From 8ea835c2f0239c28f1d0c19932f0ce40908ea729 Mon Sep 17 00:00:00 2001
From: Bartosz Wieczorek <bwi@rublon.com>
Date: Fri, 30 May 2025 11:39:19 +0200
Subject: [PATCH] fix fileSHA256 function

---
 PAM/ssh/include/rublon/sign.hpp | 32 +++++++++++++++-----------------
 1 file changed, 15 insertions(+), 17 deletions(-)

diff --git a/PAM/ssh/include/rublon/sign.hpp b/PAM/ssh/include/rublon/sign.hpp
index e1668a1..8365f12 100755
--- a/PAM/ssh/include/rublon/sign.hpp
+++ b/PAM/ssh/include/rublon/sign.hpp
@@ -1,5 +1,6 @@
 #pragma once
 
+#include <memory>
 #include <openssl/evp.h>
 #include <openssl/hmac.h>
 #include <openssl/sha.h>
@@ -8,40 +9,37 @@
 
 namespace rublon {
 
+struct EVP_MD_CTX_deleter{
+    void operator()(EVP_MD_CTX *ctx)const{
+        EVP_MD_CTX_free(ctx);
+    }
+};
+
 inline StaticString< SHA256_DIGEST_LENGTH * 2 > fileSHA256(const char * const path) {
     std::string fileContent;
     readFile(path, fileContent);
 
     StaticString< SHA256_DIGEST_LENGTH * 2 > xRublon{};
     std::array< unsigned char, SHA256_DIGEST_LENGTH + 1 > hash{};
-    int ret{};
 
-    EVP_MD_CTX * ctx;
-    ctx = EVP_MD_CTX_new();
-
-    return 0;
-    if(ctx == NULL)
+    auto ctx = std::unique_ptr<EVP_MD_CTX, EVP_MD_CTX_deleter>{EVP_MD_CTX_new()};
+    
+    if(not ctx)
         goto out;
 
     // EVP_X methods return 1 on success, so does this function
     // Any values other than 1 denote error
-    ret = EVP_DigestInit(ctx, EVP_sha256());
-    if(!ret)
+    if(not EVP_DigestInit(ctx.get(), EVP_sha256()))
         goto out;
-
-    ret = EVP_DigestUpdate(ctx, fileContent.data(), fileContent.size());
-    if(!ret)
+    
+    if(not EVP_DigestUpdate(ctx.get(), fileContent.data(), fileContent.size()))
         goto out;
 
     // Provide uint* instead of NULL to get nBytes written, 32 for SHA256
-    ret = EVP_DigestFinal(ctx, hash.data(), NULL);
-    if(!ret)
+    if(not EVP_DigestFinal(ctx.get(), hash.data(), NULL))
         goto out;
 
 out:
-    if(ctx != NULL)
-        EVP_MD_CTX_free(ctx);
-
     for(unsigned int i = 0; i < SHA256_DIGEST_LENGTH; i++)
         sprintf(&xRublon[i * 2], "%02x", ( unsigned int ) hash[i]);
 
@@ -51,7 +49,7 @@ out:
 // +1 for \0
 inline StaticString< SHA256_DIGEST_LENGTH * 2 > signData(std::string_view data, std::string_view secretKey) {
     StaticString< SHA256_DIGEST_LENGTH * 2 > xRublon;
-    std::array< unsigned char, EVP_MAX_MD_SIZE > md;
+    std::array< unsigned char, EVP_MAX_MD_SIZE > md{};
     unsigned int md_len{};
 
     HMAC(EVP_sha256(), secretKey.data(), secretKey.size(), ( unsigned const char * ) data.data(), data.size(), md.data(), &md_len);