Unify the error checking of crypto::Encryptor and add WARN_UNUSED_RESULT to prevent misuse.

crypto/encryptor_nss.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/encryptor.h"
 
 #include <cryptohi.h>
 #include <vector>
 
 #include "base/logging.h"
@@ skipping 26 matching lines @@
       mode_(CBC) {
   EnsureNSSInit();
 }
 
 Encryptor::~Encryptor() {
 }
 
 bool Encryptor::Init(SymmetricKey* key,
                      Mode mode,
                      const base::StringPiece& iv) {
-  DCHECK(key);
-  DCHECK(CBC == mode || CTR == mode) << "Unsupported mode of operation";
+  if (!key || !(mode == CBC || mode == CTR))
+    return false;
 
   key_ = key;
   mode_ = mode;
 
   if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
     return false;
 
   slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL));
   if (!slot_.get())
     return false;
 
   switch (mode) {
     case CBC:
       SECItem iv_item;
       iv_item.type = siBuffer;
       iv_item.data = reinterpret_cast<unsigned char*>(
           const_cast<char *>(iv.data()));
       iv_item.len = iv.size();
 
       param_.reset(PK11_ParamFromIV(GetMechanism(mode), &iv_item));
       break;
     case CTR:
       param_.reset(PK11_ParamFromIV(GetMechanism(mode), NULL));
       break;
   }
 
-  if (!param_.get())
-    return false;
-  return true;
+  return param_ != NULL;
 }
 
 bool Encryptor::Encrypt(const base::StringPiece& plaintext,
                         std::string* ciphertext) {
-  ScopedPK11Context context(PK11_CreateContextBySymKey(GetMechanism(mode_),
-                                                       CKA_ENCRYPT,
-                                                       key_->key(),
-                                                       param_.get()));
+  ciphertext->clear();
+  if (plaintext.empty() && mode_ != CBC)
+    return false;
+
+  ScopedPK11Context context(
+      PK11_CreateContextBySymKey(GetMechanism(mode_), CKA_ENCRYPT,
+                                 key_->key(), param_.get()));
   if (!context.get())
     return false;
 
-  if (mode_ == CTR)
-    return CryptCTR(context.get(), plaintext, ciphertext);
-  else
-    return Crypt(context.get(), plaintext, ciphertext);
+  return (mode_ == CTR) ?
+      CryptCTR(context.get(), plaintext, ciphertext) :
+      Crypt(context.get(), plaintext, ciphertext);
 }
 
 bool Encryptor::Decrypt(const base::StringPiece& ciphertext,
                         std::string* plaintext) {
+  plaintext->clear();
   if (ciphertext.empty())
     return false;
 
   ScopedPK11Context context(PK11_CreateContextBySymKey(
       GetMechanism(mode_), (mode_ == CTR ? CKA_ENCRYPT : CKA_DECRYPT),
       key_->key(), param_.get()));
   if (!context.get())
     return false;
 
-  if (mode_ == CTR)
-    return CryptCTR(context.get(), ciphertext, plaintext);
-  else
-    return Crypt(context.get(), ciphertext, plaintext);
+  return (mode_ == CTR) ?
+      CryptCTR(context.get(), ciphertext, plaintext) :
+      Crypt(context.get(), ciphertext, plaintext);
 }
 
 bool Encryptor::Crypt(PK11Context* context,
                       const base::StringPiece& input,
                       std::string* output) {
   size_t output_len = input.size() + AES_BLOCK_SIZE;
-  CHECK(output_len > input.size()) << "Output size overflow";
+  if (output_len < input.size())
+    return false;  // Size overflow.

[wtc, 2011/11/15 02:33:58]

Nit: Size => size_t

 
-  output->resize(output_len);
-  uint8* output_data =
-      reinterpret_cast<uint8*>(const_cast<char*>(output->data()));
+  std::string result;
+  result.resize(output_len);

[wtc, 2011/11/15 02:33:58]

Is there a constructor that takes the size input?

+  uint8* result_data =
+      reinterpret_cast<uint8*>(const_cast<char*>(result.data()));
 
   int input_len = input.size();
   uint8* input_data =
       reinterpret_cast<uint8*>(const_cast<char*>(input.data()));
 
   int op_len;
-  SECStatus rv = PK11_CipherOp(context,
-                               output_data,
-                               &op_len,
-                               output_len,
-                               input_data,
-                               input_len);
-
-  if (SECSuccess != rv) {
-    output->clear();
+  SECStatus rv = PK11_CipherOp(context, result_data, &op_len, output_len,
+                               input_data, input_len);
+  if (SECSuccess != rv)
     return false;
-  }
 
   unsigned int digest_len;
-  rv = PK11_DigestFinal(context,
-                        output_data + op_len,
-                        &digest_len,
+  rv = PK11_DigestFinal(context, result_data + op_len, &digest_len,
                         output_len - op_len);
-  if (SECSuccess != rv) {
-    output->clear();
+  if (SECSuccess != rv)
     return false;
-  }
 
-  output->resize(op_len + digest_len);
+  result.resize(op_len + digest_len);
+  output->swap(result);
   return true;
 }
 
 bool Encryptor::CryptCTR(PK11Context* context,
                          const base::StringPiece& input,
                          std::string* output) {
   if (!counter_.get()) {
     LOG(ERROR) << "Counter value not set in CTR mode.";
     return false;
   }
 
   size_t output_len = ((input.size() + AES_BLOCK_SIZE - 1) / AES_BLOCK_SIZE) *
       AES_BLOCK_SIZE;
-  CHECK(output_len >= input.size()) << "Output size overflow";
-  output->resize(output_len);
-  uint8* output_data =
-      reinterpret_cast<uint8*>(const_cast<char*>(output->data()));
+  if (output_len < input.size())
+    return false;  // Size overflow.
+
+  // Work on the result in a local variable, and then only transfer it to
+  // |output| on success to ensure no partial data is returned.
+  std::string result;
+  result.resize(output_len);
+  uint8* result_data =
+      reinterpret_cast<uint8*>(const_cast<char*>(result.data()));
 
   size_t mask_len;
-  bool ret = GenerateCounterMask(input.size(), output_data, &mask_len);
+  bool ret = GenerateCounterMask(input.size(), result_data, &mask_len);
   if (!ret)
     return false;
 
   CHECK_EQ(mask_len, output_len);
   int op_len;
-  SECStatus rv = PK11_CipherOp(context,
-                               output_data,
-                               &op_len,
-                               output_len,
-                               output_data,
-                               mask_len);
-  if (SECSuccess != rv)
+  SECStatus rv = PK11_CipherOp(context, result_data, &op_len, output_len,
+                               result_data, mask_len);
+  if (SECSuccess != rv || op_len != static_cast<int>(mask_len))
     return false;
-  CHECK(op_len == static_cast<int>(mask_len));
 
   unsigned int digest_len;
-  rv = PK11_DigestFinal(context,
-                        NULL,
-                        &digest_len,
-                        0);
-  if (SECSuccess != rv)
+  rv = PK11_DigestFinal(context, NULL, &digest_len, 0);
+  if (SECSuccess != rv || digest_len)
     return false;
-  CHECK(!digest_len);

[wtc, 2011/11/15 02:33:58]

IMPORTANT: Some of these CHECKs should not be converted to tests.
If they are not useful, we can remove them.

 
-  // Use |output_data| to mask |input|.
-  MaskMessage(
-      reinterpret_cast<uint8*>(const_cast<char*>(input.data())),
-      input.length(), output_data, output_data);
-  output->resize(input.length());
+  // Use |result_data| to mask |input|.
+  MaskMessage(reinterpret_cast<uint8*>(const_cast<char*>(input.data())),
+              input.size(), result_data, result_data);
+  result.resize(input.size());
+  output->swap(result);
   return true;
 }
 
 }  // namespace crypto