From a1b1a449e75833b74c7bbfc7f7b19cb346e094a7 Mon Sep 17 00:00:00 2001 From: Jack Del Vecchio Date: Tue, 19 Nov 2024 10:26:41 -0500 Subject: [PATCH] Revert some changes to size32_t - Where the api requests an int - Hit and Misses counters in the caches - The hash of the PKey stored in the cash Add typedef for unique pointer and clean up code for adding to the cache --- plugins/sslservices/sslservices.cpp | 47 +++++++++++++++-------------- 1 file changed, 25 insertions(+), 22 deletions(-) diff --git a/plugins/sslservices/sslservices.cpp b/plugins/sslservices/sslservices.cpp index 583a50262a3..8a58cafdab1 100644 --- a/plugins/sslservices/sslservices.cpp +++ b/plugins/sslservices/sslservices.cpp @@ -60,7 +60,6 @@ namespace nsSSLServices void failOpenSSLError(const std::string& context) { - size_t errCode = 0; char buffer[120]; ERR_error_string_n(ERR_get_error(), buffer, sizeof(buffer)); @@ -77,7 +76,7 @@ void failOpenSSLError(const std::string& context) int passphraseCB(char *passPhraseBuf, int passPhraseBufSize, int rwflag, void *pPassPhraseMB) { size32_t len = ((MemoryBuffer*)pPassPhraseMB)->length(); - if (passPhraseBufSize >= len) + if (((size32_t)passPhraseBufSize) >= len) { memcpy(passPhraseBuf, ((MemoryBuffer*)pPassPhraseMB)->bufferBase(), len); return len; @@ -141,8 +140,8 @@ class AlgorithmCache void clear() {cache.clear();} private: - size32_t hits; - size32_t misses; + unsigned hits; + unsigned misses; std::string cacheName; std::list> cache; @@ -153,7 +152,6 @@ class AlgorithmCache template <> void AlgorithmCache::setCacheName() {cacheName = "CIPHER";} - template <> void AlgorithmCache::setCacheName() {cacheName = "DIGEST";} @@ -163,6 +161,8 @@ const EVP_CIPHER * AlgorithmCache::getObjectByName(const char * name template <> const EVP_MD * AlgorithmCache::getObjectByName(const char * name) { return EVP_get_digestbyname(name); } +typedef std::unique_ptr UniquePKey; + // PEM Public/Private keys require parsing from a string // Store the hash of the original string and parsed key class PKeyCache @@ -204,7 +204,8 @@ class PKeyCache if (pkey) { - cache.emplace_front(hashc(reinterpret_cast(passphrase), passphraseLen, hashc(reinterpret_cast(key), keyLen, 0)), std::move(std::unique_ptr(pkey, EVP_PKEY_free))); + unsigned PkeyHash = hashc(reinterpret_cast(passphrase), passphraseLen, hashc(reinterpret_cast(key), keyLen, 0)); + cache.emplace_front(PkeyHash, std::move(UniquePKey(pkey, EVP_PKEY_free))); if (cache.size() > SSLSERVICES_MAX_CACHE_SIZE) cache.pop_back(); } @@ -219,9 +220,9 @@ class PKeyCache void printStatistics() {DBGLOG("SSLSERVICES PKEY CACHE STATS: HITS = %d, MISSES = %d", hits, misses);} private: - size32_t hits; - size32_t misses; - std::list>> cache; + unsigned hits; + unsigned misses; + std::list> cache; }; @@ -234,7 +235,7 @@ static thread_local AlgorithmCache digestCache; using namespace nsSSLServices; //-------------------------------------------------------------------------- -// Advertised Entry Posize32_t Functions +// Advertised Entry Point Functions //-------------------------------------------------------------------------- SSLSERVICES_API void SSLSERVICES_CALL digestAvailableAlgorithms(ICodeContext *ctx, size32_t & __lenResult, void * & __result) @@ -398,17 +399,17 @@ SSLSERVICES_API void SSLSERVICES_CALL cipherEncrypt(ICodeContext *ctx, size32_t try { - size32_t len = 0; + int len = 0; size32_t ciphertextLen = 0; if (EVP_EncryptInit_ex(encryptCtx, cipher, nullptr, static_cast(key.bufferBase()),static_cast(iv.bufferBase())) != 1) failOpenSSLError("EVP_EncryptInit_ex"); - if (EVP_EncryptUpdate(encryptCtx, static_cast(resultBuffer.bufferBase()), reinterpret_cast(&len), static_cast(_plaintext), len_plaintext) != 1) + if (EVP_EncryptUpdate(encryptCtx, static_cast(resultBuffer.bufferBase()), &len, static_cast(_plaintext), len_plaintext) != 1) failOpenSSLError("EVP_EncryptUpdate"); ciphertextLen = len; - if (EVP_EncryptFinal_ex(encryptCtx, static_cast(resultBuffer.bufferBase()) + len, reinterpret_cast(&len)) != 1) + if (EVP_EncryptFinal_ex(encryptCtx, static_cast(resultBuffer.bufferBase()) + len, &len) != 1) failOpenSSLError("EVP_EncryptFinal_ex"); ciphertextLen += len; __lenResult = ciphertextLen; @@ -473,17 +474,17 @@ SSLSERVICES_API void SSLSERVICES_CALL cipherDecrypt(ICodeContext *ctx, size32_t try { - size32_t len = 0; + int len = 0; size32_t plaintextLen = 0; if (EVP_DecryptInit_ex(decryptCtx, cipher, nullptr, static_cast(key.bufferBase()), static_cast(iv.bufferBase())) != 1) failOpenSSLError("EVP_DecryptInit_ex"); - if (EVP_DecryptUpdate(decryptCtx, static_cast(resultBuffer.bufferBase()), reinterpret_cast(&len), static_cast(_ciphertext), len_ciphertext) != 1) + if (EVP_DecryptUpdate(decryptCtx, static_cast(resultBuffer.bufferBase()), &len, static_cast(_ciphertext), len_ciphertext) != 1) failOpenSSLError("EVP_DecryptUpdate"); plaintextLen = len; - if (EVP_DecryptFinal_ex(decryptCtx, static_cast(resultBuffer.bufferBase()) + len, reinterpret_cast(&len)) != 1) + if (EVP_DecryptFinal_ex(decryptCtx, static_cast(resultBuffer.bufferBase()) + len, &len) != 1) failOpenSSLError("EVP_DecryptFinal_ex"); plaintextLen += len; __lenResult = plaintextLen; @@ -559,13 +560,13 @@ SSLSERVICES_API void SSLSERVICES_CALL pkRSASeal(ICodeContext *ctx, size32_t & __ failOpenSSLError("EVP_SealInit"); // Update the envelope (encrypt the plaintext) - size32_t len = 0; - if (EVP_SealUpdate(encryptCtx, static_cast(ciphertext.bufferBase()), reinterpret_cast(&len), reinterpret_cast(_plaintext), len_plaintext) != 1) + int len = 0; + if (EVP_SealUpdate(encryptCtx, static_cast(ciphertext.bufferBase()), &len, reinterpret_cast(_plaintext), len_plaintext) != 1) failOpenSSLError("EVP_SealUpdate"); ciphertextLen = len; // Finalize the envelope's ciphertext - if (EVP_SealFinal(encryptCtx, static_cast(ciphertext.bufferBase()) + len, reinterpret_cast(&len)) != 1) + if (EVP_SealFinal(encryptCtx, static_cast(ciphertext.bufferBase()) + len, &len) != 1) failOpenSSLError("EVP_SealFinal"); ciphertextLen += len; @@ -603,6 +604,8 @@ SSLSERVICES_API void SSLSERVICES_CALL pkRSASeal(ICodeContext *ctx, size32_t & __ { if (encryptCtx) EVP_CIPHER_CTX_free(encryptCtx); + for (size_t i = 0; i < publicKeys.size(); i++) + delete [] encryptedKeys[i]; delete [] encryptedKeys; __lenResult = 0; rtlFree(__result); @@ -684,12 +687,12 @@ SSLSERVICES_API void SSLSERVICES_CALL pkRSAUnseal(ICodeContext *ctx, size32_t & size32_t plaintextLen = newCipherTextLen; plaintext.ensureCapacity(plaintextLen); - size32_t len = 0; - if (EVP_OpenUpdate(decryptCtx, static_cast(plaintext.bufferBase()), reinterpret_cast(&len), newCipherText, newCipherTextLen) != 1) + int len = 0; + if (EVP_OpenUpdate(decryptCtx, static_cast(plaintext.bufferBase()), &len, newCipherText, newCipherTextLen) != 1) failOpenSSLError("EVP_OpenUpdate"); plaintextLen = len; - if (EVP_OpenFinal(decryptCtx, static_cast(plaintext.bufferBase()) + len, reinterpret_cast(&len)) != 1) + if (EVP_OpenFinal(decryptCtx, static_cast(plaintext.bufferBase()) + len, &len) != 1) failOpenSSLError("EVP_OpenFinal"); plaintextLen += len;