Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(114)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: crypto/encryptor_win.cc

Issue 8511050: Unify the error checking of crypto::Encryptor and add WARN_UNUSED_RESULT to prevent misuse. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Fix mac and linux Created 9 years ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« crypto/encryptor_nss.cc ('K') | « crypto/encryptor_unittest.cc ('k') | net/socket/dns_cert_provenance_checker.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: crypto/encryptor_win.cc
diff --git a/crypto/encryptor_win.cc b/crypto/encryptor_win.cc
index dc595198a4b420c31a303bd6f5ace6d78ad5d07e..1321ed7f986725c1d63d23c0acfd9b366c754b82 100644
--- a/crypto/encryptor_win.cc
+++ b/crypto/encryptor_win.cc
@@ -41,8 +41,9 @@ Encryptor::~Encryptor() {
bool Encryptor::Init(SymmetricKey* key,
Mode mode,
const base::StringPiece& iv) {
- DCHECK(key);
- DCHECK_EQ(CBC, mode) << "Unsupported mode of operation";
+ DCHECK_EQ(CBC, mode);
+ if (!key)
+ return false;
// In CryptoAPI, the IV, padding mode, and feedback register (for a chaining
// mode) are properties of a key, so we have to create a copy of the key for
@@ -82,46 +83,50 @@ bool Encryptor::Init(SymmetricKey* key,
bool Encryptor::Encrypt(const base::StringPiece& plaintext,
std::string* ciphertext) {
+ std::string result;
+ ciphertext->swap(result);
+ if (plaintext.empty() && mode_ != CBC)
+ return false;
+
DWORD data_len = plaintext.size();
- CHECK((data_len > 0u) || (mode_ == CBC));
DWORD total_len = data_len + block_size_;
- CHECK_GT(total_len, 0u);
- CHECK_GT(total_len + 1, data_len);
+ if (total_len == 0 || total_len < data_len || total_len + 1 < data_len)
+ return false;
// CryptoAPI encrypts/decrypts in place.
- char* ciphertext_data = WriteInto(ciphertext, total_len + 1);
- memcpy(ciphertext_data, plaintext.data(), data_len);
+ char* result_data = WriteInto(&result, total_len + 1);
+ memcpy(result_data, plaintext.data(), data_len);
BOOL ok = CryptEncrypt(capi_key_.get(), NULL, TRUE, 0,
- reinterpret_cast<BYTE*>(ciphertext_data), &data_len,
+ reinterpret_cast<BYTE*>(result_data), &data_len,
total_len);
- if (!ok) {
- ciphertext->clear();
+ if (!ok)
return false;
- }
- ciphertext->resize(data_len);
+ result.resize(data_len);
+ ciphertext->swap(result);
return true;
}
bool Encryptor::Decrypt(const base::StringPiece& ciphertext,
std::string* plaintext) {
+ std::string result;
+ plaintext->swap(result);
DWORD data_len = ciphertext.size();
- CHECK_GT(data_len, 0u);
- CHECK_GT(data_len + 1, data_len);
+ if (data_len == 0 || data_len + 1 < data_len)
+ return false;
// CryptoAPI encrypts/decrypts in place.
- char* plaintext_data = WriteInto(plaintext, data_len + 1);
- memcpy(plaintext_data, ciphertext.data(), data_len);
+ char* result_data = WriteInto(&result, data_len + 1);
+ memcpy(result_data, ciphertext.data(), data_len);
BOOL ok = CryptDecrypt(capi_key_.get(), NULL, TRUE, 0,
- reinterpret_cast<BYTE*>(plaintext_data), &data_len);
- if (!ok) {
- plaintext->clear();
+ reinterpret_cast<BYTE*>(result_data), &data_len);
+ if (!ok)
return false;
- }
- plaintext->resize(data_len);
+ result.resize(data_len);
+ plaintext->swap(result);
return true;
}
« crypto/encryptor_nss.cc ('K') | « crypto/encryptor_unittest.cc ('k') | net/socket/dns_cert_provenance_checker.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698