mongodb · nefethael · Sep 15, 2020
diff --git a/src/third_party/kms-message/THIRD_PARTY_NOTICES b/src/third_party/kms-message/THIRD_PARTY_NOTICES
@@ -1,4 +1,4 @@
-License notice for common-b64.c
+License notice for kms_b64.c
 -------------------------------------------------------------------------------
 
 ISC License

diff --git a/src/third_party/kms-message/src/hexlify.c b/src/third_party/kms-message/src/hexlify.c
@@ -24,6 +24,8 @@ char *
 hexlify (const uint8_t *buf, size_t len)
 {
    char *hex_chars = malloc (len * 2 + 1);
+   KMS_ASSERT (hex_chars);
+
    char *p = hex_chars;
    size_t i;
 
@@ -35,22 +37,3 @@ hexlify (const uint8_t *buf, size_t len)
 
    return hex_chars;
 }
-
-uint8_t *
-unhexlify (const char *hex_chars, size_t *len)
-{
-   uint8_t *buf;
-   uint8_t *pos;
-
-   *len = strlen (hex_chars) / 2;
-   buf = malloc (*len);
-   pos = buf;
-
-   while (*hex_chars) {
-      KMS_ASSERT (1 == sscanf (hex_chars, "%2hhx", pos));
-      pos++;
-      hex_chars += 2;
-   }
-
-   return buf;
-}
diff --git a/src/third_party/kms-message/src/hexlify.h b/src/third_party/kms-message/src/hexlify.h
@@ -19,5 +19,3 @@
 
 char *
 hexlify (const uint8_t *buf, size_t len);
-uint8_t *
-unhexlify (const char *hex_chars, size_t *len);
diff --git a/src/third_party/kms-message/src/kms_crypto_apple.c b/src/third_party/kms-message/src/kms_crypto_apple.c
@@ -16,9 +16,12 @@
 
 #include "kms_crypto.h"
 
+#ifdef KMS_MESSAGE_ENABLE_CRYPTO_COMMON_CRYPTO
+
 #include <CommonCrypto/CommonDigest.h>
 #include <CommonCrypto/CommonHMAC.h>
 
+
 int
 kms_crypto_init ()
 {
@@ -54,3 +57,5 @@ kms_sha256_hmac (void *unused_ctx,
    CCHmac (kCCHmacAlgSHA256, key_input, key_len, input, len, hash_out);
    return true;
 }
+
+#endif /* KMS_MESSAGE_ENABLE_CRYPTO_COMMON_CRYPTO */
diff --git a/src/third_party/kms-message/src/kms_crypto_libcrypto.c b/src/third_party/kms-message/src/kms_crypto_libcrypto.c
@@ -0,0 +1,94 @@
+/*
+ * Copyright 2018-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "kms_crypto.h"
+
+#ifdef KMS_MESSAGE_ENABLE_CRYPTO_LIBCRYPTO
+
+#include <openssl/sha.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+
+#if OPENSSL_VERSION_NUMBER < 0x10100000L || \
+   (defined(LIBRESSL_VERSION_NUMBER) && LIBRESSL_VERSION_NUMBER < 0x20700000L)
+static EVP_MD_CTX *
+EVP_MD_CTX_new (void)
+{
+   return calloc (sizeof (EVP_MD_CTX), 1);
+}
+
+static void
+EVP_MD_CTX_free (EVP_MD_CTX *ctx)
+{
+   EVP_MD_CTX_cleanup (ctx);
+   free (ctx);
+}
+#endif
+
+int
+kms_crypto_init ()
+{
+   return 0;
+}
+
+void
+kms_crypto_cleanup ()
+{
+}
+
+bool
+kms_sha256 (void *unused_ctx,
+            const char *input,
+            size_t len,
+            unsigned char *hash_out)
+{
+   EVP_MD_CTX *digest_ctxp = EVP_MD_CTX_new ();
+   bool rval = false;
+
+   if (1 != EVP_DigestInit_ex (digest_ctxp, EVP_sha256 (), NULL)) {
+      goto cleanup;
+   }
+
+   if (1 != EVP_DigestUpdate (digest_ctxp, input, len)) {
+      goto cleanup;
+   }
+
+   rval = (1 == EVP_DigestFinal_ex (digest_ctxp, hash_out, NULL));
+
+cleanup:
+   EVP_MD_CTX_free (digest_ctxp);
+
+   return rval;
+}
+
+bool
+kms_sha256_hmac (void *unused_ctx,
+                 const char *key_input,
+                 size_t key_len,
+                 const char *input,
+                 size_t len,
+                 unsigned char *hash_out)
+{
+   return HMAC (EVP_sha256 (),
+                key_input,
+                key_len,
+                (unsigned char *) input,
+                len,
+                hash_out,
+                NULL) != NULL;
+}
+
+#endif /* KMS_MESSAGE_ENABLE_CRYPTO_LIBCRYPTO */
diff --git a/src/third_party/kms-message/src/kms_crypto_none.c b/src/third_party/kms-message/src/kms_crypto_none.c
@@ -16,6 +16,8 @@
 
 #include "kms_crypto.h"
 
+#ifndef KMS_MESSAGE_ENABLE_CRYPTO
+
 int
 kms_crypto_init ()
 {
@@ -48,3 +50,5 @@ kms_sha256_hmac (void *unused_ctx,
    /* only gets called if hooks were mistakenly not set */
    return false;
 }
+
+#endif /* KMS_MESSAGE_ENABLE_CRYPTO */
diff --git a/src/third_party/kms-message/src/kms_crypto_windows.c b/src/third_party/kms-message/src/kms_crypto_windows.c
@@ -16,6 +16,8 @@
 
 #include "kms_crypto.h"
 
+#ifdef KMS_MESSAGE_ENABLE_CRYPTO_CNG
+
 // tell windows.h not to include a bunch of headers we don't need:
 #define WIN32_LEAN_AND_MEAN
 
@@ -130,3 +132,5 @@ kms_sha256_hmac (void *unused_ctx,
 
    return status == STATUS_SUCCESS ? 1 : 0;
 }
+
+#endif /* KMS_MESSAGE_ENABLE_CRYPTO_CNG */
diff --git a/src/third_party/kms-message/src/kms_decrypt_request.c b/src/third_party/kms-message/src/kms_decrypt_request.c
@@ -48,7 +48,7 @@ kms_decrypt_request_new (const uint8_t *ciphertext_blob,
    if (!(b64 = malloc (b64_len))) {
       KMS_ERROR (request,
                  "Could not allocate %d bytes for base64-encoding payload",
-                 b64_len);
+                 (int) b64_len);
       goto done;
    }
 

diff --git a/src/third_party/kms-message/src/kms_encrypt_request.c b/src/third_party/kms-message/src/kms_encrypt_request.c
@@ -47,7 +47,7 @@ kms_encrypt_request_new (const uint8_t *plaintext,
    if (!(b64 = malloc (b64_len))) {
       KMS_ERROR (request,
                  "Could not allocate %d bytes for base64-encoding payload",
-                 b64_len);
+                 (int) b64_len);
       goto done;
    }
 

diff --git a/src/third_party/kms-message/src/kms_kv_list.c b/src/third_party/kms-message/src/kms_kv_list.c
@@ -17,6 +17,7 @@
 
 #include "kms_kv_list.h"
 #include "kms_message/kms_message.h"
+#include "kms_message_private.h"
 #include "kms_request_str.h"
 #include "kms_port.h"
 #include "sort.h"
@@ -39,9 +40,12 @@ kms_kv_list_t *
 kms_kv_list_new (void)
 {
    kms_kv_list_t *lst = malloc (sizeof (kms_kv_list_t));
+   KMS_ASSERT (lst);
 
    lst->size = 16;
    lst->kvs = malloc (lst->size * sizeof (kms_kv_t));
+   KMS_ASSERT (lst->kvs);
+
    lst->len = 0;
 
    return lst;
@@ -72,6 +76,7 @@ kms_kv_list_add (kms_kv_list_t *lst,
    if (lst->len == lst->size) {
       lst->size *= 2;
       lst->kvs = realloc (lst->kvs, lst->size * sizeof (kms_kv_t));
+      KMS_ASSERT (lst->kvs);
    }
 
    kv_init (&lst->kvs[lst->len], key, value);
@@ -84,7 +89,7 @@ kms_kv_list_find (const kms_kv_list_t *lst, const char *key)
    size_t i;
 
    for (i = 0; i < lst->len; i++) {
-      if (0 == strcasecmp (lst->kvs[i].key->str, key)) {
+      if (0 == kms_strcasecmp (lst->kvs[i].key->str, key)) {
          return &lst->kvs[i];
       }
    }
@@ -119,8 +124,12 @@ kms_kv_list_dup (const kms_kv_list_t *lst)
    }
 
    dup = malloc (sizeof (kms_kv_list_t));
+   KMS_ASSERT (dup);
+
    dup->size = dup->len = lst->len;
    dup->kvs = malloc (lst->len * sizeof (kms_kv_t));
+   KMS_ASSERT (dup->kvs);
+
 
    for (i = 0; i < lst->len; i++) {
       kv_init (&dup->kvs[i], lst->kvs[i].key, lst->kvs[i].value);

diff --git a/src/third_party/kms-message/src/kms_message/kms_message.h b/src/third_party/kms-message/src/kms_message/kms_message.h
@@ -17,6 +17,8 @@
 #ifndef KMS_MESSAGE_H
 #define KMS_MESSAGE_H
 
+#include <sys/types.h>
+
 #include "kms_message_defines.h"
 #include "kms_request_opt.h"
 #include "kms_request.h"

diff --git a/src/third_party/kms-message/src/kms_message/kms_message_defines.h b/src/third_party/kms-message/src/kms_message/kms_message_defines.h
@@ -53,4 +53,14 @@ kms_message_cleanup (void);
 } /* extern "C" */
 #endif
 
+#ifdef _MSC_VER
+#include <basetsd.h>
+#pragma warning(disable : 4142)
+#ifndef _SSIZE_T_DEFINED
+#define _SSIZE_T_DEFINED
+typedef SSIZE_T ssize_t;
+#endif
+#pragma warning(default : 4142)
+#endif
+
 #endif /* KMS_MESSAGE_DEFINES_H */
diff --git a/src/third_party/kms-message/src/kms_port.c b/src/third_party/kms-message/src/kms_port.c
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2020-present MongoDB, Inc.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+#include "kms_port.h"
+#if defined(_WIN32)
+#include <stdlib.h>
+#include <string.h>
+char * kms_strndup (const char *src, size_t len)
+{
+   char *dst = (char *) malloc (len + 1);
+   if (!dst) {
+      return 0;
+   }
+
+   memcpy (dst, src, len);
+   dst[len] = '\0';
+
+   return dst;
+}
+#endif
diff --git a/src/third_party/kms-message/src/kms_port.h b/src/third_party/kms-message/src/kms_port.h
@@ -15,21 +15,18 @@
  * limitations under the License.
  */
 
-#if defined(_WIN32)
-#define strcasecmp _stricmp
-
-inline char *
-strndup (const char *src, size_t len)
-{
-   char *dst = (char *) malloc (len + 1);
-   if (!dst) {
-      return 0;
-   }
-
-   memcpy (dst, src, len);
-   dst[len] = '\0';
+#ifndef KMS_PORT_H
+#define KMS_PORT_H
 
-   return dst;
-}
+#include <stddef.h>
 
+#if defined(_WIN32)
+#define kms_strcasecmp _stricmp
+char *
+kms_strndup (const char *src, size_t len);
+#else
+#define kms_strndup strndup
+#define kms_strcasecmp strcasecmp
 #endif
+
+#endif /* KMS_PORT_H */