Unify the error checking of crypto::Encryptor and add WARN_UNUSED_RESULT to prevent misuse.

crypto/encryptor_openssl.cc

 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "crypto/encryptor.h"
 
 #include <openssl/aes.h>
 #include <openssl/evp.h>
 
 #include "base/logging.h"
@@ skipping 37 matching lines @@
     : key_(NULL),
       mode_(CBC) {
 }
 
 Encryptor::~Encryptor() {
 }
 
 bool Encryptor::Init(SymmetricKey* key,
                      Mode mode,
                      const base::StringPiece& iv) {
-  DCHECK(key);
-  DCHECK_EQ(CBC, mode);
+  if (!key || mode != CBC)
+    return false;
 
   EnsureOpenSSLInit();
   if (iv.size() != AES_BLOCK_SIZE)
     return false;
 
   if (GetCipherForKey(key) == NULL)
     return false;
 
   key_ = key;
   mode_ = mode;
   iv.CopyToString(&iv_);
   return true;
 }
 
 bool Encryptor::Encrypt(const base::StringPiece& plaintext,
                         std::string* ciphertext) {
+  ciphertext->clear();
+  if (plaintext.empty() && mode_ != CBC)
+    return false;
   return Crypt(true, plaintext, ciphertext);
 }
 
 bool Encryptor::Decrypt(const base::StringPiece& ciphertext,
                         std::string* plaintext) {
+  plaintext->clear();
+  if (ciphertext.empty())
+    return false;
   return Crypt(false, ciphertext, plaintext);
 }
 
 bool Encryptor::Crypt(bool do_encrypt,
                       const base::StringPiece& input,
                       std::string* output) {
-  DCHECK(key_);  // Must call Init() before En/De-crypt.
-  // Work on the result in a local variable, and then only transfer it to
-  // |output| on success to ensure no partial data is returned.
-  std::string result;
-  output->swap(result);
+  if (!key_)
+    return false;  // Must call Init() first.
 
   const EVP_CIPHER* cipher = GetCipherForKey(key_);
   DCHECK(cipher);  // Already handled in Init();
 
   const std::string& key = key_->key();
-  DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length()));
-  DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length()));
+  if (EVP_CIPHER_iv_length(cipher) != static_cast<int>(iv_.length()) ||
+      EVP_CIPHER_key_length(cipher) != static_cast<int>(key.length())) {
+    return false;
+  }
 
   ScopedCipherCTX ctx;
   if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL,
                          reinterpret_cast<const uint8*>(key.data()),
                          reinterpret_cast<const uint8*>(iv_.data()),
-                         do_encrypt))
+                         do_encrypt)) {
+    return false;
+  }
+
+  std::string result;
+  // When encrypting, add another block size of space to allow for any padding.
+  const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0);
+  if (output_size == 0 || output_size + 1 < input.size())
     return false;
 
-  // When encrypting, add another block size of space to allow for any padding.
-  const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0);
   uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result,
                                                       output_size + 1));
   int out_len;
   if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len,
                         reinterpret_cast<const uint8*>(input.data()),
                         input.length()))
     return false;
 
   // Write out the final block plus padding (if any) to the end of the data
   // just written.
   int tail_len;
   if (!EVP_CipherFinal_ex(ctx.get(), out_ptr + out_len, &tail_len))
     return false;
 
   out_len += tail_len;
-  DCHECK_LE(out_len, static_cast<int>(output_size));
+  if (static_cast<int>(output_size) < out_len)
+    return false;

[wtc, 2011/11/15 02:33:58]

If we get here, we have overrun the buffer in 'result'.
So this check should really be an assertion.

+
   result.resize(out_len);
-
   output->swap(result);
   return true;
 }
 
 }  // namespace crypto