content/child/webcrypto/nss/aes_cbc_nss.cc - Issue 405693002: [refactor] Use base::CheckedNumeric<> in place of manual checks.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: content/child/webcrypto/nss/aes_cbc_nss.cc

Issue 405693002: [refactor] Use base::CheckedNumeric<> in place of manual checks. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: fix testing order for openssl Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: content/child/webcrypto/nss/aes_cbc_nss.cc

diff --git a/content/child/webcrypto/nss/aes_cbc_nss.cc b/content/child/webcrypto/nss/aes_cbc_nss.cc

index a08bb9e4fca1e34f444ffc3ceee9ef6adde43b25..176d7d4fe40ddb1c5698f603ec3bf1e5be29abb0 100644

--- a/content/child/webcrypto/nss/aes_cbc_nss.cc

+++ b/content/child/webcrypto/nss/aes_cbc_nss.cc

@@ -4,6 +4,7 @@

#include <cryptohi.h>

+#include "base/numerics/safe_math.h"

#include "content/child/webcrypto/crypto_data.h"

#include "content/child/webcrypto/nss/aes_key_nss.h"

#include "content/child/webcrypto/nss/key_nss.h"

@@ -50,7 +51,9 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,

// Oddly PK11_CipherOp takes input and output lengths as "int" rather than

// "unsigned int". Do some checks now to avoid integer overflowing.

- if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) {

+ base::CheckedNumeric<int> output_max_len = data.byte_length();

+ output_max_len += AES_BLOCK_SIZE;

+ if (!output_max_len.IsValid()) {

// TODO(eroman): Handle this by chunking the input fed into NSS. Right now

// it doesn't make much difference since the one-shot API would end up

// blowing out the memory and crashing anyway.

@@ -67,10 +70,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,

// TODO(eroman): Refine the output buffer size. It can be computed exactly for

// encryption, and can be smaller for decryption.

- unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE;

- CHECK_GT(output_max_len, data.byte_length());

- buffer->resize(output_max_len);

+ buffer->resize(output_max_len.ValueOrDie());

unsigned char* buffer_data = Uint8VectorStart(buffer);

@@ -85,10 +85,11 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,

}

unsigned int final_output_chunk_len;

- if (SECSuccess != PK11_DigestFinal(context.get(),

- buffer_data + output_len,

- &final_output_chunk_len,

- output_max_len - output_len)) {

+ if (SECSuccess !=

+ PK11_DigestFinal(context.get(),

+ buffer_data + output_len,

+ &final_output_chunk_len,

+ (output_max_len - output_len).ValueOrDie())) {

return Status::OperationError();

}

« no previous file with comments | « no previous file | content/child/webcrypto/nss/aes_gcm_nss.cc » ('j') | content/child/webcrypto/openssl/aes_cbc_openssl.cc » ('J')