Module Name: src
Committed By: agc
Date: Tue May 5 15:25:27 UTC 2009
Modified Files:
src/crypto/external/bsd/netpgp/dist/src/lib: create.c packet-parse.c
reader.c signature.c
Log Message:
Get rid of remaining assert()s in netpgp.
To generate a diff of this commit:
cvs rdiff -u -r1.5 -r1.6 src/crypto/external/bsd/netpgp/dist/src/lib/create.c \
src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c \
src/crypto/external/bsd/netpgp/dist/src/lib/reader.c \
src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/crypto/external/bsd/netpgp/dist/src/lib/create.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.5 src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.6
--- src/crypto/external/bsd/netpgp/dist/src/lib/create.c:1.5 Tue May 5 01:28:15 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/create.c Tue May 5 15:25:27 2009
@@ -27,10 +27,6 @@
#include <sys/stat.h>
#include <sys/mman.h>
-#ifdef HAVE_ASSERT_H
-#include <assert.h>
-#endif
-
#ifdef HAVE_FCNTL_H
#include <fcntl.h>
#endif
@@ -50,7 +46,6 @@
#include "packet.h"
#include "signature.h"
#include "writer.h"
-
#include "readerwriter.h"
#include "keyring_local.h"
#include "loccreate.h"
@@ -70,7 +65,8 @@
__ops_create_info_t * info)
{
return __ops_write_length(length, info) &&
- __ops_write_scalar((unsigned)(type - OPS_PTAG_SIGNATURE_SUBPACKET_BASE), 1, info);
+ __ops_write_scalar((unsigned)(type -
+ OPS_PTAG_SIGNATURE_SUBPACKET_BASE), 1, info);
}
/*
@@ -144,29 +140,29 @@
return mpi_length(key->key.rsa.n) + mpi_length(key->key.rsa.e);
default:
- assert(!"unknown key algorithm");
+ (void) fprintf(stderr,
+ "public_key_length: unknown key algorithm\n");
}
- /* not reached */
return 0;
}
static unsigned
secret_key_length(const __ops_secret_key_t * key)
{
- int l;
+ int len;
- l = 0;
+ len = 0;
switch (key->pubkey.algorithm) {
case OPS_PKA_RSA:
- l = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) +
+ len = mpi_length(key->key.rsa.d) + mpi_length(key->key.rsa.p) +
mpi_length(key->key.rsa.q) + mpi_length(key->key.rsa.u);
- break;
+ return len + public_key_length(&key->pubkey);
default:
- assert(!"unknown key algorithm");
+ (void) fprintf(stderr,
+ "public_key_length: unknown key algorithm\n");
}
-
- return l + public_key_length(&key->pubkey);
+ return 0;
}
/**
@@ -228,11 +224,10 @@
__ops_write_mpi(key->key.elgamal.y, info);
default:
- assert( /* CONSTCOND */ 0);
+ (void) fprintf(stderr,
+ "write_public_key_body: bad algorithm\n");
break;
}
-
- /* not reached */
return false;
}
@@ -258,25 +253,36 @@
if (!write_public_key_body(&key->pubkey, info)) {
return false;
}
-
- assert(key->s2k_usage == OPS_S2KU_ENCRYPTED_AND_HASHED); /* = 254 */
+ if (key->s2k_usage != OPS_S2KU_ENCRYPTED_AND_HASHED) {
+ (void) fprintf(stderr, "write_secret_key_body: s2k usage\n");
+ return false;
+ }
if (!__ops_write_scalar((unsigned)key->s2k_usage, 1, info)) {
return false;
}
- assert(key->algorithm == OPS_SA_CAST5);
+ if (key->algorithm != OPS_SA_CAST5) {
+ (void) fprintf(stderr, "write_secret_key_body: algorithm\n");
+ return false;
+ }
if (!__ops_write_scalar((unsigned)key->algorithm, 1, info)) {
return false;
}
- assert(key->s2k_specifier == OPS_S2KS_SIMPLE ||
- key->s2k_specifier == OPS_S2KS_SALTED);
+ if (key->s2k_specifier != OPS_S2KS_SIMPLE &&
+ key->s2k_specifier != OPS_S2KS_SALTED) {
/* = 1 \todo could also be iterated-and-salted */
+ (void) fprintf(stderr, "write_secret_key_body: s2k spec\n");
+ return false;
+ }
if (!__ops_write_scalar((unsigned)key->s2k_specifier, 1, info)) {
return false;
}
- assert(key->hash_algorithm == OPS_HASH_SHA1);
+ if (key->hash_algorithm != OPS_HASH_SHA1) {
+ (void) fprintf(stderr, "write_secret_key_body: hash alg\n");
+ return false;
+ }
if (!__ops_write_scalar((unsigned)key->hash_algorithm, 1, info)) {
return false;
}
@@ -303,7 +309,7 @@
(void) fprintf(stderr,
"invalid/unsupported s2k specifier %d\n",
key->s2k_specifier);
- assert( /* CONSTCOND */ 0);
+ return false;
}
if (!__ops_write(&key->iv[0], __ops_block_size(key->algorithm), info)) {
@@ -355,7 +361,11 @@
(void) memcpy(session_key + (i * SHA_DIGEST_LENGTH),
hashed, (unsigned)use);
done += use;
- assert(done <= CAST_KEY_LENGTH);
+ if (done > CAST_KEY_LENGTH) {
+ (void) fprintf(stderr,
+ "write_secret_key_body: short add\n");
+ return false;
+ }
}
break;
@@ -369,7 +379,7 @@
(void) fprintf(stderr,
"invalid/unsupported s2k specifier %d\n",
key->s2k_specifier);
- assert( /* CONSTCOND */ 0);
+ return false;
}
/* use this session key to encrypt */
@@ -421,8 +431,7 @@
/* return __ops_write_mpi(key->key.elgamal.x,info); */
default:
- assert( /* CONSTCOND */ 0);
- break;
+ return false;
}
if (!__ops_write(key->checkhash, OPS_CHECKHASH_SIZE, info)) {
@@ -583,8 +592,11 @@
__ops_write_struct_public_key(const __ops_public_key_t * key,
__ops_create_info_t * info)
{
- assert(key->version == 4);
-
+ if (key->version != 4) {
+ (void) fprintf(stderr,
+ "__ops_write_struct_public_key: wrong key version\n");
+ return false;
+ }
return __ops_write_ptag(OPS_PTAG_CT_PUBLIC_KEY, info) &&
__ops_write_length(1 + 4 + 1 + public_key_length(key), info) &&
write_public_key_body(key, info);
@@ -689,7 +701,11 @@
{
int length = 0;
- assert(key->pubkey.version == 4);
+ if (key->pubkey.version != 4) {
+ (void) fprintf(stderr,
+ "__ops_write_struct_secret_key: public key version\n");
+ return false;
+ }
/* Ref: RFC4880 Section 5.5.3 */
@@ -725,12 +741,16 @@
break;
default:
- assert( /* CONSTCOND */ 0);
+ (void) fprintf(stderr,
+ "__ops_write_struct_secret_key: s2k spec\n");
+ return false;
}
break;
default:
- assert( /* CONSTCOND */ 0);
+ (void) fprintf(stderr,
+ "__ops_write_struct_secret_key: s2k usage\n");
+ return false;
}
/* IV */
@@ -749,7 +769,9 @@
break;
default:
- assert( /* CONSTCOND */ 0);
+ (void) fprintf(stderr,
+ "__ops_write_struct_secret_key: s2k cksum usage\n");
+ return false;
}
/* secret key and public key MPIs */
@@ -840,7 +862,10 @@
m_buf[0] = session_key->symmetric_algorithm;
- assert(session_key->symmetric_algorithm == OPS_SA_CAST5);
+ if (session_key->symmetric_algorithm != OPS_SA_CAST5) {
+ (void) fprintf(stderr, "create_unencoded_m_buf: symm alg\n");
+ return false;
+ }
for (i = 0; i < CAST_KEY_LENGTH; i++) {
m_buf[1 + i] = session_key->key[i];
}
@@ -868,12 +893,14 @@
/* implementation of EME-PKCS1-v1_5-ENCODE, as defined in OpenPGP RFC */
- assert(pkey->algorithm == OPS_PKA_RSA);
+ if (pkey->algorithm != OPS_PKA_RSA) {
+ (void) fprintf(stderr, "encode_m_buf: pkey algorithm\n");
+ return false;
+ }
k = BN_num_bytes(pkey->key.rsa.n);
- assert(mLen <= k - 11);
if (mLen > k - 11) {
- fprintf(stderr, "message too long\n");
+ (void) fprintf(stderr, "encode_m_buf: message too long\n");
return false;
}
/* these two bytes defined by RFC */
@@ -887,7 +914,10 @@
} while (EM[i] == 0);
}
- assert(i >= 8 + 2);
+ if (i < 8 + 2) {
+ (void) fprintf(stderr, "encode_m_buf: bad i len\n");
+ return false;
+ }
EM[i++] = 0;
@@ -934,9 +964,14 @@
unsigned char *encoded_m_buf = calloc(1, sz_encoded_m_buf);
__ops_pk_session_key_t *session_key = calloc(1, sizeof(*session_key));
- assert(key->type == OPS_PTAG_CT_PUBLIC_KEY);
+ if (key->type != OPS_PTAG_CT_PUBLIC_KEY) {
+ (void) fprintf(stderr,
+ "__ops_create_pk_session_key: bad type\n");
+ return NULL;
+ }
session_key->version = OPS_PKSK_V3;
- (void) memcpy(session_key->key_id, key->key_id, sizeof(session_key->key_id));
+ (void) memcpy(session_key->key_id, key->key_id,
+ sizeof(session_key->key_id));
if (__ops_get_debug_level(__FILE__)) {
unsigned int i = 0;
@@ -947,7 +982,11 @@
}
(void) fprintf(stderr, "\n");
}
- assert(key->key.pkey.algorithm == OPS_PKA_RSA);
+ if (key->key.pkey.algorithm != OPS_PKA_RSA) {
+ (void) fprintf(stderr,
+ "__ops_create_pk_session_key: bad pkey algorithm\n");
+ return NULL;
+ }
session_key->algorithm = key->key.pkey.algorithm;
/* \todo allow user to specify other algorithm */
@@ -1002,8 +1041,16 @@
__ops_write_pk_session_key(__ops_create_info_t * info,
__ops_pk_session_key_t * pksk)
{
- assert(pksk);
- assert(pksk->algorithm == OPS_PKA_RSA);
+ if (pksk == NULL) {
+ (void) fprintf(stderr,
+ "__ops_write_pk_session_key: NULL pksk\n");
+ return false;
+ }
+ if (pksk->algorithm != OPS_PKA_RSA) {
+ (void) fprintf(stderr,
+ "__ops_write_pk_session_key: bad algorithm\n");
+ return false;
+ }
return __ops_write_ptag(OPS_PTAG_CT_PK_SESSION_KEY, info) &&
__ops_write_length((unsigned)(1 + 8 + 1 + BN_num_bytes(pksk->parameters.rsa.encrypted_m) + 2), info) &&
@@ -1259,8 +1306,11 @@
encrypted = calloc(1, encrypted_sz);
done = __ops_encrypt_se(&crypt_info, encrypted, data, (unsigned)len);
- assert(done == len);
- /* printf("len=%d, done: %d\n", len, done); */
+ if (done != len) {
+ (void) fprintf(stderr,
+"__ops_write_symmetrically_encrypted_data: done != len\n");
+ return false;
+ }
return __ops_write_ptag(OPS_PTAG_CT_SE_DATA, info) &&
__ops_write_length(1 + encrypted_sz, info) &&
Index: src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.5 src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.6
--- src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c:1.5 Tue May 5 01:28:15 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/packet-parse.c Tue May 5 15:25:27 2009
@@ -81,7 +81,10 @@
{
data->len = len;
- assert(subregion->length - subregion->length_read >= len);
+ if (subregion->length - subregion->length_read < len) {
+ (void) fprintf(stderr, "limited_data_read: bad length\n");
+ return 0;
+ }
data->contents = calloc(1, data->len);
if (!data->contents)
@@ -205,7 +208,10 @@
for (n = 0; n < length;) {
int r = rinfo->reader((char *) dest + n, length - n, errors, rinfo, cbinfo);
- assert(r <= (int) (length - n));
+ if (r > (int) (length - n)) {
+ (void) fprintf(stderr, "sub_base_read: bad read\n");
+ return 0;
+ }
/*
* XXX: should we save the error and return what was read so
@@ -224,12 +230,18 @@
return 0;
if (rinfo->accumulate) {
- assert(rinfo->asize >= rinfo->alength);
+ if (rinfo->asize < rinfo->alength) {
+ (void) fprintf(stderr, "sub_base_read: bad size\n");
+ return 0;
+ }
if (rinfo->alength + n > rinfo->asize) {
rinfo->asize = rinfo->asize * 2 + n;
rinfo->accumulated = realloc(rinfo->accumulated, rinfo->asize);
}
- assert(rinfo->asize >= rinfo->alength + n);
+ if (rinfo->asize < rinfo->alength + n) {
+ (void) fprintf(stderr, "sub_base_read: bad realloc\n");
+ return 0;
+ }
(void) memcpy(rinfo->accumulated + rinfo->alength, dest, n);
}
/* we track length anyway, because it is used for packet offsets */
@@ -305,7 +317,10 @@
{
unsigned t = 0;
- assert(length <= sizeof(*result));
+ if (length > sizeof(*result)) {
+ (void) fprintf(stderr, "_read_scalar: bad length\n");
+ return 0;
+ }
while (length--) {
unsigned char c[1];
@@ -373,7 +388,11 @@
region->last_read = r;
do {
region->length_read += r;
- assert(!region->parent || region->length <= region->parent->length);
+ if (region->parent && region->length > region->parent->length) {
+ (void) fprintf(stderr,
+ "ops_limited_read: bad length\n");
+ return false;
+ }
} while ((region = region->parent) != NULL);
return true;
}
@@ -466,8 +485,15 @@
unsigned t;
unsigned n;
- assert(length <= 4);
- assert(/*CONSTCOND*/sizeof(*dest) >= 4);
+ if (length > 4) {
+ (void) fprintf(stderr, "limited_read_scalar: bad length\n");
+ return 0;
+ }
+ /*LINTED*/
+ if (/*CONSTCOND*/sizeof(*dest) < 4) {
+ (void) fprintf(stderr, "limited_read_scalar: bad dest\n");
+ return 0;
+ }
if (!limited_read(c, length, region, pinfo))
return 0;
@@ -613,7 +639,10 @@
}
return 0;
}
- assert(length <= NETPGP_BUFSIZ);
+ if (length > NETPGP_BUFSIZ) {
+ (void) fprintf(stderr, "limited_read_mpi: bad length\n");
+ return 0;
+ }
if (!limited_read(buf, length, region, pinfo))
return 0;
@@ -880,7 +909,7 @@
break;
default:
- assert( /* CONSTCOND */ 0);
+ (void) fprintf(stderr, "signature_free: bad sig type\n");
}
}
@@ -1167,7 +1196,6 @@
default:
fprintf(stderr, "Can't free %d (0x%x)\n", c->tag, c->tag);
- assert( /* CONSTCOND */ 0);
}
}
@@ -1189,7 +1217,8 @@
break;
default:
- assert( /* CONSTCOND */ 0);
+ (void) fprintf(stderr, "__ops_pk_session_key_free: bad alg\n");
+ break;
}
}
@@ -1228,7 +1257,7 @@
break;
default:
- assert( /* CONSTCOND */ 0);
+ (void) fprintf(stderr, "__ops_public_key_free: bad alg\n");
}
}
@@ -1241,8 +1270,11 @@
{
unsigned char c[1] = "";
- assert(region->length_read == 0); /* We should not have read
- * anything so far */
+ if (region->length_read != 0) {
+ /* We should not have read anything so far */
+ (void) fprintf(stderr, "parse_public_key_data: bad length\n");
+ return 0;
+ }
if (!limited_read(c, 1, region, pinfo)) {
return 0;
@@ -1374,8 +1406,11 @@
* attribute sub-packets later - rachel
*/
- assert(region->length_read == 0); /* We should not have read
- * anything so far */
+ if (region->length_read != 0) {
+ /* We should not have read anything so far */
+ (void) fprintf(stderr, "parse_user_attribute: bad length\n");
+ return 0;
+ }
if (!read_data(&pkt.u.user_attribute.data, region, pinfo))
return 0;
@@ -1421,8 +1456,11 @@
{
__ops_packet_t pkt;
- assert(region->length_read == 0); /* We should not have read
- * anything so far */
+ if (region->length_read != 0) {
+ /* We should not have read anything so far */
+ (void) fprintf(stderr, "parse_user_id: bad length\n");
+ return 0;
+ }
pkt.u.user_id.user_id = calloc(1, region->length + 1); /* XXX should we not
* like check malloc's
@@ -1952,7 +1990,7 @@
if (!pinfo->rinfo.accumulate) {
/* We must accumulate, else we can't check the signature */
fprintf(stderr, "*** ERROR: must set accumulate to true\n");
- assert( /* CONSTCOND */ 0);
+ return 0;
}
(void) memcpy(pkt.u.signature.info.v4_hashed_data,
pinfo->rinfo.accumulated + pkt.u.signature.v4_hashed_data_start,
@@ -2043,8 +2081,11 @@
unsigned char c[1] = "";
__ops_packet_t pkt;
- assert(region->length_read == 0); /* We should not have read
- * anything so far */
+ if (region->length_read != 0) {
+ /* We should not have read anything so far */
+ (void) fprintf(stderr, "parse_signature: bad length\n");
+ return 0;
+ }
(void) memset(&pkt, 0x0, sizeof(pkt));
@@ -2369,9 +2410,16 @@
}
pkt.u.secret_key.s2k_specifier = c[0];
- assert(pkt.u.secret_key.s2k_specifier == OPS_S2KS_SIMPLE ||
- pkt.u.secret_key.s2k_specifier == OPS_S2KS_SALTED ||
- pkt.u.secret_key.s2k_specifier == OPS_S2KS_ITERATED_AND_SALTED);
+ switch (pkt.u.secret_key.s2k_specifier) {
+ case OPS_S2KS_SIMPLE:
+ case OPS_S2KS_SALTED:
+ case OPS_S2KS_ITERATED_AND_SALTED:
+ break;
+ default:
+ (void) fprintf(stderr,
+ "parse_secret_key: bad seckey\n");
+ return 0;
+ }
if (!limited_read(c, 1, region, pinfo)) {
return 0;
@@ -2413,7 +2461,11 @@
int hashsize;
blocksize = __ops_block_size(pkt.u.secret_key.algorithm);
- assert(blocksize > 0 && blocksize <= OPS_MAX_BLOCK_SIZE);
+ if (blocksize == 0 || blocksize > OPS_MAX_BLOCK_SIZE) {
+ (void) fprintf(stderr,
+ "parse_secret_key: bad blocksize\n");
+ return 0;
+ }
if (!limited_read(pkt.u.secret_key.iv, blocksize, region,
pinfo)) {
@@ -2442,10 +2494,18 @@
return 1;
}
keysize = __ops_key_size(pkt.u.secret_key.algorithm);
- assert(keysize > 0 && keysize <= OPS_MAX_KEY_SIZE);
+ if (keysize == 0 || keysize > OPS_MAX_KEY_SIZE) {
+ (void) fprintf(stderr,
+ "parse_secret_key: bad keysize\n");
+ return 0;
+ }
hashsize = __ops_hash_size(pkt.u.secret_key.hash_algorithm);
- assert(hashsize > 0 && hashsize <= OPS_MAX_HASH_SIZE);
+ if (hashsize == 0 || hashsize > OPS_MAX_HASH_SIZE) {
+ (void) fprintf(stderr,
+ "parse_secret_key: bad hashsize\n");
+ return 0;
+ }
for (n = 0; n * hashsize < keysize; ++n) {
int i;
@@ -2501,7 +2561,11 @@
int r;
r = hashes[n].finish(&hashes[n], key + n * hashsize);
- assert(r == hashsize);
+ if (r != hashsize) {
+ (void) fprintf(stderr,
+ "parse_secret_key: bad r\n");
+ return 0;
+ }
}
(void) memset(passphrase, 0x0, passlen);
@@ -2579,7 +2643,6 @@
pkt.u.secret_key.pubkey.algorithm,
__ops_show_pka(pkt.u.secret_key.pubkey.algorithm));
ret = 0;
- /* assert(0); */
}
if (__ops_get_debug_level(__FILE__)) {
@@ -2631,7 +2694,10 @@
if (crypted && pkt.u.secret_key.pubkey.version == OPS_V4) {
__ops_reader_pop_decrypt(pinfo);
}
- assert(!ret || region->length_read == region->length);
+ if (ret && region->length_read != region->length) {
+ (void) fprintf(stderr, "parse_secret_key: bad length\n");
+ return 0;
+ }
if (!ret)
return 0;
@@ -2755,7 +2821,10 @@
n, k + 3);
return 0;
}
- assert(k <= sizeof(pkt.u.pk_session_key.key));
+ if (k > sizeof(pkt.u.pk_session_key.key)) {
+ (void) fprintf(stderr, "parse_pk_session_key: bad keylength\n");
+ return 0;
+ }
(void) memcpy(pkt.u.pk_session_key.key, unencoded_m_buf + 1, k);
@@ -2919,7 +2988,11 @@
if (!limited_read(c, 1, region, pinfo))
return 0;
pkt.u.se_ip_data_header.version = c[0];
- assert(pkt.u.se_ip_data_header.version == OPS_SE_IP_V1);
+
+ if (pkt.u.se_ip_data_header.version != OPS_SE_IP_V1) {
+ (void) fprintf(stderr, "parse_se_ip_data: bad version\n");
+ return 0;
+ }
/*
* The content of an encrypted data packet is more OpenPGP packets
@@ -3213,8 +3286,11 @@
type);
return;
}
- assert(tag >= OPS_PTAG_SIGNATURE_SUBPACKET_BASE
- && tag <= OPS_PTAG_SIGNATURE_SUBPACKET_BASE + NTAGS - 1);
+ if (tag < OPS_PTAG_SIGNATURE_SUBPACKET_BASE
+ || tag > OPS_PTAG_SIGNATURE_SUBPACKET_BASE + NTAGS - 1) {
+ (void) fprintf(stderr, "__ops_parse_options: bad tag\n");
+ return;
+ }
t8 = (tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE) / 8;
t7 = 1 << ((tag - OPS_PTAG_SIGNATURE_SUBPACKET_BASE) & 7);
switch (type) {
Index: src/crypto/external/bsd/netpgp/dist/src/lib/reader.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.5 src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.6
--- src/crypto/external/bsd/netpgp/dist/src/lib/reader.c:1.5 Tue May 5 01:28:15 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/reader.c Tue May 5 15:25:27 2009
@@ -31,7 +31,9 @@
#include <sys/param.h>
#endif
+#ifdef HAVE_FCNTL_H
#include <fcntl.h>
+#endif
#ifdef HAVE_UNISTD_H
#include <unistd.h>
@@ -41,10 +43,6 @@
#include <direct.h>
#endif
-#ifdef HAVE_ASSERT_H
-#include <assert.h>
-#endif
-
#ifdef HAVE_INTTYPES_H
#include <inttypes.h>
#endif
@@ -241,12 +239,15 @@
{
unsigned n;
- assert(!dearmour->pushed_back);
- dearmour->pushed_back = calloc(1, length);
- for (n = 0; n < length; ++n) {
- dearmour->pushed_back[n] = buf[length - n - 1];
+ if (dearmour->pushed_back) {
+ (void) fprintf(stderr, "push_back: already pushed back\n");
+ } else {
+ dearmour->pushed_back = calloc(1, length);
+ for (n = 0; n < length; ++n) {
+ dearmour->pushed_back[n] = buf[length - n - 1];
+ }
+ dearmour->npushed_back = length;
}
- dearmour->npushed_back = length;
}
static int
@@ -550,31 +551,46 @@
}
}
if (c == '\n' && body->length) {
- assert(memchr(body->data + 1, '\n', body->length - 1) == NULL);
+ if (memchr(body->data + 1, '\n', body->length - 1)
+ != NULL) {
+ (void) fprintf(stderr,
+ "process_dash_escaped: newline found\n");
+ return -1;
+ }
if (body->data[0] == '\n') {
- hash->add(hash, (const unsigned char *) "\r", 1);
+ hash->add(hash, (const unsigned char *)"\r", 1);
}
hash->add(hash, body->data, body->length);
if (__ops_get_debug_level(__FILE__)) {
fprintf(stderr, "Got body:\n%s\n", body->data);
}
- CALLBACK(cbinfo, OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, &content);
+ CALLBACK(cbinfo, OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY,
+ &content);
body->length = 0;
}
body->data[body->length++] = c;
++total;
if (body->length == sizeof(body->data)) {
if (__ops_get_debug_level(__FILE__)) {
- fprintf(stderr, "Got body (2):\n%s\n", body->data);
+ (void) fprintf(stderr, "Got body (2):\n%s\n",
+ body->data);
}
CALLBACK(cbinfo, OPS_PTAG_CT_SIGNED_CLEARTEXT_BODY, &content);
body->length = 0;
}
}
- assert(body->data[0] == '\n');
- assert(body->length == 1);
- /* don't send that one character, because its part of the trailer. */
+ if (body->data[0] != '\n') {
+ (void) fprintf(stderr,
+ "process_dash_escaped: no newline in body data\n");
+ return -1;
+ }
+ if (body->length != 1) {
+ (void) fprintf(stderr,
+ "process_dash_escaped: bad body length\n");
+ return -1;
+ }
+ /* don't send that one character, because it's part of the trailer */
trailer->hash = hash;
CALLBACK(cbinfo, OPS_PTAG_CT_SIGNED_CLEARTEXT_TRAILER, &content2);
@@ -589,8 +605,10 @@
/*
* Check that the header is valid
*/
- if (strcmp(key, "Version") == 0 || strcmp(key, "Comment") == 0 ||
- strcmp(key, "MessageID") == 0 || strcmp(key, "Hash") == 0 ||
+ if (strcmp(key, "Version") == 0 ||
+ strcmp(key, "Comment") == 0 ||
+ strcmp(key, "MessageID") == 0 ||
+ strcmp(key, "Hash") == 0 ||
strcmp(key, "Charset") == 0) {
dearmour->headers.headers = realloc(dearmour->headers.headers,
(dearmour->headers.nheaders + 1)
@@ -633,7 +651,11 @@
break;
}
- assert(nbuf < size);
+ if (nbuf >= size) {
+ (void) fprintf(stderr,
+ "parse_headers: bad size\n");
+ return -1;
+ }
buf[nbuf] = '\0';
s = strchr(buf, ':');
@@ -759,7 +781,10 @@
int c;
int ret;
- assert(dearmour->buffered == 0);
+ if (dearmour->buffered != 0) {
+ (void) fprintf(stderr, "decode64: bad dearmour->buffered\n");
+ return 0;
+ }
ret = read4(dearmour, errors, rinfo, cbinfo, &c, &n, &l);
if (ret < 0) {
@@ -794,14 +819,24 @@
}
dearmour->buffered = 0;
} else {
- assert(n == 4);
+ if (n != 4) {
+ (void) fprintf(stderr,
+ "decode64: bad n (!= 4)\n");
+ return 0;
+ }
dearmour->buffered = 3;
- assert(c != '-' && c != '=');
+ if (c == '-' || c == '=') {
+ (void) fprintf(stderr, "decode64: bad c\n");
+ return 0;
+ }
}
if (dearmour->buffered < 3 && dearmour->buffered > 0) {
/* then we saw padding */
- assert(c == '=');
+ if (c != '=') {
+ (void) fprintf(stderr, "decode64: bad c (=)\n");
+ return 0;
+ }
c = read_and_eat_whitespace(dearmour, errors, rinfo, cbinfo, true);
if (c != '\n') {
OPS_ERROR(errors, OPS_E_R_BAD_FORMAT, "No newline at base64 end");
@@ -840,8 +875,12 @@
return 0;
}
dearmour->eof64 = true;
- } else
- assert(dearmour->buffered);
+ } else {
+ if (!dearmour->buffered) {
+ (void) fprintf(stderr, "decode64: not buffered\n");
+ return 0;
+ }
+ }
for (n = 0; n < dearmour->buffered; ++n) {
dearmour->buffer[n] = (unsigned char)l;
@@ -884,8 +923,14 @@
unsigned char *dest = dest_;
int saved = length;
- if (dearmour->eof64 && !dearmour->buffered)
- assert(dearmour->state == OUTSIDE_BLOCK || dearmour->state == AT_TRAILER_NAME);
+ if (dearmour->eof64 && !dearmour->buffered) {
+ if (dearmour->state != OUTSIDE_BLOCK &&
+ dearmour->state != AT_TRAILER_NAME) {
+ (void) fprintf(stderr,
+ "armoured_data_reader: bad dearmour state\n");
+ return 0;
+ }
+ }
while (length > 0) {
unsigned count;
@@ -1010,7 +1055,11 @@
}
}
if (!dearmour->buffered) {
- assert(dearmour->eof64);
+ if (!dearmour->eof64) {
+ (void) fprintf(stderr,
+"armoured_data_reader: bad dearmour eof64\n");
+ return 0;
+ }
if (first) {
dearmour->state = AT_TRAILER_NAME;
goto reloop;
@@ -1018,7 +1067,11 @@
return -1;
}
}
- assert(dearmour->buffered);
+ if (!dearmour->buffered) {
+ (void) fprintf(stderr,
+ "armoured_data_reader: bad dearmour buffered\n");
+ return 0;
+ }
*dest = dearmour->buffer[--dearmour->buffered];
++dest;
--length;
@@ -1187,7 +1240,11 @@
* count
*/
if (encrypted->prev_read_was_plain && !rinfo->pinfo->reading_mpi_length) {
- assert(rinfo->pinfo->reading_v3_secret);
+ if (!rinfo->pinfo->reading_v3_secret) {
+ (void) fprintf(stderr,
+ "encrypted_data_reader: bad v3 secret\n");
+ return -1;
+ }
encrypted->decrypt->decrypt_resync(encrypted->decrypt);
encrypted->prev_read_was_plain = false;
} else if (rinfo->pinfo->reading_v3_secret &&
@@ -1199,13 +1256,15 @@
unsigned n;
/*
- * if we are reading v3 we should never read more
- * than
- */
- /* we're asked for */
- assert(length >= encrypted->decrypted_count
- || (!rinfo->pinfo->reading_v3_secret
- && !rinfo->pinfo->exact_read));
+ * if we are reading v3 we should never read
+ * more than we're asked for */
+ if (length < encrypted->decrypted_count &&
+ (rinfo->pinfo->reading_v3_secret ||
+ rinfo->pinfo->exact_read)) {
+ (void) fprintf(stderr,
+ "encrypted_data_reader: bad v3 read\n");
+ return 0;
+ }
n = MIN(length, encrypted->decrypted_count);
@@ -1270,7 +1329,11 @@
encrypted->decrypted_count = n;
}
- assert(encrypted->decrypted_count > 0);
+ if (encrypted->decrypted_count <= 0) {
+ (void) fprintf(stderr,
+ "encrypted_data_reader: bad decrypted count\n");
+ return 0;
+ }
encrypted->decrypted_offset = 0;
}
@@ -1447,7 +1510,11 @@
}
/* all done with the checks */
/* now can start reading from the plaintext */
- assert(!se_ip->plaintext);
+ if (se_ip->plaintext) {
+ (void) fprintf(stderr,
+ "se_ip_data_reader: bad plaintext\n");
+ return 0;
+ }
se_ip->plaintext = calloc(1, sz_plaintext);
memcpy(se_ip->plaintext, plaintext, sz_plaintext);
se_ip->plaintext_available = sz_plaintext;
@@ -1927,7 +1994,11 @@
if (__ops_get_debug_level(__FILE__)) {
printf("OPS_PTAG_CT_PK_SESSION_KEY\n");
}
- assert(cbinfo->cryptinfo.keyring);
+ if (!cbinfo->cryptinfo.keyring) {
+ (void) fprintf(stderr,
+ "pk_session_key_cb: bad keyring\n");
+ return 0;
+ }
cbinfo->cryptinfo.keydata = __ops_keyring_find_key_by_id(cbinfo->cryptinfo.keyring,
content->pk_session_key.key_id);
if (!cbinfo->cryptinfo.keydata)
@@ -1983,7 +2054,7 @@
CALLBACK(cbinfo, OPS_PARSER_CMD_GET_SK_PASSPHRASE, &seckey);
if (!cbinfo->cryptinfo.passphrase) {
fprintf(stderr, "can't get passphrase\n");
- assert(/*CONSTCOND*/0);
+ return 0;
}
}
/* then it must be encrypted */
Index: src/crypto/external/bsd/netpgp/dist/src/lib/signature.c
diff -u src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.5 src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.6
--- src/crypto/external/bsd/netpgp/dist/src/lib/signature.c:1.5 Tue May 5 01:28:15 2009
+++ src/crypto/external/bsd/netpgp/dist/src/lib/signature.c Tue May 5 15:25:27 2009
@@ -23,22 +23,11 @@
*/
#include "config.h"
-#include "signature.h"
-#include "crypto.h"
-#include "create.h"
-#include "netpgpsdk.h"
-
-#include "readerwriter.h"
-#include "loccreate.h"
-#include "validate.h"
-#include "netpgpdefs.h"
-
-#ifdef HAVE_ASSERT_H
-#include <assert.h>
+#ifdef HAVE_FCNTL_H
+#include <fcntl.h>
#endif
#include <string.h>
-#include <fcntl.h>
#ifdef HAVE_UNISTD_H
#include <unistd.h>
@@ -48,6 +37,15 @@
#include <openssl/dsa.h>
#endif
+#include "signature.h"
+#include "crypto.h"
+#include "create.h"
+#include "netpgpsdk.h"
+#include "readerwriter.h"
+#include "loccreate.h"
+#include "validate.h"
+#include "netpgpdefs.h"
+
#define MAXBUF 1024 /* <! Standard buffer size to use */
/** \ingroup Core_Create
@@ -129,7 +127,10 @@
unsigned encoded_msg_sz = 0;
unsigned char *prefix = NULL;
- assert(hash_alg == OPS_HASH_SHA1);
+ if (hash_alg != OPS_HASH_SHA1) {
+ (void) fprintf(stderr, "encode_hash_buf: bad hash alg\n");
+ return false;
+ }
/* 1. Apply hash function to M */
@@ -153,7 +154,8 @@
break;
default:
- assert(0);
+ /* already tested for other algorithms at head of function */
+ break;
}
/* \todo 3. Test for len being too short */
@@ -211,8 +213,14 @@
hashsize = 20 + sizeof(prefix_sha1);
keysize = (BN_num_bits(rsa->n) + 7) / 8;
- assert(keysize <= sizeof(hashbuf));
- assert(10 + hashsize <= keysize);
+ if (keysize > sizeof(hashbuf)) {
+ (void) fprintf(stderr, "rsa_sign: keysize too big\n");
+ return;
+ }
+ if (10 + hashsize > keysize) {
+ (void) fprintf(stderr, "rsa_sign: hashsize too big\n");
+ return;
+ }
hashbuf[0] = 0;
hashbuf[1] = 1;
@@ -228,12 +236,18 @@
n += sizeof(prefix_sha1);
t = hash->finish(hash, &hashbuf[n]);
- assert(t == 20);
+ if (t != 20) {
+ (void) fprintf(stderr, "rsa_sign: hashfinish not 20\n");
+ return;
+ }
__ops_write(&hashbuf[n], 2, opt);
n += t;
- assert(n == keysize);
+ if (n != keysize) {
+ (void) fprintf(stderr, "rsa_sign: n != keysize\n");
+ return;
+ }
t = __ops_rsa_private_encrypt(sigbuf, hashbuf, keysize, srsa, rsa);
bn = BN_bin2bn(sigbuf, (int)t, NULL);
@@ -260,7 +274,10 @@
/* finalise hash */
t = hash->finish(hash, &hashbuf[0]);
- assert(t == 20);
+ if (t != 20) {
+ (void) fprintf(stderr, "dsa_sign: hashfinish not 20\n");
+ return;
+ }
__ops_write(&hashbuf[0], 2, cinfo);
@@ -292,8 +309,14 @@
prefix = (const unsigned char *) "";
keysize = BN_num_bytes(rsa->n);
/* RSA key can't be bigger than 65535 bits, so... */
- assert(keysize <= sizeof(hashbuf_from_sig));
- assert((unsigned) BN_num_bits(sig->sig) <= 8 * sizeof(sigbuf));
+ if (keysize > sizeof(hashbuf_from_sig)) {
+ (void) fprintf(stderr, "rsa_verify: keysize too big\n");
+ return false;
+ }
+ if ((unsigned) BN_num_bits(sig->sig) > 8 * sizeof(sigbuf)) {
+ (void) fprintf(stderr, "rsa_verify: BN_numbits too big\n");
+ return false;
+ }
BN_bn2bin(sig->sig, sigbuf);
n = __ops_rsa_public_decrypt(hashbuf_from_sig, sigbuf,
@@ -460,7 +483,8 @@
break;
default:
- assert(/*CONSTCOND*/0);
+ (void) fprintf(stderr, "__ops_check_signature: unusual alg\n");
+ ret = false;
}
return ret;
@@ -813,20 +837,32 @@
case OPS_PKA_RSA:
case OPS_PKA_RSA_ENCRYPT_ONLY:
case OPS_PKA_RSA_SIGN_ONLY:
- assert(skey->key.rsa.d);
+ if (skey->key.rsa.d == NULL) {
+ (void) fprintf(stderr,
+ "__ops_write_signature: null rsa.d\n");
+ return false;
+ }
break;
case OPS_PKA_DSA:
- assert(skey->key.dsa.x);
+ if (skey->key.dsa.x == NULL) {
+ (void) fprintf(stderr,
+ "__ops_write_signature: null dsa.x\n");
+ return false;
+ }
break;
default:
(void) fprintf(stderr, "Unsupported algorithm %d\n",
skey->pubkey.algorithm);
- assert(/* CONSTCOND */0);
+ return false;
}
- assert(sig->hashed_data_length != (unsigned) -1);
+ if (sig->hashed_data_length == (unsigned) -1) {
+ (void) fprintf(stderr,
+ "ops_write_signature: bad hashed data len\n");
+ return false;
+ }
__ops_memory_place_int(sig->mem, sig->unhashed_count_offset,
l - sig->unhashed_count_offset - 2, 2);
@@ -865,7 +901,7 @@
default:
(void) fprintf(stderr, "Unsupported algorithm %d\n",
skey->pubkey.algorithm);
- assert(/*CONSTCOND*/0);
+ return false;
}
rtn = __ops_write_ptag(OPS_PTAG_CT_SIGNATURE, info);
@@ -1044,9 +1080,14 @@
int n = 0;
n = read(fd_in, buf, sizeof(buf));
- if (!n)
+ if (n == 0) {
break;
- assert(n >= 0);
+ }
+ if (n < 0) {
+ (void) fprintf(stderr,
+ "__ops_sign_file_as_cleartext: bad read\n");
+ return false;
+ }
__ops_write(buf, (unsigned)n, cinfo);
}
close(fd_in);
@@ -1097,16 +1138,18 @@
const __ops_secret_key_t *skey)
{
bool rtn = false;
-
- /* \todo allow choice of hash algorithams */
- /* enforce use of SHA1 for now */
-
unsigned char keyid[OPS_KEY_ID_SIZE];
__ops_create_signature_t *sig = NULL;
-
__ops_create_info_t *cinfo = NULL;
- assert(*signed_cleartext == NULL);
+ /* \todo allow choice of hash algorithams */
+ /* enforce use of SHA1 for now */
+
+ if (*signed_cleartext != 0x0) {
+ (void) fprintf(stderr,
+ "__ops_sign_buf_as_cleartext: non-null cleartext\n");
+ return false;
+ }
/* set up signature */
sig = __ops_create_signature_new();
