From 59b3f0832626fecebef66326b5316dbd10e482e0 Mon Sep 17 00:00:00 2001 From: haozi007 Date: Sat, 15 Oct 2022 14:53:50 +0800 Subject: [PATCH 07/43] add check for aes apis Signed-off-by: haozi007 --- src/utils/cutils/namespace.c | 3 +-- src/utils/cutils/utils_aes.c | 48 ++++++++++++++++++++++++++++++------ src/utils/cutils/utils_aes.h | 2 +- 3 files changed, 43 insertions(+), 10 deletions(-) diff --git a/src/utils/cutils/namespace.c b/src/utils/cutils/namespace.c index 2916c8bb..dc2fe810 100644 --- a/src/utils/cutils/namespace.c +++ b/src/utils/cutils/namespace.c @@ -20,9 +20,8 @@ char *namespace_get_connected_container(const char *mode) { - const char *p = mode != NULL ? (mode + strlen(SHARE_NAMESPACE_PREFIX)) : NULL; - if (namespace_is_container(mode)) { + const char *p = mode + strlen(SHARE_NAMESPACE_PREFIX); return util_strdup_s(p); } diff --git a/src/utils/cutils/utils_aes.c b/src/utils/cutils/utils_aes.c index 9e318b5b..1e25ecd3 100644 --- a/src/utils/cutils/utils_aes.c +++ b/src/utils/cutils/utils_aes.c @@ -28,12 +28,17 @@ #include "utils.h" #include "utils_file.h" -int util_aes_key(char *key_file, bool create, unsigned char *aeskey) +int util_aes_key(const char *key_file, bool create, unsigned char *aeskey) { char *key_dir = NULL; int fd = 0; int ret = 0; + if (key_file == NULL || aeskey == NULL) { + ERROR("Invalid arguments"); + return -1; + } + if (!util_file_exists(key_file)) { if (!create) { ERROR("init aes failed, file %s not exist", key_file); @@ -102,6 +107,11 @@ size_t util_aes_encode_buf_len(size_t len) return AES_256_CFB_IV_LEN + util_aes_decode_buf_len(len); } +static bool invalid_ase_args(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char **out) +{ + return aeskey == NULL || out == NULL || bytes == NULL || len == 0; +} + int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, unsigned char **out) { int ret = 0; @@ -110,22 +120,34 @@ int util_aes_encode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns int size = 0; int expected_size = len; unsigned char *iv = NULL; + EVP_CIPHER_CTX *ctx = NULL; #ifdef OPENSSL_IS_BORINGSSL const EVP_CIPHER *cipher = EVP_aes_256_ofb(); #else const EVP_CIPHER *cipher = EVP_aes_256_cfb(); #endif - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL || cipher == NULL) { + if (cipher == NULL) { ERROR("EVP init failed"); return -1; } + if (invalid_ase_args(aeskey, bytes, len, out)) { + ERROR("Invalid arguments"); + return -1; + } + + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + ERROR("Ctx create failed"); + return -1; + } + *out = util_common_calloc_s(util_aes_encode_buf_len(len) + 1); if (*out == NULL) { ERROR("out of memory"); - return -1; + ret = -1; + goto out; } iv = *out; @@ -192,27 +214,39 @@ int util_aes_decode(unsigned char *aeskey, unsigned char *bytes, size_t len, uns int size = 0; int expected_size = 0; unsigned char *iv = NULL; + EVP_CIPHER_CTX *ctx = NULL; #ifdef OPENSSL_IS_BORINGSSL const EVP_CIPHER *cipher = EVP_aes_256_ofb(); #else const EVP_CIPHER *cipher = EVP_aes_256_cfb(); #endif - EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new(); - if (ctx == NULL || cipher == NULL) { + if (cipher == NULL) { ERROR("EVP init failed"); return -1; } + if (invalid_ase_args(aeskey, bytes, len, out)) { + ERROR("Invalid arguments"); + return -1; + } + if (len <= AES_256_CFB_IV_LEN) { ERROR("Invalid aes length, it must be larger than %d", AES_256_CFB_IV_LEN); return -1; } + ctx = EVP_CIPHER_CTX_new(); + if (ctx == NULL) { + ERROR("Ctx create failed"); + return -1; + } + *out = util_common_calloc_s(util_aes_decode_buf_len(len) + 1); if (*out == NULL) { ERROR("out of memory"); - return -1; + ret = -1; + goto out; } iv = bytes; diff --git a/src/utils/cutils/utils_aes.h b/src/utils/cutils/utils_aes.h index d429c9e0..476fea65 100644 --- a/src/utils/cutils/utils_aes.h +++ b/src/utils/cutils/utils_aes.h @@ -27,7 +27,7 @@ extern "C" { #define AES_256_CFB_KEY_LEN 32 #define AES_256_CFB_IV_LEN 16 -int util_aes_key(char *key_path, bool create, unsigned char *aeskey); +int util_aes_key(const char *key_path, bool create, unsigned char *aeskey); // note: Input bytes is "IV+data", "bytes+AES_256_CFB_IV_LEN" is the real data to be encoded. // The output length is the input "len" and add the '\0' after end of the length. -- 2.25.1