Mercurial > dovecot > core-2.2
changeset 21748:1d329b71c6d8
lib-dcrypt: Add asserts
Fixes several static analysis reports
author | Aki Tuomi <aki.tuomi@dovecot.fi> |
---|---|
date | Thu, 16 Mar 2017 09:36:23 +0200 |
parents | 844b8d462f44 |
children | ddf64cb23295 |
files | src/lib-dcrypt/dcrypt-openssl.c |
diffstat | 1 files changed, 31 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/src/lib-dcrypt/dcrypt-openssl.c Mon Feb 27 18:13:54 2017 -0500 +++ b/src/lib-dcrypt/dcrypt-openssl.c Thu Mar 16 09:36:23 2017 +0200 @@ -580,7 +580,7 @@ static bool dcrypt_openssl_ecdh_derive_secret_local(struct dcrypt_private_key *local_key, buffer_t *R, buffer_t *S, const char **error_r) { - i_assert(local_key != NULL); + i_assert(local_key != NULL && local_key->key != NULL); EVP_PKEY *local = local_key->key; BN_CTX *bn_ctx = BN_CTX_new(); if (bn_ctx == NULL) @@ -654,6 +654,7 @@ static bool dcrypt_openssl_ecdh_derive_secret_peer(struct dcrypt_public_key *peer_key, buffer_t *R, buffer_t *S, const char **error_r) { + i_assert(peer_key != NULL && peer_key->key != NULL); /* ensure peer_key is EC key */ EVP_PKEY *local = NULL; EVP_PKEY *peer = peer_key->key; @@ -734,6 +735,7 @@ bool dcrypt_openssl_generate_keypair(struct dcrypt_keypair *pair_r, enum dcrypt_key_type kind, unsigned int bits, const char *curve, const char **error_r) { EVP_PKEY *pkey = NULL; + i_assert(pair_r != NULL); memset(pair_r, 0, sizeof(struct dcrypt_keypair)); if (kind == DCRYPT_KEY_RSA) { if (dcrypt_openssl_generate_rsa_key(bits, &pkey, error_r)) { @@ -1576,6 +1578,8 @@ const char *data, const char *password, struct dcrypt_private_key *dec_key, const char **error_r) { + i_assert(key_r != NULL); + enum dcrypt_key_format format; enum dcrypt_key_version version; enum dcrypt_key_kind kind; @@ -1625,6 +1629,8 @@ enum dcrypt_key_format format; enum dcrypt_key_version version; enum dcrypt_key_kind kind; + i_assert(key_r != NULL); + if (!dcrypt_openssl_key_string_get_info(data, &format, &version, &kind, NULL, NULL, NULL, error_r)) { return FALSE; @@ -1690,6 +1696,8 @@ const char *cipher, buffer_t *destination, const char *password, struct dcrypt_public_key *enc_key, const char **error_r) { + i_assert(key != NULL && key->key != NULL); + int ec; if (format == DCRYPT_FORMAT_DOVECOT) { bool ret; @@ -1735,6 +1743,9 @@ bool dcrypt_openssl_store_public_key(struct dcrypt_public_key *key, enum dcrypt_key_format format, buffer_t *destination, const char **error_r) { int ec; + + i_assert(key != NULL && key->key != NULL); + if (format == DCRYPT_FORMAT_DOVECOT) return dcrypt_openssl_store_public_key_dovecot(key, destination, error_r); @@ -1777,6 +1788,8 @@ static void dcrypt_openssl_private_to_public_key(struct dcrypt_private_key *priv_key, struct dcrypt_public_key **pub_key_r) { + i_assert(priv_key != NULL && pub_key_r != NULL); + EVP_PKEY *pkey = priv_key->key; EVP_PKEY *pk; @@ -1935,17 +1948,21 @@ static void dcrypt_openssl_ref_public_key(struct dcrypt_public_key *key) { + i_assert(key != NULL && key->ref > 0); key->ref++; } static void dcrypt_openssl_ref_private_key(struct dcrypt_private_key *key) { + i_assert(key != NULL && key->ref > 0); key->ref++; } static void dcrypt_openssl_unref_public_key(struct dcrypt_public_key **key) { + i_assert(key != NULL && *key != NULL); struct dcrypt_public_key *_key = *key; + i_assert(_key->ref > 0); *key = NULL; if (--_key->ref > 0) return; EVP_PKEY_free(_key->key); @@ -1954,7 +1971,9 @@ static void dcrypt_openssl_unref_private_key(struct dcrypt_private_key **key) { + i_assert(key != NULL && *key != NULL); struct dcrypt_private_key *_key = *key; + i_assert(_key->ref > 0); *key = NULL; if (--_key->ref > 0) return; EVP_PKEY_free(_key->key); @@ -1963,6 +1982,7 @@ static void dcrypt_openssl_unref_keypair(struct dcrypt_keypair *keypair) { + i_assert(keypair != NULL); dcrypt_openssl_unref_public_key(&(keypair->pub)); dcrypt_openssl_unref_private_key(&(keypair->priv)); } @@ -1971,7 +1991,7 @@ bool dcrypt_openssl_rsa_encrypt(struct dcrypt_public_key *key, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r) { int ec; - + i_assert(key != NULL && key->key != NULL); EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key->key, NULL); size_t outl = EVP_PKEY_size(key->key); unsigned char buf[outl]; @@ -1995,7 +2015,7 @@ bool dcrypt_openssl_rsa_decrypt(struct dcrypt_private_key *key, const unsigned char *data, size_t data_len, buffer_t *result, const char **error_r) { int ec; - + i_assert(key != NULL && key->key != NULL); EVP_PKEY_CTX *ctx = EVP_PKEY_CTX_new(key->key, NULL); size_t outl = EVP_PKEY_size(key->key); unsigned char buf[outl]; @@ -2020,6 +2040,7 @@ const char *dcrypt_openssl_oid2name(const unsigned char *oid, size_t oid_len, const char **error_r) { const char *name; + i_assert(oid != NULL); ASN1_OBJECT *obj = d2i_ASN1_OBJECT(NULL, &oid, oid_len); if (obj == NULL) { dcrypt_openssl_error(error_r); @@ -2033,6 +2054,7 @@ static bool dcrypt_openssl_name2oid(const char *name, buffer_t *oid, const char **error_r) { + i_assert(name != NULL); ASN1_OBJECT *obj = OBJ_txt2obj(name, 0); if (obj == NULL) return dcrypt_openssl_error(error_r); @@ -2056,8 +2078,8 @@ static enum dcrypt_key_type dcrypt_openssl_private_key_type(struct dcrypt_private_key *key) { + i_assert(key != NULL && key->key != NULL); EVP_PKEY *priv = key->key; - i_assert(priv != NULL); if (EVP_PKEY_base_id(priv) == EVP_PKEY_RSA) return DCRYPT_KEY_RSA; else if (EVP_PKEY_base_id(priv) == EVP_PKEY_EC) return DCRYPT_KEY_EC; else i_unreached(); @@ -2066,8 +2088,8 @@ static enum dcrypt_key_type dcrypt_openssl_public_key_type(struct dcrypt_public_key *key) { + i_assert(key != NULL && key->key != NULL); EVP_PKEY *pub = key->key; - i_assert(pub != NULL); if (EVP_PKEY_base_id(pub) == EVP_PKEY_RSA) return DCRYPT_KEY_RSA; else if (EVP_PKEY_base_id(pub) == EVP_PKEY_EC) return DCRYPT_KEY_EC; else i_unreached(); @@ -2078,9 +2100,9 @@ bool dcrypt_openssl_public_key_id_old(struct dcrypt_public_key *key, buffer_t *result, const char **error_r) { unsigned char buf[SHA256_DIGEST_LENGTH]; + i_assert(key != NULL && key->key != NULL); EVP_PKEY *pub = key->key; - i_assert(pub != NULL); if (EVP_PKEY_base_id(pub) != EVP_PKEY_EC) { if (error_r != NULL) *error_r = "Only EC key supported"; @@ -2101,9 +2123,9 @@ bool dcrypt_openssl_private_key_id_old(struct dcrypt_private_key *key, buffer_t *result, const char **error_r) { unsigned char buf[SHA256_DIGEST_LENGTH]; + i_assert(key != NULL && key->key != NULL); EVP_PKEY *priv = key->key; - i_assert(priv != NULL); if (EVP_PKEY_base_id(priv) != EVP_PKEY_EC) { if (error_r != NULL) *error_r = "Only EC key supported"; @@ -2158,9 +2180,9 @@ bool dcrypt_openssl_public_key_id(struct dcrypt_public_key *key, const char *algorithm, buffer_t *result, const char **error_r) { const EVP_MD *md = EVP_get_digestbyname(algorithm); + i_assert(key != NULL && key->key != NULL); EVP_PKEY *pub = key->key; - i_assert(pub != NULL); if (md == NULL) { if (error_r != NULL) *error_r = t_strdup_printf("Unknown cipher %s", algorithm); @@ -2174,9 +2196,9 @@ bool dcrypt_openssl_private_key_id(struct dcrypt_private_key *key, const char *algorithm, buffer_t *result, const char **error_r) { const EVP_MD *md = EVP_get_digestbyname(algorithm); + i_assert(key != NULL && key->key != NULL); EVP_PKEY *priv = key->key; - i_assert(priv != NULL); if (md == NULL) { if (error_r != NULL) *error_r = t_strdup_printf("Unknown cipher %s", algorithm);