diff --git a/certs/certfactory.cpp b/certs/certfactory.cpp index cbf82717..23683039 100644 --- a/certs/certfactory.cpp +++ b/certs/certfactory.cpp @@ -341,7 +341,7 @@ void CertFactory::addCustomExtensionByNid(const ossl_ptr &certificate, int X509V3_set_ctx(&context, const_cast(issuer_certificate_ptr), certificate.get(), nullptr, nullptr, 0); // Construct the string value using ASN1_STRING with IA5String type - ossl_ptr string_data(ASN1_IA5STRING_new()); + ossl_ptr string_data(ASN1_IA5STRING_new(), false); if (!string_data) { throw std::runtime_error("Adding custom extension: Failed to create ASN1_IA5STRING object"); } @@ -354,7 +354,7 @@ void CertFactory::addCustomExtensionByNid(const ossl_ptr &certificate, int } // Create a new extension using your smart pointer - ossl_ptr ext(X509_EXTENSION_create_by_NID(nullptr, nid, false, string_data.get())); + ossl_ptr ext(X509_EXTENSION_create_by_NID(nullptr, nid, false, string_data.get()), false); if (!ext) { unsigned long err = ERR_get_error(); ERR_error_string_n(err, err_msg, sizeof(err_msg)); @@ -412,7 +412,7 @@ std::string CertFactory::getCertsDirectory() { */ ossl_ptr CertFactory::newBio() { ERR_clear_error(); - ossl_ptr bio(BIO_new(BIO_s_mem())); + ossl_ptr bio(BIO_new(BIO_s_mem()), false); if (!bio) { throw std::runtime_error(SB() << "Error: Failed to create bio for output: " << getError()); } @@ -569,7 +569,7 @@ void CertFactory::set_skid(ossl_ptr &certificate) { pos = X509_get_ext_by_NID(certificate.get(), NID_subject_key_identifier, pos); X509_EXTENSION *ex = X509_get_ext(certificate.get(), pos); - ossl_ptr skid(reinterpret_cast(X509V3_EXT_d2i(ex))); + ossl_ptr skid(reinterpret_cast(X509V3_EXT_d2i(ex)), false); if (skid != NULL) { // Convert to hexadecimal string diff --git a/certs/certfactory.h b/certs/certfactory.h index c53e957e..bc6c64a9 100644 --- a/certs/certfactory.h +++ b/certs/certfactory.h @@ -147,12 +147,12 @@ class PVXS_API CertFactory { std::string cert_data((std::istreambuf_iterator(cert_file)), std::istreambuf_iterator()); - ossl_ptr bio(BIO_new_mem_buf(cert_data.data(), cert_data.size())); + ossl_ptr bio(BIO_new_mem_buf(cert_data.data(), cert_data.size()), false); if (!bio) { throw std::runtime_error("Failed to create BIO"); } - ossl_ptr cert(PEM_read_bio_X509_AUX(bio.get(), NULL, NULL, NULL)); + ossl_ptr cert(PEM_read_bio_X509_AUX(bio.get(), NULL, NULL, NULL), false); if (!cert) { throw std::runtime_error("Failed to read certificate"); } diff --git a/certs/certfilefactory.cpp b/certs/certfilefactory.cpp index bcc6c6e7..22b33a16 100644 --- a/certs/certfilefactory.cpp +++ b/certs/certfilefactory.cpp @@ -114,7 +114,7 @@ CertData CertFileFactory::getCertData(const std::shared_ptr& key_pair) if (!pem_string_.empty()) { // Parse certificates from PEM string - ossl_ptr bio(BIO_new_mem_buf(pem_string_.data(), pem_string_.size())); + ossl_ptr bio(BIO_new_mem_buf(pem_string_.data(), pem_string_.size()), false); if (!bio) { throw std::runtime_error("Failed to create BIO for PEM data"); } @@ -127,7 +127,7 @@ CertData CertFileFactory::getCertData(const std::shared_ptr& key_pair) // Read remaining certificates into chain while (true) { - ossl_ptr chain_cert(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr)); + ossl_ptr chain_cert(PEM_read_bio_X509(bio.get(), nullptr, nullptr, nullptr), false); if (!chain_cert) { ERR_clear_error(); // Clear EOF error break; @@ -147,7 +147,7 @@ CertData CertFileFactory::getCertData(const std::shared_ptr& key_pair) if (certs_ptr_) { // Duplicate each certificate in the chain for (int i = 0; i < sk_X509_num(certs_ptr_); i++) { - ossl_ptr int_cert(X509_dup(sk_X509_value(certs_ptr_, i))); + ossl_ptr int_cert(X509_dup(sk_X509_value(certs_ptr_, i)), false); if (!int_cert || sk_X509_push(chain.get(), int_cert.get()) != 1) { throw std::runtime_error("Failed to duplicate chain certificate"); } @@ -199,7 +199,7 @@ std::shared_ptr CertFileFactory::createKeyPair() { const int kKeyType = EVP_PKEY_RSA; // Key type // Initialize the context for the key generation operation - ossl_ptr context(EVP_PKEY_CTX_new_id(kKeyType, nullptr)); + ossl_ptr context(EVP_PKEY_CTX_new_id(kKeyType, nullptr), false); if (!context) { throw std::runtime_error("Failed to create EVP_PKEY_CTX"); } diff --git a/certs/p12filefactory.cpp b/certs/p12filefactory.cpp index 8fa25279..b2152b67 100644 --- a/certs/p12filefactory.cpp +++ b/certs/p12filefactory.cpp @@ -60,7 +60,7 @@ std::shared_ptr P12FileFactory::getKeyFromFile() { throw std::runtime_error(SB() << "Error opening private key file for reading binary contents: \"" << filename_ << "\""); } - ossl_ptr p12(d2i_PKCS12_fp(fp.get(), NULL)); + ossl_ptr p12(d2i_PKCS12_fp(fp.get(), NULL), false); if (!p12) { throw std::runtime_error(SB() << "Error opening private key file as a PKCS#12 object: " << filename_); } @@ -95,7 +95,7 @@ CertData P12FileFactory::getCertDataFromFile() { } file_ptr fp(file); - ossl_ptr p12(d2i_PKCS12_fp(fp.get(), NULL)); + ossl_ptr p12(d2i_PKCS12_fp(fp.get(), NULL), false); if (!p12) { throw std::runtime_error(SB() << "Error opening certificate file as a PKCS#12 object: " << filename_); } @@ -140,7 +140,7 @@ CertData P12FileFactory::getCertDataFromFile() { */ ossl_ptr P12FileFactory::pemStringToP12(std::string password, EVP_PKEY *keys_ptr, std::string pem_string, bool certs_only) { // Read PEM data into a new BIO - ossl_ptr bio(BIO_new_mem_buf(pem_string.c_str(), -1)); + ossl_ptr bio(BIO_new_mem_buf(pem_string.c_str(), -1), false); if (!bio) { throw std::runtime_error("Unable to allocate BIO"); } diff --git a/certs/pemfilefactory.cpp b/certs/pemfilefactory.cpp index 1de8169d..1587c5d0 100644 --- a/certs/pemfilefactory.cpp +++ b/certs/pemfilefactory.cpp @@ -50,7 +50,7 @@ bool PEMFileFactory::createRootPemFile(const std::string& p12PemString, bool ove } // Build filename based on the CA certificate's CN field - ossl_ptr name(X509_get_subject_name(xi->x509)); + ossl_ptr name(X509_get_subject_name(xi->x509), false); if (!name) { throw std::runtime_error("Failed to get subject name from certificate"); } @@ -275,7 +275,7 @@ std::shared_ptr PEMFileFactory::getKeyFromFile() { } // Try to read the private key - ossl_ptr pkey(PEM_read_PrivateKey(fp.get(), nullptr, nullptr, nullptr)); + ossl_ptr pkey(PEM_read_PrivateKey(fp.get(), nullptr, nullptr, nullptr), false); if (!pkey) { ERR_clear_error(); throw std::runtime_error(SB() << "No private key found in file: " << filename_); diff --git a/certs/security.h b/certs/security.h index 69862310..0d61e416 100644 --- a/certs/security.h +++ b/certs/security.h @@ -120,7 +120,7 @@ struct KeyPair final { throw std::runtime_error("Unable to create BIO"); } - ossl_ptr key(PEM_read_bio_PUBKEY(bio.get(), NULL, NULL, NULL)); + ossl_ptr key(PEM_read_bio_PUBKEY(bio.get(), NULL, NULL, NULL), false); if (!key) { throw std::runtime_error("Unable to read public key"); } diff --git a/src/certstatus.h b/src/certstatus.h index 83c7a20d..3c8ff58a 100644 --- a/src/certstatus.h +++ b/src/certstatus.h @@ -168,8 +168,8 @@ struct CertStatus { * @return first 8 hex digits of the hex SKID (subject key identifier) */ static inline std::string getIssuerId(X509* ca_cert_ptr) { - ossl_ptr skid(reinterpret_cast(X509_get_ext_d2i(ca_cert_ptr, NID_subject_key_identifier, nullptr, nullptr))); - if (!skid.get()) { + ossl_ptr skid(reinterpret_cast(X509_get_ext_d2i(ca_cert_ptr, NID_subject_key_identifier, nullptr, nullptr)), false); + if (!skid) { throw std::runtime_error("Failed to get Subject Key Identifier."); } diff --git a/src/certstatusmanager.cpp b/src/certstatusmanager.cpp index 5eec4e7c..2cbfa0e6 100644 --- a/src/certstatusmanager.cpp +++ b/src/certstatusmanager.cpp @@ -49,7 +49,7 @@ ossl_ptr CertStatusManager::getOCSPResponse(const shared_array ocsp_response(d2i_OCSP_RESPONSE_bio(bio.get(), nullptr)); + ossl_ptr ocsp_response(d2i_OCSP_RESPONSE_bio(bio.get(), nullptr), false); if (!ocsp_response) { throw OCSPParseException("Failed to parse OCSP response"); } @@ -332,7 +332,7 @@ bool CertStatusManager::verifyOCSPResponse(const ossl_ptr& basic ossl_ptr ca_chain(sk_X509_dup(const_ca_chain_ptr)); // remove const-ness // Create a new X509_STORE with trusted root CAs - ossl_ptr store(X509_STORE_new()); + ossl_ptr store(X509_STORE_new(), false); if (!store) { throw OCSPParseException("Failed to create X509_STORE to verify OCSP response"); } @@ -353,7 +353,7 @@ bool CertStatusManager::verifyOCSPResponse(const ossl_ptr& basic } // Set up the store context for verification - ossl_ptr ctx(X509_STORE_CTX_new()); + ossl_ptr ctx(X509_STORE_CTX_new(), false); if (!ctx) { throw OCSPParseException("Failed to create X509_STORE_CTX to verify OCSP response"); } diff --git a/src/openssl.h b/src/openssl.h index 44fd76af..46d9a4f0 100644 --- a/src/openssl.h +++ b/src/openssl.h @@ -115,7 +115,7 @@ struct CertStatusExData { */ static inline serial_number_t getSerialNumber(X509 *cert_ptr) { ASN1_INTEGER *serial = X509_get_serialNumber(cert_ptr); - ossl_ptr bn(ASN1_INTEGER_to_BN(serial, nullptr)); + ossl_ptr bn(ASN1_INTEGER_to_BN(serial, nullptr), false); if (!bn) { return 0; }