Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1818)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/child/webcrypto/openssl/aes_cbc_openssl.cc

Issue 405693002: [refactor] Use base::CheckedNumeric<> in place of manual checks. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: convert from unsigned int --> int Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/child/webcrypto/nss/rsa_key_nss.cc ('k') | no next file » | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/webcrypto/openssl/aes_cbc_openssl.cc
diff --git a/content/child/webcrypto/openssl/aes_cbc_openssl.cc b/content/child/webcrypto/openssl/aes_cbc_openssl.cc
index b78ede966e83e6ac586f85e1123e6794abc9f230..11e0128e3f439adddc1ee3897d4723032a17f374 100644
--- a/content/child/webcrypto/openssl/aes_cbc_openssl.cc
+++ b/content/child/webcrypto/openssl/aes_cbc_openssl.cc
@@ -6,6 +6,7 @@
#include <openssl/evp.h>
#include "base/logging.h"
+#include "base/numerics/safe_math.h"
#include "content/child/webcrypto/crypto_data.h"
#include "content/child/webcrypto/openssl/aes_key_openssl.h"
#include "content/child/webcrypto/openssl/key_openssl.h"
@@ -47,12 +48,19 @@ Status AesCbcEncryptDecrypt(CipherOperation cipher_operation,
if (params->iv().size() != 16)
return Status::ErrorIncorrectSizeAesCbcIv();
- if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) {
- // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right
- // now it doesn't make much difference since the one-shot API would end up
- // blowing out the memory and crashing anyway.
+ // According to the openssl docs, the amount of data written may be as large
+ // as (data_size + cipher_block_size - 1), constrained to a multiple of
+ // cipher_block_size.
+ base::CheckedNumeric<int> output_max_len = data.byte_length();
+ output_max_len += AES_BLOCK_SIZE - 1;
+ if (!output_max_len.IsValid())
+ return Status::ErrorDataTooLarge();
+
+ const unsigned remainder = output_max_len.ValueOrDie() % AES_BLOCK_SIZE;
+ if (remainder != 0)
+ output_max_len += AES_BLOCK_SIZE - remainder;
+ if (!output_max_len.IsValid())
return Status::ErrorDataTooLarge();
- }
// Note: PKCS padding is enabled by default
crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>::Type context(
@@ -73,16 +81,7 @@ Status AesCbcEncryptDecrypt(CipherOperation cipher_operation,
return Status::OperationError();
}
- // According to the openssl docs, the amount of data written may be as large
- // as (data_size + cipher_block_size - 1), constrained to a multiple of
- // cipher_block_size.
- unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE - 1;
- const unsigned remainder = output_max_len % AES_BLOCK_SIZE;
- if (remainder != 0)
- output_max_len += AES_BLOCK_SIZE - remainder;
- DCHECK_GT(output_max_len, data.byte_length());
-
- buffer->resize(output_max_len);
+ buffer->resize(output_max_len.ValueOrDie());
unsigned char* const buffer_data = Uint8VectorStart(buffer);
@@ -102,7 +101,6 @@ Status AesCbcEncryptDecrypt(CipherOperation cipher_operation,
const unsigned int final_output_len =
static_cast<unsigned int>(output_len) +
static_cast<unsigned int>(final_output_chunk_len);
- DCHECK_LE(final_output_len, output_max_len);
buffer->resize(final_output_len);
« no previous file with comments | « content/child/webcrypto/nss/rsa_key_nss.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698