACCtxPointer New();
1212+
1213+
private:
1214+
DeleteFnPtr<HMAC_CTX, HMAC_CTX_free> ctx_;
1215+
};
1216+
11881217
#ifndef OPENSSL_NO_ENGINE
11891218
class EnginePointer final {
11901219
public:

0 commit comments

Comments
 (0)