Skip to content

Commit

Permalink
More errors handling
Browse files Browse the repository at this point in the history 

* invalid size (1/2)

* size not multiple of

* fix case
  • Loading branch information
@lsh123
lsh123 authored Jan 7, 2017
1 parent a47a2f2 commit 6a50a85
Show file tree
Hide file tree
Showing 22 changed files with 189 additions and 269 deletions.
83 changes: 83 additions & 0 deletions src/errors_helpers.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -280,6 +280,89 @@ extern "C" {
"details=%s", \
xmlSecErrorsSafeString(details) \
)
/**
* xmlSecInvalidSizeError:
* @name: the name of the variable, parameter, etc.
* @actual: the actual value.
* @expected: the expected value.
* @errorObject: the error specific error object (e.g. transform, key data, etc).
*
* Macro. The XMLSec library macro for reporting "invalid size" errors when
* we expect exact match.
*/
#define xmlSecInvalidSizeError(name, actual, expected, errorObject) \
xmlSecError(XMLSEC_ERRORS_HERE, \
NULL, \
NULL, \
XMLSEC_ERRORS_R_INVALID_SIZE, \
"invalid size for '%s': actual=%lu is not equal to expected=%lu", \
xmlSecErrorsSafeString(name), \
(unsigned long)(actual), \
(unsigned long)(expected) \
)

/**
* xmlSecInvalidSizeLessThanError:
* @name: the name of the variable, parameter, etc.
* @actual: the actual value.
* @expected: the expected value.
* @errorObject: the error specific error object (e.g. transform, key data, etc).
*
* Macro. The XMLSec library macro for reporting "invalid size" errors when
* we expect at least the expected size.
*/
#define xmlSecInvalidSizeLessThanError(name, actual, expected, errorObject) \
xmlSecError(XMLSEC_ERRORS_HERE, \
NULL, \
NULL, \
XMLSEC_ERRORS_R_INVALID_SIZE, \
"invalid size for '%s': actual=%lu is less than expected=%lu", \
xmlSecErrorsSafeString(name), \
(unsigned long)(actual), \
(unsigned long)(expected) \
)

/**
* xmlSecInvalidSizeMoreThanError:
* @name: the name of the variable, parameter, etc.
* @actual: the actual value.
* @expected: the expected value.
* @errorObject: the error specific error object (e.g. transform, key data, etc).
*
* Macro. The XMLSec library macro for reporting "invalid size" errors when
* we expect at most the expected size.
*/
#define xmlSecInvalidSizeMoreThanError(name, actual, expected, errorObject) \
xmlSecError(XMLSEC_ERRORS_HERE, \
NULL, \
NULL, \
XMLSEC_ERRORS_R_NOT_IMPLEMENTED, \
"invalid size for '%s': actual=%lu is more than expected=%lu", \
xmlSecErrorsSafeString(name), \
(unsigned long)(actual), \
(unsigned long)(expected) \
)

/**
* xmlSecInvalidSizeNotMultipleOfError:
* @name: the name of the variable, parameter, etc.
* @actual: the actual value.
* @divider: the expected divider.
* @errorObject: the error specific error object (e.g. transform, key data, etc).
*
* Macro. The XMLSec library macro for reporting "invalid size" errors when
* we expect the size to be a multiple of the divider.
*/
#define xmlSecInvalidSizeNotMultipleOfError(name, actual, divider, errorObject) \
xmlSecError(XMLSEC_ERRORS_HERE, \
NULL, \
NULL, \
XMLSEC_ERRORS_R_NOT_IMPLEMENTED, \
"invalid size for '%s': actual=%lu is not a multiple of %lu", \
xmlSecErrorsSafeString(name), \
(unsigned long)(actual), \
(unsigned long)(divider) \
)

/**
* xmlSecInvalidNodeError:
Expand Down
28 changes: 8 additions & 20 deletions src/gcrypt/asn1.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -312,11 +312,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen,
case xmlSecGCryptDerKeyTypePrivateDsa:
/* check we have enough params */
if(keyparms_num != 6) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"Private DSA key: 6 parameters exepcted",
XMLSEC_ERRORS_R_INVALID_SIZE,
"parms_num=%d", (int)keyparms_num);
xmlSecInvalidSizeError("Private DSA key params",
keyparms_num, 6, NULL);
goto done;
}

Expand Down Expand Up @@ -366,11 +363,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen,
case xmlSecGCryptDerKeyTypePublicDsa:
/* check we have enough params */
if(keyparms_num != 5) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"Public DSA key: 5 parameters exepcted",
XMLSEC_ERRORS_R_INVALID_SIZE,
"parms_num=%d", (int)keyparms_num);
xmlSecInvalidSizeError("Public DSA key params",
keyparms_num, 5, NULL);
goto done;
}

Expand Down Expand Up @@ -406,11 +400,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen,
case xmlSecGCryptDerKeyTypePrivateRsa:
/* check we have enough params */
if(keyparms_num != 9) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"Private RSA key: 9 parameters exepcted",
XMLSEC_ERRORS_R_INVALID_SIZE,
"parms_num=%d", (int)keyparms_num);
xmlSecInvalidSizeError("Private RSA key params",
keyparms_num, 9, NULL);
goto done;
}

Expand Down Expand Up @@ -463,11 +454,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen,
case xmlSecGCryptDerKeyTypePublicRsa:
/* check we have enough params */
if(keyparms_num != 3) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"Public RSA key: 3 parameters exepcted",
XMLSEC_ERRORS_R_INVALID_SIZE,
"parms_num=%d", (int)keyparms_num);
xmlSecInvalidSizeError("Public RSA key params",
keyparms_num, 3, NULL);
goto done;
}

Expand Down
20 changes: 7 additions & 13 deletions src/gcrypt/hmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -383,13 +383,10 @@ xmlSecGCryptHmacVerify(xmlSecTransformPtr transform,
xmlSecAssert2(ctx->dgstSize > 0, -1);

/* compare the digest size in bytes */
if(dataSize != ((ctx->dgstSize + 7) / 8)){
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"data=%d;dgst=%d",
dataSize, ((ctx->dgstSize + 7) / 8));
if(dataSize != ((ctx->dgstSize + 7) / 8)) {
xmlSecInvalidSizeError("HMAC digest size",
dataSize, ((ctx->dgstSize + 7) / 8),
xmlSecTransformGetName(transform));
transform->status = xmlSecTransformStatusFail;
return(0);
}
Expand Down Expand Up @@ -479,12 +476,9 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC
} else if(ctx->dgstSize <= 8 * dgstSize) {
dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"result-bits=%d;required-bits=%d",
8 * dgstSize, ctx->dgstSize);
xmlSecInvalidSizeLessThanError("HMAC digest (bits)",
8 * dgstSize, ctx->dgstSize,
xmlSecTransformGetName(transform));
return(-1);
}

Expand Down
7 changes: 2 additions & 5 deletions src/gcrypt/kw_aes.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -241,11 +241,8 @@ xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransform
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
if((inSize % 8) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"size=%d(not 8 bytes aligned)", inSize);
xmlSecInvalidSizeNotMultipleOfError("Input data", inSize, 8,
xmlSecTransformGetName(transform));
return(-1);
}

Expand Down
9 changes: 3 additions & 6 deletions src/gcrypt/kw_des.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -275,12 +275,9 @@ xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfor
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"%d bytes - not %d bytes aligned",
inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
xmlSecInvalidSizeNotMultipleOfError("Input data",
inSize, XMLSEC_KW_DES3_BLOCK_LENGTH,
xmlSecTransformGetName(transform));
return(-1);
}

Expand Down
7 changes: 2 additions & 5 deletions src/gnutls/x509utils.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1280,11 +1280,8 @@ xmlSecGnuTLSDnAttrsParse(const xmlChar * dn,

/* insert into the attrs */
if(pos >= attrsSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"",
XMLSEC_ERRORS_R_INVALID_SIZE,
"Not enough space: size=%d", (int)attrsSize);
xmlSecInvalidSizeLessThanError("Attributes",
attrsSize, pos, NULL);
goto done;
}
attrs[pos].key = xmlStrdup(tmp);
Expand Down
29 changes: 10 additions & 19 deletions src/mscrypto/certkeys.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1940,11 +1940,8 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,

/* set q */
if(xmlSecBnGetSize(&q) > 0x14) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"q",
XMLSEC_ERRORS_R_INVALID_SIZE,
"size=%d > 0x14", xmlSecBnGetSize(&q));
xmlSecInvalidSizeLessThanError("DSA key q",
xmlSecBnGetSize(&q), 0x14, NULL);
goto done;
}
xmlSecAssert2(xmlSecBnGetData(&q) != NULL, -1);
Expand All @@ -1958,13 +1955,10 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,

/* set generator */
if(xmlSecBnGetSize(&g) > xmlSecBnGetSize(&p)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"g",
XMLSEC_ERRORS_R_INVALID_SIZE,
"size=%d > %d",
xmlSecBnGetSize(&g),
xmlSecBnGetSize(&p));
xmlSecInvalidSizeMoreThanError("DSA key g",
xmlSecBnGetSize(&g),
xmlSecBnGetSize(&p),
NULL);
goto done;
}
xmlSecAssert2(xmlSecBnGetData(&g) != NULL, -1);
Expand All @@ -1977,13 +1971,10 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key,

/* Public key */
if(xmlSecBnGetSize(&y) > xmlSecBnGetSize(&p)) {
xmlSecError(XMLSEC_ERRORS_HERE,
NULL,
"y",
XMLSEC_ERRORS_R_INVALID_SIZE,
"size=%d > %d",
xmlSecBnGetSize(&y),
xmlSecBnGetSize(&p));
xmlSecInvalidSizeMoreThanError("DSA key y",
xmlSecBnGetSize(&y),
xmlSecBnGetSize(&p),
NULL);
goto done;
}
xmlSecAssert2(xmlSecBnGetData(&y) != NULL, -1);
Expand Down
8 changes: 2 additions & 6 deletions src/mscrypto/digests.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -246,12 +246,8 @@ xmlSecMSCryptoDigestVerify(xmlSecTransformPtr transform,
xmlSecAssert2(ctx->dgstSize > 0, -1);

if(dataSize != ctx->dgstSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"data_size=%d;dgst_size=%d",
dataSize, ctx->dgstSize);
xmlSecInvalidSizeError("Digest", dataSize, ctx->dgstSize,
xmlSecTransformGetName(transform));
transform->status = xmlSecTransformStatusFail;
return(0);
}
Expand Down
26 changes: 6 additions & 20 deletions src/mscrypto/hmac.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -447,20 +447,9 @@ xmlSecMSCryptoHmacVerify(xmlSecTransformPtr transform,

/* compare the digest size in bytes */
if(dataSize != ((ctx->dgstSize + 7) / 8)){
/* NO COMMIT */
xmlChar* a;
mask = last_byte_masks[ctx->dgstSize % 8];
ctx->dgst[dataSize - 1] &= mask;
a = xmlSecBase64Encode(ctx->dgst, (ctx->dgstSize + 7) / 8, -1);
fprintf(stderr, "%s\n", a);
xmlFree(a);

xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"data=%d;dgst=%d",
dataSize, ((ctx->dgstSize + 7) / 8));
xmlSecInvalidSizeError("HMAC digest",
dataSize, ((ctx->dgstSize + 7) / 8),
xmlSecTransformGetName(transform));
transform->status = xmlSecTransformStatusFail;
return(0);
}
Expand Down Expand Up @@ -566,12 +555,9 @@ xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor
} else if(ctx->dgstSize <= 8 * retLen) {
retLen = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */
} else {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"result-bits=%d;required-bits=%d",
8 * retLen, ctx->dgstSize);
xmlSecInvalidSizeLessThanError("HMAC digest (bits)",
8 * retLen, ctx->dgstSize,
xmlSecTransformGetName(transform));
return(-1);
}

Expand Down
22 changes: 6 additions & 16 deletions src/mscrypto/kt_rsa.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -269,18 +269,12 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC
/* the encoded size is equal to the keys size so we could not
* process more than that */
if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"%d when expected less than %d", inSize, keySize);
xmlSecInvalidSizeLessThanError("Input data", inSize, keySize,
xmlSecTransformGetName(transform));
return(-1);
} else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"%d when expected %d", inSize, keySize);
xmlSecInvalidSizeError("Input data", inSize, keySize,
xmlSecTransformGetName(transform));
return(-1);
}

Expand All @@ -295,12 +289,8 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC

if(transform->operation == xmlSecTransformOperationEncrypt) {
if(inSize > outSize) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"inSize=%d;outSize=%d",
inSize, outSize);
xmlSecInvalidSizeLessThanError("Output data", outSize, inSize,
xmlSecTransformGetName(transform));
return(-1);
}

Expand Down
7 changes: 2 additions & 5 deletions src/mscrypto/kw_aes.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -301,11 +301,8 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
if((inSize % 8) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"size=%d(not 8 bytes aligned)", inSize);
xmlSecInvalidSizeNotMultipleOfError("Input data", inSize, 8,
xmlSecTransformGetName(transform));
return(-1);
}

Expand Down
9 changes: 3 additions & 6 deletions src/mscrypto/kw_des.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -348,12 +348,9 @@ xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransf
/* just do nothing */
} else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) {
if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) {
xmlSecError(XMLSEC_ERRORS_HERE,
xmlSecErrorsSafeString(xmlSecTransformGetName(transform)),
NULL,
XMLSEC_ERRORS_R_INVALID_SIZE,
"%d bytes - not %d bytes aligned",
inSize, XMLSEC_KW_DES3_BLOCK_LENGTH);
xmlSecInvalidSizeNotMultipleOfError("Input data",
inSize, XMLSEC_KW_DES3_BLOCK_LENGTH,
xmlSecTransformGetName(transform));
return(-1);
}

Expand Down
Loading

0 comments on commit 6a50a85

Please sign in to comment.