Replace s3_hmac_sign() with HMAC() from OpenSSL

Instead of using s3_hmac_sign() which does everything on its own resuse HMAC() from OpenSSL. This adds some casting that was done previously inside s3_hmac_sign() to performOp(). In addition we no longer use the deprecated HMAC_Init(HMAC_CTX *ctx, const void *key, int key_len, const EVP_MD *md) (<1.1). Removes the usage of: + s3_hmac_sign() Contributes to llewelld#11
Thaodan · Aug 4, 2020 · 43bc69e · 43bc69e
1 parent 472ad31
commit 43bc69e
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/src/s3access.cpp b/src/s3access.cpp
@@ -6,6 +6,9 @@ extern "C" {
 
 #include "s3access.h"
 
+// Needed for performOp
+#include <openssl/hmac.h>
+
 S3Result::S3Result(QNetworkReply *reply, QObject *parent) : QObject(parent)
   , m_reply(reply)
 {
@@ -130,7 +133,9 @@ S3ListResult *S3Access::list(QString const &prefix)
 QNetworkReply *S3Access::performOp(Method method, QString const &url, QIODevice *in, const char *content_md5, const char *content_type, QString signDataKey)
 {
     QNetworkRequest request;
-    char *digest;
+    unsigned char digest[EVP_MAX_MD_SIZE +1 ]; // +1 for the \0 byte
+    QByteArray digest_base64;
+    unsigned int out_length = 0;
     QString methodStr;
     QString date = QDateTime::currentDateTimeUtc().toString(Qt::RFC2822Date);
     QNetworkReply *reply;
@@ -157,10 +162,11 @@ QNetworkReply *S3Access::performOp(Method method, QString const &url, QIODevice
         signData+=signDataKey;
 
     request.setUrl(QUrl(QString(url)));
-    digest = s3_hmac_sign(m_secret.toLatin1().data(), signData.toLatin1().data(), signData.toLatin1().size());
+    HMAC(EVP_sha1(), m_secret.toLatin1().data(), m_secret.toLatin1().size(), (unsigned char*)signData.toLatin1().data(), signData.toLatin1().size(), digest, &out_length);
+    digest_base64 = QByteArray((const char*)digest, out_length).toBase64();
 
     request.setRawHeader("Date", date.toLocal8Bit());
-    request.setRawHeader("Authorization", QString(QStringLiteral("AWS %1:%2")).arg(m_id).arg(digest).toLocal8Bit());
+    request.setRawHeader("Authorization", QString(QStringLiteral("AWS %1:%2")).arg(m_id).arg(digest_base64.data()).toLocal8Bit());
     request.setAttribute(QNetworkRequest::FollowRedirectsAttribute, true);
 
     qDebug() << "Request to: " << url;
@@ -188,7 +194,6 @@ QNetworkReply *S3Access::performOp(Method method, QString const &url, QIODevice
         break;
     }
 
-    free(digest);
 
     return reply;
 }