diff options
| author | Mark Benvenuto <mark.benvenuto@mongodb.com> | 2019-10-30 18:54:50 +0000 |
|---|---|---|
| committer | evergreen <evergreen@mongodb.com> | 2019-10-30 18:54:50 +0000 |
| commit | 4e3a48b5c9e61fd02b7abc37072dab0a55491f99 (patch) | |
| tree | 02e62bfd21d0b64693802a19be86b604b04e2e5a | |
| parent | a6c0031a6568483a5fa375607cc99af3ead87991 (diff) | |
| download | mongo-4e3a48b5c9e61fd02b7abc37072dab0a55491f99.tar.gz | |
SERVER-44134 Update kms_message library in third_party
23 files changed, 377 insertions, 79 deletions
diff --git a/src/mongo/shell/kms_aws.cpp b/src/mongo/shell/kms_aws.cpp index 911269b8e11..56a71f11ae4 100644 --- a/src/mongo/shell/kms_aws.cpp +++ b/src/mongo/shell/kms_aws.cpp @@ -212,7 +212,7 @@ std::vector<uint8_t> AWSKMSService::encrypt(ConstDataRange cdr, StringData kmsKe AWSConnection connection(_sslManager.get()); auto response = connection.makeOneRequest(_server, ConstDataRange(buffer.get(), buffer_len)); - auto body = kms_response_get_body(response.get()); + auto body = kms_response_get_body(response.get(), nullptr); BSONObj obj = fromjson(body); @@ -265,7 +265,7 @@ SecureVector<uint8_t> AWSKMSService::decrypt(ConstDataRange cdr, BSONObj masterK AWSConnection connection(_sslManager.get()); auto response = connection.makeOneRequest(_server, ConstDataRange(buffer.get(), buffer_len)); - auto body = kms_response_get_body(response.get()); + auto body = kms_response_get_body(response.get(), nullptr); BSONObj obj = fromjson(body); diff --git a/src/third_party/kms-message/src/hexlify.c b/src/third_party/kms-message/src/hexlify.c index 045ac7c1902..be9ee030b93 100644 --- a/src/third_party/kms-message/src/hexlify.c +++ b/src/third_party/kms-message/src/hexlify.c @@ -14,7 +14,7 @@ * limitations under the License. */ -#include <assert.h> +#include "kms_message_private.h" #include <stdint.h> #include <stdio.h> #include <stdlib.h> @@ -47,7 +47,7 @@ unhexlify (const char *hex_chars, size_t *len) pos = buf; while (*hex_chars) { - assert (1 == sscanf (hex_chars, "%2hhx", pos)); + KMS_ASSERT (1 == sscanf (hex_chars, "%2hhx", pos)); pos++; hex_chars += 2; } diff --git a/src/third_party/kms-message/src/kms_caller_identity_request.c b/src/third_party/kms-message/src/kms_caller_identity_request.c new file mode 100644 index 00000000000..d4c12188445 --- /dev/null +++ b/src/third_party/kms-message/src/kms_caller_identity_request.c @@ -0,0 +1,49 @@ +/* + * Copyright 2019-present MongoDB, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"){} + * + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "kms_message/kms_message.h" +#include "kms_message_private.h" +#include "kms_message/kms_b64.h" +#include "kms_request_str.h" + + +kms_request_t * +kms_caller_identity_request_new (const kms_request_opt_t *opt) +{ + kms_request_t *request; + kms_request_str_t *payload = NULL; + + request = kms_request_new ("POST", "/", opt); + if (kms_request_get_error (request)) { + goto done; + } + + if (!(kms_request_add_header_field ( + request, "Content-Type", "application/x-www-form-urlencoded"))) { + goto done; + } + + payload = kms_request_str_new (); + kms_request_str_appendf (payload, + "Action=GetCallerIdentity&Version=2011-06-15"); + kms_request_append_payload (request, payload->str, payload->len); + +done: + kms_request_str_destroy (payload); + + return request; +} diff --git a/src/third_party/kms-message/src/kms_crypto.h b/src/third_party/kms-message/src/kms_crypto.h index 748689366e1..0da50b7a12b 100644 --- a/src/third_party/kms-message/src/kms_crypto.h +++ b/src/third_party/kms-message/src/kms_crypto.h @@ -20,6 +20,20 @@ #include <stdbool.h> #include <stdlib.h> +typedef struct { + bool (*sha256) (void *ctx, + const char *input, + size_t len, + unsigned char *hash_out); + bool (*sha256_hmac) (void *ctx, + const char *key_input, + size_t key_len, + const char *input, + size_t len, + unsigned char *hash_out); + void *ctx; +} _kms_crypto_t; + int kms_crypto_init (); @@ -27,10 +41,11 @@ void kms_crypto_cleanup (); bool -kms_sha256 (const char *input, size_t len, unsigned char *hash_out); +kms_sha256 (void *ctx, const char *input, size_t len, unsigned char *hash_out); bool -kms_sha256_hmac (const char *key_input, +kms_sha256_hmac (void *ctx, + const char *key_input, size_t key_len, const char *input, size_t len, diff --git a/src/third_party/kms-message/src/kms_crypto_apple.c b/src/third_party/kms-message/src/kms_crypto_apple.c index 1fde44fdea7..61da0a62887 100644 --- a/src/third_party/kms-message/src/kms_crypto_apple.c +++ b/src/third_party/kms-message/src/kms_crypto_apple.c @@ -31,7 +31,10 @@ kms_crypto_cleanup () } bool -kms_sha256 (const char *input, size_t len, unsigned char *hash_out) +kms_sha256 (void *unused_ctx, + const char *input, + size_t len, + unsigned char *hash_out) { CC_SHA256_CTX ctx; CC_SHA256_Init (&ctx); @@ -41,7 +44,8 @@ kms_sha256 (const char *input, size_t len, unsigned char *hash_out) } bool -kms_sha256_hmac (const char *key_input, +kms_sha256_hmac (void *unused_ctx, + const char *key_input, size_t key_len, const char *input, size_t len, diff --git a/src/third_party/kms-message/src/kms_crypto_none.c b/src/third_party/kms-message/src/kms_crypto_none.c new file mode 100644 index 00000000000..9ef2147687f --- /dev/null +++ b/src/third_party/kms-message/src/kms_crypto_none.c @@ -0,0 +1,50 @@ +/* + * Copyright 2018-present MongoDB, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#include "kms_crypto.h" + +int +kms_crypto_init () +{ + return 0; +} + +void +kms_crypto_cleanup () +{ +} + +bool +kms_sha256 (void *unused_ctx, + const char *input, + size_t len, + unsigned char *hash_out) +{ + /* only gets called if hooks were mistakenly not set */ + return false; +} + +bool +kms_sha256_hmac (void *unused_ctx, + const char *key_input, + size_t key_len, + const char *input, + size_t len, + unsigned char *hash_out) +{ + /* only gets called if hooks were mistakenly not set */ + return false; +} diff --git a/src/third_party/kms-message/src/kms_crypto_openssl.c b/src/third_party/kms-message/src/kms_crypto_openssl.c index 474660fc7c2..f6202906eb5 100644 --- a/src/third_party/kms-message/src/kms_crypto_openssl.c +++ b/src/third_party/kms-message/src/kms_crypto_openssl.c @@ -48,7 +48,10 @@ kms_crypto_cleanup () } bool -kms_sha256 (const char *input, size_t len, unsigned char *hash_out) +kms_sha256 (void *unused_ctx, + const char *input, + size_t len, + unsigned char *hash_out) { EVP_MD_CTX *digest_ctxp = EVP_MD_CTX_new (); bool rval = false; @@ -70,7 +73,8 @@ cleanup: } bool -kms_sha256_hmac (const char *key_input, +kms_sha256_hmac (void *unused_ctx, + const char *key_input, size_t key_len, const char *input, size_t len, diff --git a/src/third_party/kms-message/src/kms_crypto_windows.c b/src/third_party/kms-message/src/kms_crypto_windows.c index 064aba8b94f..ccdc7e095d4 100644 --- a/src/third_party/kms-message/src/kms_crypto_windows.c +++ b/src/third_party/kms-message/src/kms_crypto_windows.c @@ -68,7 +68,10 @@ kms_crypto_cleanup () } bool -kms_sha256 (const char *input, size_t len, unsigned char *hash_out) +kms_sha256 (void *unused_ctx, + const char *input, + size_t len, + unsigned char *hash_out) { BCRYPT_HASH_HANDLE hHash; @@ -96,7 +99,8 @@ cleanup: } bool -kms_sha256_hmac (const char *key_input, +kms_sha256_hmac (void *unused_ctx, + const char *key_input, size_t key_len, const char *input, size_t len, diff --git a/src/third_party/kms-message/src/kms_message/kms_caller_identity_request.h b/src/third_party/kms-message/src/kms_message/kms_caller_identity_request.h new file mode 100644 index 00000000000..9af8e2ccdd9 --- /dev/null +++ b/src/third_party/kms-message/src/kms_message/kms_caller_identity_request.h @@ -0,0 +1,34 @@ +/* + * Copyright 2019-present MongoDB, Inc. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#ifndef KMS_CALLER_IDENTITY_REQUEST_H +#define KMS_CALLER_IDENTITY_REQUEST_H + +#include "kms_message.h" + +#ifdef __cplusplus +extern "C" { +#endif + +KMS_MSG_EXPORT (kms_request_t *) +kms_caller_identity_request_new (const kms_request_opt_t *opt); + +#ifdef __cplusplus +} /* extern "C" */ +#endif + + +#endif /* KMS_CALLER_IDENTITY_REQUEST_H */ diff --git a/src/third_party/kms-message/src/kms_message/kms_message.h b/src/third_party/kms-message/src/kms_message/kms_message.h index 9041f401da6..6ea95dd04ca 100644 --- a/src/third_party/kms-message/src/kms_message/kms_message.h +++ b/src/third_party/kms-message/src/kms_message/kms_message.h @@ -22,6 +22,7 @@ #include "kms_request.h" #include "kms_response.h" #include "kms_response_parser.h" +#include "kms_caller_identity_request.h" #include "kms_decrypt_request.h" #include "kms_encrypt_request.h" diff --git a/src/third_party/kms-message/src/kms_message/kms_request.h b/src/third_party/kms-message/src/kms_message/kms_request.h index 15438ba4eeb..cf49f0a31a9 100644 --- a/src/third_party/kms-message/src/kms_message/kms_request.h +++ b/src/third_party/kms-message/src/kms_message/kms_request.h @@ -62,6 +62,10 @@ kms_request_append_payload (kms_request_t *request, size_t len); KMS_MSG_EXPORT (char *) kms_request_get_canonical (kms_request_t *request); + +KMS_MSG_EXPORT (const char *) +kms_request_get_canonical_header (kms_request_t *request, const char *header); + KMS_MSG_EXPORT (char *) kms_request_get_string_to_sign (kms_request_t *request); KMS_MSG_EXPORT (bool) @@ -71,7 +75,7 @@ kms_request_get_signature (kms_request_t *request); KMS_MSG_EXPORT (char *) kms_request_get_signed (kms_request_t *request); KMS_MSG_EXPORT (void) -kms_request_free_string (char* ptr); +kms_request_free_string (char *ptr); #ifdef __cplusplus } /* extern "C" */ diff --git a/src/third_party/kms-message/src/kms_message/kms_request_opt.h b/src/third_party/kms-message/src/kms_message/kms_request_opt.h index 7dc11e39fb6..f38652e9e74 100644 --- a/src/third_party/kms-message/src/kms_message/kms_request_opt.h +++ b/src/third_party/kms-message/src/kms_message/kms_request_opt.h @@ -20,6 +20,7 @@ #include "kms_message_defines.h" #include <stdbool.h> +#include <stdlib.h> #ifdef __cplusplus extern "C" { @@ -34,6 +35,19 @@ kms_request_opt_destroy (kms_request_opt_t *request); KMS_MSG_EXPORT (void) kms_request_opt_set_connection_close (kms_request_opt_t *opt, bool connection_close); +KMS_MSG_EXPORT (void) +kms_request_opt_set_crypto_hooks (kms_request_opt_t *opt, + bool (*sha256) (void *ctx, + const char *input, + size_t len, + unsigned char *hash_out), + bool (*sha256_hmac) (void *ctx, + const char *key_input, + size_t key_len, + const char *input, + size_t len, + unsigned char *hash_out), + void *ctx); #ifdef __cplusplus } /* extern "C" */ diff --git a/src/third_party/kms-message/src/kms_message/kms_response.h b/src/third_party/kms-message/src/kms_message/kms_response.h index 932ffb6a3d8..545476d40bc 100644 --- a/src/third_party/kms-message/src/kms_message/kms_response.h +++ b/src/third_party/kms-message/src/kms_message/kms_response.h @@ -25,7 +25,8 @@ extern "C" { typedef struct _kms_response_t kms_response_t; -KMS_MSG_EXPORT (const char *) kms_response_get_body (kms_response_t *reply); +KMS_MSG_EXPORT (const char *) +kms_response_get_body (kms_response_t *reply, size_t *len); KMS_MSG_EXPORT (void) kms_response_destroy (kms_response_t *reply); #ifdef __cplusplus diff --git a/src/third_party/kms-message/src/kms_message/kms_response_parser.h b/src/third_party/kms-message/src/kms_message/kms_response_parser.h index 5dc3d324db6..c355ff1cdb5 100644 --- a/src/third_party/kms-message/src/kms_message/kms_response_parser.h +++ b/src/third_party/kms-message/src/kms_message/kms_response_parser.h @@ -40,6 +40,12 @@ kms_response_parser_feed (kms_response_parser_t *parser, KMS_MSG_EXPORT (kms_response_t *) kms_response_parser_get_response (kms_response_parser_t *parser); +KMS_MSG_EXPORT (int) +kms_response_parser_status (kms_response_parser_t *parser); + +KMS_MSG_EXPORT (const char *) +kms_response_parser_error (kms_response_parser_t *parser); + KMS_MSG_EXPORT (void) kms_response_parser_destroy (kms_response_parser_t *parser); diff --git a/src/third_party/kms-message/src/kms_message_private.h b/src/third_party/kms-message/src/kms_message_private.h index c32ae4e4681..6bd3b891de3 100644 --- a/src/third_party/kms-message/src/kms_message_private.h +++ b/src/third_party/kms-message/src/kms_message_private.h @@ -17,9 +17,12 @@ #ifndef KMS_MESSAGE_PRIVATE_H #define KMS_MESSAGE_PRIVATE_H +#include <stdio.h> + #include "kms_message/kms_message.h" #include "kms_request_str.h" #include "kms_kv_list.h" +#include "kms_crypto.h" struct _kms_request_t { char error[512]; @@ -39,6 +42,7 @@ struct _kms_request_t { kms_kv_list_t *header_fields; /* turn off for tests only, not in public kms_request_opt_t API */ bool auto_content_length; + _kms_crypto_t crypto; }; struct _kms_response_t { @@ -80,4 +84,10 @@ set_error (char *error, size_t size, const char *fmt, ...); set_error (obj->error, sizeof (obj->error), __VA_ARGS__); \ } while (0) +#define KMS_ASSERT(stmt) \ +if (!(stmt)) { \ + fprintf (stderr, "%s failed\n", #stmt); \ + abort (); \ +} + #endif /* KMS_MESSAGE_PRIVATE_H */ diff --git a/src/third_party/kms-message/src/kms_request.c b/src/third_party/kms-message/src/kms_request.c index fae73717606..fa2d487123b 100644 --- a/src/third_party/kms-message/src/kms_request.c +++ b/src/third_party/kms-message/src/kms_request.c @@ -21,8 +21,6 @@ #include "kms_request_opt_private.h" #include "kms_port.h" -#include <assert.h> - static kms_kv_list_t * parse_query_params (kms_request_str_t *q) { @@ -100,6 +98,13 @@ kms_request_new (const char *method, kms_request_add_header_field (request, "Connection", "close"); } + if (opt && opt->crypto.sha256) { + memcpy (&request->crypto, &opt->crypto, sizeof (opt->crypto)); + } else { + request->crypto.sha256 = kms_sha256; + request->crypto.sha256_hmac = kms_sha256_hmac; + } + return request; } @@ -371,6 +376,8 @@ finalize (kms_request_t *request) lst = request->header_fields; + /* By default, if no explicit Host was set, it is derived from region + + * service */ if (!kms_kv_list_find (lst, "Host")) { /* like "kms.us-east-1.amazonaws.com" */ k = kms_request_str_new_from_chars ("Host", -1); @@ -413,7 +420,7 @@ canonical_headers (const kms_request_t *request) { kms_kv_list_t *lst; - assert (request->finalized); + KMS_ASSERT (request->finalized); lst = kms_kv_list_dup (request->header_fields); kms_kv_list_sort (lst, cmp_header_field_names); kms_kv_list_del (lst, "Connection"); @@ -448,7 +455,8 @@ kms_request_get_canonical (kms_request_t *request) kms_request_str_append_newline (canonical); append_signed_headers (lst, canonical); kms_request_str_append_newline (canonical); - kms_request_str_append_hashed (canonical, request->payload); + kms_request_str_append_hashed ( + &request->crypto, canonical, request->payload); kms_request_str_destroy (normalized); kms_kv_list_destroy (lst); @@ -456,6 +464,27 @@ kms_request_get_canonical (kms_request_t *request) return kms_request_str_detach (canonical); } +const char * +kms_request_get_canonical_header (kms_request_t *request, const char *header) +{ + const kms_kv_t *value; + + if (request->failed) { + return NULL; + } + + if (!finalize (request)) { + return NULL; + } + + value = kms_kv_list_find (request->header_fields, header); + if (!value) { + return NULL; + } + + return value->value->str; +} + char * kms_request_get_string_to_sign (kms_request_t *request) { @@ -485,7 +514,7 @@ kms_request_get_string_to_sign (kms_request_t *request) kms_request_str_append_chars (sts, "/aws4_request\n", -1); creq = kms_request_str_wrap (kms_request_get_canonical (request), -1); - if (!kms_request_str_append_hashed (sts, creq)) { + if (!kms_request_str_append_hashed (&request->crypto, sts, creq)) { goto done; } @@ -501,19 +530,23 @@ done: } static bool -kms_request_hmac (unsigned char *out, +kms_request_hmac (_kms_crypto_t *crypto, + unsigned char *out, kms_request_str_t *key, kms_request_str_t *data) { - return kms_sha256_hmac (key->str, (int) key->len, data->str, data->len, out); + return crypto->sha256_hmac ( + crypto->ctx, key->str, (int) key->len, data->str, data->len, out); } static bool -kms_request_hmac_again (unsigned char *out, +kms_request_hmac_again (_kms_crypto_t *crypto, + unsigned char *out, unsigned char *in, kms_request_str_t *data) { - return kms_sha256_hmac ((const char *) in, 32, data->str, data->len, out); + return crypto->sha256_hmac ( + crypto->ctx, (const char *) in, 32, data->str, data->len, out); } bool @@ -544,10 +577,14 @@ kms_request_get_signing_key (kms_request_t *request, unsigned char *key) aws4_request = kms_request_str_new_from_chars ("aws4_request", -1); - if (!(kms_request_hmac (k_date, aws4_plus_secret, request->date) && - kms_request_hmac_again (k_region, k_date, request->region) && - kms_request_hmac_again (k_service, k_region, request->service) && - kms_request_hmac_again (key, k_service, aws4_request))) { + if (!(kms_request_hmac ( + &request->crypto, k_date, aws4_plus_secret, request->date) && + kms_request_hmac_again ( + &request->crypto, k_region, k_date, request->region) && + kms_request_hmac_again ( + &request->crypto, k_service, k_region, request->service) && + kms_request_hmac_again ( + &request->crypto, key, k_service, aws4_request))) { goto done; } @@ -592,7 +629,8 @@ kms_request_get_signature (kms_request_t *request) append_signed_headers (lst, sig); kms_request_str_append_chars (sig, ", Signature=", -1); if (!(kms_request_get_signing_key (request, signing_key) && - kms_request_hmac_again (signature, signing_key, sts))) { + kms_request_hmac_again ( + &request->crypto, signature, signing_key, sts))) { goto done; } @@ -610,6 +648,26 @@ done: return kms_request_str_detach (sig); } +void +kms_request_validate (kms_request_t *request) +{ + if (0 == request->region->len) { + KMS_ERROR (request, "Region not set"); + } else if (0 == request->service->len) { + KMS_ERROR (request, "Service not set"); + } else if (0 == request->access_key_id->len) { + KMS_ERROR (request, "Access key ID not set"); + } else if (0 == request->method->len) { + KMS_ERROR (request, "Method not set"); + } else if (0 == request->path->len) { + KMS_ERROR (request, "Path not set"); + } else if (0 == request->date->len) { + KMS_ERROR (request, "Date not set"); + } else if (0 == request->secret_key->len) { + KMS_ERROR (request, "Secret key not set"); + } +} + char * kms_request_get_signed (kms_request_t *request) { @@ -619,6 +677,7 @@ kms_request_get_signed (kms_request_t *request) kms_request_str_t *sreq = NULL; size_t i; + kms_request_validate (request); if (request->failed) { return NULL; } @@ -681,6 +740,7 @@ done: } void -kms_request_free_string (char* ptr) { - free(ptr); +kms_request_free_string (char *ptr) +{ + free (ptr); } diff --git a/src/third_party/kms-message/src/kms_request_opt.c b/src/third_party/kms-message/src/kms_request_opt.c index 959a87837dd..f17bf3c3343 100644 --- a/src/third_party/kms-message/src/kms_request_opt.c +++ b/src/third_party/kms-message/src/kms_request_opt.c @@ -37,3 +37,23 @@ kms_request_opt_set_connection_close (kms_request_opt_t *opt, { opt->connection_close = connection_close; } + + +void +kms_request_opt_set_crypto_hooks (kms_request_opt_t *opt, + bool (*sha256) (void *ctx, + const char *input, + size_t len, + unsigned char *hash_out), + bool (*sha256_hmac) (void *ctx, + const char *key_input, + size_t key_len, + const char *input, + size_t len, + unsigned char *hash_out), + void *ctx) +{ + opt->crypto.sha256 = sha256; + opt->crypto.sha256_hmac = sha256_hmac; + opt->crypto.ctx = ctx; +}
\ No newline at end of file diff --git a/src/third_party/kms-message/src/kms_request_opt_private.h b/src/third_party/kms-message/src/kms_request_opt_private.h index 5c60cb89c3c..5e971a9d890 100644 --- a/src/third_party/kms-message/src/kms_request_opt_private.h +++ b/src/third_party/kms-message/src/kms_request_opt_private.h @@ -19,11 +19,13 @@ #include "kms_message/kms_message_defines.h" #include "kms_message/kms_request_opt.h" +#include "kms_crypto.h" #include <stdbool.h> struct _kms_request_opt_t { bool connection_close; + _kms_crypto_t crypto; }; #endif /* KMS_REQUEST_OPT_PRIVATE_H */ diff --git a/src/third_party/kms-message/src/kms_request_str.c b/src/third_party/kms-message/src/kms_request_str.c index e0d265344af..0f7c19c9726 100644 --- a/src/third_party/kms-message/src/kms_request_str.c +++ b/src/third_party/kms-message/src/kms_request_str.c @@ -17,10 +17,10 @@ #include "hexlify.h" #include "kms_crypto.h" #include "kms_message/kms_message.h" +#include "kms_message_private.h" #include "kms_request_str.h" #include "kms_port.h" -#include <assert.h> #include <stdio.h> #include <ctype.h> #include <stdbool.h> @@ -46,36 +46,6 @@ tables_init () kms_initialized = true; } -static char * -kms_strdupv_printf (const char *format, va_list args) -{ - va_list my_args; - char *buf; - ssize_t len = 32; - ssize_t n; - - assert (format); - - buf = malloc ((size_t) len); - - while (true) { - va_copy (my_args, args); - n = vsnprintf (buf, len, format, my_args); - va_end (my_args); - - if (n > -1 && n < len) { - return buf; - } - - if (n > -1) { - len = n + 1; - } else { - len *= 2; - } - - buf = realloc (buf, (size_t) len); - } -} kms_request_str_t * kms_request_str_new (void) @@ -109,7 +79,13 @@ kms_request_str_new_from_chars (const char *chars, ssize_t len) kms_request_str_t * kms_request_str_wrap (char *chars, ssize_t len) { - kms_request_str_t *s = malloc (sizeof (kms_request_str_t)); + kms_request_str_t *s; + + if (!chars) { + return NULL; + } + + s = malloc (sizeof (kms_request_str_t)); s->str = chars; s->len = len < 0 ? strlen (chars) : (size_t) len; @@ -132,6 +108,9 @@ kms_request_str_destroy (kms_request_str_t *str) char * kms_request_str_detach (kms_request_str_t *str) { + if (!str) { + return NULL; + } char *r = str->str; free (str); return r; @@ -268,7 +247,7 @@ kms_request_str_appendf (kms_request_str_t *str, const char *format, ...) size_t remaining; int n; - assert (format); + KMS_ASSERT (format); while (true) { remaining = str->size - str->len; @@ -368,13 +347,14 @@ kms_request_str_append_stripped (kms_request_str_t *str, } bool -kms_request_str_append_hashed (kms_request_str_t *str, +kms_request_str_append_hashed (_kms_crypto_t *crypto, + kms_request_str_t *str, kms_request_str_t *appended) { uint8_t hash[32]; char *hex_chars; - if (!kms_sha256 (appended->str, appended->len, hash)) { + if (!crypto->sha256 (crypto->ctx, appended->str, appended->len, hash)) { return false; } diff --git a/src/third_party/kms-message/src/kms_request_str.h b/src/third_party/kms-message/src/kms_request_str.h index b85c6190a35..f053a595aa7 100644 --- a/src/third_party/kms-message/src/kms_request_str.h +++ b/src/third_party/kms-message/src/kms_request_str.h @@ -18,6 +18,7 @@ #define KMS_MESSAGE_KMS_REQUEST_STR_H #include "kms_message/kms_message.h" +#include "kms_crypto.h" #include <stdarg.h> #include <stdbool.h> @@ -78,7 +79,8 @@ KMS_MSG_EXPORT (void) kms_request_str_append_stripped (kms_request_str_t *str, kms_request_str_t *appended); KMS_MSG_EXPORT (bool) -kms_request_str_append_hashed (kms_request_str_t *str, +kms_request_str_append_hashed (_kms_crypto_t *crypto, + kms_request_str_t *str, kms_request_str_t *appended); KMS_MSG_EXPORT (bool) kms_request_str_append_hex (kms_request_str_t *str, diff --git a/src/third_party/kms-message/src/kms_response.c b/src/third_party/kms-message/src/kms_response.c index b6ad5bc8069..593e39fd3d9 100644 --- a/src/third_party/kms-message/src/kms_response.c +++ b/src/third_party/kms-message/src/kms_response.c @@ -31,7 +31,10 @@ kms_response_destroy (kms_response_t *response) } const char * -kms_response_get_body (kms_response_t *response) +kms_response_get_body (kms_response_t *response, size_t *len) { + if (len) { + *len = response->body->len; + } return response->body->str; }
\ No newline at end of file diff --git a/src/third_party/kms-message/src/kms_response_parser.c b/src/third_party/kms-message/src/kms_response_parser.c index be853d92f84..31e4868a68e 100644 --- a/src/third_party/kms-message/src/kms_response_parser.c +++ b/src/third_party/kms-message/src/kms_response_parser.c @@ -1,7 +1,7 @@ #include "kms_message/kms_response_parser.h" #include "kms_message_private.h" -#include <assert.h> +#include "kms_message_private.h" #include <limits.h> #include <stdio.h> #include <stdlib.h> @@ -48,7 +48,7 @@ kms_response_parser_wants_bytes (kms_response_parser_t *parser, int32_t max) case PARSING_HEADER: return max; case PARSING_BODY: - assert (parser->content_length != -1); + KMS_ASSERT (parser->content_length != -1); return parser->content_length - ((int) parser->raw_response->len - parser->start); } @@ -119,6 +119,7 @@ _parse_line (kms_response_parser_t *parser, int end) } response->status = status; + /* ignore the Reason-Phrase. */ return PARSING_HEADER; } else if (parser->state == PARSING_HEADER) { @@ -208,11 +209,21 @@ kms_response_parser_feed (kms_response_parser_t *parser, parser->start = curr + 1; } curr++; + + if (parser->state == PARSING_BODY && parser->content_length <= 0) { + /* Ok, no Content-Length header, or explicitly 0, so empty body */ + parser->response->body = kms_request_str_new (); + parser->state = PARSING_DONE; + } break; case PARSING_BODY: body_read = (int) raw->len - parser->start; - assert (parser->content_length != -1); - assert (body_read <= parser->content_length); + + if (parser->content_length == -1 || + body_read > parser->content_length) { + KMS_ERROR (parser, "Unexpected: exceeded content length"); + return false; + } /* check if we have the entire body. */ if (body_read == parser->content_length) { @@ -224,11 +235,14 @@ kms_response_parser_feed (kms_response_parser_t *parser, curr = (int) raw->len; break; case PARSING_DONE: - /* return false if error. */ - return true; + KMS_ERROR (parser, "Unexpected extra HTTP content"); + return false; } } + if (parser->failed) { + return false; + } return true; } @@ -245,6 +259,26 @@ kms_response_parser_get_response (kms_response_parser_t *parser) return response; } +int +kms_response_parser_status (kms_response_parser_t *parser) +{ + if (!parser || !(parser->response)) { + return 0; + } + + return parser->response->status; +} + +const char * +kms_response_parser_error (kms_response_parser_t *parser) +{ + if (!parser) { + return NULL; + } + + return parser->error; +} + void kms_response_parser_destroy (kms_response_parser_t *parser) { diff --git a/src/third_party/scripts/kms_message_get_sources.sh b/src/third_party/scripts/kms_message_get_sources.sh index 05450d7a0d4..6ad2fbb0e67 100755 --- a/src/third_party/scripts/kms_message_get_sources.sh +++ b/src/third_party/scripts/kms_message_get_sources.sh @@ -17,8 +17,8 @@ if grep -q Microsoft /proc/version; then GIT_EXE=git.exe fi -NAME=kms-message -REVISION=75e391a037d30941f8cad17568ea9bdd37962127 +NAME=libmongocrypt +REVISION=59c8c17bbdfa1cf0fdec60cfdde73a437a868221 if grep -q Microsoft /proc/version; then SRC_ROOT=$(wslpath -u $(powershell.exe -Command "Get-ChildItem Env:TEMP | Get-Content | Write-Host")) @@ -35,12 +35,12 @@ CLONE_DEST=$SRC if grep -q Microsoft /proc/version; then CLONE_DEST=$(wslpath -m $SRC) fi -DEST_DIR=$($GIT_EXE rev-parse --show-toplevel)/src/third_party/$NAME +DEST_DIR=$($GIT_EXE rev-parse --show-toplevel)/src/third_party/kms-message echo "dest: $DEST_DIR" if [ ! -d $SRC ]; then - $GIT_EXE clone https://github.com/mongodb-labs/kms-message $CLONE_DEST + $GIT_EXE clone https://github.com/mongodb/libmongocrypt $CLONE_DEST pushd $SRC $GIT_EXE checkout $REVISION @@ -58,10 +58,11 @@ README.rst test ) +SRC_DIR=${SRC}/kms-message for file in "${stuff_to_remove[@]}" ; do - rm -rf "$SRC/$file" + rm -rf "$SRC_DIR/$file" done -cp -r $SRC/* $DEST_DIR +cp -r $SRC_DIR/* $DEST_DIR |