Start replacing abort() with an internal sodium_misuse() function

This function will eventually be able to call a user-defined hook, that may be useful to people writing bindings for other languages. The function will not return, though, and will keep calling abort() after the hook. So, hooks should not return either. They should gracefully kill the current process or thread instead. There are many more abort() instances to replace. This is long and boring.
2017-07-16 19:01:22 +02:00 · 2017-07-16 19:01:22 +02:00 · bcf98b5546
commit bcf98b5546
parent c86080e7b9
5 changed files with 29 additions and 12 deletions
--- a/src/libsodium/crypto_kx/crypto_kx.c
+++ b/src/libsodium/crypto_kx/crypto_kx.c
@ -1,6 +1,7 @@

 #include <stddef.h>

+#include "core.h"
 #include "crypto_generichash.h"
 #include "crypto_kx.h"
 #include "crypto_scalarmult.h"
@ -48,7 +49,7 @@ crypto_kx_client_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
        tx = rx;
    }
    if (rx == NULL) {
-        abort();
+        sodium_misuse("crypto_kx_client_session_keys(): no pointers given"); /* LCOV_EXCL_LINE */
    }
    if (crypto_scalarmult(q, client_sk, server_pk) != 0) {
        return -1;
@ -89,7 +90,7 @@ crypto_kx_server_session_keys(unsigned char rx[crypto_kx_SESSIONKEYBYTES],
        tx = rx;
    }
    if (rx == NULL) {
-        abort();
+        sodium_misuse("crypto_kx_server_session_keys(): no pointers given"); /* LCOV_EXCL_LINE */
    }
    if (crypto_scalarmult(q, server_sk, client_pk) != 0) {
        return -1;
--- a/src/libsodium/include/sodium/core.h
+++ b/src/libsodium/include/sodium/core.h
@ -12,6 +12,12 @@ SODIUM_EXPORT
 int sodium_init(void)
            __attribute__ ((warn_unused_result));

+/* ---- */
+
+SODIUM_EXPORT
+void sodium_misuse(const char *err)
+            __attribute__ ((noreturn));
+
 #ifdef __cplusplus
 }
 #endif
--- a/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
+++ b/src/libsodium/randombytes/sysrandom/randombytes_sysrandom.c
@ -24,6 +24,7 @@
 # include <poll.h>
 #endif

+#include "core.h"
 #include "randombytes.h"
 #include "randombytes_sysrandom.h"
 #include "utils.h"
@ -253,7 +254,7 @@ randombytes_sysrandom_init(void)

    if ((stream.random_data_source_fd =
         randombytes_sysrandom_random_dev_open()) == -1) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("randombytes_sysrandom_init(): unable to open the random device"); /* LCOV_EXCL_LINE */
    }
    errno = errno_save;
 }
@ -323,21 +324,21 @@ randombytes_sysrandom_buf(void * const buf, const size_t size)
 # if defined(SYS_getrandom) && defined(__NR_getrandom)
    if (stream.getrandom_available != 0) {
        if (randombytes_linux_getrandom(buf, size) != 0) {
-            abort();
+            sodium_misuse("randombytes_sysrandom_buf(): linux getrandom() failed"); /* LCOV_EXCL_LINE */
        }
        return;
    }
 # endif
    if (stream.random_data_source_fd == -1 ||
        safe_read(stream.random_data_source_fd, buf, size) != (ssize_t) size) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("randombytes_sysrandom_buf(): unable to read the random device"); /* LCOV_EXCL_LINE */
    }
 #else
    if (size > (size_t) 0xffffffff) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("randombytes_sysrandom_buf(): cannot read more than 0xffffffff bytes at a time"); /* LCOV_EXCL_LINE */
    }
    if (! RtlGenRandom((PVOID) buf, (ULONG) size)) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("randombytes_sysrandom_buf(): RtlGenRandom() failed"); /* LCOV_EXCL_LINE */
    }
 #endif
 }
--- a/src/libsodium/sodium/core.c
+++ b/src/libsodium/sodium/core.c
@ -1,4 +1,5 @@

+#include <stdlib.h>
 #include <string.h>
 #include <time.h>
 #ifdef _WIN32
@ -169,3 +170,10 @@ sodium_crit_leave(void)
 }

 #endif
+
+void
+sodium_misuse(const char *err)
+{
+    (void) err;
+    abort();
+}
--- a/src/libsodium/sodium/utils.c
+++ b/src/libsodium/sodium/utils.c
@ -21,6 +21,7 @@
 # include <unistd.h>
 #endif

+#include "core.h"
 #include "randombytes.h"
 #include "utils.h"

@ -79,7 +80,7 @@ sodium_memzero(void *const pnt, const size_t len)
    SecureZeroMemory(pnt, len);
 #elif defined(HAVE_MEMSET_S)
    if (len > 0U && memset_s(pnt, (rsize_t) len, 0, (rsize_t) len) != 0) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("sodium_memzero(): length is more than RSIZE_MAX"); /* LCOV_EXCL_LINE */
    }
 #elif defined(HAVE_EXPLICIT_BZERO)
    explicit_bzero(pnt, len);
@ -300,7 +301,7 @@ sodium_bin2hex(char *const hex, const size_t hex_maxlen,
    int          c;

    if (bin_len >= SIZE_MAX / 2 || hex_maxlen <= bin_len * 2U) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("sodium_bin2hex(): invalid length"); /* LCOV_EXCL_LINE */
    }
    while (i < bin_len) {
        c = bin[i] & 0xf;
@ -387,7 +388,7 @@ _sodium_alloc_init(void)
    page_size = (size_t) si.dwPageSize;
 # endif
    if (page_size < CANARY_SIZE || page_size < sizeof(size_t)) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("_sodium_alloc_init(): page size is smaller than the canary size"); /* LCOV_EXCL_LINE */
    }
 #endif
    randombytes_buf(canary, sizeof canary);
@ -539,7 +540,7 @@ _unprotected_ptr_from_user_ptr(void *const ptr)
    page_mask = page_size - 1U;
    unprotected_ptr_u = ((uintptr_t) canary_ptr & (uintptr_t) ~page_mask);
    if (unprotected_ptr_u <= page_size * 2U) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("_unprotected_ptr_from_user_ptr(): invalid pointer (too low)"); /* LCOV_EXCL_LINE */
    }
    return (unsigned char *) unprotected_ptr_u;
 }
@ -569,7 +570,7 @@ _sodium_malloc(const size_t size)
        return NULL;
    }
    if (page_size <= sizeof canary || page_size < sizeof unprotected_size) {
-        abort(); /* LCOV_EXCL_LINE */
+        sodium_misuse("_sodium_malloc(): page size too small"); /* LCOV_EXCL_LINE */
    }
    size_with_canary = (sizeof canary) + size;
    unprotected_size = _page_round(size_with_canary);