nginx-util: Rework ptr cleanup and error handling
As per @Ansuel's not about ctx cleanup in error path, decided to rework the patch. Changes and Improvements: Smart Pointers for Memory Management: * The `EVP_PKEY_ptr` and `X509_NAME_ptr` smart pointers are used to manage the memory of `EVP_PKEY` and `X509_NAME` objects respectively to ensure proper cleanup. Error Handling: * Improved error messages and exception handling to provide more information about what went wrong. Resource Cleanup: * Ensured all allocated resources are now properly freed in case of an error to prevent memory leaks. Signed-off-by: Sean Khan <datapronix@protonmail.com>
This commit is contained in:
Sean Khan
Rosen Penev
parent
0d0afff918
commit
e5f93c915c
|
|
@ -1,7 +1,6 @@
|
||||||
#ifndef _PX5G_OPENSSL_HPP
|
#ifndef _PX5G_OPENSSL_HPP
|
||||||
#define _PX5G_OPENSSL_HPP
|
#define _PX5G_OPENSSL_HPP
|
||||||
|
|
||||||
// #define OPENSSL_API_COMPAT 0x10102000L
|
|
||||||
#include <fcntl.h>
|
#include <fcntl.h>
|
||||||
#include <openssl/bn.h>
|
#include <openssl/bn.h>
|
||||||
#include <openssl/err.h>
|
#include <openssl/err.h>
|
||||||
|
|
@ -93,25 +92,45 @@ auto gen_eckey(const int curve) -> EVP_PKEY_ptr
|
||||||
|
|
||||||
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr);
|
EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, nullptr);
|
||||||
|
|
||||||
if (!EVP_PKEY_paramgen_init(ctx)) {
|
if (!ctx || !EVP_PKEY_paramgen_init(ctx)) {
|
||||||
throw std::runtime_error("Could not init paramgen");
|
EC_GROUP_free(group);
|
||||||
|
if (ctx) EVP_PKEY_CTX_free(ctx);
|
||||||
|
throw std::runtime_error("gen_eckey error: could not initialize paramgen");
|
||||||
}
|
}
|
||||||
|
|
||||||
EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, curve);
|
if (EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, curve) <= 0) {
|
||||||
|
EVP_PKEY_CTX_free(ctx);
|
||||||
|
EC_GROUP_free(group);
|
||||||
|
std::string errmsg{"gen_eckey error: cannot set curve nid\n"};
|
||||||
|
ERR_print_errors_cb(print_error, &errmsg);
|
||||||
|
throw std::runtime_error(errmsg);
|
||||||
|
}
|
||||||
|
|
||||||
EVP_PKEY* params = nullptr;
|
EVP_PKEY* params = nullptr;
|
||||||
EVP_PKEY_paramgen(ctx, ¶ms);
|
if (EVP_PKEY_paramgen(ctx, ¶ms) <= 0) {
|
||||||
|
EVP_PKEY_CTX_free(ctx);
|
||||||
|
EC_GROUP_free(group);
|
||||||
|
std::string errmsg{"gen_eckey error: cannot generate parameters\n"};
|
||||||
|
ERR_print_errors_cb(print_error, &errmsg);
|
||||||
|
throw std::runtime_error(errmsg);
|
||||||
|
}
|
||||||
|
|
||||||
|
EVP_PKEY_CTX_free(ctx);
|
||||||
|
|
||||||
|
std::unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)> params_ptr(params, EVP_PKEY_free);
|
||||||
|
|
||||||
EVP_PKEY_CTX* key_gen_ctx = EVP_PKEY_CTX_new(params, nullptr);
|
EVP_PKEY_CTX* key_gen_ctx = EVP_PKEY_CTX_new(params, nullptr);
|
||||||
|
|
||||||
if (EVP_PKEY_keygen_init(key_gen_ctx) <= 0) {
|
if (!key_gen_ctx || EVP_PKEY_keygen_init(key_gen_ctx) <= 0) {
|
||||||
|
EC_GROUP_free(group);
|
||||||
|
if (key_gen_ctx) EVP_PKEY_CTX_free(key_gen_ctx);
|
||||||
std::string errmsg{"gen_eckey error: cannot initialize key generation context\n"};
|
std::string errmsg{"gen_eckey error: cannot initialize key generation context\n"};
|
||||||
ERR_print_errors_cb(print_error, &errmsg);
|
ERR_print_errors_cb(print_error, &errmsg);
|
||||||
throw std::runtime_error(errmsg);
|
throw std::runtime_error(errmsg);
|
||||||
}
|
}
|
||||||
|
|
||||||
EVP_PKEY* pkey = nullptr;
|
EVP_PKEY* pkey = nullptr;
|
||||||
if (!EVP_PKEY_keygen(key_gen_ctx, &pkey)) {
|
if (EVP_PKEY_keygen(key_gen_ctx, &pkey) <= 0) {
|
||||||
EVP_PKEY_CTX_free(key_gen_ctx);
|
EVP_PKEY_CTX_free(key_gen_ctx);
|
||||||
EC_GROUP_free(group);
|
EC_GROUP_free(group);
|
||||||
std::string errmsg{"gen_eckey error: cannot generate key pair\n"};
|
std::string errmsg{"gen_eckey error: cannot generate key pair\n"};
|
||||||
|
|
@ -119,12 +138,10 @@ auto gen_eckey(const int curve) -> EVP_PKEY_ptr
|
||||||
throw std::runtime_error(errmsg);
|
throw std::runtime_error(errmsg);
|
||||||
}
|
}
|
||||||
|
|
||||||
EVP_PKEY_CTX_free(ctx);
|
EVP_PKEY_CTX_free(key_gen_ctx);
|
||||||
EC_GROUP_free(group);
|
EC_GROUP_free(group);
|
||||||
|
|
||||||
EVP_PKEY_ptr pkey_ptr{pkey, ::EVP_PKEY_free};
|
return EVP_PKEY_ptr{pkey, EVP_PKEY_free};
|
||||||
|
|
||||||
return pkey_ptr;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
auto gen_rsakey(const int keysize) -> EVP_PKEY_ptr
|
auto gen_rsakey(const int keysize) -> EVP_PKEY_ptr
|
||||||
|
|
@ -197,7 +214,7 @@ auto subject2name(const std::string& subject) -> X509_NAME_ptr
|
||||||
throw std::runtime_error("subject2name errror: not starting with /");
|
throw std::runtime_error("subject2name errror: not starting with /");
|
||||||
}
|
}
|
||||||
|
|
||||||
X509_NAME_ptr name = {X509_NAME_new(), ::X509_NAME_free};
|
X509_NAME_ptr name = {X509_NAME_new(), X509_NAME_free};
|
||||||
|
|
||||||
if (!name) {
|
if (!name) {
|
||||||
std::string errmsg{"subject2name error: cannot create X509 name \n"};
|
std::string errmsg{"subject2name error: cannot create X509 name \n"};
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue