From f3c74eea95495c40cf4365718adafeaa31decd8d Mon Sep 17 00:00:00 2001 From: Michael Baentsch <57787676+baentsch@users.noreply.github.com> Date: Wed, 25 Oct 2023 11:11:08 +0200 Subject: [PATCH] check empty params lists passed --- oqsprov/oqs_encode_key2any.c | 1 + oqsprov/oqs_kmgmt.c | 4 ++++ oqsprov/oqs_sig.c | 1 + oqsprov/oqsprov.c | 1 + oqsprov/oqsprov_keys.c | 35 ++++++++++++++++++++--------------- 5 files changed, 27 insertions(+), 15 deletions(-) diff --git a/oqsprov/oqs_encode_key2any.c b/oqsprov/oqs_encode_key2any.c index 63246f5e..04b561ad 100644 --- a/oqsprov/oqs_encode_key2any.c +++ b/oqsprov/oqs_encode_key2any.c @@ -944,6 +944,7 @@ static int key2any_set_ctx_params(void *vctx, const OSSL_PARAM params[]) } } OQS_ENC_PRINTF2(" cipher set to %p: \n", ctx->cipher); + // not passing in a cipher param will lead to no-op hence no error return 1; } diff --git a/oqsprov/oqs_kmgmt.c b/oqsprov/oqs_kmgmt.c index 88e927ea..5be50149 100644 --- a/oqsprov/oqs_kmgmt.c +++ b/oqsprov/oqs_kmgmt.c @@ -257,6 +257,7 @@ int oqsx_key_to_params(const OQSX_KEY *key, OSSL_PARAM_BLD *tmpl, goto err; } } + // not passing in params to respond to is no error; the response is empty ret = 1; err: return ret; @@ -373,6 +374,7 @@ static int oqsx_get_params(void *key, OSSL_PARAM params[]) return 0; } + // not passing in params to respond to is no error return 1; } @@ -443,6 +445,7 @@ static int oqsx_set_params(void *key, const OSSL_PARAM params[]) } } + // not passing in params to set is no error, just a no-op return 1; } @@ -571,6 +574,7 @@ static int oqsx_gen_set_params(void *genctx, const OSSL_PARAM params[]) if (gctx->propq == NULL) return 0; } + // not passing in params is no error; subsequent operations may fail, though return 1; } diff --git a/oqsprov/oqs_sig.c b/oqsprov/oqs_sig.c index 69e4ff04..86a4ae3a 100644 --- a/oqsprov/oqs_sig.c +++ b/oqsprov/oqs_sig.c @@ -745,6 +745,7 @@ static int oqs_sig_set_ctx_params(void *vpoqs_sigctx, const OSSL_PARAM params[]) return 0; } + // not passing in parameters we can act on is no error return 1; } diff --git a/oqsprov/oqsprov.c b/oqsprov/oqsprov.c index 615d00fe..dba438c0 100644 --- a/oqsprov/oqsprov.c +++ b/oqsprov/oqsprov.c @@ -850,6 +850,7 @@ static int oqsprovider_get_params(void *provctx, OSSL_PARAM params[]) p = OSSL_PARAM_locate(params, OSSL_PROV_PARAM_STATUS); if (p != NULL && !OSSL_PARAM_set_int(p, 1)) // provider is always running return 0; + // not passing in params to respond to is no error; response is empty then return 1; } diff --git a/oqsprov/oqsprov_keys.c b/oqsprov/oqsprov_keys.c index b3ff332e..1b7d062e 100644 --- a/oqsprov/oqsprov_keys.c +++ b/oqsprov/oqsprov_keys.c @@ -1013,44 +1013,49 @@ int oqsx_key_allocate_keymaterial(OQSX_KEY *key, int include_private) int oqsx_key_fromdata(OQSX_KEY *key, const OSSL_PARAM params[], int include_private) { - const OSSL_PARAM *p; + const OSSL_PARAM *pp1, *pp2; OQS_KEY_PRINTF("OQSX Key from data called\n"); - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { + pp1 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY); + pp2 = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); + // at least one parameter must be given + if (pp1 == NULL && pp2 == NULL) { + ERR_raise(ERR_LIB_USER, OQSPROV_R_WRONG_PARAMETERS); + return 0; + } + if (pp1 != NULL) { + if (pp1->data_type != OSSL_PARAM_OCTET_STRING) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_ENCODING); return 0; } - if (key->privkeylen != p->data_size) { + if (key->privkeylen != pp1->data_size) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE); return 0; } - OPENSSL_secure_clear_free(key->privkey, p->data_size); - key->privkey = OPENSSL_secure_malloc(p->data_size); + OPENSSL_secure_clear_free(key->privkey, pp1->data_size); + key->privkey = OPENSSL_secure_malloc(pp1->data_size); if (key->privkey == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } - memcpy(key->privkey, p->data, p->data_size); + memcpy(key->privkey, pp1->data, pp1->data_size); } - p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY); - if (p != NULL) { - if (p->data_type != OSSL_PARAM_OCTET_STRING) { + if (pp2 != NULL) { + if (pp2->data_type != OSSL_PARAM_OCTET_STRING) { OQS_KEY_PRINTF("invalid data type\n"); return 0; } - if (key->pubkeylen != p->data_size) { + if (key->pubkeylen != pp2->data_size) { ERR_raise(ERR_LIB_USER, OQSPROV_R_INVALID_SIZE); return 0; } - OPENSSL_secure_clear_free(key->pubkey, p->data_size); - key->pubkey = OPENSSL_secure_malloc(p->data_size); + OPENSSL_secure_clear_free(key->pubkey, pp2->data_size); + key->pubkey = OPENSSL_secure_malloc(pp2->data_size); if (key->pubkey == NULL) { ERR_raise(ERR_LIB_USER, ERR_R_MALLOC_FAILURE); return 0; } - memcpy(key->pubkey, p->data, p->data_size); + memcpy(key->pubkey, pp2->data, pp2->data_size); } if (!oqsx_key_set_composites(key) || !oqsx_key_recreate_classickey(