diff --git a/ScosslCommon/src/scossl_aes_aead.c b/ScosslCommon/src/scossl_aes_aead.c index b48bfe58..ce44188d 100644 --- a/ScosslCommon/src/scossl_aes_aead.c +++ b/ScosslCommon/src/scossl_aes_aead.c @@ -56,6 +56,7 @@ SCOSSL_STATUS scossl_aes_gcm_init_key(SCOSSL_CIPHER_GCM_CTX *ctx, return SCOSSL_FAILURE; } } + if (key != NULL) { scError = SymCryptGcmExpandKey(&ctx->key, SymCryptAesBlockCipher, key, keylen); @@ -64,6 +65,7 @@ SCOSSL_STATUS scossl_aes_gcm_init_key(SCOSSL_CIPHER_GCM_CTX *ctx, return SCOSSL_FAILURE; } } + return SCOSSL_SUCCESS; } @@ -299,7 +301,7 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_len(SCOSSL_CIPHER_GCM_CTX *ctx, size_t ivlen if (ivlen != ctx->ivlen) { ctx->ivlen = ivlen; - + if (ctx->iv != NULL) { OPENSSL_free(ctx->iv); @@ -455,7 +457,7 @@ SCOSSL_STATUS scossl_aes_ccm_init_key(SCOSSL_CIPHER_CCM_CTX *ctx, ctx->ccmStage = SCOSSL_CCM_STAGE_INIT; ctx->cbData = 0; - if (iv) + if (iv != NULL) { if (!scossl_aes_ccm_set_iv_len(ctx, ivlen)) { @@ -466,7 +468,8 @@ SCOSSL_STATUS scossl_aes_ccm_init_key(SCOSSL_CIPHER_CCM_CTX *ctx, memcpy(ctx->iv, iv, ctx->ivlen); ctx->ivSet = 1; } - if (key) + + if (key != NULL) { scError = SymCryptAesExpandKey(&ctx->key, key, keylen); if (scError != SYMCRYPT_NO_ERROR) @@ -474,6 +477,7 @@ SCOSSL_STATUS scossl_aes_ccm_init_key(SCOSSL_CIPHER_CCM_CTX *ctx, return SCOSSL_FAILURE; } } + return SCOSSL_SUCCESS; } diff --git a/ScosslCommon/src/scossl_mac.c b/ScosslCommon/src/scossl_mac.c index 66b5814f..15385cd1 100644 --- a/ScosslCommon/src/scossl_mac.c +++ b/ScosslCommon/src/scossl_mac.c @@ -86,6 +86,9 @@ SCOSSL_MAC_CTX *scossl_mac_dupctx(SCOSSL_MAC_CTX *ctx) SCOSSL_STATUS success = SCOSSL_FAILURE; SCOSSL_MAC_CTX *copyCtx = NULL; + if (ctx == NULL) + return NULL; + if ((copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MAC_CTX))) != NULL) { if (ctx->pbKey != NULL) diff --git a/SymCryptProvider/inc/p_scossl_base.h.in b/SymCryptProvider/inc/p_scossl_base.h.in index f9985cb5..ba292bb2 100644 --- a/SymCryptProvider/inc/p_scossl_base.h.in +++ b/SymCryptProvider/inc/p_scossl_base.h.in @@ -34,12 +34,12 @@ static const OSSL_PARAM p_scossl_param_types[] = { OSSL_PARAM_int(OSSL_PROV_PARAM_STATUS, NULL), OSSL_PARAM_END}; -// EVP_MD_CTX_dup is a helpful function for the provider, but was not added until OpenSSL 3.1 -// This function is copied from 3.1 to allow its use when the provider is built against 3.0 -#if OPENSSL_VERSION_MAJOR == 3 && OPENSSL_VERSION_MINOR == 0 -EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in); - -#endif // OPENSSL_VERSION_MAJOR == 3 && OPENSSL_VERSION_MINOR == 0 +// Helper function from the default provider that is used by get/set +// parameter functions to avoid iterating through an empty parameter array. +static inline BOOL p_scossl_is_params_empty(_In_ const OSSL_PARAM params[]) +{ + return params == NULL || params->key == NULL; +} #ifdef __cplusplus } diff --git a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c index 0b1d6f7f..dd930993 100644 --- a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c +++ b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c @@ -246,6 +246,12 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_get_ctx_params(_In_ SCOSSL_RSA_CIPHER_C { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE)) != NULL) { int i = 0; @@ -307,6 +313,17 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_set_ctx_params(_Inout_ SCOSSL_RSA_CIPHE const OSSL_PARAM *param_propq; const char *mdName, *mdProps; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE)) != NULL) { // Padding mode may be passed as legacy NID or string, and is diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes.c b/SymCryptProvider/src/ciphers/p_scossl_aes.c index e56908c3..cd1c8304 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes.c @@ -74,6 +74,9 @@ static void p_scossl_aes_generic_freectx(SCOSSL_AES_CTX *ctx) static SCOSSL_AES_CTX *p_scossl_aes_generic_dupctx(SCOSSL_AES_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copyCtx, OPENSSL_malloc, SCOSSL_AES_CTX); if (copyCtx != NULL) { @@ -153,14 +156,42 @@ static SCOSSL_STATUS p_scossl_aes_generic_skey_encrypt_init(_Inout_ SCOSSL_AES_C _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - return p_scossl_aes_generic_init_internal(ctx, TRUE, skey->pbKey, skey->cbKey, iv, ivlen, params); + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + + return p_scossl_aes_generic_init_internal(ctx, 1, pbKey, cbKey, iv, ivlen, params); } static SCOSSL_STATUS p_scossl_aes_generic_skey_decrypt_init(_Inout_ SCOSSL_AES_CTX *ctx, _In_ SCOSSL_SKEY *skey, _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - return p_scossl_aes_generic_init_internal(ctx, FALSE, skey->pbKey, skey->cbKey, iv, ivlen, params); + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + + return p_scossl_aes_generic_init_internal(ctx, 0, pbKey, cbKey, iv, ivlen, params); } #define SYMCRYPT_OPENSSL_MASK8_SELECT( _mask, _a, _b ) (SYMCRYPT_FORCE_READ8(&_mask) & _a) | (~(SYMCRYPT_FORCE_READ8(&_mask)) & _b) @@ -702,7 +733,13 @@ SCOSSL_STATUS p_scossl_aes_generic_get_params(_Inout_ OSSL_PARAM params[], static SCOSSL_STATUS p_scossl_aes_generic_get_ctx_params(_In_ SCOSSL_AES_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) @@ -746,7 +783,18 @@ static SCOSSL_STATUS p_scossl_aes_generic_get_ctx_params(_In_ SCOSSL_AES_CTX *ct static SCOSSL_STATUS p_scossl_aes_generic_set_ctx_params(_Inout_ SCOSSL_AES_CTX *ctx, _In_ const OSSL_PARAM params[]) { - const OSSL_PARAM *p = NULL; + const OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING)) != NULL) { diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes_aead.c b/SymCryptProvider/src/ciphers/p_scossl_aes_aead.c index 821f11ec..ceb32449 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes_aead.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes_aead.c @@ -7,6 +7,7 @@ #include #include "scossl_aes_aead.h" +#include "p_scossl_base.h" #include "p_scossl_aes.h" #include "p_scossl_skey.h" @@ -63,6 +64,9 @@ static void p_scossl_aes_gcm_freectx(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx) static SCOSSL_CIPHER_GCM_CTX *p_scossl_aes_gcm_dupctx(_In_ SCOSSL_CIPHER_GCM_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copy_ctx, OPENSSL_malloc, SCOSSL_CIPHER_GCM_CTX); if (copy_ctx != NULL) { @@ -81,6 +85,7 @@ static SCOSSL_CIPHER_GCM_CTX *p_scossl_aes_gcm_dupctx(_In_ SCOSSL_CIPHER_GCM_CTX } SymCryptGcmKeyCopy(&ctx->key, ©_ctx->key); } + return copy_ctx; } @@ -89,7 +94,7 @@ static SCOSSL_STATUS p_scossl_aes_gcm_init_internal(_Inout_ SCOSSL_CIPHER_GCM_CT _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - if (key && keylen != ctx->keylen) + if (key != NULL && keylen != ctx->keylen) { return SCOSSL_FAILURE; } @@ -116,18 +121,46 @@ static SCOSSL_STATUS p_scossl_aes_gcm_decrypt_init(_Inout_ SCOSSL_CIPHER_GCM_CTX return p_scossl_aes_gcm_init_internal(ctx, 0, key, keylen, iv, ivlen, params); } -static SCOSSL_STATUS p_scossl_aes_gcm_skey_encrypt_init(_Inout_ void *ctx, _In_ SCOSSL_SKEY *skey, +static SCOSSL_STATUS p_scossl_aes_gcm_skey_encrypt_init(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, _In_ SCOSSL_SKEY *skey, _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - return p_scossl_aes_gcm_init_internal(ctx, 1, skey->pbKey, skey->cbKey, iv, ivlen, params); + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + + return p_scossl_aes_gcm_init_internal(ctx, 1, pbKey, cbKey, iv, ivlen, params); } -static SCOSSL_STATUS p_scossl_aes_gcm_skey_decrypt_init(_Inout_ void *ctx, _In_ SCOSSL_SKEY *skey, +static SCOSSL_STATUS p_scossl_aes_gcm_skey_decrypt_init(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, _In_ SCOSSL_SKEY *skey, _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - return p_scossl_aes_gcm_init_internal(ctx, 0, skey->pbKey, skey->cbKey, iv, ivlen, params); + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + + return p_scossl_aes_gcm_init_internal(ctx, 0, pbKey, cbKey, iv, ivlen, params); } static SCOSSL_STATUS p_scossl_aes_gcm_final(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, @@ -161,40 +194,50 @@ static const OSSL_PARAM *p_scossl_aes_gcm_settable_ctx_params(ossl_unused void * static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->taglen)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->taglen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tlsAadSet ? EVP_GCM_TLS_TAG_LEN : 0)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->tlsAadSet ? EVP_GCM_TLS_TAG_LEN : 0)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV)) != NULL) { if (p->data_size < ctx->ivlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, ctx->iv != NULL ? (const void*)ctx->iv : "", ctx->ivlen) && !OSSL_PARAM_set_octet_ptr(p, ctx->iv != NULL ? (const void*)ctx->iv : "", ctx->ivlen)) { @@ -202,14 +245,15 @@ static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV)) != NULL) { if (p->data_size < ctx->ivlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, ctx->iv != NULL ? (const void*)ctx->iv : "", ctx->ivlen) && !OSSL_PARAM_set_octet_ptr(p, ctx->iv != NULL ? (const void*)ctx->iv : "", ctx->ivlen)) { @@ -217,8 +261,8 @@ static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { if (p->data_size == 0 || p->data_size > SCOSSL_GCM_MAX_TAG_LENGTH || @@ -227,14 +271,15 @@ static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, &ctx->tag, p->data_size)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN); - if (p != NULL && + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN)) != NULL && (p->data == NULL || p->data_type != OSSL_PARAM_OCTET_STRING || !scossl_aes_gcm_iv_gen(ctx, p->data, p->data_size))) @@ -248,9 +293,20 @@ static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, _In_ const OSSL_PARAM params[]) { - const OSSL_PARAM *p = NULL; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); - if (p != NULL) + const OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN)) != NULL) { size_t ivlen; @@ -267,8 +323,7 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -282,8 +337,8 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -297,8 +352,8 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -312,8 +367,8 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -336,6 +391,9 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C */ static SCOSSL_CIPHER_CCM_CTX *p_scossl_aes_ccm_dupctx(_In_ SCOSSL_CIPHER_CCM_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copy_ctx, OPENSSL_malloc, SCOSSL_CIPHER_CCM_CTX); if (copy_ctx != NULL) { @@ -347,6 +405,7 @@ static SCOSSL_CIPHER_CCM_CTX *p_scossl_aes_ccm_dupctx(_In_ SCOSSL_CIPHER_CCM_CTX copy_ctx->state = ctx->state; copy_ctx->state.pExpandedKey = ©_ctx->key; } + return copy_ctx; } @@ -360,7 +419,7 @@ static SCOSSL_STATUS p_scossl_aes_ccm_init_internal(_Inout_ SCOSSL_CIPHER_CCM_CT _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - if (key && keylen != ctx->keylen) + if (key != NULL && keylen != ctx->keylen) { return SCOSSL_FAILURE; } @@ -387,18 +446,46 @@ static SCOSSL_STATUS p_scossl_aes_ccm_decrypt_init(_Inout_ SCOSSL_CIPHER_CCM_CTX return p_scossl_aes_ccm_init_internal(ctx, 0, key, keylen, iv, ivlen, params); } -static SCOSSL_STATUS p_scossl_aes_ccm_skey_encrypt_init(_Inout_ void *ctx, _In_ SCOSSL_SKEY *skey, +static SCOSSL_STATUS p_scossl_aes_ccm_skey_encrypt_init(_Inout_ SCOSSL_CIPHER_CCM_CTX *ctx, _In_ SCOSSL_SKEY *skey, _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - return p_scossl_aes_ccm_init_internal(ctx, 1, skey->pbKey, skey->cbKey, iv, ivlen, params); + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + + return p_scossl_aes_ccm_init_internal(ctx, 1, pbKey, cbKey, iv, ivlen, params); } -static SCOSSL_STATUS p_scossl_aes_ccm_skey_decrypt_init(_Inout_ void *ctx, _In_ SCOSSL_SKEY *skey, +static SCOSSL_STATUS p_scossl_aes_ccm_skey_decrypt_init(_Inout_ SCOSSL_CIPHER_CCM_CTX *ctx, _In_ SCOSSL_SKEY *skey, _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - return p_scossl_aes_ccm_init_internal(ctx, 0, skey->pbKey, skey->cbKey, iv, ivlen, params); + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + + return p_scossl_aes_ccm_init_internal(ctx, 0, pbKey, cbKey, iv, ivlen, params); } static SCOSSL_STATUS p_scossl_aes_ccm_final(_Inout_ SCOSSL_CIPHER_CCM_CTX *ctx, @@ -432,40 +519,50 @@ static const OSSL_PARAM *p_scossl_aes_ccm_settable_ctx_params(ossl_unused void * static SCOSSL_STATUS p_scossl_aes_ccm_get_ctx_params(_In_ SCOSSL_CIPHER_CCM_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->taglen)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->taglen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tlsAadSet ? ctx->taglen : 0)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->tlsAadSet ? ctx->taglen : 0)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV)) != NULL) { if (p->data_size < ctx->ivlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen) && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { @@ -473,14 +570,15 @@ static SCOSSL_STATUS p_scossl_aes_ccm_get_ctx_params(_In_ SCOSSL_CIPHER_CCM_CTX return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV)) != NULL) { if (p->data_size < ctx->ivlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen) && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { @@ -488,14 +586,15 @@ static SCOSSL_STATUS p_scossl_aes_ccm_get_ctx_params(_In_ SCOSSL_CIPHER_CCM_CTX return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { if (p->data_size < ctx->taglen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, &ctx->tag, ctx->taglen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); @@ -508,9 +607,20 @@ static SCOSSL_STATUS p_scossl_aes_ccm_get_ctx_params(_In_ SCOSSL_CIPHER_CCM_CTX static SCOSSL_STATUS p_scossl_aes_ccm_set_ctx_params(_Inout_ SCOSSL_CIPHER_CCM_CTX *ctx, _In_ const OSSL_PARAM params[]) { - const OSSL_PARAM *p = NULL; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); - if (p != NULL) + const OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN)) != NULL) { size_t ivlen; @@ -526,8 +636,8 @@ static SCOSSL_STATUS p_scossl_aes_ccm_set_ctx_params(_Inout_ SCOSSL_CIPHER_CCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -541,8 +651,8 @@ static SCOSSL_STATUS p_scossl_aes_ccm_set_ctx_params(_Inout_ SCOSSL_CIPHER_CCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -556,8 +666,8 @@ static SCOSSL_STATUS p_scossl_aes_ccm_set_ctx_params(_Inout_ SCOSSL_CIPHER_CCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c index 4d44f485..1797ad14 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c @@ -2,11 +2,10 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include -#include #include #include "scossl_helpers.h" +#include "p_scossl_base.h" #include "p_scossl_aes.h" #include "p_scossl_skey.h" @@ -51,6 +50,9 @@ static SCOSSL_AES_XTS_CTX *p_scossl_aes_xts_newctx_internal(size_t keylen) static SCOSSL_AES_XTS_CTX *p_scossl_aes_xts_dupctx(SCOSSL_AES_XTS_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copy_ctx, OPENSSL_malloc, SCOSSL_AES_XTS_CTX); if (copy_ctx != NULL) { @@ -125,20 +127,54 @@ static SCOSSL_STATUS p_scossl_aes_xts_skey_encrypt_init(_Inout_ SCOSSL_AES_XTS_C _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - return p_scossl_aes_xts_init_internal(ctx, 1, skey->pbKey, skey->cbKey, iv, ivlen, params); + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + + return p_scossl_aes_xts_init_internal(ctx, 1, pbKey, cbKey, iv, ivlen, params); } static SCOSSL_STATUS p_scossl_aes_xts_skey_decrypt_init(_Inout_ SCOSSL_AES_XTS_CTX *ctx, _In_ SCOSSL_SKEY *skey, _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - return p_scossl_aes_xts_init_internal(ctx, 0, skey->pbKey, skey->cbKey, iv, ivlen, params); + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + + return p_scossl_aes_xts_init_internal(ctx, 0, pbKey, cbKey, iv, ivlen, params); } static SCOSSL_STATUS p_scossl_aes_xts_cipher(SCOSSL_AES_XTS_CTX *ctx, _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outsize, _In_reads_bytes_(inl) const unsigned char *in, size_t inl) { + if (out == NULL || in == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if (inl < SYMCRYPT_AES_BLOCK_SIZE) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); @@ -207,45 +243,63 @@ static const OSSL_PARAM *p_scossl_aes_xts_settable_ctx_params(ossl_unused void * static SCOSSL_STATUS p_scossl_aes_xts_get_ctx_params(_In_ SCOSSL_AES_XTS_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, SCOSSL_XTS_TWEAK_LENGTH)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, SCOSSL_XTS_TWEAK_LENGTH)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL && + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV)) != NULL && !OSSL_PARAM_set_octet_ptr(p, &ctx->tweak, SCOSSL_XTS_TWEAK_LENGTH) && !OSSL_PARAM_set_octet_string(p, &ctx->tweak, SCOSSL_XTS_TWEAK_LENGTH)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); - if (p != NULL && + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV)) != NULL && !OSSL_PARAM_set_octet_ptr(p, &ctx->tweak, SCOSSL_XTS_TWEAK_LENGTH) && !OSSL_PARAM_set_octet_string(p, &ctx->tweak, SCOSSL_XTS_TWEAK_LENGTH)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } + return SCOSSL_SUCCESS; } static SCOSSL_STATUS p_scossl_aes_xts_set_ctx_params(_Inout_ SCOSSL_AES_XTS_CTX *ctx, _In_ const OSSL_PARAM params[]) { - const OSSL_PARAM *p = NULL; + const OSSL_PARAM *p; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL) + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL) { size_t keylen; @@ -254,11 +308,13 @@ static SCOSSL_STATUS p_scossl_aes_xts_set_ctx_params(_Inout_ SCOSSL_AES_XTS_CTX ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } + if (keylen != ctx->keylen) { return SCOSSL_FAILURE; } } + return SCOSSL_SUCCESS; } diff --git a/SymCryptProvider/src/digests/p_scossl_cshake.c b/SymCryptProvider/src/digests/p_scossl_cshake.c index b3f58389..0b887d9c 100644 --- a/SymCryptProvider/src/digests/p_scossl_cshake.c +++ b/SymCryptProvider/src/digests/p_scossl_cshake.c @@ -7,6 +7,7 @@ #include "scossl_provider.h" #include "p_scossl_digest_common.h" +#include "p_scossl_base.h" #ifdef __cplusplus extern "C" { @@ -130,6 +131,9 @@ static SCOSSL_CSHAKE_CTX *p_scossl_cshake_dupctx(_In_ SCOSSL_CSHAKE_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copyCtx, OPENSSL_zalloc, SCOSSL_CSHAKE_CTX); if (copyCtx != NULL) @@ -276,6 +280,7 @@ static SCOSSL_STATUS p_scossl_cshake_256_digest(ossl_unused void *prov_ctx, { return p_scossl_cshake_digest(&SymCryptCShake256Algorithm, in, inl, out, outl, outlen); } + static SCOSSL_STATUS p_scossl_cshake_128_get_params(_Inout_ OSSL_PARAM params[]) { return p_scossl_digest_get_params(params, @@ -296,6 +301,17 @@ static SCOSSL_STATUS p_scossl_cshake_set_ctx_params(_Inout_ SCOSSL_CSHAKE_CTX *c { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_DIGEST_PARAM_FUNCTION_NAME_STRING)) != NULL) { if (ctx->xofState != SCOSSL_XOF_STATE_INIT) @@ -344,7 +360,12 @@ static SCOSSL_STATUS p_scossl_cshake_set_ctx_params(_Inout_ SCOSSL_CSHAKE_CTX *c static const OSSL_PARAM *p_scossl_cshake_settable_ctx_params(_In_ SCOSSL_CSHAKE_CTX *ctx, ossl_unused void *provctx) { - return ctx->xofState == SCOSSL_XOF_STATE_INIT ? p_scossl_cshake_settable_ctx_param_types : p_scossl_cshake_settable_ctx_param_types_initialized; + if (ctx == NULL || ctx->xofState == SCOSSL_XOF_STATE_INIT) + { + return p_scossl_cshake_settable_ctx_param_types; + } + + return p_scossl_cshake_settable_ctx_param_types_initialized; } #ifdef OSSL_FUNC_DIGEST_SQUEEZE diff --git a/SymCryptProvider/src/digests/p_scossl_digest_common.c b/SymCryptProvider/src/digests/p_scossl_digest_common.c index 53a8fdd7..94a80ed8 100644 --- a/SymCryptProvider/src/digests/p_scossl_digest_common.c +++ b/SymCryptProvider/src/digests/p_scossl_digest_common.c @@ -1,11 +1,9 @@ // // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // - -#include -#include #include +#include "p_scossl_base.h" #include "digests/p_scossl_digest_common.h" #ifdef __cplusplus @@ -36,6 +34,9 @@ void p_scossl_digest_freectx(SCOSSL_DIGEST_CTX *ctx) _Use_decl_annotations_ SCOSSL_DIGEST_CTX *p_scossl_digest_dupctx(SCOSSL_DIGEST_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_DIGEST_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_DIGEST_CTX)); if (copyCtx != NULL) diff --git a/SymCryptProvider/src/digests/p_scossl_digest_generic.c b/SymCryptProvider/src/digests/p_scossl_digest_generic.c index 59045653..4a94df87 100644 --- a/SymCryptProvider/src/digests/p_scossl_digest_generic.c +++ b/SymCryptProvider/src/digests/p_scossl_digest_generic.c @@ -67,6 +67,12 @@ static SCOSSL_STATUS p_scossl_digest_set_state_internal(_In_ SCOSSL_DIGEST_CTX * SYMCRYPT_ERROR scError; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_DIGEST_PARAM_STATE)) != NULL) { if (!OSSL_PARAM_get_octet_string_ptr(p, (void *)&pbImportBlob, &cbImportBlob)) diff --git a/SymCryptProvider/src/digests/p_scossl_shake.c b/SymCryptProvider/src/digests/p_scossl_shake.c index 98cd8810..052642e5 100644 --- a/SymCryptProvider/src/digests/p_scossl_shake.c +++ b/SymCryptProvider/src/digests/p_scossl_shake.c @@ -2,9 +2,9 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include #include +#include "p_scossl_base.h" #include "digests/p_scossl_digest_common.h" #ifdef __cplusplus @@ -19,6 +19,17 @@ static SCOSSL_STATUS p_scossl_shake_set_ctx_params(_Inout_ SCOSSL_DIGEST_CTX *ct { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN)) != NULL && !OSSL_PARAM_get_size_t(p, &ctx->xofLen)) { diff --git a/SymCryptProvider/src/encoder/p_scossl_encode_common.c b/SymCryptProvider/src/encoder/p_scossl_encode_common.c index c9615ae4..23a256ee 100644 --- a/SymCryptProvider/src/encoder/p_scossl_encode_common.c +++ b/SymCryptProvider/src/encoder/p_scossl_encode_common.c @@ -46,6 +46,17 @@ SCOSSL_STATUS p_scossl_encode_set_ctx_params(SCOSSL_ENCODE_CTX *ctx, const OSSL_ { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER)) != NULL) { OSSL_LIB_CTX *libctx = ctx->provctx == NULL ? NULL : ctx->provctx->libctx; diff --git a/SymCryptProvider/src/kdf/p_scossl_hkdf.c b/SymCryptProvider/src/kdf/p_scossl_hkdf.c index 86e570fb..1ce34511 100644 --- a/SymCryptProvider/src/kdf/p_scossl_hkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_hkdf.c @@ -73,7 +73,12 @@ void p_scossl_hkdf_freectx(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx) SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_dupctx(_In_ SCOSSL_PROV_HKDF_CTX *ctx) { - SCOSSL_PROV_HKDF_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_HKDF_CTX)); + SCOSSL_PROV_HKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_HKDF_CTX)); if (copyCtx != NULL) { if ((copyCtx->hkdfCtx = scossl_hkdf_dupctx(ctx->hkdfCtx)) == NULL || @@ -115,6 +120,12 @@ SCOSSL_STATUS p_scossl_hkdf_get_ctx_params(_In_ SCOSSL_PROV_HKDF_CTX *ctx, _Inou { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { SIZE_T cbResult; @@ -209,6 +220,17 @@ SCOSSL_STATUS p_scossl_hkdf_set_ctx_params(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx, co SIZE_T cbInfo; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { int mode = -1; @@ -330,6 +352,17 @@ SCOSSL_STATUS p_scossl_tls13kdf_set_ctx_params(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if (!p_scossl_hkdf_set_ctx_params(ctx, params)) return SCOSSL_FAILURE; diff --git a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c index 9c3eb06f..8a1cb527 100644 --- a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c @@ -83,7 +83,12 @@ static void p_scossl_kbkdf_freectx(_Inout_ SCOSSL_PROV_KBKDF_CTX *ctx) static SCOSSL_PROV_KBKDF_CTX *p_scossl_kbkdf_dupctx(_In_ SCOSSL_PROV_KBKDF_CTX *ctx) { - SCOSSL_PROV_KBKDF_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_KBKDF_CTX)); + SCOSSL_PROV_KBKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_KBKDF_CTX)); if (copyCtx != NULL) { *copyCtx = *ctx; @@ -225,6 +230,12 @@ static SCOSSL_STATUS p_scossl_kbkdf_get_ctx_params(ossl_unused void *ctx, _Inout { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { @@ -257,6 +268,17 @@ static SCOSSL_STATUS p_scossl_kbkdf_set_ctx_params(_Inout_ SCOSSL_PROV_KBKDF_CTX SCOSSL_STATUS ret = SCOSSL_FAILURE; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) { if (!p_scossl_kbkdf_get_octet_string(p, &ctx->pbKey, &ctx->cbKey)) diff --git a/SymCryptProvider/src/kdf/p_scossl_pbkdf2.c b/SymCryptProvider/src/kdf/p_scossl_pbkdf2.c index b055f4d0..61e90970 100644 --- a/SymCryptProvider/src/kdf/p_scossl_pbkdf2.c +++ b/SymCryptProvider/src/kdf/p_scossl_pbkdf2.c @@ -77,8 +77,12 @@ void p_scossl_pbkdf2_freectx(_Inout_ SCOSSL_PROV_PBKDF2_CTX *ctx) SCOSSL_PROV_PBKDF2_CTX *p_scossl_pbkdf2_dupctx(_In_ SCOSSL_PROV_PBKDF2_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_PBKDF2_CTX *copyCtx; - SCOSSL_PROV_PBKDF2_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_PBKDF2_CTX)); + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_PBKDF2_CTX)); if (copyCtx != NULL) { copyCtx->libctx = ctx->libctx; @@ -218,6 +222,12 @@ SCOSSL_STATUS p_scossl_pbkdf2_get_ctx_params(ossl_unused void *ctx, _Inout_ OSSL { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { @@ -234,6 +244,17 @@ SCOSSL_STATUS p_scossl_pbkdf2_set_ctx_params(_Inout_ SCOSSL_PROV_PBKDF2_CTX *ctx SCOSSL_STATUS ret = SCOSSL_FAILURE; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PKCS5)) != NULL) { int pkcs5; diff --git a/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c b/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c index 1d6866c9..08bfce58 100644 --- a/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c @@ -2,11 +2,10 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include #include -#include "scossl_helpers.h" #include "scossl_provider.h" +#include "p_scossl_base.h" #ifdef __cplusplus extern "C" { @@ -90,7 +89,12 @@ static SCOSSL_PROV_SRTPKDF_CTX *p_scossl_srtpkdf_dupctx(_In_ SCOSSL_PROV_SRTPKDF { SYMCRYPT_ERROR scError; SCOSSL_STATUS status = SCOSSL_FAILURE; - SCOSSL_PROV_SRTPKDF_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_SRTPKDF_CTX)); + SCOSSL_PROV_SRTPKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_SRTPKDF_CTX)); if (copyCtx != NULL) { @@ -204,6 +208,12 @@ static SCOSSL_STATUS p_scossl_srtpkdf_get_ctx_params(ossl_unused void *ctx, _Ino { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { @@ -218,6 +228,17 @@ static SCOSSL_STATUS p_scossl_srtpkdf_set_ctx_params(_Inout_ SCOSSL_PROV_SRTPKDF { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) { PBYTE pbKey; diff --git a/SymCryptProvider/src/kdf/p_scossl_sshkdf.c b/SymCryptProvider/src/kdf/p_scossl_sshkdf.c index 31a64729..cc2720a0 100644 --- a/SymCryptProvider/src/kdf/p_scossl_sshkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_sshkdf.c @@ -64,7 +64,7 @@ void p_scossl_sshkdf_freectx(_Inout_ SCOSSL_PROV_SSHKDF_CTX *ctx) { if (ctx == NULL) return; - + OPENSSL_free(ctx->mdName); scossl_sshkdf_freectx(ctx->sshkdfCtx); OPENSSL_free(ctx); @@ -73,8 +73,12 @@ void p_scossl_sshkdf_freectx(_Inout_ SCOSSL_PROV_SSHKDF_CTX *ctx) SCOSSL_PROV_SSHKDF_CTX *p_scossl_sshkdf_dupctx(_In_ SCOSSL_PROV_SSHKDF_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_SSHKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; - SCOSSL_PROV_SSHKDF_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSHKDF_CTX)); + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSHKDF_CTX)); if (copyCtx != NULL) { if ((copyCtx->sshkdfCtx = scossl_sshkdf_dupctx(ctx->sshkdfCtx)) == NULL) @@ -134,11 +138,17 @@ SCOSSL_STATUS p_scossl_sshkdf_get_ctx_params(_In_ SCOSSL_PROV_SSHKDF_CTX *ctx, _ { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_FAILURE; + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_DIGEST)) != NULL && @@ -191,6 +201,17 @@ SCOSSL_STATUS p_scossl_sshkdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSHKDF_CTX *ctx { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { PCSYMCRYPT_HASH symcryptHashAlg = NULL; diff --git a/SymCryptProvider/src/kdf/p_scossl_sskdf.c b/SymCryptProvider/src/kdf/p_scossl_sskdf.c index e8a6a1b9..30ab7f3a 100644 --- a/SymCryptProvider/src/kdf/p_scossl_sskdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_sskdf.c @@ -19,7 +19,7 @@ typedef struct { SIZE_T cbSalt; PBYTE pbInfo; SIZE_T cbInfo; - + BOOL isSaltExpanded; SYMCRYPT_SSKDF_MAC_EXPANDED_SALT expandedSalt; @@ -74,8 +74,12 @@ void p_scossl_sskdf_freectx(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx) SCOSSL_PROV_SSKDF_CTX *p_scossl_sskdf_dupctx(_In_ SCOSSL_PROV_SSKDF_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_SSKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; - SCOSSL_PROV_SSKDF_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSKDF_CTX)); + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSKDF_CTX)); if (copyCtx != NULL) { if (ctx->pbSecret != NULL) @@ -162,7 +166,7 @@ SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, if (ctx->mac != NULL) { if (!ctx->isSaltExpanded) - { + { PCSYMCRYPT_MAC pcSymCryptMacAlgorithm = NULL; if (EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_HMAC)) { @@ -171,7 +175,7 @@ SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } - + pcSymCryptMacAlgorithm = scossl_get_symcrypt_hmac_algorithm(ctx->mdnid); } if (EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_KMAC128)) @@ -182,8 +186,8 @@ SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, { pcSymCryptMacAlgorithm = SymCryptKmac256Algorithm; } - - + + if (pcSymCryptMacAlgorithm == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_MAC_TYPE); @@ -194,7 +198,7 @@ SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, &ctx->expandedSalt, pcSymCryptMacAlgorithm, ctx->pbSalt, ctx->cbSalt); - + if (scError != SYMCRYPT_NO_ERROR) { SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptSskdfMacExpandSalt failed", scError); @@ -254,6 +258,12 @@ SCOSSL_STATUS p_scossl_sskdf_get_ctx_params(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, _In { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { SIZE_T cbResult = 0; @@ -264,7 +274,7 @@ SCOSSL_STATUS p_scossl_sskdf_get_ctx_params(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, _In } else if (ctx->pHash != NULL) { - cbResult = SymCryptHashResultSize(ctx->pHash); + cbResult = SymCryptHashResultSize(ctx->pHash); } else { @@ -288,9 +298,20 @@ SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, EVP_MD *md = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL || // Shared secret may be set by OSSL_KDF_PARAM_KEY instead - (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) + (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) { OPENSSL_secure_free(ctx->pbSecret); ctx->cbSecret = 0; @@ -311,7 +332,7 @@ SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, goto cleanup; } } - + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { OPENSSL_free(ctx->pbSalt); @@ -327,7 +348,7 @@ SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, } if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) - { + { PBYTE pbCur = NULL; SIZE_T cbCur = 0; SIZE_T cbInfoMax = 0; @@ -381,7 +402,7 @@ SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { const char *mdName; - + ctx->pHash = NULL; ctx->isSaltExpanded = FALSE; diff --git a/SymCryptProvider/src/kdf/p_scossl_tls1prf.c b/SymCryptProvider/src/kdf/p_scossl_tls1prf.c index 22191a5a..c0fd923d 100644 --- a/SymCryptProvider/src/kdf/p_scossl_tls1prf.c +++ b/SymCryptProvider/src/kdf/p_scossl_tls1prf.c @@ -55,8 +55,12 @@ void p_scossl_tls1prf_freectx(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX *ctx) SCOSSL_PROV_TLS1_PRF_CTX *p_scossl_tls1prf_dupctx(_In_ SCOSSL_PROV_TLS1_PRF_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_TLS1_PRF_CTX *copyCtx; - SCOSSL_PROV_TLS1_PRF_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_TLS1_PRF_CTX)); + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_TLS1_PRF_CTX)); if (copyCtx != NULL) { if ((copyCtx->tls1prfCtx = scossl_tls1prf_dupctx(ctx->tls1prfCtx)) == NULL) @@ -132,6 +136,12 @@ SCOSSL_STATUS p_scossl_tls1prf_get_ctx_params(_In_ SCOSSL_PROV_TLS1_PRF_CTX *ctx { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { @@ -172,6 +182,17 @@ SCOSSL_STATUS p_scossl_tls1prf_set_ctx_params(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX * SIZE_T cbSeed; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { PCSYMCRYPT_MAC symcryptHmacAlg = NULL; diff --git a/SymCryptProvider/src/kem/p_scossl_mlkem.c b/SymCryptProvider/src/kem/p_scossl_mlkem.c index fe577d39..c4ff2801 100644 --- a/SymCryptProvider/src/kem/p_scossl_mlkem.c +++ b/SymCryptProvider/src/kem/p_scossl_mlkem.c @@ -72,8 +72,12 @@ static void p_scossl_mlkem_freectx(_Inout_ SCOSSL_MLKEM_CTX *ctx) static SCOSSL_MLKEM_CTX *p_scossl_mlkem_dupctx(_In_ SCOSSL_MLKEM_CTX *ctx) { - SCOSSL_MLKEM_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_MLKEM_CTX)); + SCOSSL_MLKEM_CTX *copyCtx; + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_MLKEM_CTX)); if (copyCtx != NULL) { copyCtx->keyCtx = ctx->keyCtx; @@ -288,9 +292,15 @@ static SCOSSL_STATUS p_scossl_mlkem_set_ctx_params(_In_ SCOSSL_MLKEM_CTX *ctx, _ if (ctx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); return SCOSSL_FAILURE; } + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if (ctx->operation == EVP_PKEY_OP_ENCAPSULATE && (p = OSSL_PARAM_locate_const(params, OSSL_KEM_PARAM_IKME)) != NULL) { diff --git a/SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c b/SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c index 90bcfa30..d44c6526 100644 --- a/SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c +++ b/SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c @@ -53,8 +53,12 @@ static void p_scossl_mlkem_hybrid_freectx(_Inout_ SCOSSL_MLKEM_HYBRID_CTX *ctx) static SCOSSL_MLKEM_HYBRID_CTX *p_scossl_mlkem_hybrid_dupctx(_In_ SCOSSL_MLKEM_HYBRID_CTX *ctx) { - SCOSSL_MLKEM_HYBRID_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_MLKEM_HYBRID_CTX)); + SCOSSL_MLKEM_HYBRID_CTX *copyCtx; + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_MLKEM_HYBRID_CTX)); if (copyCtx != NULL) { copyCtx->keyCtx = ctx->keyCtx; diff --git a/SymCryptProvider/src/keyexch/p_scossl_dh.c b/SymCryptProvider/src/keyexch/p_scossl_dh.c index 00ab7fea..1d069965 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_dh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_dh.c @@ -93,7 +93,12 @@ static void p_scossl_dh_freectx(_In_ SCOSSL_DH_CTX *ctx) static SCOSSL_DH_CTX *p_scossl_dh_dupctx(_In_ SCOSSL_DH_CTX *ctx) { - SCOSSL_DH_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_DH_CTX)); + SCOSSL_DH_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_DH_CTX)); if (copyCtx != NULL) { *copyCtx = *ctx; @@ -333,7 +338,18 @@ static SCOSSL_STATUS p_scossl_dh_set_ctx_params(_Inout_ SCOSSL_DH_CTX *ctx, _In_ char *mdProps = NULL; EVP_MD *md = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; - const OSSL_PARAM *p = NULL; + const OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } if ((p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_PAD)) != NULL) { @@ -463,7 +479,13 @@ static const OSSL_PARAM *p_scossl_dh_ctx_settable_params(ossl_unused void *ctx, static SCOSSL_STATUS p_scossl_dh_get_ctx_params(_In_ SCOSSL_DH_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } if ((p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_PAD)) != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) diff --git a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c index 303ad63d..6aec902f 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c @@ -40,7 +40,12 @@ void p_scossl_ecdh_freectx(SCOSSL_ECDH_CTX *ctx) _Use_decl_annotations_ SCOSSL_ECDH_CTX *p_scossl_ecdh_dupctx(SCOSSL_ECDH_CTX *ctx) { - SCOSSL_ECDH_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_ECDH_CTX)); + SCOSSL_ECDH_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_ECDH_CTX)); if (copyCtx != NULL) { *copyCtx = *ctx; diff --git a/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c b/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c index 9ec83ffa..1b77286f 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c +++ b/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c @@ -95,8 +95,12 @@ static void p_scossl_kdf_keyexch_freectx(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx) static SCOSSL_KDF_KEYEXCH_CTX *p_scossl_kdf_keyexch_dupctx(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx) { - SCOSSL_KDF_KEYEXCH_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_KDF_KEYEXCH_CTX)); + SCOSSL_KDF_KEYEXCH_CTX *copyCtx; + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_KDF_KEYEXCH_CTX)); if (copyCtx != NULL) { copyCtx->kdfFns = ctx->kdfFns; @@ -166,21 +170,50 @@ static SCOSSL_STATUS p_scossl_kdf_keyexch_derive(_In_ SCOSSL_KDF_KEYEXCH_CTX *ct static SCOSSL_STATUS p_scossl_kdf_keyexch_set_ctx_params(_Inout_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ const OSSL_PARAM params[]) { + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + return ctx->kdfFns->setCtxParams(ctx->kdfCtx, params); } static const OSSL_PARAM *p_scossl_kdf_keyexch_ctx_settable_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ SCOSSL_PROVCTX *provctx) { + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + return ctx->kdfFns->settableCtxParams(ctx->kdfCtx, provctx); } static SCOSSL_STATUS p_scossl_kdf_keyexch_get_ctx_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _Inout_ OSSL_PARAM params[]) { + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + return ctx->kdfFns->getCtxParams(ctx->kdfCtx, params); } static const OSSL_PARAM *p_scossl_kdf_keyexch_ctx_gettable_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ SCOSSL_PROVCTX *provctx) { + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + return ctx->kdfFns->gettableCtxParams(ctx->kdfCtx, provctx); } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index b0dacb33..9ae46b99 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -119,8 +119,12 @@ static SCOSSL_PROV_DH_KEY_CTX *p_scossl_dh_keymgmt_new_ctx(_In_ SCOSSL_PROVCTX * static SCOSSL_PROV_DH_KEY_CTX *p_scossl_dh_keymgmt_dup_key_ctx(_In_ const SCOSSL_PROV_DH_KEY_CTX *ctx, ossl_unused int selection) { - SCOSSL_PROV_DH_KEY_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_DH_KEY_CTX)); + SCOSSL_PROV_DH_KEY_CTX *copyCtx; + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_DH_KEY_CTX)); if (copyCtx != NULL) { *copyCtx = *ctx; @@ -423,6 +427,17 @@ static SCOSSL_STATUS p_scossl_dh_keygen_set_params(_Inout_ SCOSSL_DH_KEYGEN_CTX BOOL groupSetByParams; const OSSL_PARAM *p; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE)) != NULL) { const char *ffcTypeName; @@ -599,6 +614,17 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_set_params(_In_ SCOSSL_PROV_DH_KEY_CTX { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { SYMCRYPT_ERROR scError; @@ -927,8 +953,17 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_key_params(_In_ SCOSSL_DH_KEY_CTX * static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx, _Inout_ OSSL_PARAM params[]) { OSSL_PARAM *p; - int pubKeyBits = p_scossl_dh_pubkey_bits(ctx); - int privKeyBits = p_scossl_dh_privkey_bits(ctx); + int pubKeyBits; + int privKeyBits; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + pubKeyBits = p_scossl_dh_pubkey_bits(ctx); + privKeyBits = p_scossl_dh_privkey_bits(ctx); if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && (pubKeyBits < 0 || !OSSL_PARAM_set_int(p, pubKeyBits))) @@ -1022,6 +1057,12 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC SIZE_T cbPublicKey = 0; SYMCRYPT_ERROR scError; + if (ctx1 == NULL || ctx2 == NULL || + ctx1->keyCtx == NULL || ctx2->keyCtx == NULL) + { + goto cleanup; + } + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { if (!ctx1->keyCtx->initialized || !ctx2->keyCtx->initialized) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c index 5681b523..be921703 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c @@ -115,6 +115,17 @@ static SCOSSL_STATUS p_scossl_ecc_keygen_set_params(_Inout_ SCOSSL_ECC_KEYGEN_CT { const OSSL_PARAM *p; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME)) != NULL) { EC_GROUP *ecGroup = EC_GROUP_new_from_params(params, genCtx->libctx, NULL); @@ -172,6 +183,17 @@ static SCOSSL_STATUS p_scossl_x25519_keygen_set_params(ossl_unused void *genCtx, char *groupName = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME)) != NULL) { if (!OSSL_PARAM_get_utf8_string(p, &groupName, 0) || @@ -364,6 +386,12 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_params(_In_ SCOSSL_ECC_KEY_CTX *ke SCOSSL_STATUS ret = SCOSSL_FAILURE; OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_uint32(p, p_scossl_ecc_get_max_result_size(keyCtx, FALSE))) { @@ -525,10 +553,24 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_set_params(_Inout_ SCOSSL_ECC_KEY_CTX BN_CTX *bnCtx = NULL; EC_POINT *ecPoint = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; - SYMCRYPT_NUMBER_FORMAT numFormat = keyCtx->isX25519 ? SYMCRYPT_NUMBER_FORMAT_LSB_FIRST : SYMCRYPT_NUMBER_FORMAT_MSB_FIRST; - SYMCRYPT_ECPOINT_FORMAT pointFormat = keyCtx->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; + SYMCRYPT_NUMBER_FORMAT numFormat; + SYMCRYPT_ECPOINT_FORMAT pointFormat; const OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + + numFormat = keyCtx->isX25519 ? SYMCRYPT_NUMBER_FORMAT_LSB_FIRST : SYMCRYPT_NUMBER_FORMAT_MSB_FIRST; + pointFormat = keyCtx->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { SIZE_T encodedLen; @@ -701,7 +743,14 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC SIZE_T cbPrivateKey = 0; SIZE_T cbPublicKey = 0; SYMCRYPT_ERROR scError; - SYMCRYPT_ECPOINT_FORMAT pointFormat = keyCtx1->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; + SYMCRYPT_ECPOINT_FORMAT pointFormat; + + if (keyCtx1 == NULL || keyCtx2 == NULL) + { + goto cleanup; + } + + pointFormat = keyCtx1->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; if (keyCtx1->initialized != keyCtx2->initialized || keyCtx1->isX25519 != keyCtx2->isX25519) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c index fd6ac059..fcb44260 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c @@ -86,8 +86,12 @@ static SCOSSL_MLKEM_HYBRID_KEY_CTX *p_scossl_mlkem_hybrid_keymgmt_dup_key_ctx(_I SYMCRYPT_MLKEMKEY_FORMAT format = SYMCRYPT_MLKEMKEY_FORMAT_NULL; SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; SCOSSL_STATUS status = SCOSSL_FAILURE; - SCOSSL_MLKEM_HYBRID_KEY_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MLKEM_HYBRID_KEY_CTX)); + SCOSSL_MLKEM_HYBRID_KEY_CTX *copyCtx; + if (keyCtx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MLKEM_HYBRID_KEY_CTX)); if (copyCtx != NULL) { copyCtx->provCtx = keyCtx->provCtx; @@ -301,6 +305,17 @@ static SCOSSL_STATUS p_scossl_mlkem_hybrid_keymgmt_set_params(_Inout_ SCOSSL_MLK { const OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { PCBYTE pbKey; @@ -413,6 +428,12 @@ static SCOSSL_STATUS p_scossl_mlkem_hybrid_keymgmt_get_params(_In_ SCOSSL_MLKEM_ SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && !OSSL_PARAM_set_int(p, p_scossl_mlkem_get_bits(keyCtx->mlkemParams))) { diff --git a/SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c index d662ab04..0a3bfc56 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c @@ -87,8 +87,12 @@ static SCOSSL_MLKEM_KEY_CTX *p_scossl_mlkem_keymgmt_dup_key_ctx(_In_ const SCOSS SYMCRYPT_MLKEMKEY_FORMAT format = SYMCRYPT_MLKEMKEY_FORMAT_NULL; SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; SCOSSL_STATUS status = SCOSSL_FAILURE; - SCOSSL_MLKEM_KEY_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MLKEM_KEY_CTX)); + SCOSSL_MLKEM_KEY_CTX *copyCtx; + if (keyCtx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MLKEM_KEY_CTX)); if (copyCtx != NULL) { copyCtx->provCtx = keyCtx->provCtx; @@ -157,6 +161,17 @@ static SCOSSL_STATUS p_scossl_mlkem_keygen_set_params(_Inout_ SCOSSL_MLKEM_KEYGE { const OSSL_PARAM *p; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ML_KEM_SEED)) != NULL) { PBYTE pbSeed = genCtx->abSeed; @@ -314,6 +329,17 @@ static SCOSSL_STATUS p_scossl_mlkem_keymgmt_set_params(_Inout_ SCOSSL_MLKEM_KEY_ { const OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { PCBYTE pbKey; @@ -453,6 +479,12 @@ static SCOSSL_STATUS p_scossl_mlkem_keymgmt_get_params(_In_ SCOSSL_MLKEM_KEY_CTX SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && !OSSL_PARAM_set_int(p, p_scossl_mlkem_get_bits(keyCtx->mlkemParams))) { diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c index c70fb6b3..1642d8f0 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c @@ -229,7 +229,8 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keymgmt_dup_ctx(_In_ const SCOSSL_P SCOSSL_PROV_RSA_KEY_CTX *copyCtx; BOOL includePrivate = (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0; - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + if (keyCtx == NULL || + (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) { return NULL; } @@ -282,6 +283,17 @@ static SCOSSL_STATUS p_scossl_rsa_keygen_set_params(_Inout_ SCOSSL_RSA_KEYGEN_CT { const OSSL_PARAM *p; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { UINT32 nBitsOfModulus; @@ -907,22 +919,28 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_params(_In_ SCOSSL_PROV_RSA_KEY_CT { OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && - !OSSL_PARAM_set_uint32(p, SymCryptRsakeyModulusBits(keyCtx->key))) + (keyCtx->key == NULL || !OSSL_PARAM_set_uint32(p, SymCryptRsakeyModulusBits(keyCtx->key)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL && - !OSSL_PARAM_set_int(p, p_scossl_rsa_get_security_bits(keyCtx->key))) + (keyCtx->key == NULL || !OSSL_PARAM_set_int(p, p_scossl_rsa_get_security_bits(keyCtx->key)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && - !OSSL_PARAM_set_uint32(p, SymCryptRsakeySizeofModulus(keyCtx->key))) + (keyCtx->key == NULL || !OSSL_PARAM_set_uint32(p, SymCryptRsakeySizeofModulus(keyCtx->key)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; @@ -953,7 +971,7 @@ static const OSSL_PARAM *p_scossl_rsa_keymgmt_gettable_params(ossl_unused void * static BOOL p_scossl_rsa_keymgmt_has(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx, int selection) { BOOL ret = TRUE; - if (keyCtx->key == NULL) + if (keyCtx == NULL || keyCtx->key == NULL) { return FALSE; } @@ -975,8 +993,15 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I PBYTE pbPrivateExponent1 = NULL; PBYTE pbPrivateExponent2 = NULL; SYMCRYPT_ERROR scError; + UINT32 cbModulus; + + if (keyCtx1 == NULL || keyCtx2 == NULL || + keyCtx1->key == NULL || keyCtx2->key == NULL) + { + goto cleanup; + } - UINT32 cbModulus = SymCryptRsakeySizeofModulus(keyCtx1->key); + cbModulus = SymCryptRsakeySizeofModulus(keyCtx1->key); if (cbModulus != SymCryptRsakeySizeofModulus(keyCtx2->key)) { diff --git a/SymCryptProvider/src/mac/p_scossl_cmac.c b/SymCryptProvider/src/mac/p_scossl_cmac.c index 0024c125..fe21559d 100644 --- a/SymCryptProvider/src/mac/p_scossl_cmac.c +++ b/SymCryptProvider/src/mac/p_scossl_cmac.c @@ -45,12 +45,26 @@ static SCOSSL_STATUS p_scossl_cmac_init(_Inout_ SCOSSL_MAC_CTX *ctx, } -static SCOSSL_STATUS p_scossl_cmac_init_skey(_Inout_ void *ctx, +static SCOSSL_STATUS p_scossl_cmac_init_skey(_Inout_ SCOSSL_MAC_CTX *ctx, _In_ SCOSSL_SKEY *skey, _In_ const OSSL_PARAM params[]) { + PBYTE pbKey; + SIZE_T cbKey; + + if (skey != NULL) + { + pbKey = skey->pbKey; + cbKey = skey->cbKey; + } + else + { + pbKey = NULL; + cbKey = 0; + } + return p_scossl_cmac_set_ctx_params(ctx, params) && - scossl_mac_init(ctx, skey->pbKey, skey->cbKey); + scossl_mac_init(ctx, pbKey, cbKey); } static const OSSL_PARAM *p_scossl_cmac_gettable_ctx_params(ossl_unused void *ctx, ossl_unused void *provctx) @@ -67,6 +81,12 @@ static SCOSSL_STATUS p_scossl_cmac_get_ctx_params(_In_ SCOSSL_MAC_CTX *ctx, _Ino { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, ctx->pMac == NULL ? 0 : ctx->pMac->resultSize)) { @@ -88,6 +108,17 @@ static SCOSSL_STATUS p_scossl_cmac_set_ctx_params(_Inout_ SCOSSL_MAC_CTX *ctx, _ { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) { SCOSSL_STATUS success; diff --git a/SymCryptProvider/src/mac/p_scossl_hmac.c b/SymCryptProvider/src/mac/p_scossl_hmac.c index 364d245d..6f61de0a 100644 --- a/SymCryptProvider/src/mac/p_scossl_hmac.c +++ b/SymCryptProvider/src/mac/p_scossl_hmac.c @@ -58,6 +58,12 @@ static SCOSSL_STATUS p_scossl_hmac_get_ctx_params(_In_ SCOSSL_MAC_CTX *ctx, _Ino { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, ctx->pMac == NULL ? 0 : ctx->pMac->resultSize)) { @@ -147,6 +153,17 @@ static SCOSSL_STATUS p_scossl_hmac_set_ctx_params(_Inout_ SCOSSL_MAC_CTX *ctx, _ SCOSSL_STATUS ret = SCOSSL_FAILURE; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_DIGEST)) != NULL) { OPENSSL_free(ctx->mdName); diff --git a/SymCryptProvider/src/mac/p_scossl_kmac.c b/SymCryptProvider/src/mac/p_scossl_kmac.c index 7083f820..95c4d13f 100644 --- a/SymCryptProvider/src/mac/p_scossl_kmac.c +++ b/SymCryptProvider/src/mac/p_scossl_kmac.c @@ -3,8 +3,8 @@ // #include "p_scossl_kmac.h" +#include "p_scossl_base.h" -#include #include #ifdef __cplusplus @@ -92,8 +92,10 @@ static void p_scossl_kmac_freectx(_Inout_ SCOSSL_KMAC_CTX *ctx) static SCOSSL_KMAC_CTX *p_scossl_kmac_dupctx(_In_ SCOSSL_KMAC_CTX *ctx) { - SCOSSL_COMMON_ALIGNED_ALLOC(copyCtx, OPENSSL_zalloc, SCOSSL_KMAC_CTX); + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copyCtx, OPENSSL_zalloc, SCOSSL_KMAC_CTX); if (copyCtx == NULL) { return NULL; @@ -194,6 +196,12 @@ static SCOSSL_STATUS p_scossl_kmac_get_ctx_params(_In_ SCOSSL_KMAC_CTX *ctx, _In { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, ctx->cbOutput)) { @@ -216,6 +224,17 @@ static SCOSSL_STATUS p_scossl_kmac_set_ctx_params(_Inout_ SCOSSL_KMAC_CTX *ctx, SYMCRYPT_ERROR scError; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL && !OSSL_PARAM_get_int(p, &ctx->xofMode)) { diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index e092410a..31a266ae 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -882,27 +882,6 @@ SCOSSL_STATUS OSSL_provider_init(_In_ const OSSL_CORE_HANDLE *handle, return ret; } -#if OPENSSL_VERSION_MAJOR == 3 && OPENSSL_VERSION_MINOR == 0 -EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in) -{ - EVP_MD_CTX *out = EVP_MD_CTX_new(); - - if (out != NULL && !EVP_MD_CTX_copy_ex(out, in)) { - EVP_MD_CTX_free(out); - out = NULL; - } - return out; -} - -#if OPENSSL_VERSION_PATCH < 4 -int OPENSSL_strcasecmp(const char *s1, const char *s2) -{ - return strcasecmp(s1, s2); -} -#endif // OPENSSL_VERSION_PATCH < 4 - -#endif // OPENSSL_VERSION_MINOR == 0 - #ifdef __cplusplus } #endif \ No newline at end of file diff --git a/SymCryptProvider/src/p_scossl_ecc.c b/SymCryptProvider/src/p_scossl_ecc.c index 704c7803..94d306a1 100644 --- a/SymCryptProvider/src/p_scossl_ecc.c +++ b/SymCryptProvider/src/p_scossl_ecc.c @@ -52,11 +52,14 @@ SCOSSL_ECC_KEY_CTX *p_scossl_ecc_dup_ctx(SCOSSL_ECC_KEY_CTX *keyCtx, int selecti SIZE_T cbPublicKey = 0; SIZE_T cbPrivateKey = 0; SCOSSL_STATUS success = SCOSSL_FAILURE; - SYMCRYPT_ECPOINT_FORMAT pointFormat = keyCtx->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; + SYMCRYPT_ECPOINT_FORMAT pointFormat; SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; + SCOSSL_ECC_KEY_CTX *copyCtx; - SCOSSL_ECC_KEY_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_ECC_KEY_CTX)); + if (keyCtx == NULL) + return NULL; + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_ECC_KEY_CTX)); if (copyCtx != NULL) { copyCtx->isX25519 = keyCtx->isX25519; @@ -74,6 +77,8 @@ SCOSSL_ECC_KEY_CTX *p_scossl_ecc_dup_ctx(SCOSSL_ECC_KEY_CTX *keyCtx, int selecti if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 && keyCtx->initialized) { + pointFormat = keyCtx->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : (SYMCRYPT_ECPOINT_FORMAT)keyCtx->conversionFormat; + if (copyCtx->curve == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET); diff --git a/SymCryptProvider/src/p_scossl_rand.c b/SymCryptProvider/src/p_scossl_rand.c index 318df6b0..bb2aafd6 100644 --- a/SymCryptProvider/src/p_scossl_rand.c +++ b/SymCryptProvider/src/p_scossl_rand.c @@ -7,6 +7,7 @@ #include #include "scossl_helpers.h" +#include "p_scossl_base.h" #define SCOSSL_DRBG_STRENGTH 256 #define SCOSSL_DRBG_MAX_REQUEST_SIZE (1 << 16) @@ -101,23 +102,25 @@ static const OSSL_PARAM *p_scossl_rand_gettable_ctx_params(ossl_unused void *ctx static SCOSSL_STATUS p_scossl_rand_get_ctx_params(ossl_unused void *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; // State managed by symcrypt module - p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE); - if (p != NULL && !OSSL_PARAM_set_int(p, 1)) + if ((p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE)) != NULL && + !OSSL_PARAM_set_int(p, 1)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH); - if (p != NULL && !OSSL_PARAM_set_uint(p, SCOSSL_DRBG_STRENGTH)) + + if ((p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH)) != NULL && + !OSSL_PARAM_set_uint(p, SCOSSL_DRBG_STRENGTH)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST); - if (p != NULL && !OSSL_PARAM_set_size_t(p, SCOSSL_DRBG_MAX_REQUEST_SIZE)) + + if ((p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST)) != NULL && + !OSSL_PARAM_set_size_t(p, SCOSSL_DRBG_MAX_REQUEST_SIZE)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; diff --git a/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c b/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c index f455901a..c3d7915b 100644 --- a/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c @@ -77,7 +77,12 @@ static void p_scossl_ecdsa_freectx(SCOSSL_ECDSA_CTX *ctx) static SCOSSL_ECDSA_CTX *p_scossl_ecdsa_dupctx(_In_ SCOSSL_ECDSA_CTX *ctx) { - SCOSSL_ECDSA_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_ECDSA_CTX)); + SCOSSL_ECDSA_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_ECDSA_CTX)); if (copyCtx != NULL) { if ((ctx->propq != NULL && ((copyCtx->propq = OPENSSL_strdup(ctx->propq)) == NULL)) || @@ -330,7 +335,12 @@ static int p_scossl_ecdsa_digest_verify_final(_In_ SCOSSL_ECDSA_CTX *ctx, static const OSSL_PARAM *p_scossl_ecdsa_settable_ctx_params(_In_ SCOSSL_ECDSA_CTX *ctx, ossl_unused void *provctx) { - return ctx->allowMdUpdates ? p_scossl_ecdsa_ctx_settable_param_types : p_scossl_ecdsa_ctx_settable_param_types_no_digest; + if (ctx == NULL || ctx->allowMdUpdates) + { + return p_scossl_ecdsa_ctx_settable_param_types; + } + + return p_scossl_ecdsa_ctx_settable_param_types_no_digest; } static SCOSSL_STATUS p_scossl_ecdsa_set_ctx_params(_Inout_ SCOSSL_ECDSA_CTX *ctx, _In_ const OSSL_PARAM params[]) @@ -339,6 +349,17 @@ static SCOSSL_STATUS p_scossl_ecdsa_set_ctx_params(_Inout_ SCOSSL_ECDSA_CTX *ctx const OSSL_PARAM *param_propq; const char *mdname, *mdprops; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL) { if (!OSSL_PARAM_get_utf8_string_ptr(p, &mdname)) @@ -401,15 +422,16 @@ static const OSSL_PARAM *p_scossl_ecdsa_gettable_ctx_params(ossl_unused void *ct static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_params(_In_ SCOSSL_ECDSA_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - if (params == NULL) - { - return SCOSSL_SUCCESS; - } - OSSL_PARAM *p; X509_ALGOR *x509Alg = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL ? "" : EVP_MD_get0_name(ctx->md))) { @@ -516,9 +538,9 @@ static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_params(_In_ SCOSSL_ECDSA_CTX *ctx, _ static const OSSL_PARAM *p_scossl_ecdsa_gettable_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx) { - if (ctx->md == NULL) + if (ctx == NULL || ctx->md == NULL) { - return SCOSSL_FAILURE; + return NULL; } return EVP_MD_gettable_ctx_params(ctx->md); @@ -526,8 +548,9 @@ static const OSSL_PARAM *p_scossl_ecdsa_gettable_ctx_md_params(_In_ SCOSSL_ECDSA static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx, _Inout_ OSSL_PARAM *params) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } @@ -536,9 +559,9 @@ static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx static const OSSL_PARAM *p_scossl_ecdsa_settable_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx) { - if (ctx->md == NULL) + if (ctx == NULL || ctx->md == NULL) { - return SCOSSL_FAILURE; + return NULL; } return EVP_MD_settable_ctx_params(ctx->md); @@ -546,8 +569,9 @@ static const OSSL_PARAM *p_scossl_ecdsa_settable_ctx_md_params(_In_ SCOSSL_ECDSA static SCOSSL_STATUS p_scossl_ecdsa_set_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx, _In_ const OSSL_PARAM params[]) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c index 43d0783f..24b3252d 100644 --- a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c @@ -2,8 +2,6 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include -#include #include #include @@ -117,7 +115,12 @@ static void p_scossl_rsa_freectx(SCOSSL_RSA_SIGN_CTX *ctx) static SCOSSL_RSA_SIGN_CTX *p_scossl_rsa_dupctx(_In_ SCOSSL_RSA_SIGN_CTX *ctx) { - SCOSSL_RSA_SIGN_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_RSA_SIGN_CTX)); + SCOSSL_RSA_SIGN_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_RSA_SIGN_CTX)); if (copyCtx != NULL) { if ((ctx->propq != NULL && ((copyCtx->propq = OPENSSL_strdup(ctx->propq)) == NULL)) || @@ -225,7 +228,7 @@ static SCOSSL_STATUS p_scossl_rsa_sign(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _Out_writes_bytes_(*siglen) unsigned char *sig, _Out_ size_t *siglen, size_t sigsize, _In_reads_bytes_(tbslen) const unsigned char *tbs, size_t tbslen) { - int mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + int mdnid; SCOSSL_STATUS ret = SCOSSL_FAILURE; if (ctx == NULL || ctx->keyCtx == NULL) @@ -243,9 +246,11 @@ static SCOSSL_STATUS p_scossl_rsa_sign(_In_ SCOSSL_RSA_SIGN_CTX *ctx, if (sig != NULL && sigsize < SymCryptRsakeySizeofModulus(ctx->keyCtx->key)) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - goto err; + return SCOSSL_FAILURE; } + mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + switch (ctx->padding) { case RSA_PKCS1_PADDING: @@ -280,7 +285,7 @@ static SCOSSL_STATUS p_scossl_rsa_verify(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _In_reads_bytes_(siglen) const unsigned char *sig, size_t siglen, _In_reads_bytes_(tbslen) const unsigned char *tbs, size_t tbslen) { - int mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + int mdnid; if (ctx == NULL || ctx->keyCtx == NULL) { @@ -294,6 +299,8 @@ static SCOSSL_STATUS p_scossl_rsa_verify(_In_ SCOSSL_RSA_SIGN_CTX *ctx, return SCOSSL_FAILURE; } + mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + switch (ctx->padding) { case RSA_PKCS1_PADDING: @@ -381,8 +388,9 @@ static SCOSSL_STATUS p_scossl_rsa_digest_verify_init(_In_ SCOSSL_RSA_SIGN_CTX *c static SCOSSL_STATUS p_scossl_rsa_digest_signverify_update(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _In_reads_bytes_(datalen) const unsigned char *data, size_t datalen) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } @@ -396,9 +404,10 @@ static SCOSSL_STATUS p_scossl_rsa_digest_sign_final(_In_ SCOSSL_RSA_SIGN_CTX *ct BYTE digest[EVP_MAX_MD_SIZE]; unsigned int cbDigest = 0; - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { - return ret; + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return SCOSSL_FAILURE; } // If sig is NULL, this is a size fetch, and the digest does not need to be computed @@ -417,8 +426,9 @@ static SCOSSL_STATUS p_scossl_rsa_digest_verify_final(_In_ SCOSSL_RSA_SIGN_CTX * BYTE digest[EVP_MAX_MD_SIZE]; unsigned int cbDigest = 0; - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } @@ -431,7 +441,12 @@ static SCOSSL_STATUS p_scossl_rsa_digest_verify_final(_In_ SCOSSL_RSA_SIGN_CTX * static const OSSL_PARAM *p_scossl_rsa_settable_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, ossl_unused void *provctx) { - return ctx->allowMdUpdates ? p_scossl_rsa_sig_ctx_settable_param_types : p_scossl_rsa_sig_ctx_settable_param_types_no_digest; + if (ctx == NULL || ctx->allowMdUpdates) + { + return p_scossl_rsa_sig_ctx_settable_param_types; + } + + return p_scossl_rsa_sig_ctx_settable_param_types_no_digest; } static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ctx, _In_ const OSSL_PARAM params[]) @@ -439,6 +454,17 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct const OSSL_PARAM *p; const char *mdName, *mdProps; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL) { EVP_MD *md = NULL; @@ -702,7 +728,12 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct static const OSSL_PARAM *p_scossl_rsa_gettable_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, ossl_unused void *provctx) { - return ctx->padding == RSA_PKCS1_PSS_PADDING ? p_scossl_rsa_pss_sig_ctx_gettable_param_types : p_scossl_rsa_sig_ctx_gettable_param_types; + if (ctx == NULL || ctx->padding == RSA_PKCS1_PSS_PADDING) + { + return p_scossl_rsa_pss_sig_ctx_gettable_param_types; + } + + return p_scossl_rsa_sig_ctx_gettable_param_types; } static ASN1_STRING *p_scossl_rsa_pss_params_to_asn1_sequence(_In_ SCOSSL_RSA_SIGN_CTX *ctx) @@ -807,16 +838,17 @@ static ASN1_STRING *p_scossl_rsa_pss_params_to_asn1_sequence(_In_ SCOSSL_RSA_SIG static SCOSSL_STATUS p_scossl_rsa_get_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - if (params == NULL) - { - return SCOSSL_SUCCESS; - } - OSSL_PARAM *p; ASN1_STRING *pval = NULL; X509_ALGOR *x509Alg = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->mdInfo == NULL ? "" : ctx->mdInfo->ptr)) { @@ -1026,9 +1058,9 @@ static SCOSSL_STATUS p_scossl_rsa_get_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, static const OSSL_PARAM *p_scossl_rsa_gettable_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx) { - if (ctx->md == NULL) + if (ctx == NULL || ctx->md == NULL) { - return SCOSSL_FAILURE; + return NULL; } return EVP_MD_gettable_ctx_params(ctx->md); @@ -1036,8 +1068,9 @@ static const OSSL_PARAM *p_scossl_rsa_gettable_ctx_md_params(_In_ SCOSSL_RSA_SIG static SCOSSL_STATUS p_scossl_rsa_get_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _Inout_ OSSL_PARAM *params) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } @@ -1046,9 +1079,9 @@ static SCOSSL_STATUS p_scossl_rsa_get_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ct static const OSSL_PARAM *p_scossl_rsa_settable_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx) { - if (ctx->md == NULL) + if (ctx == NULL || ctx->md == NULL) { - return SCOSSL_FAILURE; + return NULL; } return EVP_MD_settable_ctx_params(ctx->md); @@ -1056,8 +1089,9 @@ static const OSSL_PARAM *p_scossl_rsa_settable_ctx_md_params(_In_ SCOSSL_RSA_SIG static SCOSSL_STATUS p_scossl_rsa_set_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _In_ const OSSL_PARAM params[]) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; }