From 52b80ef3c6bdffe35b188d7b7feaeb74e096c025 Mon Sep 17 00:00:00 2001
From: Walt Karas <wkaras@yahooinc.com>
Date: Tue, 12 Jul 2022 00:46:50 +0000
Subject: [PATCH] Use std::unique_ptr for X509 and BIO scoped heap objects.

---
 iocore/net/OCSPStapling.cc |  6 ++---
 iocore/net/P_SSLUtils.h    | 47 +++++++++++---------------------------
 iocore/net/SSLUtils.cc     |  4 ++--
 3 files changed, 18 insertions(+), 39 deletions(-)

diff --git a/iocore/net/OCSPStapling.cc b/iocore/net/OCSPStapling.cc
index da5a8c16356..29a83f9c86f 100644
--- a/iocore/net/OCSPStapling.cc
+++ b/iocore/net/OCSPStapling.cc
@@ -254,13 +254,13 @@ ssl_stapling_init_cert(SSL_CTX *ctx, X509 *cert, const char *certname, const cha
 #endif
   }
 
-  issuer = stapling_get_issuer(ctx, cert);
-  if (issuer == nullptr) {
+  issuer.reset(stapling_get_issuer(ctx, cert));
+  if (issuer.get() == nullptr) {
     Note("cannot get issuer certificate from %s", certname);
     goto err;
   }
 
-  cinf->cid = OCSP_cert_to_id(nullptr, cert, issuer);
+  cinf->cid = OCSP_cert_to_id(nullptr, cert, issuer.get());
   if (!cinf->cid) {
     goto err;
   }
diff --git a/iocore/net/P_SSLUtils.h b/iocore/net/P_SSLUtils.h
index b8ca3b81284..3eddbc3d38e 100644
--- a/iocore/net/P_SSLUtils.h
+++ b/iocore/net/P_SSLUtils.h
@@ -36,6 +36,7 @@
 
 #include <map>
 #include <set>
+#include <memory>
 
 struct SSLConfigParams;
 class SSLNetVConnection;
@@ -169,45 +170,23 @@ namespace ssl
 {
 namespace detail
 {
-  struct SCOPED_X509_TRAITS {
-    typedef X509 *value_type;
-    static value_type
-    initValue()
+  struct X509Deleter {
+    void
+    operator()(X509 *p)
     {
-      return nullptr;
-    }
-    static bool
-    isValid(value_type x)
-    {
-      return x != nullptr;
-    }
-    static void
-    destroy(value_type x)
-    {
-      X509_free(x);
+      X509_free(p);
     }
   };
 
-  struct SCOPED_BIO_TRAITS {
-    typedef BIO *value_type;
-    static value_type
-    initValue()
+  struct BIODeleter {
+    void
+    operator()(BIO *p)
     {
-      return nullptr;
-    }
-    static bool
-    isValid(value_type x)
-    {
-      return x != nullptr;
-    }
-    static void
-    destroy(value_type x)
-    {
-      BIO_free(x);
+      BIO_free(p);
     }
   };
-  /* namespace ssl */ // namespace detail
-} /* namespace detail */
+
+} // namespace detail
 } // namespace ssl
 
 struct ats_wildcard_matcher {
@@ -229,5 +208,5 @@ struct ats_wildcard_matcher {
   DFA regex;
 };
 
-typedef ats_scoped_resource<ssl::detail::SCOPED_X509_TRAITS> scoped_X509;
-typedef ats_scoped_resource<ssl::detail::SCOPED_BIO_TRAITS> scoped_BIO;
+using scoped_X509 = std::unique_ptr<X509, ssl::detail::X509Deleter>;
+using scoped_BIO  = std::unique_ptr<BIO, ssl::detail::BIODeleter>;
diff --git a/iocore/net/SSLUtils.cc b/iocore/net/SSLUtils.cc
index 0b53963e1d3..d5b1c6a25a1 100644
--- a/iocore/net/SSLUtils.cc
+++ b/iocore/net/SSLUtils.cc
@@ -171,7 +171,7 @@ static bool
 SSL_CTX_add_extra_chain_cert_file(SSL_CTX *ctx, const char *chainfile)
 {
   scoped_BIO bio(BIO_new_file(chainfile, "r"));
-  return SSL_CTX_add_extra_chain_cert_bio(ctx, bio);
+  return SSL_CTX_add_extra_chain_cert_bio(ctx, bio.get());
 }
 
 static SSL_SESSION *
@@ -2442,7 +2442,7 @@ SSLMultiCertConfigLoader::load_certs(SSL_CTX *ctx, const std::vector<std::string
     }
 
     // Load up any additional chain certificates
-    if (!SSL_CTX_add_extra_chain_cert_bio(ctx, bio)) {
+    if (!SSL_CTX_add_extra_chain_cert_bio(ctx, bio.get())) {
       Debug("ssl", "couldn't add chain to %p", ctx);
     }