Make sure yaca_*alloc() is not called with 0 size

- Add asserts
- Don't install static locks if CRYPTO_num_locks == 0
- Treat 0 output length as YACA_ERROR_INTERNAL:
  - If client provided a 0-length key we should detect it in yaca_sign_*init()
    and prevent him from using it. If it has 0 length in
    get_sign_output_length() it's an internal error.

Change-Id: I5d2d4063c568f76a25ee616b40c99abd5cc4dfa9

diff --git a/src/crypto.c b/src/crypto.c
index 79ead7a91e808585fedec68a0b4f83e473c06a5b..a907b6a22ffac830a66873482c4521e4e3a8d84e 100644 (file)
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -94,32 +94,34 @@ API int yaca_init(void)
        OpenSSL_add_all_ciphers();
 
        /* enable threads support */
-       ret = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t), (void**)&mutexes);
-       if (ret != YACA_ERROR_NONE)
-               return ret;
+       if (CRYPTO_num_locks() > 0) {
+               ret = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t), (void**)&mutexes);
+               if (ret != YACA_ERROR_NONE)
+                       return ret;
 
-       for (int i = 0; i < CRYPTO_num_locks(); i++) {
-               if (pthread_mutex_init(&mutexes[i], NULL) != 0) {
-                       int ret = YACA_ERROR_NONE;
-                       switch (errno) {
-                       case ENOMEM:
-                               ret = YACA_ERROR_OUT_OF_MEMORY;
-                               break;
-                       case EAGAIN:
-                       case EPERM:
-                       case EBUSY:
-                       case EINVAL:
-                       default:
-                               ret = YACA_ERROR_INTERNAL;
+               for (int i = 0; i < CRYPTO_num_locks(); i++) {
+                       if (pthread_mutex_init(&mutexes[i], NULL) != 0) {
+                               int ret = YACA_ERROR_NONE;
+                               switch (errno) {
+                               case ENOMEM:
+                                       ret = YACA_ERROR_OUT_OF_MEMORY;
+                                       break;
+                               case EAGAIN:
+                               case EPERM:
+                               case EBUSY:
+                               case EINVAL:
+                               default:
+                                       ret = YACA_ERROR_INTERNAL;
+                               }
+                               destroy_mutexes(i);
+
+                               return ret;
                        }
-                       destroy_mutexes(i);
-
-                       return ret;
                }
-       }
 
-       CRYPTO_set_id_callback(thread_id_callback);
-       CRYPTO_set_locking_callback(locking_callback);
+               CRYPTO_set_id_callback(thread_id_callback);
+               CRYPTO_set_locking_callback(locking_callback);
+       }
 
        /*
          TODO:

diff --git a/src/digest.c b/src/digest.c
index d36ce67808411096b8e2a6d72b8b4f202c86b571..7b20409757a90d64c2b185504fbd65fc8c51ea27 100644 (file)
--- a/src/digest.c
+++ b/src/digest.c
@@ -57,7 +57,12 @@ static int get_digest_output_length(const yaca_ctx_h ctx, size_t input_len, size
        if (c == NULL)
                return YACA_ERROR_INVALID_ARGUMENT;
 
-       *output_len = EVP_MD_CTX_size(c->mdctx);
+       int md_size = EVP_MD_CTX_size(c->mdctx);
+       if (md_size <= 0)
+               return YACA_ERROR_INTERNAL;
+
+       *output_len = md_size;
+
        return YACA_ERROR_NONE;
 }
 

diff --git a/src/encrypt.c b/src/encrypt.c
index ab623f9dd4c0a0bc4110d2c553e1ec7bc4ea4954..6d7b34e209c88c97994db48f84e70cd6cecda04a 100644 (file)
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -93,6 +93,8 @@ static int get_encrypt_output_length(const yaca_ctx_h ctx, size_t input_len, siz
        } else {
                *output_len = block_size;
        }
+       if (*output_len == 0)
+               return YACA_ERROR_INTERNAL;
 
        return YACA_ERROR_NONE;
 }

diff --git a/src/key.c b/src/key.c
index 7f7a60519c84d9f946b6033a4ab415ab57271667..0642409f8f42e386b814f363c63a9acf33e3aae6 100644 (file)
--- a/src/key.c
+++ b/src/key.c
@@ -407,6 +407,8 @@ int export_simple_raw(struct yaca_key_simple_s *simple_key,
 
        size_t key_len = simple_key->bits / 8;
 
+       assert(key_len > 0);
+
        ret = yaca_malloc(key_len, (void**)data);
        if (ret != YACA_ERROR_NONE)
                return ret;

diff --git a/src/sign.c b/src/sign.c
index 2d8046d5e87a8791fdaf65be5092ad23e2d4a226..47f65a8feee2905bb6fbc88ba4efbfec7da028b0 100644 (file)
--- a/src/sign.c
+++ b/src/sign.c
@@ -79,14 +79,14 @@ static int get_sign_output_length(const yaca_ctx_h ctx,
 
        EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(c->mdctx->pctx);
        if (pkey == NULL) {
-               ERROR_DUMP(YACA_ERROR_INVALID_ARGUMENT);
-               return YACA_ERROR_INVALID_ARGUMENT;
+               ERROR_DUMP(YACA_ERROR_INTERNAL);
+               return YACA_ERROR_INTERNAL;
        }
 
-       size_t len = EVP_PKEY_size(pkey);
+       int len = EVP_PKEY_size(pkey);
        if (len <= 0) {
-               ERROR_DUMP(YACA_ERROR_INVALID_ARGUMENT);
-               return YACA_ERROR_INVALID_ARGUMENT;
+               ERROR_DUMP(YACA_ERROR_INTERNAL);
+               return YACA_ERROR_INTERNAL;
        }
 
        *output_len = len;

diff --git a/src/simple.c b/src/simple.c
index 889e85820fe1b44ed1226fc1a8569885ed7efdb5..53a34fd453d6963088b22191324c832b58d1b8d3 100644 (file)
--- a/src/simple.c
+++ b/src/simple.c
@@ -59,6 +59,8 @@ API int yaca_digest_calc(yaca_digest_algo_e algo,
        if (ret != YACA_ERROR_NONE)
                goto exit;
 
+       assert(ldigest_len > 0);
+
        ret = yaca_malloc(ldigest_len, (void**)&ldigest);
        if (ret != YACA_ERROR_NONE)
                goto exit;
@@ -115,6 +117,8 @@ API int yaca_encrypt(yaca_enc_algo_e algo,
 
        lcipher_len += out_len;
 
+       assert(lcipher_len > 0);
+
        ret = yaca_malloc(lcipher_len, (void**)&lcipher);
        if (ret != YACA_ERROR_NONE)
                goto exit;
@@ -133,7 +137,7 @@ API int yaca_encrypt(yaca_enc_algo_e algo,
                goto exit;
 
        written += out_len;
-       assert(written <= lcipher_len);
+       assert(written <= lcipher_len && written > 0);
 
        ret = yaca_realloc(written, (void**)&lcipher);
        if (ret != YACA_ERROR_NONE)
@@ -187,6 +191,7 @@ API int yaca_decrypt(yaca_enc_algo_e algo,
        }
 
        lplain_len += out_len;
+       assert(lplain_len > 0);
 
        ret = yaca_malloc(lplain_len, (void**)&lplain);
        if (ret != YACA_ERROR_NONE)
@@ -206,7 +211,7 @@ API int yaca_decrypt(yaca_enc_algo_e algo,
                goto exit;
 
        written += out_len;
-       assert(written <= lplain_len);
+       assert(written <= lplain_len && written > 0);
 
        ret = yaca_realloc(written, (void**)&lplain);
        if (ret != YACA_ERROR_NONE)
@@ -240,6 +245,8 @@ static int sign(const yaca_ctx_h ctx, const char *data, size_t data_len,
        if (ret != YACA_ERROR_NONE)
                return ret;
 
+       assert(*signature_len > 0);
+
        ret = yaca_malloc(*signature_len, (void**)signature);
        if (ret != YACA_ERROR_NONE)
                return ret;