diff --git a/src/shrpx.cc b/src/shrpx.cc index b8dc1396..d828084a 100644 --- a/src/shrpx.cc +++ b/src/shrpx.cc @@ -611,8 +611,8 @@ int generate_ticket_key(TicketKey &ticket_key) { ticket_key.hmac_keylen = EVP_MD_size(ticket_key.hmac); assert(static_cast(EVP_CIPHER_key_length(ticket_key.cipher)) <= - sizeof(ticket_key.data.enc_key)); - assert(ticket_key.hmac_keylen <= sizeof(ticket_key.data.hmac_key)); + ticket_key.data.enc_key.size()); + assert(ticket_key.hmac_keylen <= ticket_key.data.hmac_key.size()); if (LOG_ENABLED(INFO)) { LOG(INFO) << "enc_keylen=" << EVP_CIPHER_key_length(ticket_key.cipher) diff --git a/src/shrpx_config.cc b/src/shrpx_config.cc index d5046d60..51daf44a 100644 --- a/src/shrpx_config.cc +++ b/src/shrpx_config.cc @@ -155,7 +155,7 @@ read_tls_ticket_key_file(const std::vector &files, // with nginx and apache. hmac_keylen = 16; } - auto expectedlen = sizeof(keys[0].data.name) + enc_keylen + hmac_keylen; + auto expectedlen = keys[0].data.name.size() + enc_keylen + hmac_keylen; char buf[256]; assert(sizeof(buf) >= expectedlen); @@ -201,11 +201,11 @@ read_tls_ticket_key_file(const std::vector &files, } auto p = buf; - memcpy(key.data.name, p, sizeof(key.data.name)); - p += sizeof(key.data.name); - memcpy(key.data.enc_key, p, enc_keylen); + std::copy_n(p, key.data.name.size(), std::begin(key.data.name)); + p += key.data.name.size(); + std::copy_n(p, enc_keylen, std::begin(key.data.enc_key)); p += enc_keylen; - memcpy(key.data.hmac_key, p, hmac_keylen); + std::copy_n(p, hmac_keylen, std::begin(key.data.hmac_key)); if (LOG_ENABLED(INFO)) { LOG(INFO) << "session ticket key: " << util::format_hex(key.data.name); diff --git a/src/shrpx_config.h b/src/shrpx_config.h index 49e1352c..742ceada 100644 --- a/src/shrpx_config.h +++ b/src/shrpx_config.h @@ -229,11 +229,11 @@ struct TicketKey { size_t hmac_keylen; struct { // name of this ticket configuration - uint8_t name[16]; + std::array name; // encryption key for |cipher| - uint8_t enc_key[32]; + std::array enc_key; // hmac key for |hmac| - uint8_t hmac_key[32]; + std::array hmac_key; } data; }; diff --git a/src/shrpx_config_test.cc b/src/shrpx_config_test.cc index 8ccd458c..e03c8c0c 100644 --- a/src/shrpx_config_test.cc +++ b/src/shrpx_config_test.cc @@ -192,16 +192,24 @@ void test_shrpx_config_read_tls_ticket_key_file(void) { CU_ASSERT(ticket_keys.get() != nullptr); CU_ASSERT(2 == ticket_keys->keys.size()); auto key = &ticket_keys->keys[0]; - CU_ASSERT(0 == - memcmp("0..............1", key->data.name, sizeof(key->data.name))); - CU_ASSERT(0 == memcmp("2..............3", key->data.enc_key, 16)); - CU_ASSERT(0 == memcmp("4..............5", key->data.hmac_key, 16)); + CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name), + "0..............1")); + CU_ASSERT(std::equal(std::begin(key->data.enc_key), + std::begin(key->data.enc_key) + 16, "2..............3")); + CU_ASSERT(std::equal(std::begin(key->data.hmac_key), + std::begin(key->data.hmac_key) + 16, + "4..............5")); + CU_ASSERT(16 == key->hmac_keylen); key = &ticket_keys->keys[1]; - CU_ASSERT(0 == - memcmp("6..............7", key->data.name, sizeof(key->data.name))); - CU_ASSERT(0 == memcmp("8..............9", key->data.enc_key, 16)); - CU_ASSERT(0 == memcmp("a..............b", key->data.hmac_key, 16)); + CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name), + "6..............7")); + CU_ASSERT(std::equal(std::begin(key->data.enc_key), + std::begin(key->data.enc_key) + 16, "8..............9")); + CU_ASSERT(std::equal(std::begin(key->data.hmac_key), + std::begin(key->data.hmac_key) + 16, + "a..............b")); + CU_ASSERT(16 == key->hmac_keylen); } void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) { @@ -227,20 +235,24 @@ void test_shrpx_config_read_tls_ticket_key_file_aes_256(void) { CU_ASSERT(ticket_keys.get() != nullptr); CU_ASSERT(2 == ticket_keys->keys.size()); auto key = &ticket_keys->keys[0]; - CU_ASSERT(0 == - memcmp("0..............1", key->data.name, sizeof(key->data.name))); - CU_ASSERT(0 == - memcmp("2..............................3", key->data.enc_key, 32)); - CU_ASSERT(0 == - memcmp("4..............................5", key->data.hmac_key, 32)); + CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name), + "0..............1")); + CU_ASSERT(std::equal(std::begin(key->data.enc_key), + std::end(key->data.enc_key), + "2..............................3")); + CU_ASSERT(std::equal(std::begin(key->data.hmac_key), + std::end(key->data.hmac_key), + "4..............................5")); key = &ticket_keys->keys[1]; - CU_ASSERT(0 == - memcmp("6..............7", key->data.name, sizeof(key->data.name))); - CU_ASSERT(0 == - memcmp("8..............................9", key->data.enc_key, 32)); - CU_ASSERT(0 == - memcmp("a..............................b", key->data.hmac_key, 32)); + CU_ASSERT(std::equal(std::begin(key->data.name), std::end(key->data.name), + "6..............7")); + CU_ASSERT(std::equal(std::begin(key->data.enc_key), + std::end(key->data.enc_key), + "8..............................9")); + CU_ASSERT(std::equal(std::begin(key->data.hmac_key), + std::end(key->data.hmac_key), + "a..............................b")); } void test_shrpx_config_match_downstream_addr_group(void) { diff --git a/src/shrpx_ssl.cc b/src/shrpx_ssl.cc index 9ef5d20a..400f96bb 100644 --- a/src/shrpx_ssl.cc +++ b/src/shrpx_ssl.cc @@ -335,18 +335,20 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv, << util::format_hex(key.data.name); } - memcpy(key_name, key.data.name, sizeof(key.data.name)); + std::copy(std::begin(key.data.name), std::end(key.data.name), key_name); EVP_EncryptInit_ex(ctx, get_config()->tls_ticket_cipher, nullptr, - key.data.enc_key, iv); - HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr); + key.data.enc_key.data(), iv); + HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac, + nullptr); return 1; } size_t i; for (i = 0; i < keys.size(); ++i) { auto &key = keys[0]; - if (memcmp(key_name, key.data.name, sizeof(key.data.name)) == 0) { + if (std::equal(std::begin(key.data.name), std::end(key.data.name), + key_name)) { break; } } @@ -365,8 +367,9 @@ int ticket_key_cb(SSL *ssl, unsigned char *key_name, unsigned char *iv, } auto &key = keys[i]; - HMAC_Init_ex(hctx, key.data.hmac_key, key.hmac_keylen, key.hmac, nullptr); - EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key, iv); + HMAC_Init_ex(hctx, key.data.hmac_key.data(), key.hmac_keylen, key.hmac, + nullptr); + EVP_DecryptInit_ex(ctx, key.cipher, nullptr, key.data.enc_key.data(), iv); return i == 0 ? 1 : 2; } diff --git a/src/util.h b/src/util.h index 3f60e810..b945e9f2 100644 --- a/src/util.h +++ b/src/util.h @@ -216,6 +216,10 @@ template std::string format_hex(const unsigned char (&s)[N]) { return format_hex(s, N); } +template std::string format_hex(const std::array &s) { + return format_hex(s.data(), s.size()); +} + std::string http_date(time_t t); // Returns given time |t| from epoch in Common Log format (e.g.,