From 4dac252a16815b0612e79e63efd5b8aebeacd98a Mon Sep 17 00:00:00 2001
From: Michael Baentsch <57787676+baentsch@users.noreply.github.com>
Date: Thu, 26 Oct 2023 06:42:05 +0200
Subject: [PATCH] check empty params lists passed (#296)

---
 oqsprov/oqs_encode_key2any.c |  1 +
 oqsprov/oqs_kmgmt.c          |  4 ++++
 oqsprov/oqs_sig.c            |  1 +
 oqsprov/oqsprov.c            |  1 +
 oqsprov/oqsprov_keys.c       | 35 ++++++++++++++++++++---------------
 5 files changed, 27 insertions(+), 15 deletions(-)

diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c
index 63246f5e..04b561ad 100644
--- a/oqsprov/oqs_encode_key2any.c
+++ b/oqsprov/oqs_encode_key2any.c
@@ -944,6 +944,7 @@ static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[])
         }
     }
     OQS_ENC_PRINTF2(" cipher set to %p: \n", ctx->cipher);
+    // not passing in a cipher param will lead to no-op hence no error
     return 1;
 }
 
diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c
index 88e927ea..5be50149 100644
--- a/oqsprov/oqs_kmgmt.c
+++ b/oqsprov/oqs_kmgmt.c
@@ -257,6 +257,7 @@ int oqsx_key_to_params(const OQSX_KEY *key, OSSL_PARAM_BLD *tmpl,
                 goto err;
         }
     }
+    // not passing in params to respond to is no error; the response is empty
     ret = 1;
 err:
     return ret;
@@ -373,6 +374,7 @@ static int oqsx_get_params(void *key, OSSL_PARAM params[])
             return 0;
     }
 
+    // not passing in params to respond to is no error
     return 1;
 }
 
@@ -443,6 +445,7 @@ static int oqsx_set_params(void *key, const OSSL_PARAM params[])
         }
     }
 
+    // not passing in params to set is no error, just a no-op
     return 1;
 }
 
@@ -571,6 +574,7 @@ static int oqsx_gen_set_params(void *genctx, const OSSL_PARAM params[])
         if (gctx->propq == NULL)
             return 0;
     }
+    // not passing in params is no error; subsequent operations may fail, though
     return 1;
 }
 
diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c
index 69e4ff04..86a4ae3a 100644
--- a/oqsprov/oqs_sig.c
+++ b/oqsprov/oqs_sig.c
@@ -745,6 +745,7 @@ static int oqs_sig_set_ctx_params(void *vpoqs_sigctx, const OSSL_PARAM params[])
             return 0;
     }
 
+    // not passing in parameters we can act on is no error
     return 1;
 }
 
diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c
index 615d00fe..dba438c0 100644
--- a/oqsprov/oqsprov.c
+++ b/oqsprov/oqsprov.c
@@ -850,6 +850,7 @@ static int oqsprovider_get_params(void *provctx, OSSL_PARAM params[])
     p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS);
     if (p != NULL && !OSSL_PARAM_set_int(p, 1)) // provider is always running
         return 0;
+    // not passing in params to respond to is no error; response is empty then
     return 1;
 }
 
diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c
index b3ff332e..1b7d062e 100644
--- a/oqsprov/oqsprov_keys.c
+++ b/oqsprov/oqsprov_keys.c
@@ -1013,44 +1013,49 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private)
 int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[],
                       int include_private)
 {
-    const OSSL_PARAM *p;
+    const OSSL_PARAM *pp1, *pp2;
 
     OQS_KEY_PRINTF("OQSX Key from data called\n");
-    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
-    if (p != NULL) {
-        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+    pp1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY);
+    pp2 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
+    // at least one parameter must be given
+    if (pp1 == NULL && pp2 == NULL) {
+        ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS);
+        return 0;
+    }
+    if (pp1 != NULL) {
+        if (pp1->data_type != OSSL_PARAM_OCTET_STRING) {
             ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING);
             return 0;
         }
-        if (key->privkeylen != p->data_size) {
+        if (key->privkeylen != pp1->data_size) {
             ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE);
             return 0;
         }
-        OPENSSL_secure_clear_free(key->privkey, p->data_size);
-        key->privkey = OPENSSL_secure_malloc(p->data_size);
+        OPENSSL_secure_clear_free(key->privkey, pp1->data_size);
+        key->privkey = OPENSSL_secure_malloc(pp1->data_size);
         if (key->privkey == NULL) {
             ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        memcpy(key->privkey, p->data, p->data_size);
+        memcpy(key->privkey, pp1->data, pp1->data_size);
     }
-    p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY);
-    if (p != NULL) {
-        if (p->data_type != OSSL_PARAM_OCTET_STRING) {
+    if (pp2 != NULL) {
+        if (pp2->data_type != OSSL_PARAM_OCTET_STRING) {
             OQS_KEY_PRINTF("invalid data type\n");
             return 0;
         }
-        if (key->pubkeylen != p->data_size) {
+        if (key->pubkeylen != pp2->data_size) {
             ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE);
             return 0;
         }
-        OPENSSL_secure_clear_free(key->pubkey, p->data_size);
-        key->pubkey = OPENSSL_secure_malloc(p->data_size);
+        OPENSSL_secure_clear_free(key->pubkey, pp2->data_size);
+        key->pubkey = OPENSSL_secure_malloc(pp2->data_size);
         if (key->pubkey == NULL) {
             ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        memcpy(key->pubkey, p->data, p->data_size);
+        memcpy(key->pubkey, pp2->data, pp2->data_size);
     }
     if (!oqsx_key_set_composites(key)
         || !oqsx_key_recreate_classickey(