Module Name: src Committed By: agc Date: Tue May 5 15:25:27 UTC 2009
Modified Files: src/crypto/external/bsd/netpgp/dist/src/lib: create.c packet-parse.c reader.c signature.c Log Message: Get rid of remaining assert()s in netpgp. To generate a diff of this commit: cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/netpgp/dist/src/lib/create.c \ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c \ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c \ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.5 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.6 --- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.5 Tue May 5 01:28:15 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c Tue May 5 15:25:27 2009 @@ -27,10 +27,6 @@ #include <sys/stat.h> #include <sys/mman.h> -#ifdef HAVE_ASSERT_H -#include <assert.h> -#endif - #ifdef HAVE_FCNTL_H #include <fcntl.h> #endif @@ -50,7 +46,6 @@ #include "packet.h" #include "signature.h" #include "writer.h" - #include "readerwriter.h" #include "keyring_local.h" #include "loccreate.h" @@ -70,7 +65,8 @@ __ops_create_info_t * info) { return __ops_write_length(length, info) && - __ops_write_scalar((unsigned)(type - OPS_PTAG_SIGNATURE_SUBPACKET_BASE), 1, info); + __ops_write_scalar((unsigned)(type - + OPS_PTAG_SIGNATURE_SUBPACKET_BASE), 1, info); } /* @@ -144,29 +140,29 @@ return mpi_length(key->key.rsa.n) + mpi_length(key->key.rsa.e); default: - assert(!"unknown key algorithm"); + (void) fprintf(stderr, + "public_key_length: unknown key algorithm\n"); } - /* not reached */ return 0; } static unsigned secret_key_length(const __ops_secret_key_t * key) { - int l; + int len; - l = 0; + len = 0; switch (key->pubkey.algorithm) { case OPS_PKA_RSA: - l = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) + + len = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) + mpi_length(key->key.rsa.q) + mpi_length(key->key.rsa.u); - break; + return len + public_key_length(&key->pubkey); default: - assert(!"unknown key algorithm"); + (void) fprintf(stderr, + "public_key_length: unknown key algorithm\n"); } - - return l + public_key_length(&key->pubkey); + return 0; } /** @@ -228,11 +224,10 @@ __ops_write_mpi(key->key.elgamal.y, info); default: - assert( /* CONSTCOND */ 0); + (void) fprintf(stderr, + "write_public_key_body: bad algorithm\n"); break; } - - /* not reached */ return false; } @@ -258,25 +253,36 @@ if (!write_public_key_body(&key->pubkey, info)) { return false; } - - assert(key->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED); /* = 254 */ + if (key->s2k_usage != OPS_S2KU_ENCRYPTED_AND_HASHED) { + (void) fprintf(stderr, "write_secret_key_body: s2k usage\n"); + return false; + } if (!__ops_write_scalar((unsigned)key->s2k_usage, 1, info)) { return false; } - assert(key->algorithm == OPS_SA_CAST5); + if (key->algorithm != OPS_SA_CAST5) { + (void) fprintf(stderr, "write_secret_key_body: algorithm\n"); + return false; + } if (!__ops_write_scalar((unsigned)key->algorithm, 1, info)) { return false; } - assert(key->s2k_specifier == OPS_S2KS_SIMPLE || - key->s2k_specifier == OPS_S2KS_SALTED); + if (key->s2k_specifier != OPS_S2KS_SIMPLE && + key->s2k_specifier != OPS_S2KS_SALTED) { /* = 1 \todo could also be iterated-and-salted */ + (void) fprintf(stderr, "write_secret_key_body: s2k spec\n"); + return false; + } if (!__ops_write_scalar((unsigned)key->s2k_specifier, 1, info)) { return false; } - assert(key->hash_algorithm == OPS_HASH_SHA1); + if (key->hash_algorithm != OPS_HASH_SHA1) { + (void) fprintf(stderr, "write_secret_key_body: hash alg\n"); + return false; + } if (!__ops_write_scalar((unsigned)key->hash_algorithm, 1, info)) { return false; } @@ -303,7 +309,7 @@ (void) fprintf(stderr, "invalid/unsupported s2k specifier %d\n", key->s2k_specifier); - assert( /* CONSTCOND */ 0); + return false; } if (!__ops_write(&key->iv[0], __ops_block_size(key->algorithm), info)) { @@ -355,7 +361,11 @@ (void) memcpy(session_key + (i * SHA_DIGEST_LENGTH), hashed, (unsigned)use); done += use; - assert(done <= CAST_KEY_LENGTH); + if (done > CAST_KEY_LENGTH) { + (void) fprintf(stderr, + "write_secret_key_body: short add\n"); + return false; + } } break; @@ -369,7 +379,7 @@ (void) fprintf(stderr, "invalid/unsupported s2k specifier %d\n", key->s2k_specifier); - assert( /* CONSTCOND */ 0); + return false; } /* use this session key to encrypt */ @@ -421,8 +431,7 @@ /* return __ops_write_mpi(key->key.elgamal.x,info); */ default: - assert( /* CONSTCOND */ 0); - break; + return false; } if (!__ops_write(key->checkhash, OPS_CHECKHASH_SIZE, info)) { @@ -583,8 +592,11 @@ __ops_write_struct_public_key(const __ops_public_key_t * key, __ops_create_info_t * info) { - assert(key->version == 4); - + if (key->version != 4) { + (void) fprintf(stderr, + "__ops_write_struct_public_key: wrong key version\n"); + return false; + } return __ops_write_ptag(OPS_PTAG_CT_PUBLIC_KEY, info) && __ops_write_length(1 + 4 + 1 + public_key_length(key), info) && write_public_key_body(key, info); @@ -689,7 +701,11 @@ { int length = 0; - assert(key->pubkey.version == 4); + if (key->pubkey.version != 4) { + (void) fprintf(stderr, + "__ops_write_struct_secret_key: public key version\n"); + return false; + } /* Ref: RFC4880 Section 5.5.3 */ @@ -725,12 +741,16 @@ break; default: - assert( /* CONSTCOND */ 0); + (void) fprintf(stderr, + "__ops_write_struct_secret_key: s2k spec\n"); + return false; } break; default: - assert( /* CONSTCOND */ 0); + (void) fprintf(stderr, + "__ops_write_struct_secret_key: s2k usage\n"); + return false; } /* IV */ @@ -749,7 +769,9 @@ break; default: - assert( /* CONSTCOND */ 0); + (void) fprintf(stderr, + "__ops_write_struct_secret_key: s2k cksum usage\n"); + return false; } /* secret key and public key MPIs */ @@ -840,7 +862,10 @@ m_buf[0] = session_key->symmetric_algorithm; - assert(session_key->symmetric_algorithm == OPS_SA_CAST5); + if (session_key->symmetric_algorithm != OPS_SA_CAST5) { + (void) fprintf(stderr, "create_unencoded_m_buf: symm alg\n"); + return false; + } for (i = 0; i < CAST_KEY_LENGTH; i++) { m_buf[1 + i] = session_key->key[i]; } @@ -868,12 +893,14 @@ /* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */ - assert(pkey->algorithm == OPS_PKA_RSA); + if (pkey->algorithm != OPS_PKA_RSA) { + (void) fprintf(stderr, "encode_m_buf: pkey algorithm\n"); + return false; + } k = BN_num_bytes(pkey->key.rsa.n); - assert(mLen <= k - 11); if (mLen > k - 11) { - fprintf(stderr, "message too long\n"); + (void) fprintf(stderr, "encode_m_buf: message too long\n"); return false; } /* these two bytes defined by RFC */ @@ -887,7 +914,10 @@ } while (EM[i] == 0); } - assert(i >= 8 + 2); + if (i < 8 + 2) { + (void) fprintf(stderr, "encode_m_buf: bad i len\n"); + return false; + } EM[i++] = 0; @@ -934,9 +964,14 @@ unsigned char *encoded_m_buf = calloc(1, sz_encoded_m_buf); __ops_pk_session_key_t *session_key = calloc(1, sizeof(*session_key)); - assert(key->type == OPS_PTAG_CT_PUBLIC_KEY); + if (key->type != OPS_PTAG_CT_PUBLIC_KEY) { + (void) fprintf(stderr, + "__ops_create_pk_session_key: bad type\n"); + return NULL; + } session_key->version = OPS_PKSK_V3; - (void) memcpy(session_key->key_id, key->key_id, sizeof(session_key->key_id)); + (void) memcpy(session_key->key_id, key->key_id, + sizeof(session_key->key_id)); if (__ops_get_debug_level(__FILE__)) { unsigned int i = 0; @@ -947,7 +982,11 @@ } (void) fprintf(stderr, "\n"); } - assert(key->key.pkey.algorithm == OPS_PKA_RSA); + if (key->key.pkey.algorithm != OPS_PKA_RSA) { + (void) fprintf(stderr, + "__ops_create_pk_session_key: bad pkey algorithm\n"); + return NULL; + } session_key->algorithm = key->key.pkey.algorithm; /* \todo allow user to specify other algorithm */ @@ -1002,8 +1041,16 @@ __ops_write_pk_session_key(__ops_create_info_t * info, __ops_pk_session_key_t * pksk) { - assert(pksk); - assert(pksk->algorithm == OPS_PKA_RSA); + if (pksk == NULL) { + (void) fprintf(stderr, + "__ops_write_pk_session_key: NULL pksk\n"); + return false; + } + if (pksk->algorithm != OPS_PKA_RSA) { + (void) fprintf(stderr, + "__ops_write_pk_session_key: bad algorithm\n"); + return false; + } return __ops_write_ptag(OPS_PTAG_CT_PK_SESSION_KEY, info) && __ops_write_length((unsigned)(1 + 8 + 1 + BN_num_bytes(pksk->parameters.rsa.encrypted_m) + 2), info) && @@ -1259,8 +1306,11 @@ encrypted = calloc(1, encrypted_sz); done = __ops_encrypt_se(&crypt_info, encrypted, data, (unsigned)len); - assert(done == len); - /* printf("len=%d, done: %d\n", len, done); */ + if (done != len) { + (void) fprintf(stderr, +"__ops_write_symmetrically_encrypted_data: done != len\n"); + return false; + } return __ops_write_ptag(OPS_PTAG_CT_SE_DATA, info) && __ops_write_length(1 + encrypted_sz, info) && Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.5 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.6 --- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.5 Tue May 5 01:28:15 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Tue May 5 15:25:27 2009 @@ -81,7 +81,10 @@ { data->len = len; - assert(subregion->length - subregion->length_read >= len); + if (subregion->length - subregion->length_read < len) { + (void) fprintf(stderr, "limited_data_read: bad length\n"); + return 0; + } data->contents = calloc(1, data->len); if (!data->contents) @@ -205,7 +208,10 @@ for (n = 0; n < length;) { int r = rinfo->reader((char *) dest + n, length - n, errors, rinfo, cbinfo); - assert(r <= (int) (length - n)); + if (r > (int) (length - n)) { + (void) fprintf(stderr, "sub_base_read: bad read\n"); + return 0; + } /* * XXX: should we save the error and return what was read so @@ -224,12 +230,18 @@ return 0; if (rinfo->accumulate) { - assert(rinfo->asize >= rinfo->alength); + if (rinfo->asize < rinfo->alength) { + (void) fprintf(stderr, "sub_base_read: bad size\n"); + return 0; + } if (rinfo->alength + n > rinfo->asize) { rinfo->asize = rinfo->asize * 2 + n; rinfo->accumulated = realloc(rinfo->accumulated, rinfo->asize); } - assert(rinfo->asize >= rinfo->alength + n); + if (rinfo->asize < rinfo->alength + n) { + (void) fprintf(stderr, "sub_base_read: bad realloc\n"); + return 0; + } (void) memcpy(rinfo->accumulated + rinfo->alength, dest, n); } /* we track length anyway, because it is used for packet offsets */ @@ -305,7 +317,10 @@ { unsigned t = 0; - assert(length <= sizeof(*result)); + if (length > sizeof(*result)) { + (void) fprintf(stderr, "_read_scalar: bad length\n"); + return 0; + } while (length--) { unsigned char c[1]; @@ -373,7 +388,11 @@ region->last_read = r; do { region->length_read += r; - assert(!region->parent || region->length <= region->parent->length); + if (region->parent && region->length > region->parent->length) { + (void) fprintf(stderr, + "ops_limited_read: bad length\n"); + return false; + } } while ((region = region->parent) != NULL); return true; } @@ -466,8 +485,15 @@ unsigned t; unsigned n; - assert(length <= 4); - assert(/*CONSTCOND*/sizeof(*dest) >= 4); + if (length > 4) { + (void) fprintf(stderr, "limited_read_scalar: bad length\n"); + return 0; + } + /*LINTED*/ + if (/*CONSTCOND*/sizeof(*dest) < 4) { + (void) fprintf(stderr, "limited_read_scalar: bad dest\n"); + return 0; + } if (!limited_read(c, length, region, pinfo)) return 0; @@ -613,7 +639,10 @@ } return 0; } - assert(length <= NETPGP_BUFSIZ); + if (length > NETPGP_BUFSIZ) { + (void) fprintf(stderr, "limited_read_mpi: bad length\n"); + return 0; + } if (!limited_read(buf, length, region, pinfo)) return 0; @@ -880,7 +909,7 @@ break; default: - assert( /* CONSTCOND */ 0); + (void) fprintf(stderr, "signature_free: bad sig type\n"); } } @@ -1167,7 +1196,6 @@ default: fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag); - assert( /* CONSTCOND */ 0); } } @@ -1189,7 +1217,8 @@ break; default: - assert( /* CONSTCOND */ 0); + (void) fprintf(stderr, "__ops_pk_session_key_free: bad alg\n"); + break; } } @@ -1228,7 +1257,7 @@ break; default: - assert( /* CONSTCOND */ 0); + (void) fprintf(stderr, "__ops_public_key_free: bad alg\n"); } } @@ -1241,8 +1270,11 @@ { unsigned char c[1] = ""; - assert(region->length_read == 0); /* We should not have read - * anything so far */ + if (region->length_read != 0) { + /* We should not have read anything so far */ + (void) fprintf(stderr, "parse_public_key_data: bad length\n"); + return 0; + } if (!limited_read(c, 1, region, pinfo)) { return 0; @@ -1374,8 +1406,11 @@ * attribute sub-packets later - rachel */ - assert(region->length_read == 0); /* We should not have read - * anything so far */ + if (region->length_read != 0) { + /* We should not have read anything so far */ + (void) fprintf(stderr, "parse_user_attribute: bad length\n"); + return 0; + } if (!read_data(&pkt.u.user_attribute.data, region, pinfo)) return 0; @@ -1421,8 +1456,11 @@ { __ops_packet_t pkt; - assert(region->length_read == 0); /* We should not have read - * anything so far */ + if (region->length_read != 0) { + /* We should not have read anything so far */ + (void) fprintf(stderr, "parse_user_id: bad length\n"); + return 0; + } pkt.u.user_id.user_id = calloc(1, region->length + 1); /* XXX should we not * like check malloc's @@ -1952,7 +1990,7 @@ if (!pinfo->rinfo.accumulate) { /* We must accumulate, else we can't check the signature */ fprintf(stderr, "*** ERROR: must set accumulate to true\n"); - assert( /* CONSTCOND */ 0); + return 0; } (void) memcpy(pkt.u.signature.info.v4_hashed_data, pinfo->rinfo.accumulated + pkt.u.signature.v4_hashed_data_start, @@ -2043,8 +2081,11 @@ unsigned char c[1] = ""; __ops_packet_t pkt; - assert(region->length_read == 0); /* We should not have read - * anything so far */ + if (region->length_read != 0) { + /* We should not have read anything so far */ + (void) fprintf(stderr, "parse_signature: bad length\n"); + return 0; + } (void) memset(&pkt, 0x0, sizeof(pkt)); @@ -2369,9 +2410,16 @@ } pkt.u.secret_key.s2k_specifier = c[0]; - assert(pkt.u.secret_key.s2k_specifier == OPS_S2KS_SIMPLE || - pkt.u.secret_key.s2k_specifier == OPS_S2KS_SALTED || - pkt.u.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED); + switch (pkt.u.secret_key.s2k_specifier) { + case OPS_S2KS_SIMPLE: + case OPS_S2KS_SALTED: + case OPS_S2KS_ITERATED_AND_SALTED: + break; + default: + (void) fprintf(stderr, + "parse_secret_key: bad seckey\n"); + return 0; + } if (!limited_read(c, 1, region, pinfo)) { return 0; @@ -2413,7 +2461,11 @@ int hashsize; blocksize = __ops_block_size(pkt.u.secret_key.algorithm); - assert(blocksize > 0 && blocksize <= OPS_MAX_BLOCK_SIZE); + if (blocksize == 0 || blocksize > OPS_MAX_BLOCK_SIZE) { + (void) fprintf(stderr, + "parse_secret_key: bad blocksize\n"); + return 0; + } if (!limited_read(pkt.u.secret_key.iv, blocksize, region, pinfo)) { @@ -2442,10 +2494,18 @@ return 1; } keysize = __ops_key_size(pkt.u.secret_key.algorithm); - assert(keysize > 0 && keysize <= OPS_MAX_KEY_SIZE); + if (keysize == 0 || keysize > OPS_MAX_KEY_SIZE) { + (void) fprintf(stderr, + "parse_secret_key: bad keysize\n"); + return 0; + } hashsize = __ops_hash_size(pkt.u.secret_key.hash_algorithm); - assert(hashsize > 0 && hashsize <= OPS_MAX_HASH_SIZE); + if (hashsize == 0 || hashsize > OPS_MAX_HASH_SIZE) { + (void) fprintf(stderr, + "parse_secret_key: bad hashsize\n"); + return 0; + } for (n = 0; n * hashsize < keysize; ++n) { int i; @@ -2501,7 +2561,11 @@ int r; r = hashes[n].finish(&hashes[n], key + n * hashsize); - assert(r == hashsize); + if (r != hashsize) { + (void) fprintf(stderr, + "parse_secret_key: bad r\n"); + return 0; + } } (void) memset(passphrase, 0x0, passlen); @@ -2579,7 +2643,6 @@ pkt.u.secret_key.pubkey.algorithm, __ops_show_pka(pkt.u.secret_key.pubkey.algorithm)); ret = 0; - /* assert(0); */ } if (__ops_get_debug_level(__FILE__)) { @@ -2631,7 +2694,10 @@ if (crypted && pkt.u.secret_key.pubkey.version == OPS_V4) { __ops_reader_pop_decrypt(pinfo); } - assert(!ret || region->length_read == region->length); + if (ret && region->length_read != region->length) { + (void) fprintf(stderr, "parse_secret_key: bad length\n"); + return 0; + } if (!ret) return 0; @@ -2755,7 +2821,10 @@ n, k + 3); return 0; } - assert(k <= sizeof(pkt.u.pk_session_key.key)); + if (k > sizeof(pkt.u.pk_session_key.key)) { + (void) fprintf(stderr, "parse_pk_session_key: bad keylength\n"); + return 0; + } (void) memcpy(pkt.u.pk_session_key.key, unencoded_m_buf + 1, k); @@ -2919,7 +2988,11 @@ if (!limited_read(c, 1, region, pinfo)) return 0; pkt.u.se_ip_data_header.version = c[0]; - assert(pkt.u.se_ip_data_header.version == OPS_SE_IP_V1); + + if (pkt.u.se_ip_data_header.version != OPS_SE_IP_V1) { + (void) fprintf(stderr, "parse_se_ip_data: bad version\n"); + return 0; + } /* * The content of an encrypted data packet is more OpenPGP packets @@ -3213,8 +3286,11 @@ type); return; } - assert(tag >= OPS_PTAG_SIGNATURE_SUBPACKET_BASE - && tag <= OPS_PTAG_SIGNATURE_SUBPACKET_BASE + NTAGS - 1); + if (tag < OPS_PTAG_SIGNATURE_SUBPACKET_BASE + || tag > OPS_PTAG_SIGNATURE_SUBPACKET_BASE + NTAGS - 1) { + (void) fprintf(stderr, "__ops_parse_options: bad tag\n"); + return; + } t8 = (tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE) / 8; t7 = 1 << ((tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE) & 7); switch (type) { Index: src/crypto/external/bsd/netpgp/dist/src/lib/reader.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.5 src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.6 --- src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.5 Tue May 5 01:28:15 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c Tue May 5 15:25:27 2009 @@ -31,7 +31,9 @@ #include <sys/param.h> #endif +#ifdef HAVE_FCNTL_H #include <fcntl.h> +#endif #ifdef HAVE_UNISTD_H #include <unistd.h> @@ -41,10 +43,6 @@ #include <direct.h> #endif -#ifdef HAVE_ASSERT_H -#include <assert.h> -#endif - #ifdef HAVE_INTTYPES_H #include <inttypes.h> #endif @@ -241,12 +239,15 @@ { unsigned n; - assert(!dearmour->pushed_back); - dearmour->pushed_back = calloc(1, length); - for (n = 0; n < length; ++n) { - dearmour->pushed_back[n] = buf[length - n - 1]; + if (dearmour->pushed_back) { + (void) fprintf(stderr, "push_back: already pushed back\n"); + } else { + dearmour->pushed_back = calloc(1, length); + for (n = 0; n < length; ++n) { + dearmour->pushed_back[n] = buf[length - n - 1]; + } + dearmour->npushed_back = length; } - dearmour->npushed_back = length; } static int @@ -550,31 +551,46 @@ } } if (c == '\n' && body->length) { - assert(memchr(body->data + 1, '\n', body->length - 1) == NULL); + if (memchr(body->data + 1, '\n', body->length - 1) + != NULL) { + (void) fprintf(stderr, + "process_dash_escaped: newline found\n"); + return -1; + } if (body->data[0] == '\n') { - hash->add(hash, (const unsigned char *) "\r", 1); + hash->add(hash, (const unsigned char *)"\r", 1); } hash->add(hash, body->data, body->length); if (__ops_get_debug_level(__FILE__)) { fprintf(stderr, "Got body:\n%s\n", body->data); } - CALLBACK(cbinfo, OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, &content); + CALLBACK(cbinfo, OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, + &content); body->length = 0; } body->data[body->length++] = c; ++total; if (body->length == sizeof(body->data)) { if (__ops_get_debug_level(__FILE__)) { - fprintf(stderr, "Got body (2):\n%s\n", body->data); + (void) fprintf(stderr, "Got body (2):\n%s\n", + body->data); } CALLBACK(cbinfo, OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, &content); body->length = 0; } } - assert(body->data[0] == '\n'); - assert(body->length == 1); - /* don't send that one character, because its part of the trailer. */ + if (body->data[0] != '\n') { + (void) fprintf(stderr, + "process_dash_escaped: no newline in body data\n"); + return -1; + } + if (body->length != 1) { + (void) fprintf(stderr, + "process_dash_escaped: bad body length\n"); + return -1; + } + /* don't send that one character, because it's part of the trailer */ trailer->hash = hash; CALLBACK(cbinfo, OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER, &content2); @@ -589,8 +605,10 @@ /* * Check that the header is valid */ - if (strcmp(key, "Version") == 0 || strcmp(key, "Comment") == 0 || - strcmp(key, "MessageID") == 0 || strcmp(key, "Hash") == 0 || + if (strcmp(key, "Version") == 0 || + strcmp(key, "Comment") == 0 || + strcmp(key, "MessageID") == 0 || + strcmp(key, "Hash") == 0 || strcmp(key, "Charset") == 0) { dearmour->headers.headers = realloc(dearmour->headers.headers, (dearmour->headers.nheaders + 1) @@ -633,7 +651,11 @@ break; } - assert(nbuf < size); + if (nbuf >= size) { + (void) fprintf(stderr, + "parse_headers: bad size\n"); + return -1; + } buf[nbuf] = '\0'; s = strchr(buf, ':'); @@ -759,7 +781,10 @@ int c; int ret; - assert(dearmour->buffered == 0); + if (dearmour->buffered != 0) { + (void) fprintf(stderr, "decode64: bad dearmour->buffered\n"); + return 0; + } ret = read4(dearmour, errors, rinfo, cbinfo, &c, &n, &l); if (ret < 0) { @@ -794,14 +819,24 @@ } dearmour->buffered = 0; } else { - assert(n == 4); + if (n != 4) { + (void) fprintf(stderr, + "decode64: bad n (!= 4)\n"); + return 0; + } dearmour->buffered = 3; - assert(c != '-' && c != '='); + if (c == '-' || c == '=') { + (void) fprintf(stderr, "decode64: bad c\n"); + return 0; + } } if (dearmour->buffered < 3 && dearmour->buffered > 0) { /* then we saw padding */ - assert(c == '='); + if (c != '=') { + (void) fprintf(stderr, "decode64: bad c (=)\n"); + return 0; + } c = read_and_eat_whitespace(dearmour, errors, rinfo, cbinfo, true); if (c != '\n') { OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, "No newline at base64 end"); @@ -840,8 +875,12 @@ return 0; } dearmour->eof64 = true; - } else - assert(dearmour->buffered); + } else { + if (!dearmour->buffered) { + (void) fprintf(stderr, "decode64: not buffered\n"); + return 0; + } + } for (n = 0; n < dearmour->buffered; ++n) { dearmour->buffer[n] = (unsigned char)l; @@ -884,8 +923,14 @@ unsigned char *dest = dest_; int saved = length; - if (dearmour->eof64 && !dearmour->buffered) - assert(dearmour->state == OUTSIDE_BLOCK || dearmour->state == AT_TRAILER_NAME); + if (dearmour->eof64 && !dearmour->buffered) { + if (dearmour->state != OUTSIDE_BLOCK && + dearmour->state != AT_TRAILER_NAME) { + (void) fprintf(stderr, + "armoured_data_reader: bad dearmour state\n"); + return 0; + } + } while (length > 0) { unsigned count; @@ -1010,7 +1055,11 @@ } } if (!dearmour->buffered) { - assert(dearmour->eof64); + if (!dearmour->eof64) { + (void) fprintf(stderr, +"armoured_data_reader: bad dearmour eof64\n"); + return 0; + } if (first) { dearmour->state = AT_TRAILER_NAME; goto reloop; @@ -1018,7 +1067,11 @@ return -1; } } - assert(dearmour->buffered); + if (!dearmour->buffered) { + (void) fprintf(stderr, + "armoured_data_reader: bad dearmour buffered\n"); + return 0; + } *dest = dearmour->buffer[--dearmour->buffered]; ++dest; --length; @@ -1187,7 +1240,11 @@ * count */ if (encrypted->prev_read_was_plain && !rinfo->pinfo->reading_mpi_length) { - assert(rinfo->pinfo->reading_v3_secret); + if (!rinfo->pinfo->reading_v3_secret) { + (void) fprintf(stderr, + "encrypted_data_reader: bad v3 secret\n"); + return -1; + } encrypted->decrypt->decrypt_resync(encrypted->decrypt); encrypted->prev_read_was_plain = false; } else if (rinfo->pinfo->reading_v3_secret && @@ -1199,13 +1256,15 @@ unsigned n; /* - * if we are reading v3 we should never read more - * than - */ - /* we're asked for */ - assert(length >= encrypted->decrypted_count - || (!rinfo->pinfo->reading_v3_secret - && !rinfo->pinfo->exact_read)); + * if we are reading v3 we should never read + * more than we're asked for */ + if (length < encrypted->decrypted_count && + (rinfo->pinfo->reading_v3_secret || + rinfo->pinfo->exact_read)) { + (void) fprintf(stderr, + "encrypted_data_reader: bad v3 read\n"); + return 0; + } n = MIN(length, encrypted->decrypted_count); @@ -1270,7 +1329,11 @@ encrypted->decrypted_count = n; } - assert(encrypted->decrypted_count > 0); + if (encrypted->decrypted_count <= 0) { + (void) fprintf(stderr, + "encrypted_data_reader: bad decrypted count\n"); + return 0; + } encrypted->decrypted_offset = 0; } @@ -1447,7 +1510,11 @@ } /* all done with the checks */ /* now can start reading from the plaintext */ - assert(!se_ip->plaintext); + if (se_ip->plaintext) { + (void) fprintf(stderr, + "se_ip_data_reader: bad plaintext\n"); + return 0; + } se_ip->plaintext = calloc(1, sz_plaintext); memcpy(se_ip->plaintext, plaintext, sz_plaintext); se_ip->plaintext_available = sz_plaintext; @@ -1927,7 +1994,11 @@ if (__ops_get_debug_level(__FILE__)) { printf("OPS_PTAG_CT_PK_SESSION_KEY\n"); } - assert(cbinfo->cryptinfo.keyring); + if (!cbinfo->cryptinfo.keyring) { + (void) fprintf(stderr, + "pk_session_key_cb: bad keyring\n"); + return 0; + } cbinfo->cryptinfo.keydata = __ops_keyring_find_key_by_id(cbinfo->cryptinfo.keyring, content->pk_session_key.key_id); if (!cbinfo->cryptinfo.keydata) @@ -1983,7 +2054,7 @@ CALLBACK(cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE, &seckey); if (!cbinfo->cryptinfo.passphrase) { fprintf(stderr, "can't get passphrase\n"); - assert(/*CONSTCOND*/0); + return 0; } } /* then it must be encrypted */ Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.c diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.5 src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.6 --- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.5 Tue May 5 01:28:15 2009 +++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c Tue May 5 15:25:27 2009 @@ -23,22 +23,11 @@ */ #include "config.h" -#include "signature.h" -#include "crypto.h" -#include "create.h" -#include "netpgpsdk.h" - -#include "readerwriter.h" -#include "loccreate.h" -#include "validate.h" -#include "netpgpdefs.h" - -#ifdef HAVE_ASSERT_H -#include <assert.h> +#ifdef HAVE_FCNTL_H +#include <fcntl.h> #endif #include <string.h> -#include <fcntl.h> #ifdef HAVE_UNISTD_H #include <unistd.h> @@ -48,6 +37,15 @@ #include <openssl/dsa.h> #endif +#include "signature.h" +#include "crypto.h" +#include "create.h" +#include "netpgpsdk.h" +#include "readerwriter.h" +#include "loccreate.h" +#include "validate.h" +#include "netpgpdefs.h" + #define MAXBUF 1024 /* <! Standard buffer size to use */ /** \ingroup Core_Create @@ -129,7 +127,10 @@ unsigned encoded_msg_sz = 0; unsigned char *prefix = NULL; - assert(hash_alg == OPS_HASH_SHA1); + if (hash_alg != OPS_HASH_SHA1) { + (void) fprintf(stderr, "encode_hash_buf: bad hash alg\n"); + return false; + } /* 1. Apply hash function to M */ @@ -153,7 +154,8 @@ break; default: - assert(0); + /* already tested for other algorithms at head of function */ + break; } /* \todo 3. Test for len being too short */ @@ -211,8 +213,14 @@ hashsize = 20 + sizeof(prefix_sha1); keysize = (BN_num_bits(rsa->n) + 7) / 8; - assert(keysize <= sizeof(hashbuf)); - assert(10 + hashsize <= keysize); + if (keysize > sizeof(hashbuf)) { + (void) fprintf(stderr, "rsa_sign: keysize too big\n"); + return; + } + if (10 + hashsize > keysize) { + (void) fprintf(stderr, "rsa_sign: hashsize too big\n"); + return; + } hashbuf[0] = 0; hashbuf[1] = 1; @@ -228,12 +236,18 @@ n += sizeof(prefix_sha1); t = hash->finish(hash, &hashbuf[n]); - assert(t == 20); + if (t != 20) { + (void) fprintf(stderr, "rsa_sign: hashfinish not 20\n"); + return; + } __ops_write(&hashbuf[n], 2, opt); n += t; - assert(n == keysize); + if (n != keysize) { + (void) fprintf(stderr, "rsa_sign: n != keysize\n"); + return; + } t = __ops_rsa_private_encrypt(sigbuf, hashbuf, keysize, srsa, rsa); bn = BN_bin2bn(sigbuf, (int)t, NULL); @@ -260,7 +274,10 @@ /* finalise hash */ t = hash->finish(hash, &hashbuf[0]); - assert(t == 20); + if (t != 20) { + (void) fprintf(stderr, "dsa_sign: hashfinish not 20\n"); + return; + } __ops_write(&hashbuf[0], 2, cinfo); @@ -292,8 +309,14 @@ prefix = (const unsigned char *) ""; keysize = BN_num_bytes(rsa->n); /* RSA key can't be bigger than 65535 bits, so... */ - assert(keysize <= sizeof(hashbuf_from_sig)); - assert((unsigned) BN_num_bits(sig->sig) <= 8 * sizeof(sigbuf)); + if (keysize > sizeof(hashbuf_from_sig)) { + (void) fprintf(stderr, "rsa_verify: keysize too big\n"); + return false; + } + if ((unsigned) BN_num_bits(sig->sig) > 8 * sizeof(sigbuf)) { + (void) fprintf(stderr, "rsa_verify: BN_numbits too big\n"); + return false; + } BN_bn2bin(sig->sig, sigbuf); n = __ops_rsa_public_decrypt(hashbuf_from_sig, sigbuf, @@ -460,7 +483,8 @@ break; default: - assert(/*CONSTCOND*/0); + (void) fprintf(stderr, "__ops_check_signature: unusual alg\n"); + ret = false; } return ret; @@ -813,20 +837,32 @@ case OPS_PKA_RSA: case OPS_PKA_RSA_ENCRYPT_ONLY: case OPS_PKA_RSA_SIGN_ONLY: - assert(skey->key.rsa.d); + if (skey->key.rsa.d == NULL) { + (void) fprintf(stderr, + "__ops_write_signature: null rsa.d\n"); + return false; + } break; case OPS_PKA_DSA: - assert(skey->key.dsa.x); + if (skey->key.dsa.x == NULL) { + (void) fprintf(stderr, + "__ops_write_signature: null dsa.x\n"); + return false; + } break; default: (void) fprintf(stderr, "Unsupported algorithm %d\n", skey->pubkey.algorithm); - assert(/* CONSTCOND */0); + return false; } - assert(sig->hashed_data_length != (unsigned) -1); + if (sig->hashed_data_length == (unsigned) -1) { + (void) fprintf(stderr, + "ops_write_signature: bad hashed data len\n"); + return false; + } __ops_memory_place_int(sig->mem, sig->unhashed_count_offset, l - sig->unhashed_count_offset - 2, 2); @@ -865,7 +901,7 @@ default: (void) fprintf(stderr, "Unsupported algorithm %d\n", skey->pubkey.algorithm); - assert(/*CONSTCOND*/0); + return false; } rtn = __ops_write_ptag(OPS_PTAG_CT_SIGNATURE, info); @@ -1044,9 +1080,14 @@ int n = 0; n = read(fd_in, buf, sizeof(buf)); - if (!n) + if (n == 0) { break; - assert(n >= 0); + } + if (n < 0) { + (void) fprintf(stderr, + "__ops_sign_file_as_cleartext: bad read\n"); + return false; + } __ops_write(buf, (unsigned)n, cinfo); } close(fd_in); @@ -1097,16 +1138,18 @@ const __ops_secret_key_t *skey) { bool rtn = false; - - /* \todo allow choice of hash algorithams */ - /* enforce use of SHA1 for now */ - unsigned char keyid[OPS_KEY_ID_SIZE]; __ops_create_signature_t *sig = NULL; - __ops_create_info_t *cinfo = NULL; - assert(*signed_cleartext == NULL); + /* \todo allow choice of hash algorithams */ + /* enforce use of SHA1 for now */ + + if (*signed_cleartext != 0x0) { + (void) fprintf(stderr, + "__ops_sign_buf_as_cleartext: non-null cleartext\n"); + return false; + } /* set up signature */ sig = __ops_create_signature_new();