added msg_hmac_len and removed additional strlen() calls
authorMichael Rash <mbr@cipherdyne.org>
Sat, 28 Jul 2012 01:29:26 +0000 (21:29 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 28 Jul 2012 01:29:26 +0000 (21:29 -0400)
lib/fko_context.h
lib/fko_encryption.c
lib/fko_funcs.c
lib/fko_hmac.c

index f33bd31..2d52e76 100644 (file)
@@ -85,6 +85,7 @@ struct fko_context {
     char           *encrypted_msg;
     int             encrypted_msg_len;
     char           *msg_hmac;
+    int             msg_hmac_len;
 
     /* State info */
     unsigned short  state;
index ba0ee51..3f18cb5 100644 (file)
@@ -88,7 +88,8 @@ _rijndael_encrypt(fko_ctx_t ctx, const char *enc_key, const int enc_key_len)
     b64_encode(ciphertext, b64ciphertext, cipher_len);
     strip_b64_eq(b64ciphertext);
 
-    ctx->encrypted_msg = strdup(b64ciphertext);
+    ctx->encrypted_msg     = strdup(b64ciphertext);
+    ctx->encrypted_msg_len = strnlen(ctx->encrypted_msg, MAX_SPA_ENCODED_MSG_SIZE);
 
     /* Clean-up
     */
@@ -99,6 +100,9 @@ _rijndael_encrypt(fko_ctx_t ctx, const char *enc_key, const int enc_key_len)
     if(ctx->encrypted_msg == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);
 
+    if(! is_valid_encoded_msg_len(ctx->encrypted_msg_len))
+        return(FKO_ERROR_INVALID_DATA);
+
     return(FKO_SUCCESS);
 }
 
@@ -271,7 +275,8 @@ gpg_encrypt(fko_ctx_t ctx, const char *enc_key)
     b64_encode(cipher, b64cipher, cipher_len);
     strip_b64_eq(b64cipher);
 
-    ctx->encrypted_msg = strdup(b64cipher);
+    ctx->encrypted_msg     = strdup(b64cipher);
+    ctx->encrypted_msg_len = strnlen(ctx->encrypted_msg, MAX_SPA_ENCODED_MSG_SIZE);
 
     /* Clean-up
     */
@@ -282,6 +287,9 @@ gpg_encrypt(fko_ctx_t ctx, const char *enc_key)
     if(ctx->encrypted_msg == NULL)
         return(FKO_ERROR_MEMORY_ALLOCATION);
 
+    if(! is_valid_encoded_msg_len(ctx->encrypted_msg_len))
+        return(FKO_ERROR_INVALID_DATA);
+
     return(FKO_SUCCESS);
 }
 
index 2e0bf29..73c0658 100644 (file)
@@ -426,7 +426,7 @@ fko_spa_data_final(fko_ctx_t ctx,
              * and the trailing '=' chars stripped off).
             */
             data_with_hmac_len
-                = strlen(ctx->encrypted_msg)+1+strlen(ctx->msg_hmac)+1;
+                = ctx->encrypted_msg_len+1+ctx->msg_hmac_len+1;
 
             tbuf = realloc(ctx->encrypted_msg, data_with_hmac_len);
             if (tbuf == NULL)
index 6337fb7..13e48e4 100644 (file)
@@ -102,15 +102,19 @@ int fko_calculate_hmac(fko_ctx_t ctx,
         return(FKO_ERROR_MEMORY_ALLOCATION);
 
     hmac_sha256(ctx->encrypted_msg,
-        strlen(ctx->encrypted_msg), hmac, hmac_key);
+        ctx->encrypted_msg_len, hmac, hmac_key);
 
     b64_encode(hmac, hmac_base64, SHA256_DIGEST_LENGTH);
     strip_b64_eq(hmac_base64);
 
-    ctx->msg_hmac = strdup(hmac_base64);
+    ctx->msg_hmac     = strdup(hmac_base64);
+    ctx->msg_hmac_len = strnlen(ctx->msg_hmac, SHA512_DIGEST_STRING_LENGTH);
 
     free(hmac_base64);
 
+    if(! is_valid_digest_len(ctx->msg_hmac_len))
+        return(FKO_ERROR_INVALID_DATA);
+
     return FKO_SUCCESS;
 }