diff options
author | Daniel Kurtz <djkurtz@chromium.org> | 2019-10-17 20:45:53 +1100 |
---|---|---|
committer | chrome-bot <chrome-bot@chromium.org> | 2019-10-22 13:28:25 -0700 |
commit | 6461083d670bec9ba6658da529518f00904486b7 (patch) | |
tree | 1af5560f67f2fd2f589a771ba91a0dfe1a28d570 /policy | |
parent | 0d9cd1b04d4854557aece42aab60768f02d347f2 (diff) | |
download | libbrillo-6461083d670bec9ba6658da529518f00904486b7.tar.gz |
libbrillo: Use a unique_ptr for EVP_MD_CTX
In OpenSSL 1.1, the EVP_MD_CTX struct will become opaque, and therefore
it will not be possible to allocate on the stack.
Replace this stack allocation with a heap allocated EVP_MD_CTX using the
existing OpenSSL 1.0.2 create/destroy APIs, and manage its lifetime using
a unique_ptr<>.
Note: There are cases (sludge, tael, tatl), where libbrillo is built
against a libchrome that has been built w/out libbase-crypto (ie,
USE="-crypto"). For this reason, we don't use the equivalent
crypto::ScopedEVP_MD_CTX type for this one instance of this in libbrillo.
BUG=chromium:737445
TEST=cros_workon --board=sarien start libbrillo
TEST=w/ openssl-1.0.2t: FEATURES=test emerge-sarien libbrillo
TEST=w/ openssl-1.1.0j: FEATURES=test emerge-sarien libbrillo
=> Both build and pass all unittests
Change-Id: Ic0a43b9c85fcb967c1b381b1602c03f48ac5dcef
Reviewed-on: https://chromium-review.googlesource.com/1866378
Tested-by: Daniel Kurtz <djkurtz@chromium.org>
Commit-Ready: ChromeOS CL Exonerator Bot <chromiumos-cl-exonerator@appspot.gserviceaccount.com>
Legacy-Commit-Queue: Commit Bot <commit-bot@chromium.org>
Reviewed-by: Mike Frysinger <vapier@chromium.org>
Reviewed-by: Nick Crews <ncrews@chromium.org>
Cr-Mirrored-From: https://chromium.googlesource.com/chromiumos/platform2
Cr-Mirrored-Commit: aacc8d458f6cf1353471de9bd02d385b1375325a
Diffstat (limited to 'policy')
-rw-r--r-- | policy/device_policy_impl.cc | 18 |
1 files changed, 8 insertions, 10 deletions
diff --git a/policy/device_policy_impl.cc b/policy/device_policy_impl.cc index 958b7eb..eaf90c9 100644 --- a/policy/device_policy_impl.cc +++ b/policy/device_policy_impl.cc @@ -55,36 +55,34 @@ bool ReadPublicKeyFromFile(const base::FilePath& key_file, bool VerifySignature(const std::string& signed_data, const std::string& signature, const std::string& public_key) { - EVP_MD_CTX ctx; - EVP_MD_CTX_init(&ctx); + std::unique_ptr<EVP_MD_CTX, void (*)(EVP_MD_CTX *)> ctx(EVP_MD_CTX_create(), + EVP_MD_CTX_destroy); + if (!ctx) + return false; const EVP_MD* digest = EVP_sha1(); char* key = const_cast<char*>(public_key.data()); BIO* bio = BIO_new_mem_buf(key, public_key.length()); - if (!bio) { - EVP_MD_CTX_cleanup(&ctx); + if (!bio) return false; - } EVP_PKEY* public_key_ssl = d2i_PUBKEY_bio(bio, nullptr); if (!public_key_ssl) { BIO_free_all(bio); - EVP_MD_CTX_cleanup(&ctx); return false; } const unsigned char* sig = reinterpret_cast<const unsigned char*>(signature.data()); - int rv = EVP_VerifyInit_ex(&ctx, digest, nullptr); + int rv = EVP_VerifyInit_ex(ctx.get(), digest, nullptr); if (rv == 1) { - EVP_VerifyUpdate(&ctx, signed_data.data(), signed_data.length()); - rv = EVP_VerifyFinal(&ctx, sig, signature.length(), public_key_ssl); + EVP_VerifyUpdate(ctx.get(), signed_data.data(), signed_data.length()); + rv = EVP_VerifyFinal(ctx.get(), sig, signature.length(), public_key_ssl); } EVP_PKEY_free(public_key_ssl); BIO_free_all(bio); - EVP_MD_CTX_cleanup(&ctx); return rv == 1; } |