Add CRYPTOPP_ASSERT (Issue 277, CVE-2016-7420)

trap.h and CRYPTOPP_ASSERT has existed for over a year in Master. We deferred on the cut-over waiting for a minor version bump (5.7). We have to use it now due to CVE-2016-7420
weidai11 · Sep 16, 2016 · 399a154 · 399a154 · noloader · Sep 16, 2016
1 parent fca5fbb
commit 399a154
Show file tree

Hide file tree

Showing 109 changed files with 854 additions and 624 deletions.
diff --git a/Filelist.txt b/Filelist.txt
@@ -263,6 +263,7 @@ strciphr.h
 tea.cpp
 tea.h
 test.cpp
+trap.h
 tftables.cpp
 tiger.cpp
 tiger.h

diff --git a/adler32.cpp b/adler32.cpp
@@ -46,8 +46,8 @@ void Adler32::Update(const byte *input, size_t length)
 			s2 %= BASE;
 	}
 
-	assert(s1 < BASE);
-	assert(s2 < BASE);
+	CRYPTOPP_ASSERT(s1 < BASE);
+	CRYPTOPP_ASSERT(s2 < BASE);
 
 	m_s1 = (word16)s1;
 	m_s2 = (word16)s2;

diff --git a/algebra.cpp b/algebra.cpp
@@ -262,7 +262,7 @@ void AbstractGroup<T>::SimultaneousMultiply(T *results, const T &base, const Int
 
 	for (i=0; i<expCount; i++)
 	{
-		assert(expBegin->NotNegative());
+		CRYPTOPP_ASSERT(expBegin->NotNegative());
 		exponents.push_back(WindowSlider(*expBegin++, InversionIsFast(), 0));
 		exponents[i].FindNextWindow();
 		buckets[i].resize(((size_t) 1) << (exponents[i].windowSize-1), Identity());

diff --git a/algparam.cpp b/algparam.cpp
@@ -22,7 +22,7 @@ bool CombinedNameValuePairs::GetVoidValue(const char *name, const std::type_info
 void AlgorithmParametersBase::operator=(const AlgorithmParametersBase &rhs)
 {
 	CRYPTOPP_UNUSED(rhs);
-	assert(false);
+	CRYPTOPP_ASSERT(false);
 }
 
 bool AlgorithmParametersBase::GetVoidValue(const char *name, const std::type_info &valueType, void *pValue) const

diff --git a/algparam.h b/algparam.h
@@ -74,7 +74,7 @@ class ConstByteArrayParameter
 	void Assign(const byte *data, size_t size, bool deepCopy)
 	{
 		// This fires, which means: no data with a size, or data with no size.
-		// assert((data && size) || !(data || size));
+		// CRYPTOPP_ASSERT((data && size) || !(data || size));
 		if (deepCopy)
 			m_block.Assign(data, size);
 		else

diff --git a/asn.cpp b/asn.cpp
@@ -244,7 +244,7 @@ size_t OID::DecodeValue(BufferedTransformation &bt, word32 &v)
 
 void OID::DEREncode(BufferedTransformation &bt) const
 {
-	assert(m_values.size() >= 2);
+	CRYPTOPP_ASSERT(m_values.size() >= 2);
 	ByteQueue temp;
 	temp.Put(byte(m_values[0] * 40 + m_values[1]));
 	for (size_t i=2; i<m_values.size(); i++)
@@ -412,7 +412,7 @@ BERGeneralDecoder::~BERGeneralDecoder()
 	}
 	catch (const Exception&)
 	{
-		// assert(0);
+		// CRYPTOPP_ASSERT(0);
 	}
 }
 
@@ -506,7 +506,7 @@ DERGeneralEncoder::~DERGeneralEncoder()
 	}
 	catch (const Exception&)
 	{
-		assert(0);
+		CRYPTOPP_ASSERT(0);
 	}
 }
 

diff --git a/asn.h b/asn.h
@@ -239,7 +239,7 @@ class CRYPTOPP_DLL BERGeneralDecoder : public Store
 	~BERGeneralDecoder();
 
 	bool IsDefiniteLength() const {return m_definiteLength;}
-	lword RemainingLength() const {assert(m_definiteLength); return m_length;}
+	lword RemainingLength() const {CRYPTOPP_ASSERT(m_definiteLength); return m_length;}
 	bool EndReached() const;
 	byte PeekByte() const;
 	void CheckByte(byte b);
@@ -258,7 +258,7 @@ class CRYPTOPP_DLL BERGeneralDecoder : public Store
 private:
 	void Init(byte asnTag);
 	void StoreInitialize(const NameValuePairs &parameters)
-		{CRYPTOPP_UNUSED(parameters); assert(false);}
+		{CRYPTOPP_UNUSED(parameters); CRYPTOPP_ASSERT(false);}
 	lword ReduceLength(lword delta);
 };
 

diff --git a/authenc.cpp b/authenc.cpp
@@ -97,7 +97,7 @@ void AuthenticatedSymmetricCipherBase::Update(const byte *input, size_t length)
 		m_totalFooterLength += length;
 		break;
 	default:
-		assert(false);
+		CRYPTOPP_ASSERT(false);
 	}
 }
 
@@ -129,7 +129,7 @@ void AuthenticatedSymmetricCipherBase::ProcessData(byte *outString, const byte *
 		AuthenticateData(outString, length);
 		break;
 	default:
-		assert(false);
+		CRYPTOPP_ASSERT(false);
 	}
 }
 
@@ -169,7 +169,7 @@ void AuthenticatedSymmetricCipherBase::TruncatedFinal(byte *mac, size_t macSize)
 		break;
 
 	default:
-		assert(false);
+		CRYPTOPP_ASSERT(false);
 	}
 
 	m_state = State_KeySet;

diff --git a/authenc.h b/authenc.h
@@ -31,7 +31,7 @@ class CRYPTOPP_DLL CRYPTOPP_NO_VTABLE AuthenticatedSymmetricCipherBase : public
 	//! \param params additional parameters passed as  NameValuePairs
 	//! \details key must be at least DEFAULT_KEYLENGTH in length.
 	void UncheckedSetKey(const byte * key, unsigned int length,const CryptoPP::NameValuePairs &params)
-		{CRYPTOPP_UNUSED(key), CRYPTOPP_UNUSED(length), CRYPTOPP_UNUSED(params); assert(false);}
+		{CRYPTOPP_UNUSED(key), CRYPTOPP_UNUSED(length), CRYPTOPP_UNUSED(params); CRYPTOPP_ASSERT(false);}
 
 	void SetKey(const byte *userKey, size_t keylength, const NameValuePairs &params);
 	void Restart() {if (m_state > State_KeySet) m_state = State_KeySet;}

diff --git a/basecode.cpp b/basecode.cpp
@@ -57,7 +57,7 @@ size_t BaseN_Encoder::Put2(const byte *begin, size_t length, int messageEnd, boo
 		unsigned int b = begin[m_inputPosition++], bitsLeftInSource = 8;
 		while (true)
 		{
-			assert(m_bitsPerChar-m_bitPos >= 0);
+			CRYPTOPP_ASSERT(m_bitsPerChar-m_bitPos >= 0);
 			unsigned int bitsLeftInTarget = (unsigned int)(m_bitsPerChar-m_bitPos);
 			m_outBuf[m_bytePos] |= b >> (8-bitsLeftInTarget);
 			if (bitsLeftInSource >= bitsLeftInTarget)
@@ -78,13 +78,13 @@ size_t BaseN_Encoder::Put2(const byte *begin, size_t length, int messageEnd, boo
 		}
 		}
 
-		assert(m_bytePos <= m_outputBlockSize);
+		CRYPTOPP_ASSERT(m_bytePos <= m_outputBlockSize);
 		if (m_bytePos == m_outputBlockSize)
 		{
 			int i;
 			for (i=0; i<m_bytePos; i++)
 			{
-				assert(m_outBuf[i] < (1 << m_bitsPerChar));
+				CRYPTOPP_ASSERT(m_outBuf[i] < (1 << m_bitsPerChar));
 				m_outBuf[i] = m_alphabet[m_outBuf[i]];
 			}
 			FILTER_OUTPUT(1, m_outBuf, m_outputBlockSize, 0);
@@ -183,14 +183,14 @@ void BaseN_Decoder::InitializeDecodingLookupArray(int *lookup, const byte *alpha
 	{
 		if (caseInsensitive && isalpha(alphabet[i]))
 		{
-			assert(lookup[toupper(alphabet[i])] == -1);
+			CRYPTOPP_ASSERT(lookup[toupper(alphabet[i])] == -1);
 			lookup[toupper(alphabet[i])] = i;
-			assert(lookup[tolower(alphabet[i])] == -1);
+			CRYPTOPP_ASSERT(lookup[tolower(alphabet[i])] == -1);
 			lookup[tolower(alphabet[i])] = i;
 		}
 		else
 		{
-			assert(lookup[alphabet[i]] == -1);
+			CRYPTOPP_ASSERT(lookup[alphabet[i]] == -1);
 			lookup[alphabet[i]] = i;
 		}
 	}

diff --git a/bench1.cpp b/bench1.cpp
@@ -385,9 +385,9 @@ void BenchmarkAll(double t, double hertz)
 
 	const time_t endTime = time(NULL);
 	err = localtime_s(&localTime, &endTime);
-	assert(err == 0);
+	CRYPTOPP_ASSERT(err == 0);
 	err = asctime_s(timeBuf, sizeof(timeBuf), &localTime);
-	assert(err == 0);
+	CRYPTOPP_ASSERT(err == 0);
 
 	cout << "\nTest ended at " << timeBuf;
 #else

diff --git a/blake2.cpp b/blake2.cpp
@@ -352,7 +352,7 @@ BLAKE2_Base<W, T_64bit>::BLAKE2_Base() : m_state(1), m_block(1), m_digestSize(DI
 template <class W, bool T_64bit>
 BLAKE2_Base<W, T_64bit>::BLAKE2_Base(bool treeMode, unsigned int digestSize) : m_state(1), m_block(1), m_digestSize(digestSize), m_treeMode(treeMode)
 {
-	assert(digestSize <= DIGESTSIZE);
+	CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
 
 	UncheckedSetKey(NULL, 0, g_nullNameValuePairs);
 	Restart();
@@ -363,10 +363,10 @@ BLAKE2_Base<W, T_64bit>::BLAKE2_Base(const byte *key, size_t keyLength, const by
 	const byte* personalization, size_t personalizationLength, bool treeMode, unsigned int digestSize)
 	: m_state(1), m_block(1), m_digestSize(digestSize), m_treeMode(treeMode)
 {
-	assert(keyLength <= MAX_KEYLENGTH);
-	assert(digestSize <= DIGESTSIZE);
-	assert(saltLength <= SALTSIZE);
-	assert(personalizationLength <= PERSONALIZATIONSIZE);
+	CRYPTOPP_ASSERT(keyLength <= MAX_KEYLENGTH);
+	CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
+	CRYPTOPP_ASSERT(saltLength <= SALTSIZE);
+	CRYPTOPP_ASSERT(personalizationLength <= PERSONALIZATIONSIZE);
 
 	UncheckedSetKey(key, static_cast<unsigned int>(keyLength), MakeParameters(Name::DigestSize(),(int)digestSize)(Name::TreeMode(),treeMode, false)
 		(Name::Salt(), ConstByteArrayParameter(salt, saltLength))(Name::Personalization(), ConstByteArrayParameter(personalization, personalizationLength)));
@@ -439,7 +439,7 @@ void BLAKE2_Base<W, T_64bit>::Update(const byte *input, size_t length)
 	// Copy tail bytes
 	if (input && length)
 	{
-		assert(length <= BLOCKSIZE - state.length);
+		CRYPTOPP_ASSERT(length <= BLOCKSIZE - state.length);
 		memcpy_s(&state.buffer[state.length], length, input, length);
 		state.length += static_cast<unsigned int>(length);
 	}
@@ -3470,10 +3470,10 @@ static const int LANE_L64 = 0;
 
 static void BLAKE2_NEON_Compress32(const byte* input, BLAKE2_State<word32, false>& state)
 {
-  //assert(IsAlignedOn(input,GetAlignmentOf<uint8_t*>()));
-  assert(IsAlignedOn(&state.h[0],GetAlignmentOf<uint32x4_t>()));
-  assert(IsAlignedOn(&state.h[4],GetAlignmentOf<uint32x4_t>()));
-  assert(IsAlignedOn(&state.t[0],GetAlignmentOf<uint32x4_t>()));
+  //CRYPTOPP_ASSERT(IsAlignedOn(input,GetAlignmentOf<uint8_t*>()));
+  CRYPTOPP_ASSERT(IsAlignedOn(&state.h[0],GetAlignmentOf<uint32x4_t>()));
+  CRYPTOPP_ASSERT(IsAlignedOn(&state.h[4],GetAlignmentOf<uint32x4_t>()));
+  CRYPTOPP_ASSERT(IsAlignedOn(&state.t[0],GetAlignmentOf<uint32x4_t>()));
 
   CRYPTOPP_ALIGN_DATA(16) uint32_t m0[4], m1[4], m2[4], m3[4], m4[4], m5[4], m6[4], m7[4];
   CRYPTOPP_ALIGN_DATA(16) uint32_t m8[4], m9[4], m10[4], m11[4], m12[4], m13[4], m14[4], m15[4];
@@ -3976,10 +3976,10 @@ static void BLAKE2_NEON_Compress32(const byte* input, BLAKE2_State<word32, false
 
 static void BLAKE2_NEON_Compress64(const byte* input, BLAKE2_State<word64, true>& state)
 {
-  //assert(IsAlignedOn(input,GetAlignmentOf<uint8_t*>()));
-  assert(IsAlignedOn(&state.h[0],GetAlignmentOf<uint64x2_t>()));
-  assert(IsAlignedOn(&state.h[4],GetAlignmentOf<uint64x2_t>()));
-  assert(IsAlignedOn(&state.t[0],GetAlignmentOf<uint64x2_t>()));
+  //CRYPTOPP_ASSERT(IsAlignedOn(input,GetAlignmentOf<uint8_t*>()));
+  CRYPTOPP_ASSERT(IsAlignedOn(&state.h[0],GetAlignmentOf<uint64x2_t>()));
+  CRYPTOPP_ASSERT(IsAlignedOn(&state.h[4],GetAlignmentOf<uint64x2_t>()));
+  CRYPTOPP_ASSERT(IsAlignedOn(&state.t[0],GetAlignmentOf<uint64x2_t>()));
 
   uint64x2_t m0m1,m2m3,m4m5,m6m7,m8m9,m10m11,m12m13,m14m15;
 

diff --git a/blake2.h b/blake2.h
@@ -72,7 +72,7 @@ struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock<true>
 
 	BLAKE2_ParameterBlock(size_t digestSize)
 	{
-		assert(digestSize <= DIGESTSIZE);
+		CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
 		memset(this, 0x00, sizeof(*this));
 		digestLength = (byte)digestSize;
 		fanout = depth = 1;
@@ -107,7 +107,7 @@ struct CRYPTOPP_NO_VTABLE BLAKE2_ParameterBlock<false>
 
 	BLAKE2_ParameterBlock(size_t digestSize)
 	{
-		assert(digestSize <= DIGESTSIZE);
+		CRYPTOPP_ASSERT(digestSize <= DIGESTSIZE);
 		memset(this, 0x00, sizeof(*this));
 		digestLength = (byte)digestSize;
 		fanout = depth = 1;

diff --git a/camellia.cpp b/camellia.cpp
@@ -91,13 +91,13 @@ void Camellia::Base::UncheckedSetKey(const byte *key, unsigned int keylen, const
 	kwl = (word64(k0) << 32) | k1;	\
 	kwr = (word64(k2) << 32) | k3
 #define KS_ROUND_0(i)							\
-	assert(IsAlignedOn(CALC_ADDR(ks32, i+EFI(0)),GetAlignmentOf<word64>()));	\
-	assert(IsAlignedOn(CALC_ADDR(ks32, i+EFI(1)),GetAlignmentOf<word64>()));	\
+	CRYPTOPP_ASSERT(IsAlignedOn(CALC_ADDR(ks32, i+EFI(0)),GetAlignmentOf<word64>()));	\
+	CRYPTOPP_ASSERT(IsAlignedOn(CALC_ADDR(ks32, i+EFI(1)),GetAlignmentOf<word64>()));	\
 	*(word64*)(void*)CALC_ADDR(ks32, i+EFI(0)) = kwl;	\
 	*(word64*)(void*)CALC_ADDR(ks32, i+EFI(1)) = kwr
 #define KS_ROUND(i, r, which)																						\
-	assert(IsAlignedOn(CALC_ADDR(ks32, i+EFI(r<64)),GetAlignmentOf<word64>()));	\
-	assert(IsAlignedOn(CALC_ADDR(ks32, i+EFI(r>64)),GetAlignmentOf<word64>()));	\
+	CRYPTOPP_ASSERT(IsAlignedOn(CALC_ADDR(ks32, i+EFI(r<64)),GetAlignmentOf<word64>()));	\
+	CRYPTOPP_ASSERT(IsAlignedOn(CALC_ADDR(ks32, i+EFI(r>64)),GetAlignmentOf<word64>()));	\
 	if (which & (1<<int(r<64))) *(word64*)(void*)CALC_ADDR(ks32, i+EFI(r<64)) = (kwr << (r%64)) | (kwl >> (64 - (r%64)));	\
 	if (which & (1<<int(r>64))) *(word64*)(void*)CALC_ADDR(ks32, i+EFI(r>64)) = (kwl << (r%64)) | (kwr >> (64 - (r%64)))
 #else
@@ -222,7 +222,7 @@ void Camellia::Base::ProcessAndXorBlock(const byte *inBlock, const byte *xorBloc
 	volatile word32 _u = 0;
 	word32 u = _u;
 
-	assert(IsAlignedOn(s1,GetAlignmentOf<word32>()));
+	CRYPTOPP_ASSERT(IsAlignedOn(s1,GetAlignmentOf<word32>()));
 	for (i=0; i<256; i+=cacheLineSize)
 		u &= *(const word32 *)(void*)(s1+i);
 	u &= *(const word32 *)(void*)(s1+252);

diff --git a/cast.cpp b/cast.cpp
@@ -282,7 +282,7 @@ void CAST256::Base::UncheckedSetKey(const byte *userKey, unsigned int keylength,
 				int i1=8*j+i;
 				int i2=8*(11-j)+i;
 
-				assert(i1<i2);
+				CRYPTOPP_ASSERT(i1<i2);
 
 				std::swap(K[i1],K[i2]);
 				std::swap(K[i1+4],K[i2+4]);

diff --git a/ccm.cpp b/ccm.cpp
@@ -30,7 +30,7 @@ void CCM_Base::Resync(const byte *iv, size_t len)
 	BlockCipher &cipher = AccessBlockCipher();
 
 	m_L = REQUIRED_BLOCKSIZE-1-(int)len;
-	assert(m_L >= 2);
+	CRYPTOPP_ASSERT(m_L >= 2);
 	if (m_L > 8)
 		m_L = 8;
 
@@ -66,7 +66,7 @@ void CCM_Base::UncheckedSpecifyDataLengths(lword headerLength, lword messageLeng
 
 	if (headerLength>0)
 	{
-		assert(m_bufferedDataLength == 0);
+		CRYPTOPP_ASSERT(m_bufferedDataLength == 0);
 
 		if (headerLength < ((1<<16) - (1<<8)))
 		{

diff --git a/chacha.cpp b/chacha.cpp
@@ -31,7 +31,7 @@ template <unsigned int R>
 void ChaCha_Policy<R>::CipherSetKey(const NameValuePairs &params, const byte *key, size_t length)
 {
 	CRYPTOPP_UNUSED(params);
-	assert(length == 16 || length == 32);
+	CRYPTOPP_ASSERT(length == 16 || length == 32);
 
 	// "expand 16-byte k" or "expand 32-byte k"
 	m_state[0] = 0x61707865;
@@ -50,7 +50,7 @@ template <unsigned int R>
 void ChaCha_Policy<R>::CipherResynchronize(byte *keystreamBuffer, const byte *IV, size_t length)
 {
 	CRYPTOPP_UNUSED(keystreamBuffer), CRYPTOPP_UNUSED(length);
-	assert(length==8);
+	CRYPTOPP_ASSERT(length==8);
 
 	GetBlock<word32, LittleEndian> get(IV);
 	m_state[12] = m_state[13] = 0;

diff --git a/cmac.cpp b/cmac.cpp
@@ -57,7 +57,7 @@ void CMAC_Base::UncheckedSetKey(const byte *key, unsigned int length, const Name
 
 void CMAC_Base::Update(const byte *input, size_t length)
 {
-	assert((input && length) || !(input || length));
+	CRYPTOPP_ASSERT((input && length) || !(input || length));
 	if (!length)
 		return;
 
@@ -84,20 +84,20 @@ void CMAC_Base::Update(const byte *input, size_t length)
 
 	if (length > blockSize)
 	{
-		assert(m_counter == 0);
+		CRYPTOPP_ASSERT(m_counter == 0);
 		size_t leftOver = 1 + cipher.AdvancedProcessBlocks(m_reg, input, m_reg, length-1, BlockTransformation::BT_DontIncrementInOutPointers|BlockTransformation::BT_XorInput);
 		input += (length - leftOver);
 		length = leftOver;
 	}
 
 	if (length > 0)
 	{
-		assert(m_counter + length <= blockSize);
+		CRYPTOPP_ASSERT(m_counter + length <= blockSize);
 		xorbuf(m_reg+m_counter, input, length);
 		m_counter += (unsigned int)length;
 	}
 
-	assert(m_counter > 0);
+	CRYPTOPP_ASSERT(m_counter > 0);
 }
 
 void CMAC_Base::TruncatedFinal(byte *mac, size_t size)

diff --git a/config.h b/config.h
@@ -138,6 +138,16 @@
 # define CRYPTOPP_USER_PRIORITY 250
 #endif
 
+// CRYPTOPP_DEBUG enables the library's CRYPTOPP_ASSERT. CRYPTOPP_ASSERT
+//   raises a SIGTRAP (Unix) or calls DebugBreak() (Windows). CRYPTOPP_ASSERT
+//   is only in effect when CRYPTOPP_DEBUG, DEBUG or _DEBUG is defined. Unlike
+//   Posix assert, CRYPTOPP_ASSERT is not affected by NDEBUG (or failure to
+//   define it).
+//   Also see http://github.com/weidai11/cryptopp/issues/277, CVE-2010-4179
+#if (defined(DEBUG) || defined(_DEBUG)) && !defined(CRYPTOPP_DEBUG)
+# define CRYPTOPP_DEBUG 1
+#endif
+
 // ***************** Important Settings Again ********************
 // But the defaults should be ok.