From: Aki Tuomi Date: Thu, 16 Mar 2017 07:36:23 +0000 (+0200) Subject: lib-dcrypt: Add asserts X-Git-Tag: 2.3.0.rc1~1935 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3dffcebc7d1758a2d3db0ae1a8563b7e84c6e5bc;p=thirdparty%2Fdovecot%2Fcore.git lib-dcrypt: Add asserts Fixes several static analysis reports --- diff --git a/src/lib-dcrypt/dcrypt-openssl.c b/src/lib-dcrypt/dcrypt-openssl.c index 893c1b2901..26c9b91fe7 100644 --- a/src/lib-dcrypt/dcrypt-openssl.c +++ b/src/lib-dcrypt/dcrypt-openssl.c @@ -580,7 +580,7 @@ bool dcrypt_openssl_generate_rsa_key(int bits, EVP_PKEY **key, const char **erro static bool dcrypt_openssl_ecdh_derive_secret_local(struct dcrypt_private_key *local_key, buffer_t *R, buffer_t *S, const char **error_r) { - i_assert(local_key != NULL); + i_assert(local_key != NULL && local_key->key != NULL); EVP_PKEY *local = local_key->key; BN_CTX *bn_ctx = BN_CTX_new(); if (bn_ctx == NULL) @@ -654,6 +654,7 @@ bool dcrypt_openssl_ecdh_derive_secret_local(struct dcrypt_private_key *local_ke static bool dcrypt_openssl_ecdh_derive_secret_peer(struct dcrypt_public_key *peer_key, buffer_t *R, buffer_t *S, const char **error_r) { + i_assert(peer_key != NULL && peer_key->key != NULL); /* ensure peer_key is EC key */ EVP_PKEY *local = NULL; EVP_PKEY *peer = peer_key->key; @@ -734,6 +735,7 @@ static bool dcrypt_openssl_generate_keypair(struct dcrypt_keypair *pair_r, enum dcrypt_key_type kind, unsigned int bits, const char *curve, const char **error_r) { EVP_PKEY *pkey = NULL; + i_assert(pair_r != NULL); i_zero(pair_r); if (kind == DCRYPT_KEY_RSA) { if (dcrypt_openssl_generate_rsa_key(bits, &pkey, error_r)) { @@ -1576,6 +1578,8 @@ bool dcrypt_openssl_load_private_key(struct dcrypt_private_key **key_r, const char *data, const char *password, struct dcrypt_private_key *dec_key, const char **error_r) { + i_assert(key_r != NULL); + enum dcrypt_key_format format; enum dcrypt_key_version version; enum dcrypt_key_kind kind; @@ -1625,6 +1629,8 @@ bool dcrypt_openssl_load_public_key(struct dcrypt_public_key **key_r, enum dcrypt_key_format format; enum dcrypt_key_version version; enum dcrypt_key_kind kind; + i_assert(key_r != NULL); + if (!dcrypt_openssl_key_string_get_info(data, &format, &version, &kind, NULL, NULL, NULL, error_r)) { return FALSE; @@ -1690,6 +1696,8 @@ bool dcrypt_openssl_store_private_key(struct dcrypt_private_key *key, enum dcryp const char *cipher, buffer_t *destination, const char *password, struct dcrypt_public_key *enc_key, const char **error_r) { + i_assert(key != NULL && key->key != NULL); + int ec; if (format == DCRYPT_FORMAT_DOVECOT) { bool ret; @@ -1735,6 +1743,9 @@ static bool dcrypt_openssl_store_public_key(struct dcrypt_public_key *key, enum dcrypt_key_format format, buffer_t *destination, const char **error_r) { int ec; + + i_assert(key != NULL && key->key != NULL); + if (format == DCRYPT_FORMAT_DOVECOT) return dcrypt_openssl_store_public_key_dovecot(key, destination, error_r); @@ -1777,6 +1788,8 @@ bool dcrypt_openssl_store_public_key(struct dcrypt_public_key *key, enum dcrypt_ static void dcrypt_openssl_private_to_public_key(struct dcrypt_private_key *priv_key, struct dcrypt_public_key **pub_key_r) { + i_assert(priv_key != NULL && pub_key_r != NULL); + EVP_PKEY *pkey = priv_key->key; EVP_PKEY *pk; @@ -1935,17 +1948,21 @@ bool dcrypt_openssl_key_string_get_info(const char *key_data, enum dcrypt_key_fo static void dcrypt_openssl_ref_public_key(struct dcrypt_public_key *key) { + i_assert(key != NULL && key->ref > 0); key->ref++; } static void dcrypt_openssl_ref_private_key(struct dcrypt_private_key *key) { + i_assert(key != NULL && key->ref > 0); key->ref++; } static void dcrypt_openssl_unref_public_key(struct dcrypt_public_key **key) { + i_assert(key != NULL && *key != NULL); struct dcrypt_public_key *_key = *key; + i_assert(_key->ref > 0); *key = NULL; if (--_key->ref > 0) return; EVP_PKEY_free(_key->key); @@ -1954,7 +1971,9 @@ void dcrypt_openssl_unref_public_key(struct dcrypt_public_key **key) static void dcrypt_openssl_unref_private_key(struct dcrypt_private_key **key) { + i_assert(key != NULL && *key != NULL); struct dcrypt_private_key *_key = *key; + i_assert(_key->ref > 0); *key = NULL; if (--_key->ref > 0) return; EVP_PKEY_free(_key->key); @@ -1963,6 +1982,7 @@ void dcrypt_openssl_unref_private_key(struct dcrypt_private_key **key) static void dcrypt_openssl_unref_keypair(struct dcrypt_keypair *keypair) { + i_assert(keypair != NULL); dcrypt_openssl_unref_public_key(&(keypair->pub)); dcrypt_openssl_unref_private_key(&(keypair->priv)); } @@ -1971,7 +1991,7 @@ static bool dcrypt_openssl_rsa_encrypt(struct dcrypt_public_key *key, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r) { int ec; - + i_assert(key != NULL && key->key != NULL); EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key->key, NULL); size_t outl = EVP_PKEY_size(key->key); unsigned char buf[outl]; @@ -1995,7 +2015,7 @@ static bool dcrypt_openssl_rsa_decrypt(struct dcrypt_private_key *key, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r) { int ec; - + i_assert(key != NULL && key->key != NULL); EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key->key, NULL); size_t outl = EVP_PKEY_size(key->key); unsigned char buf[outl]; @@ -2020,6 +2040,7 @@ static const char *dcrypt_openssl_oid2name(const unsigned char *oid, size_t oid_len, const char **error_r) { const char *name; + i_assert(oid != NULL); ASN1_OBJECT *obj = d2i_ASN1_OBJECT(NULL, &oid, oid_len); if (obj == NULL) { dcrypt_openssl_error(error_r); @@ -2033,6 +2054,7 @@ const char *dcrypt_openssl_oid2name(const unsigned char *oid, size_t oid_len, co static bool dcrypt_openssl_name2oid(const char *name, buffer_t *oid, const char **error_r) { + i_assert(name != NULL); ASN1_OBJECT *obj = OBJ_txt2obj(name, 0); if (obj == NULL) return dcrypt_openssl_error(error_r); @@ -2056,8 +2078,8 @@ bool dcrypt_openssl_name2oid(const char *name, buffer_t *oid, const char **error static enum dcrypt_key_type dcrypt_openssl_private_key_type(struct dcrypt_private_key *key) { + i_assert(key != NULL && key->key != NULL); EVP_PKEY *priv = key->key; - i_assert(priv != NULL); if (EVP_PKEY_base_id(priv) == EVP_PKEY_RSA) return DCRYPT_KEY_RSA; else if (EVP_PKEY_base_id(priv) == EVP_PKEY_EC) return DCRYPT_KEY_EC; else i_unreached(); @@ -2066,8 +2088,8 @@ enum dcrypt_key_type dcrypt_openssl_private_key_type(struct dcrypt_private_key * static enum dcrypt_key_type dcrypt_openssl_public_key_type(struct dcrypt_public_key *key) { + i_assert(key != NULL && key->key != NULL); EVP_PKEY *pub = key->key; - i_assert(pub != NULL); if (EVP_PKEY_base_id(pub) == EVP_PKEY_RSA) return DCRYPT_KEY_RSA; else if (EVP_PKEY_base_id(pub) == EVP_PKEY_EC) return DCRYPT_KEY_EC; else i_unreached(); @@ -2078,9 +2100,9 @@ static bool dcrypt_openssl_public_key_id_old(struct dcrypt_public_key *key, buffer_t *result, const char **error_r) { unsigned char buf[SHA256_DIGEST_LENGTH]; + i_assert(key != NULL && key->key != NULL); EVP_PKEY *pub = key->key; - i_assert(pub != NULL); if (EVP_PKEY_base_id(pub) != EVP_PKEY_EC) { if (error_r != NULL) *error_r = "Only EC key supported"; @@ -2101,9 +2123,9 @@ static bool dcrypt_openssl_private_key_id_old(struct dcrypt_private_key *key, buffer_t *result, const char **error_r) { unsigned char buf[SHA256_DIGEST_LENGTH]; + i_assert(key != NULL && key->key != NULL); EVP_PKEY *priv = key->key; - i_assert(priv != NULL); if (EVP_PKEY_base_id(priv) != EVP_PKEY_EC) { if (error_r != NULL) *error_r = "Only EC key supported"; @@ -2158,9 +2180,9 @@ static bool dcrypt_openssl_public_key_id(struct dcrypt_public_key *key, const char *algorithm, buffer_t *result, const char **error_r) { const EVP_MD *md = EVP_get_digestbyname(algorithm); + i_assert(key != NULL && key->key != NULL); EVP_PKEY *pub = key->key; - i_assert(pub != NULL); if (md == NULL) { if (error_r != NULL) *error_r = t_strdup_printf("Unknown cipher %s", algorithm); @@ -2174,9 +2196,9 @@ static bool dcrypt_openssl_private_key_id(struct dcrypt_private_key *key, const char *algorithm, buffer_t *result, const char **error_r) { const EVP_MD *md = EVP_get_digestbyname(algorithm); + i_assert(key != NULL && key->key != NULL); EVP_PKEY *priv = key->key; - i_assert(priv != NULL); if (md == NULL) { if (error_r != NULL) *error_r = t_strdup_printf("Unknown cipher %s", algorithm);