diff --git a/ScosslCommon/src/scossl_aes_aead.c b/ScosslCommon/src/scossl_aes_aead.c index b48bfe58..ce44188d 100644 --- a/ScosslCommon/src/scossl_aes_aead.c +++ b/ScosslCommon/src/scossl_aes_aead.c @@ -56,6 +56,7 @@ SCOSSL_STATUS scossl_aes_gcm_init_key(SCOSSL_CIPHER_GCM_CTX *ctx, return SCOSSL_FAILURE; } } + if (key != NULL) { scError = SymCryptGcmExpandKey(&ctx->key, SymCryptAesBlockCipher, key, keylen); @@ -64,6 +65,7 @@ SCOSSL_STATUS scossl_aes_gcm_init_key(SCOSSL_CIPHER_GCM_CTX *ctx, return SCOSSL_FAILURE; } } + return SCOSSL_SUCCESS; } @@ -299,7 +301,7 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_len(SCOSSL_CIPHER_GCM_CTX *ctx, size_t ivlen if (ivlen != ctx->ivlen) { ctx->ivlen = ivlen; - + if (ctx->iv != NULL) { OPENSSL_free(ctx->iv); @@ -455,7 +457,7 @@ SCOSSL_STATUS scossl_aes_ccm_init_key(SCOSSL_CIPHER_CCM_CTX *ctx, ctx->ccmStage = SCOSSL_CCM_STAGE_INIT; ctx->cbData = 0; - if (iv) + if (iv != NULL) { if (!scossl_aes_ccm_set_iv_len(ctx, ivlen)) { @@ -466,7 +468,8 @@ SCOSSL_STATUS scossl_aes_ccm_init_key(SCOSSL_CIPHER_CCM_CTX *ctx, memcpy(ctx->iv, iv, ctx->ivlen); ctx->ivSet = 1; } - if (key) + + if (key != NULL) { scError = SymCryptAesExpandKey(&ctx->key, key, keylen); if (scError != SYMCRYPT_NO_ERROR) @@ -474,6 +477,7 @@ SCOSSL_STATUS scossl_aes_ccm_init_key(SCOSSL_CIPHER_CCM_CTX *ctx, return SCOSSL_FAILURE; } } + return SCOSSL_SUCCESS; } diff --git a/ScosslCommon/src/scossl_mac.c b/ScosslCommon/src/scossl_mac.c index 66b5814f..15385cd1 100644 --- a/ScosslCommon/src/scossl_mac.c +++ b/ScosslCommon/src/scossl_mac.c @@ -86,6 +86,9 @@ SCOSSL_MAC_CTX *scossl_mac_dupctx(SCOSSL_MAC_CTX *ctx) SCOSSL_STATUS success = SCOSSL_FAILURE; SCOSSL_MAC_CTX *copyCtx = NULL; + if (ctx == NULL) + return NULL; + if ((copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MAC_CTX))) != NULL) { if (ctx->pbKey != NULL) diff --git a/SymCryptProvider/inc/p_scossl_base.h.in b/SymCryptProvider/inc/p_scossl_base.h.in index f9985cb5..6af52fa2 100644 --- a/SymCryptProvider/inc/p_scossl_base.h.in +++ b/SymCryptProvider/inc/p_scossl_base.h.in @@ -34,12 +34,12 @@ static const OSSL_PARAM p_scossl_param_types[] = { OSSL_PARAM_int(OSSL_PROV_PARAM_STATUS, NULL), OSSL_PARAM_END}; -// EVP_MD_CTX_dup is a helpful function for the provider, but was not added until OpenSSL 3.1 -// This function is copied from 3.1 to allow its use when the provider is built against 3.0 -#if OPENSSL_VERSION_MAJOR == 3 && OPENSSL_VERSION_MINOR == 0 -EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in); - -#endif // OPENSSL_VERSION_MAJOR == 3 && OPENSSL_VERSION_MINOR == 0 +// Helper function from the default provider that that is used by get/set +// parameter functions to avoid iterating through an empty parameter array. +static inline BOOL p_scossl_is_params_empty(_In_ const OSSL_PARAM params[]) +{ + return params == NULL || params->key == NULL; +} #ifdef __cplusplus } diff --git a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c index 0b1d6f7f..dd930993 100644 --- a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c +++ b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c @@ -246,6 +246,12 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_get_ctx_params(_In_ SCOSSL_RSA_CIPHER_C { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE)) != NULL) { int i = 0; @@ -307,6 +313,17 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_set_ctx_params(_Inout_ SCOSSL_RSA_CIPHE const OSSL_PARAM *param_propq; const char *mdName, *mdProps; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_ASYM_CIPHER_PARAM_PAD_MODE)) != NULL) { // Padding mode may be passed as legacy NID or string, and is diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes.c b/SymCryptProvider/src/ciphers/p_scossl_aes.c index e56908c3..b1da0721 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes.c @@ -74,6 +74,9 @@ static void p_scossl_aes_generic_freectx(SCOSSL_AES_CTX *ctx) static SCOSSL_AES_CTX *p_scossl_aes_generic_dupctx(SCOSSL_AES_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copyCtx, OPENSSL_malloc, SCOSSL_AES_CTX); if (copyCtx != NULL) { @@ -702,7 +705,13 @@ SCOSSL_STATUS p_scossl_aes_generic_get_params(_Inout_ OSSL_PARAM params[], static SCOSSL_STATUS p_scossl_aes_generic_get_ctx_params(_In_ SCOSSL_AES_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) @@ -746,7 +755,18 @@ static SCOSSL_STATUS p_scossl_aes_generic_get_ctx_params(_In_ SCOSSL_AES_CTX *ct static SCOSSL_STATUS p_scossl_aes_generic_set_ctx_params(_Inout_ SCOSSL_AES_CTX *ctx, _In_ const OSSL_PARAM params[]) { - const OSSL_PARAM *p = NULL; + const OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_PADDING)) != NULL) { diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes_aead.c b/SymCryptProvider/src/ciphers/p_scossl_aes_aead.c index 821f11ec..5ca685eb 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes_aead.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes_aead.c @@ -7,6 +7,7 @@ #include #include "scossl_aes_aead.h" +#include "p_scossl_base.h" #include "p_scossl_aes.h" #include "p_scossl_skey.h" @@ -63,6 +64,9 @@ static void p_scossl_aes_gcm_freectx(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx) static SCOSSL_CIPHER_GCM_CTX *p_scossl_aes_gcm_dupctx(_In_ SCOSSL_CIPHER_GCM_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copy_ctx, OPENSSL_malloc, SCOSSL_CIPHER_GCM_CTX); if (copy_ctx != NULL) { @@ -81,6 +85,7 @@ static SCOSSL_CIPHER_GCM_CTX *p_scossl_aes_gcm_dupctx(_In_ SCOSSL_CIPHER_GCM_CTX } SymCryptGcmKeyCopy(&ctx->key, ©_ctx->key); } + return copy_ctx; } @@ -89,7 +94,7 @@ static SCOSSL_STATUS p_scossl_aes_gcm_init_internal(_Inout_ SCOSSL_CIPHER_GCM_CT _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - if (key && keylen != ctx->keylen) + if (key != NULL && keylen != ctx->keylen) { return SCOSSL_FAILURE; } @@ -161,40 +166,50 @@ static const OSSL_PARAM *p_scossl_aes_gcm_settable_ctx_params(ossl_unused void * static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->taglen)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->taglen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tlsAadSet ? EVP_GCM_TLS_TAG_LEN : 0)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->tlsAadSet ? EVP_GCM_TLS_TAG_LEN : 0)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV)) != NULL) { if (p->data_size < ctx->ivlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, ctx->iv != NULL ? (const void*)ctx->iv : "", ctx->ivlen) && !OSSL_PARAM_set_octet_ptr(p, ctx->iv != NULL ? (const void*)ctx->iv : "", ctx->ivlen)) { @@ -202,14 +217,15 @@ static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV)) != NULL) { if (p->data_size < ctx->ivlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, ctx->iv != NULL ? (const void*)ctx->iv : "", ctx->ivlen) && !OSSL_PARAM_set_octet_ptr(p, ctx->iv != NULL ? (const void*)ctx->iv : "", ctx->ivlen)) { @@ -217,8 +233,8 @@ static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { if (p->data_size == 0 || p->data_size > SCOSSL_GCM_MAX_TAG_LENGTH || @@ -227,14 +243,15 @@ static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, &ctx->tag, p->data_size)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN); - if (p != NULL && + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_GET_IV_GEN)) != NULL && (p->data == NULL || p->data_type != OSSL_PARAM_OCTET_STRING || !scossl_aes_gcm_iv_gen(ctx, p->data, p->data_size))) @@ -248,9 +265,20 @@ static SCOSSL_STATUS p_scossl_aes_gcm_get_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, _In_ const OSSL_PARAM params[]) { - const OSSL_PARAM *p = NULL; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); - if (p != NULL) + const OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN)) != NULL) { size_t ivlen; @@ -267,8 +295,7 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -282,8 +309,8 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -297,8 +324,8 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -312,8 +339,8 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -336,6 +363,9 @@ static SCOSSL_STATUS p_scossl_aes_gcm_set_ctx_params(_Inout_ SCOSSL_CIPHER_GCM_C */ static SCOSSL_CIPHER_CCM_CTX *p_scossl_aes_ccm_dupctx(_In_ SCOSSL_CIPHER_CCM_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copy_ctx, OPENSSL_malloc, SCOSSL_CIPHER_CCM_CTX); if (copy_ctx != NULL) { @@ -347,6 +377,7 @@ static SCOSSL_CIPHER_CCM_CTX *p_scossl_aes_ccm_dupctx(_In_ SCOSSL_CIPHER_CCM_CTX copy_ctx->state = ctx->state; copy_ctx->state.pExpandedKey = ©_ctx->key; } + return copy_ctx; } @@ -360,7 +391,7 @@ static SCOSSL_STATUS p_scossl_aes_ccm_init_internal(_Inout_ SCOSSL_CIPHER_CCM_CT _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { - if (key && keylen != ctx->keylen) + if (key != NULL && keylen != ctx->keylen) { return SCOSSL_FAILURE; } @@ -432,40 +463,50 @@ static const OSSL_PARAM *p_scossl_aes_ccm_settable_ctx_params(ossl_unused void * static SCOSSL_STATUS p_scossl_aes_ccm_get_ctx_params(_In_ SCOSSL_CIPHER_CCM_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->ivlen)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->ivlen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->taglen)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAGLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->taglen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->tlsAadSet ? ctx->taglen : 0)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD_PAD)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->tlsAadSet ? ctx->taglen : 0)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV)) != NULL) { if (p->data_size < ctx->ivlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen) && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { @@ -473,14 +514,15 @@ static SCOSSL_STATUS p_scossl_aes_ccm_get_ctx_params(_In_ SCOSSL_CIPHER_CCM_CTX return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV)) != NULL) { if (p->data_size < ctx->ivlen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_IV_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, &ctx->iv, ctx->ivlen) && !OSSL_PARAM_set_octet_ptr(p, &ctx->iv, ctx->ivlen)) { @@ -488,14 +530,15 @@ static SCOSSL_STATUS p_scossl_aes_ccm_get_ctx_params(_In_ SCOSSL_CIPHER_CCM_CTX return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { if (p->data_size < ctx->taglen) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH); return SCOSSL_FAILURE; } + if (!OSSL_PARAM_set_octet_string(p, &ctx->tag, ctx->taglen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); @@ -508,9 +551,20 @@ static SCOSSL_STATUS p_scossl_aes_ccm_get_ctx_params(_In_ SCOSSL_CIPHER_CCM_CTX static SCOSSL_STATUS p_scossl_aes_ccm_set_ctx_params(_Inout_ SCOSSL_CIPHER_CCM_CTX *ctx, _In_ const OSSL_PARAM params[]) { - const OSSL_PARAM *p = NULL; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN); - if (p != NULL) + const OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_IVLEN)) != NULL) { size_t ivlen; @@ -526,8 +580,8 @@ static SCOSSL_STATUS p_scossl_aes_ccm_set_ctx_params(_Inout_ SCOSSL_CIPHER_CCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TAG)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -541,8 +595,8 @@ static SCOSSL_STATUS p_scossl_aes_ccm_set_ctx_params(_Inout_ SCOSSL_CIPHER_CCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_AAD)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { @@ -556,8 +610,8 @@ static SCOSSL_STATUS p_scossl_aes_ccm_set_ctx_params(_Inout_ SCOSSL_CIPHER_CCM_C return SCOSSL_FAILURE; } } - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED); - if (p != NULL) + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED)) != NULL) { if (p->data_type != OSSL_PARAM_OCTET_STRING) { diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c index 4d44f485..e5bb893c 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c @@ -2,11 +2,10 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include -#include #include #include "scossl_helpers.h" +#include "p_scossl_base.h" #include "p_scossl_aes.h" #include "p_scossl_skey.h" @@ -51,6 +50,9 @@ static SCOSSL_AES_XTS_CTX *p_scossl_aes_xts_newctx_internal(size_t keylen) static SCOSSL_AES_XTS_CTX *p_scossl_aes_xts_dupctx(SCOSSL_AES_XTS_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copy_ctx, OPENSSL_malloc, SCOSSL_AES_XTS_CTX); if (copy_ctx != NULL) { @@ -125,6 +127,12 @@ static SCOSSL_STATUS p_scossl_aes_xts_skey_encrypt_init(_Inout_ SCOSSL_AES_XTS_C _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { + if (skey == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + return p_scossl_aes_xts_init_internal(ctx, 1, skey->pbKey, skey->cbKey, iv, ivlen, params); } @@ -132,6 +140,12 @@ static SCOSSL_STATUS p_scossl_aes_xts_skey_decrypt_init(_Inout_ SCOSSL_AES_XTS_C _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { + if (skey == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + return p_scossl_aes_xts_init_internal(ctx, 0, skey->pbKey, skey->cbKey, iv, ivlen, params); } @@ -139,6 +153,12 @@ static SCOSSL_STATUS p_scossl_aes_xts_cipher(SCOSSL_AES_XTS_CTX *ctx, _Out_writes_bytes_(*outl) unsigned char *out, _Out_ size_t *outl, size_t outsize, _In_reads_bytes_(inl) const unsigned char *in, size_t inl) { + if (out == NULL || in == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if (inl < SYMCRYPT_AES_BLOCK_SIZE) { ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_INPUT_LENGTH); @@ -207,45 +227,63 @@ static const OSSL_PARAM *p_scossl_aes_xts_settable_ctx_params(ossl_unused void * static SCOSSL_STATUS p_scossl_aes_xts_get_ctx_params(_In_ SCOSSL_AES_XTS_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, ctx->keylen)) + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, ctx->keylen)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN); - if (p != NULL && !OSSL_PARAM_set_size_t(p, SCOSSL_XTS_TWEAK_LENGTH)) + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IVLEN)) != NULL && + !OSSL_PARAM_set_size_t(p, SCOSSL_XTS_TWEAK_LENGTH)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV); - if (p != NULL && + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_IV)) != NULL && !OSSL_PARAM_set_octet_ptr(p, &ctx->tweak, SCOSSL_XTS_TWEAK_LENGTH) && !OSSL_PARAM_set_octet_string(p, &ctx->tweak, SCOSSL_XTS_TWEAK_LENGTH)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV); - if (p != NULL && + + if ((p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_UPDATED_IV)) != NULL && !OSSL_PARAM_set_octet_ptr(p, &ctx->tweak, SCOSSL_XTS_TWEAK_LENGTH) && !OSSL_PARAM_set_octet_string(p, &ctx->tweak, SCOSSL_XTS_TWEAK_LENGTH)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } + return SCOSSL_SUCCESS; } static SCOSSL_STATUS p_scossl_aes_xts_set_ctx_params(_Inout_ SCOSSL_AES_XTS_CTX *ctx, _In_ const OSSL_PARAM params[]) { - const OSSL_PARAM *p = NULL; + const OSSL_PARAM *p; - p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN); - if (p != NULL) + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + + if ((p = OSSL_PARAM_locate_const(params, OSSL_CIPHER_PARAM_KEYLEN)) != NULL) { size_t keylen; @@ -254,11 +292,13 @@ static SCOSSL_STATUS p_scossl_aes_xts_set_ctx_params(_Inout_ SCOSSL_AES_XTS_CTX ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } + if (keylen != ctx->keylen) { return SCOSSL_FAILURE; } } + return SCOSSL_SUCCESS; } diff --git a/SymCryptProvider/src/digests/p_scossl_cshake.c b/SymCryptProvider/src/digests/p_scossl_cshake.c index b3f58389..4f5cad81 100644 --- a/SymCryptProvider/src/digests/p_scossl_cshake.c +++ b/SymCryptProvider/src/digests/p_scossl_cshake.c @@ -7,6 +7,7 @@ #include "scossl_provider.h" #include "p_scossl_digest_common.h" +#include "p_scossl_base.h" #ifdef __cplusplus extern "C" { @@ -130,6 +131,9 @@ static SCOSSL_CSHAKE_CTX *p_scossl_cshake_dupctx(_In_ SCOSSL_CSHAKE_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copyCtx, OPENSSL_zalloc, SCOSSL_CSHAKE_CTX); if (copyCtx != NULL) @@ -276,6 +280,7 @@ static SCOSSL_STATUS p_scossl_cshake_256_digest(ossl_unused void *prov_ctx, { return p_scossl_cshake_digest(&SymCryptCShake256Algorithm, in, inl, out, outl, outlen); } + static SCOSSL_STATUS p_scossl_cshake_128_get_params(_Inout_ OSSL_PARAM params[]) { return p_scossl_digest_get_params(params, @@ -296,6 +301,17 @@ static SCOSSL_STATUS p_scossl_cshake_set_ctx_params(_Inout_ SCOSSL_CSHAKE_CTX *c { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_DIGEST_PARAM_FUNCTION_NAME_STRING)) != NULL) { if (ctx->xofState != SCOSSL_XOF_STATE_INIT) @@ -344,6 +360,11 @@ static SCOSSL_STATUS p_scossl_cshake_set_ctx_params(_Inout_ SCOSSL_CSHAKE_CTX *c static const OSSL_PARAM *p_scossl_cshake_settable_ctx_params(_In_ SCOSSL_CSHAKE_CTX *ctx, ossl_unused void *provctx) { + if (ctx == NULL) + { + return p_scossl_cshake_settable_ctx_param_types; + } + return ctx->xofState == SCOSSL_XOF_STATE_INIT ? p_scossl_cshake_settable_ctx_param_types : p_scossl_cshake_settable_ctx_param_types_initialized; } diff --git a/SymCryptProvider/src/digests/p_scossl_digest_common.c b/SymCryptProvider/src/digests/p_scossl_digest_common.c index 53a8fdd7..7c216007 100644 --- a/SymCryptProvider/src/digests/p_scossl_digest_common.c +++ b/SymCryptProvider/src/digests/p_scossl_digest_common.c @@ -1,11 +1,9 @@ // // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // - -#include -#include #include +#include "p_scossl_base.h" #include "digests/p_scossl_digest_common.h" #ifdef __cplusplus @@ -36,6 +34,9 @@ void p_scossl_digest_freectx(SCOSSL_DIGEST_CTX *ctx) _Use_decl_annotations_ SCOSSL_DIGEST_CTX *p_scossl_digest_dupctx(SCOSSL_DIGEST_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_DIGEST_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_DIGEST_CTX)); if (copyCtx != NULL) @@ -73,6 +74,11 @@ SCOSSL_STATUS p_scossl_digest_get_params(OSSL_PARAM params[], size_t size, size_ { OSSL_PARAM *p; + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate(params, OSSL_DIGEST_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, size)) { diff --git a/SymCryptProvider/src/digests/p_scossl_digest_generic.c b/SymCryptProvider/src/digests/p_scossl_digest_generic.c index 59045653..524e9ee1 100644 --- a/SymCryptProvider/src/digests/p_scossl_digest_generic.c +++ b/SymCryptProvider/src/digests/p_scossl_digest_generic.c @@ -44,6 +44,12 @@ static SCOSSL_STATUS p_scossl_digest_get_state_internal(_In_ SCOSSL_DIGEST_CTX * BYTE pbExportBlob[SCOSSL_MAX_STATE_EXPORT_BLOB_SIZE]; OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, SCOSSL_DIGEST_PARAM_STATE)) != NULL) { pExportFunc(ctx->pState, pbExportBlob); @@ -67,6 +73,12 @@ static SCOSSL_STATUS p_scossl_digest_set_state_internal(_In_ SCOSSL_DIGEST_CTX * SYMCRYPT_ERROR scError; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, SCOSSL_DIGEST_PARAM_STATE)) != NULL) { if (!OSSL_PARAM_get_octet_string_ptr(p, (void *)&pbImportBlob, &cbImportBlob)) diff --git a/SymCryptProvider/src/digests/p_scossl_shake.c b/SymCryptProvider/src/digests/p_scossl_shake.c index 98cd8810..052642e5 100644 --- a/SymCryptProvider/src/digests/p_scossl_shake.c +++ b/SymCryptProvider/src/digests/p_scossl_shake.c @@ -2,9 +2,9 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include #include +#include "p_scossl_base.h" #include "digests/p_scossl_digest_common.h" #ifdef __cplusplus @@ -19,6 +19,17 @@ static SCOSSL_STATUS p_scossl_shake_set_ctx_params(_Inout_ SCOSSL_DIGEST_CTX *ct { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_DIGEST_PARAM_XOFLEN)) != NULL && !OSSL_PARAM_get_size_t(p, &ctx->xofLen)) { diff --git a/SymCryptProvider/src/encoder/p_scossl_encode_common.c b/SymCryptProvider/src/encoder/p_scossl_encode_common.c index c9615ae4..23a256ee 100644 --- a/SymCryptProvider/src/encoder/p_scossl_encode_common.c +++ b/SymCryptProvider/src/encoder/p_scossl_encode_common.c @@ -46,6 +46,17 @@ SCOSSL_STATUS p_scossl_encode_set_ctx_params(SCOSSL_ENCODE_CTX *ctx, const OSSL_ { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_ENCODER_PARAM_CIPHER)) != NULL) { OSSL_LIB_CTX *libctx = ctx->provctx == NULL ? NULL : ctx->provctx->libctx; diff --git a/SymCryptProvider/src/kdf/p_scossl_hkdf.c b/SymCryptProvider/src/kdf/p_scossl_hkdf.c index 86e570fb..d1af1f91 100644 --- a/SymCryptProvider/src/kdf/p_scossl_hkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_hkdf.c @@ -73,7 +73,12 @@ void p_scossl_hkdf_freectx(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx) SCOSSL_PROV_HKDF_CTX *p_scossl_hkdf_dupctx(_In_ SCOSSL_PROV_HKDF_CTX *ctx) { - SCOSSL_PROV_HKDF_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_HKDF_CTX)); + SCOSSL_PROV_HKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_HKDF_CTX)); if (copyCtx != NULL) { if ((copyCtx->hkdfCtx = scossl_hkdf_dupctx(ctx->hkdfCtx)) == NULL || @@ -115,6 +120,12 @@ SCOSSL_STATUS p_scossl_hkdf_get_ctx_params(_In_ SCOSSL_PROV_HKDF_CTX *ctx, _Inou { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { SIZE_T cbResult; @@ -209,6 +220,17 @@ SCOSSL_STATUS p_scossl_hkdf_set_ctx_params(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx, co SIZE_T cbInfo; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_MODE)) != NULL) { int mode = -1; @@ -330,6 +352,16 @@ SCOSSL_STATUS p_scossl_tls13kdf_set_ctx_params(_Inout_ SCOSSL_PROV_HKDF_CTX *ctx { const OSSL_PARAM *p; + if (ctx == NULL) + { + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if (!p_scossl_hkdf_set_ctx_params(ctx, params)) return SCOSSL_FAILURE; diff --git a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c index 9c3eb06f..8a1cb527 100644 --- a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c @@ -83,7 +83,12 @@ static void p_scossl_kbkdf_freectx(_Inout_ SCOSSL_PROV_KBKDF_CTX *ctx) static SCOSSL_PROV_KBKDF_CTX *p_scossl_kbkdf_dupctx(_In_ SCOSSL_PROV_KBKDF_CTX *ctx) { - SCOSSL_PROV_KBKDF_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_KBKDF_CTX)); + SCOSSL_PROV_KBKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_KBKDF_CTX)); if (copyCtx != NULL) { *copyCtx = *ctx; @@ -225,6 +230,12 @@ static SCOSSL_STATUS p_scossl_kbkdf_get_ctx_params(ossl_unused void *ctx, _Inout { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { @@ -257,6 +268,17 @@ static SCOSSL_STATUS p_scossl_kbkdf_set_ctx_params(_Inout_ SCOSSL_PROV_KBKDF_CTX SCOSSL_STATUS ret = SCOSSL_FAILURE; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) { if (!p_scossl_kbkdf_get_octet_string(p, &ctx->pbKey, &ctx->cbKey)) diff --git a/SymCryptProvider/src/kdf/p_scossl_pbkdf2.c b/SymCryptProvider/src/kdf/p_scossl_pbkdf2.c index b055f4d0..61e90970 100644 --- a/SymCryptProvider/src/kdf/p_scossl_pbkdf2.c +++ b/SymCryptProvider/src/kdf/p_scossl_pbkdf2.c @@ -77,8 +77,12 @@ void p_scossl_pbkdf2_freectx(_Inout_ SCOSSL_PROV_PBKDF2_CTX *ctx) SCOSSL_PROV_PBKDF2_CTX *p_scossl_pbkdf2_dupctx(_In_ SCOSSL_PROV_PBKDF2_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_PBKDF2_CTX *copyCtx; - SCOSSL_PROV_PBKDF2_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_PBKDF2_CTX)); + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_PBKDF2_CTX)); if (copyCtx != NULL) { copyCtx->libctx = ctx->libctx; @@ -218,6 +222,12 @@ SCOSSL_STATUS p_scossl_pbkdf2_get_ctx_params(ossl_unused void *ctx, _Inout_ OSSL { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { @@ -234,6 +244,17 @@ SCOSSL_STATUS p_scossl_pbkdf2_set_ctx_params(_Inout_ SCOSSL_PROV_PBKDF2_CTX *ctx SCOSSL_STATUS ret = SCOSSL_FAILURE; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_PKCS5)) != NULL) { int pkcs5; diff --git a/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c b/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c index 1d6866c9..08bfce58 100644 --- a/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_srtpkdf.c @@ -2,11 +2,10 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include #include -#include "scossl_helpers.h" #include "scossl_provider.h" +#include "p_scossl_base.h" #ifdef __cplusplus extern "C" { @@ -90,7 +89,12 @@ static SCOSSL_PROV_SRTPKDF_CTX *p_scossl_srtpkdf_dupctx(_In_ SCOSSL_PROV_SRTPKDF { SYMCRYPT_ERROR scError; SCOSSL_STATUS status = SCOSSL_FAILURE; - SCOSSL_PROV_SRTPKDF_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_SRTPKDF_CTX)); + SCOSSL_PROV_SRTPKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_SRTPKDF_CTX)); if (copyCtx != NULL) { @@ -204,6 +208,12 @@ static SCOSSL_STATUS p_scossl_srtpkdf_get_ctx_params(ossl_unused void *ctx, _Ino { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { @@ -218,6 +228,17 @@ static SCOSSL_STATUS p_scossl_srtpkdf_set_ctx_params(_Inout_ SCOSSL_PROV_SRTPKDF { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) { PBYTE pbKey; diff --git a/SymCryptProvider/src/kdf/p_scossl_sshkdf.c b/SymCryptProvider/src/kdf/p_scossl_sshkdf.c index 31a64729..cc2720a0 100644 --- a/SymCryptProvider/src/kdf/p_scossl_sshkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_sshkdf.c @@ -64,7 +64,7 @@ void p_scossl_sshkdf_freectx(_Inout_ SCOSSL_PROV_SSHKDF_CTX *ctx) { if (ctx == NULL) return; - + OPENSSL_free(ctx->mdName); scossl_sshkdf_freectx(ctx->sshkdfCtx); OPENSSL_free(ctx); @@ -73,8 +73,12 @@ void p_scossl_sshkdf_freectx(_Inout_ SCOSSL_PROV_SSHKDF_CTX *ctx) SCOSSL_PROV_SSHKDF_CTX *p_scossl_sshkdf_dupctx(_In_ SCOSSL_PROV_SSHKDF_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_SSHKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; - SCOSSL_PROV_SSHKDF_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSHKDF_CTX)); + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSHKDF_CTX)); if (copyCtx != NULL) { if ((copyCtx->sshkdfCtx = scossl_sshkdf_dupctx(ctx->sshkdfCtx)) == NULL) @@ -134,11 +138,17 @@ SCOSSL_STATUS p_scossl_sshkdf_get_ctx_params(_In_ SCOSSL_PROV_SSHKDF_CTX *ctx, _ { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); - return SCOSSL_FAILURE; + ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); + return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_DIGEST)) != NULL && @@ -191,6 +201,17 @@ SCOSSL_STATUS p_scossl_sshkdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSHKDF_CTX *ctx { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { PCSYMCRYPT_HASH symcryptHashAlg = NULL; diff --git a/SymCryptProvider/src/kdf/p_scossl_sskdf.c b/SymCryptProvider/src/kdf/p_scossl_sskdf.c index e8a6a1b9..30ab7f3a 100644 --- a/SymCryptProvider/src/kdf/p_scossl_sskdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_sskdf.c @@ -19,7 +19,7 @@ typedef struct { SIZE_T cbSalt; PBYTE pbInfo; SIZE_T cbInfo; - + BOOL isSaltExpanded; SYMCRYPT_SSKDF_MAC_EXPANDED_SALT expandedSalt; @@ -74,8 +74,12 @@ void p_scossl_sskdf_freectx(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx) SCOSSL_PROV_SSKDF_CTX *p_scossl_sskdf_dupctx(_In_ SCOSSL_PROV_SSKDF_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_SSKDF_CTX *copyCtx; + + if (ctx == NULL) + return NULL; - SCOSSL_PROV_SSKDF_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSKDF_CTX)); + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_SSKDF_CTX)); if (copyCtx != NULL) { if (ctx->pbSecret != NULL) @@ -162,7 +166,7 @@ SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, if (ctx->mac != NULL) { if (!ctx->isSaltExpanded) - { + { PCSYMCRYPT_MAC pcSymCryptMacAlgorithm = NULL; if (EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_HMAC)) { @@ -171,7 +175,7 @@ SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } - + pcSymCryptMacAlgorithm = scossl_get_symcrypt_hmac_algorithm(ctx->mdnid); } if (EVP_MAC_is_a(ctx->mac, OSSL_MAC_NAME_KMAC128)) @@ -182,8 +186,8 @@ SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, { pcSymCryptMacAlgorithm = SymCryptKmac256Algorithm; } - - + + if (pcSymCryptMacAlgorithm == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_UNSUPPORTED_MAC_TYPE); @@ -194,7 +198,7 @@ SCOSSL_STATUS p_scossl_sskdf_derive(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, &ctx->expandedSalt, pcSymCryptMacAlgorithm, ctx->pbSalt, ctx->cbSalt); - + if (scError != SYMCRYPT_NO_ERROR) { SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptSskdfMacExpandSalt failed", scError); @@ -254,6 +258,12 @@ SCOSSL_STATUS p_scossl_sskdf_get_ctx_params(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, _In { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL) { SIZE_T cbResult = 0; @@ -264,7 +274,7 @@ SCOSSL_STATUS p_scossl_sskdf_get_ctx_params(_In_ SCOSSL_PROV_SSKDF_CTX *ctx, _In } else if (ctx->pHash != NULL) { - cbResult = SymCryptHashResultSize(ctx->pHash); + cbResult = SymCryptHashResultSize(ctx->pHash); } else { @@ -288,9 +298,20 @@ SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, EVP_MD *md = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SECRET)) != NULL || // Shared secret may be set by OSSL_KDF_PARAM_KEY instead - (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) + (p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_KEY)) != NULL) { OPENSSL_secure_free(ctx->pbSecret); ctx->cbSecret = 0; @@ -311,7 +332,7 @@ SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, goto cleanup; } } - + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_SALT)) != NULL) { OPENSSL_free(ctx->pbSalt); @@ -327,7 +348,7 @@ SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, } if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_INFO)) != NULL) - { + { PBYTE pbCur = NULL; SIZE_T cbCur = 0; SIZE_T cbInfoMax = 0; @@ -381,7 +402,7 @@ SCOSSL_STATUS p_scossl_sskdf_set_ctx_params(_Inout_ SCOSSL_PROV_SSKDF_CTX *ctx, if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { const char *mdName; - + ctx->pHash = NULL; ctx->isSaltExpanded = FALSE; diff --git a/SymCryptProvider/src/kdf/p_scossl_tls1prf.c b/SymCryptProvider/src/kdf/p_scossl_tls1prf.c index 22191a5a..c0fd923d 100644 --- a/SymCryptProvider/src/kdf/p_scossl_tls1prf.c +++ b/SymCryptProvider/src/kdf/p_scossl_tls1prf.c @@ -55,8 +55,12 @@ void p_scossl_tls1prf_freectx(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX *ctx) SCOSSL_PROV_TLS1_PRF_CTX *p_scossl_tls1prf_dupctx(_In_ SCOSSL_PROV_TLS1_PRF_CTX *ctx) { SCOSSL_STATUS status = SCOSSL_FAILURE; + SCOSSL_PROV_TLS1_PRF_CTX *copyCtx; - SCOSSL_PROV_TLS1_PRF_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_TLS1_PRF_CTX)); + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_PROV_TLS1_PRF_CTX)); if (copyCtx != NULL) { if ((copyCtx->tls1prfCtx = scossl_tls1prf_dupctx(ctx->tls1prfCtx)) == NULL) @@ -132,6 +136,12 @@ SCOSSL_STATUS p_scossl_tls1prf_get_ctx_params(_In_ SCOSSL_PROV_TLS1_PRF_CTX *ctx { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_KDF_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, SIZE_MAX)) { @@ -172,6 +182,17 @@ SCOSSL_STATUS p_scossl_tls1prf_set_ctx_params(_Inout_ SCOSSL_PROV_TLS1_PRF_CTX * SIZE_T cbSeed; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_KDF_PARAM_DIGEST)) != NULL) { PCSYMCRYPT_MAC symcryptHmacAlg = NULL; diff --git a/SymCryptProvider/src/kem/p_scossl_mlkem.c b/SymCryptProvider/src/kem/p_scossl_mlkem.c index fe577d39..418c7f2b 100644 --- a/SymCryptProvider/src/kem/p_scossl_mlkem.c +++ b/SymCryptProvider/src/kem/p_scossl_mlkem.c @@ -72,7 +72,12 @@ static void p_scossl_mlkem_freectx(_Inout_ SCOSSL_MLKEM_CTX *ctx) static SCOSSL_MLKEM_CTX *p_scossl_mlkem_dupctx(_In_ SCOSSL_MLKEM_CTX *ctx) { - SCOSSL_MLKEM_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_MLKEM_CTX)); + SCOSSL_MLKEM_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_MLKEM_CTX)); if (copyCtx != NULL) { @@ -288,9 +293,15 @@ static SCOSSL_STATUS p_scossl_mlkem_set_ctx_params(_In_ SCOSSL_MLKEM_CTX *ctx, _ if (ctx == NULL) { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); return SCOSSL_FAILURE; } + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if (ctx->operation == EVP_PKEY_OP_ENCAPSULATE && (p = OSSL_PARAM_locate_const(params, OSSL_KEM_PARAM_IKME)) != NULL) { diff --git a/SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c b/SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c index 90bcfa30..c753cab1 100644 --- a/SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c +++ b/SymCryptProvider/src/kem/p_scossl_mlkem_hybrid.c @@ -53,7 +53,12 @@ static void p_scossl_mlkem_hybrid_freectx(_Inout_ SCOSSL_MLKEM_HYBRID_CTX *ctx) static SCOSSL_MLKEM_HYBRID_CTX *p_scossl_mlkem_hybrid_dupctx(_In_ SCOSSL_MLKEM_HYBRID_CTX *ctx) { - SCOSSL_MLKEM_HYBRID_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_MLKEM_HYBRID_CTX)); + SCOSSL_MLKEM_HYBRID_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_MLKEM_HYBRID_CTX)); if (copyCtx != NULL) { diff --git a/SymCryptProvider/src/keyexch/p_scossl_dh.c b/SymCryptProvider/src/keyexch/p_scossl_dh.c index 00ab7fea..1d069965 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_dh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_dh.c @@ -93,7 +93,12 @@ static void p_scossl_dh_freectx(_In_ SCOSSL_DH_CTX *ctx) static SCOSSL_DH_CTX *p_scossl_dh_dupctx(_In_ SCOSSL_DH_CTX *ctx) { - SCOSSL_DH_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_DH_CTX)); + SCOSSL_DH_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_DH_CTX)); if (copyCtx != NULL) { *copyCtx = *ctx; @@ -333,7 +338,18 @@ static SCOSSL_STATUS p_scossl_dh_set_ctx_params(_Inout_ SCOSSL_DH_CTX *ctx, _In_ char *mdProps = NULL; EVP_MD *md = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; - const OSSL_PARAM *p = NULL; + const OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } if ((p = OSSL_PARAM_locate_const(params, OSSL_EXCHANGE_PARAM_PAD)) != NULL) { @@ -463,7 +479,13 @@ static const OSSL_PARAM *p_scossl_dh_ctx_settable_params(ossl_unused void *ctx, static SCOSSL_STATUS p_scossl_dh_get_ctx_params(_In_ SCOSSL_DH_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } if ((p = OSSL_PARAM_locate(params, OSSL_EXCHANGE_PARAM_PAD)) != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) diff --git a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c index 303ad63d..6aec902f 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c @@ -40,7 +40,12 @@ void p_scossl_ecdh_freectx(SCOSSL_ECDH_CTX *ctx) _Use_decl_annotations_ SCOSSL_ECDH_CTX *p_scossl_ecdh_dupctx(SCOSSL_ECDH_CTX *ctx) { - SCOSSL_ECDH_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_ECDH_CTX)); + SCOSSL_ECDH_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_ECDH_CTX)); if (copyCtx != NULL) { *copyCtx = *ctx; diff --git a/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c b/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c index 9ec83ffa..221e36ad 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c +++ b/SymCryptProvider/src/keyexch/p_scossl_kdf_keyexch.c @@ -95,7 +95,12 @@ static void p_scossl_kdf_keyexch_freectx(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx) static SCOSSL_KDF_KEYEXCH_CTX *p_scossl_kdf_keyexch_dupctx(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx) { - SCOSSL_KDF_KEYEXCH_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_KDF_KEYEXCH_CTX)); + SCOSSL_KDF_KEYEXCH_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_KDF_KEYEXCH_CTX)); if (copyCtx != NULL) { @@ -166,21 +171,50 @@ static SCOSSL_STATUS p_scossl_kdf_keyexch_derive(_In_ SCOSSL_KDF_KEYEXCH_CTX *ct static SCOSSL_STATUS p_scossl_kdf_keyexch_set_ctx_params(_Inout_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ const OSSL_PARAM params[]) { + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + return ctx->kdfFns->setCtxParams(ctx->kdfCtx, params); } static const OSSL_PARAM *p_scossl_kdf_keyexch_ctx_settable_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ SCOSSL_PROVCTX *provctx) { + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + return ctx->kdfFns->settableCtxParams(ctx->kdfCtx, provctx); } static SCOSSL_STATUS p_scossl_kdf_keyexch_get_ctx_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _Inout_ OSSL_PARAM params[]) { + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + return ctx->kdfFns->getCtxParams(ctx->kdfCtx, params); } static const OSSL_PARAM *p_scossl_kdf_keyexch_ctx_gettable_params(_In_ SCOSSL_KDF_KEYEXCH_CTX *ctx, _In_ SCOSSL_PROVCTX *provctx) { + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return NULL; + } + return ctx->kdfFns->gettableCtxParams(ctx->kdfCtx, provctx); } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index b0dacb33..ce4c8cbc 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -119,8 +119,12 @@ static SCOSSL_PROV_DH_KEY_CTX *p_scossl_dh_keymgmt_new_ctx(_In_ SCOSSL_PROVCTX * static SCOSSL_PROV_DH_KEY_CTX *p_scossl_dh_keymgmt_dup_key_ctx(_In_ const SCOSSL_PROV_DH_KEY_CTX *ctx, ossl_unused int selection) { - SCOSSL_PROV_DH_KEY_CTX *copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_DH_KEY_CTX)); + SCOSSL_PROV_DH_KEY_CTX *copyCtx; + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_malloc(sizeof(SCOSSL_PROV_DH_KEY_CTX)); if (copyCtx != NULL) { *copyCtx = *ctx; @@ -423,6 +427,12 @@ static SCOSSL_STATUS p_scossl_dh_keygen_set_params(_Inout_ SCOSSL_DH_KEYGEN_CTX BOOL groupSetByParams; const OSSL_PARAM *p; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_FFC_TYPE)) != NULL) { const char *ffcTypeName; @@ -599,6 +609,12 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_set_params(_In_ SCOSSL_PROV_DH_KEY_CTX { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { SYMCRYPT_ERROR scError; @@ -927,8 +943,17 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_key_params(_In_ SCOSSL_DH_KEY_CTX * static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx, _Inout_ OSSL_PARAM params[]) { OSSL_PARAM *p; - int pubKeyBits = p_scossl_dh_pubkey_bits(ctx); - int privKeyBits = p_scossl_dh_privkey_bits(ctx); + int pubKeyBits; + int privKeyBits; + + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + pubKeyBits = p_scossl_dh_pubkey_bits(ctx); + privKeyBits = p_scossl_dh_privkey_bits(ctx); if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && (pubKeyBits < 0 || !OSSL_PARAM_set_int(p, pubKeyBits))) @@ -1022,6 +1047,12 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC SIZE_T cbPublicKey = 0; SYMCRYPT_ERROR scError; + if (ctx1 == NULL || ctx2 == NULL || + ctx1->keyCtx == NULL || ctx2->keyCtx == NULL) + { + goto cleanup; + } + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { if (!ctx1->keyCtx->initialized || !ctx2->keyCtx->initialized) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c index 5681b523..8ecb829e 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c @@ -115,6 +115,12 @@ static SCOSSL_STATUS p_scossl_ecc_keygen_set_params(_Inout_ SCOSSL_ECC_KEYGEN_CT { const OSSL_PARAM *p; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_GROUP_NAME)) != NULL) { EC_GROUP *ecGroup = EC_GROUP_new_from_params(params, genCtx->libctx, NULL); @@ -364,6 +370,12 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_params(_In_ SCOSSL_ECC_KEY_CTX *ke SCOSSL_STATUS ret = SCOSSL_FAILURE; OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && !OSSL_PARAM_set_uint32(p, p_scossl_ecc_get_max_result_size(keyCtx, FALSE))) { @@ -525,10 +537,19 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_set_params(_Inout_ SCOSSL_ECC_KEY_CTX BN_CTX *bnCtx = NULL; EC_POINT *ecPoint = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; - SYMCRYPT_NUMBER_FORMAT numFormat = keyCtx->isX25519 ? SYMCRYPT_NUMBER_FORMAT_LSB_FIRST : SYMCRYPT_NUMBER_FORMAT_MSB_FIRST; - SYMCRYPT_ECPOINT_FORMAT pointFormat = keyCtx->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; + SYMCRYPT_NUMBER_FORMAT numFormat; + SYMCRYPT_ECPOINT_FORMAT pointFormat; const OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + numFormat = keyCtx->isX25519 ? SYMCRYPT_NUMBER_FORMAT_LSB_FIRST : SYMCRYPT_NUMBER_FORMAT_MSB_FIRST; + pointFormat = keyCtx->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { SIZE_T encodedLen; @@ -701,7 +722,14 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC SIZE_T cbPrivateKey = 0; SIZE_T cbPublicKey = 0; SYMCRYPT_ERROR scError; - SYMCRYPT_ECPOINT_FORMAT pointFormat = keyCtx1->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; + SYMCRYPT_ECPOINT_FORMAT pointFormat; + + if (keyCtx1 == NULL || keyCtx2 == NULL) + { + goto cleanup; + } + + pointFormat = keyCtx1->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; if (keyCtx1->initialized != keyCtx2->initialized || keyCtx1->isX25519 != keyCtx2->isX25519) diff --git a/SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c index fd6ac059..957b7b4a 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_mlkem_hybrid_keymgmt.c @@ -86,8 +86,12 @@ static SCOSSL_MLKEM_HYBRID_KEY_CTX *p_scossl_mlkem_hybrid_keymgmt_dup_key_ctx(_I SYMCRYPT_MLKEMKEY_FORMAT format = SYMCRYPT_MLKEMKEY_FORMAT_NULL; SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; SCOSSL_STATUS status = SCOSSL_FAILURE; - SCOSSL_MLKEM_HYBRID_KEY_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MLKEM_HYBRID_KEY_CTX)); + SCOSSL_MLKEM_HYBRID_KEY_CTX *copyCtx; + if (keyCtx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MLKEM_HYBRID_KEY_CTX)); if (copyCtx != NULL) { copyCtx->provCtx = keyCtx->provCtx; @@ -301,6 +305,12 @@ static SCOSSL_STATUS p_scossl_mlkem_hybrid_keymgmt_set_params(_Inout_ SCOSSL_MLK { const OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { PCBYTE pbKey; @@ -413,6 +423,12 @@ static SCOSSL_STATUS p_scossl_mlkem_hybrid_keymgmt_get_params(_In_ SCOSSL_MLKEM_ SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && !OSSL_PARAM_set_int(p, p_scossl_mlkem_get_bits(keyCtx->mlkemParams))) { diff --git a/SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c index d662ab04..66ebcc14 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_mlkem_keymgmt.c @@ -87,8 +87,12 @@ static SCOSSL_MLKEM_KEY_CTX *p_scossl_mlkem_keymgmt_dup_key_ctx(_In_ const SCOSS SYMCRYPT_MLKEMKEY_FORMAT format = SYMCRYPT_MLKEMKEY_FORMAT_NULL; SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; SCOSSL_STATUS status = SCOSSL_FAILURE; - SCOSSL_MLKEM_KEY_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MLKEM_KEY_CTX)); + SCOSSL_MLKEM_KEY_CTX *copyCtx; + if (keyCtx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_MLKEM_KEY_CTX)); if (copyCtx != NULL) { copyCtx->provCtx = keyCtx->provCtx; @@ -157,6 +161,12 @@ static SCOSSL_STATUS p_scossl_mlkem_keygen_set_params(_Inout_ SCOSSL_MLKEM_KEYGE { const OSSL_PARAM *p; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ML_KEM_SEED)) != NULL) { PBYTE pbSeed = genCtx->abSeed; @@ -314,6 +324,12 @@ static SCOSSL_STATUS p_scossl_mlkem_keymgmt_set_params(_Inout_ SCOSSL_MLKEM_KEY_ { const OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY)) != NULL) { PCBYTE pbKey; @@ -453,6 +469,12 @@ static SCOSSL_STATUS p_scossl_mlkem_keymgmt_get_params(_In_ SCOSSL_MLKEM_KEY_CTX SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && !OSSL_PARAM_set_int(p, p_scossl_mlkem_get_bits(keyCtx->mlkemParams))) { diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c index c70fb6b3..08c77a48 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c @@ -229,7 +229,8 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keymgmt_dup_ctx(_In_ const SCOSSL_P SCOSSL_PROV_RSA_KEY_CTX *copyCtx; BOOL includePrivate = (selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY) != 0; - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) + if (keyCtx == NULL || + (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) { return NULL; } @@ -282,6 +283,12 @@ static SCOSSL_STATUS p_scossl_rsa_keygen_set_params(_Inout_ SCOSSL_RSA_KEYGEN_CT { const OSSL_PARAM *p; + if (genCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_RSA_BITS)) != NULL) { UINT32 nBitsOfModulus; @@ -907,22 +914,28 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_params(_In_ SCOSSL_PROV_RSA_KEY_CT { OSSL_PARAM *p; + if (keyCtx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && - !OSSL_PARAM_set_uint32(p, SymCryptRsakeyModulusBits(keyCtx->key))) + (keyCtx->key == NULL || !OSSL_PARAM_set_uint32(p, SymCryptRsakeyModulusBits(keyCtx->key)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL && - !OSSL_PARAM_set_int(p, p_scossl_rsa_get_security_bits(keyCtx->key))) + (keyCtx->key == NULL || !OSSL_PARAM_set_int(p, p_scossl_rsa_get_security_bits(keyCtx->key)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_MAX_SIZE)) != NULL && - !OSSL_PARAM_set_uint32(p, SymCryptRsakeySizeofModulus(keyCtx->key))) + (keyCtx->key == NULL || !OSSL_PARAM_set_uint32(p, SymCryptRsakeySizeofModulus(keyCtx->key)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; @@ -953,7 +966,7 @@ static const OSSL_PARAM *p_scossl_rsa_keymgmt_gettable_params(ossl_unused void * static BOOL p_scossl_rsa_keymgmt_has(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx, int selection) { BOOL ret = TRUE; - if (keyCtx->key == NULL) + if (keyCtx == NULL || keyCtx->key == NULL) { return FALSE; } @@ -975,8 +988,15 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I PBYTE pbPrivateExponent1 = NULL; PBYTE pbPrivateExponent2 = NULL; SYMCRYPT_ERROR scError; + UINT32 cbModulus; + + if (keyCtx1 == NULL || keyCtx2 == NULL || + keyCtx1->key == NULL || keyCtx2->key == NULL) + { + goto cleanup; + } - UINT32 cbModulus = SymCryptRsakeySizeofModulus(keyCtx1->key); + cbModulus = SymCryptRsakeySizeofModulus(keyCtx1->key); if (cbModulus != SymCryptRsakeySizeofModulus(keyCtx2->key)) { diff --git a/SymCryptProvider/src/mac/p_scossl_cmac.c b/SymCryptProvider/src/mac/p_scossl_cmac.c index 0024c125..445da4e6 100644 --- a/SymCryptProvider/src/mac/p_scossl_cmac.c +++ b/SymCryptProvider/src/mac/p_scossl_cmac.c @@ -67,6 +67,12 @@ static SCOSSL_STATUS p_scossl_cmac_get_ctx_params(_In_ SCOSSL_MAC_CTX *ctx, _Ino { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, ctx->pMac == NULL ? 0 : ctx->pMac->resultSize)) { @@ -88,6 +94,17 @@ static SCOSSL_STATUS p_scossl_cmac_set_ctx_params(_Inout_ SCOSSL_MAC_CTX *ctx, _ { const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_CIPHER)) != NULL) { SCOSSL_STATUS success; diff --git a/SymCryptProvider/src/mac/p_scossl_hmac.c b/SymCryptProvider/src/mac/p_scossl_hmac.c index 364d245d..6f61de0a 100644 --- a/SymCryptProvider/src/mac/p_scossl_hmac.c +++ b/SymCryptProvider/src/mac/p_scossl_hmac.c @@ -58,6 +58,12 @@ static SCOSSL_STATUS p_scossl_hmac_get_ctx_params(_In_ SCOSSL_MAC_CTX *ctx, _Ino { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, ctx->pMac == NULL ? 0 : ctx->pMac->resultSize)) { @@ -147,6 +153,17 @@ static SCOSSL_STATUS p_scossl_hmac_set_ctx_params(_Inout_ SCOSSL_MAC_CTX *ctx, _ SCOSSL_STATUS ret = SCOSSL_FAILURE; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_DIGEST)) != NULL) { OPENSSL_free(ctx->mdName); diff --git a/SymCryptProvider/src/mac/p_scossl_kmac.c b/SymCryptProvider/src/mac/p_scossl_kmac.c index 7083f820..15fcac0d 100644 --- a/SymCryptProvider/src/mac/p_scossl_kmac.c +++ b/SymCryptProvider/src/mac/p_scossl_kmac.c @@ -3,8 +3,8 @@ // #include "p_scossl_kmac.h" +#include "p_scossl_base.h" -#include #include #ifdef __cplusplus @@ -92,6 +92,9 @@ static void p_scossl_kmac_freectx(_Inout_ SCOSSL_KMAC_CTX *ctx) static SCOSSL_KMAC_CTX *p_scossl_kmac_dupctx(_In_ SCOSSL_KMAC_CTX *ctx) { + if (ctx == NULL) + return NULL; + SCOSSL_COMMON_ALIGNED_ALLOC(copyCtx, OPENSSL_zalloc, SCOSSL_KMAC_CTX); if (copyCtx == NULL) @@ -194,6 +197,12 @@ static SCOSSL_STATUS p_scossl_kmac_get_ctx_params(_In_ SCOSSL_KMAC_CTX *ctx, _In { OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_MAC_PARAM_SIZE)) != NULL && !OSSL_PARAM_set_size_t(p, ctx->cbOutput)) { @@ -216,6 +225,17 @@ static SCOSSL_STATUS p_scossl_kmac_set_ctx_params(_Inout_ SCOSSL_KMAC_CTX *ctx, SYMCRYPT_ERROR scError; const OSSL_PARAM *p; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL && !OSSL_PARAM_get_int(p, &ctx->xofMode)) { diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index e092410a..31a266ae 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -882,27 +882,6 @@ SCOSSL_STATUS OSSL_provider_init(_In_ const OSSL_CORE_HANDLE *handle, return ret; } -#if OPENSSL_VERSION_MAJOR == 3 && OPENSSL_VERSION_MINOR == 0 -EVP_MD_CTX *EVP_MD_CTX_dup(const EVP_MD_CTX *in) -{ - EVP_MD_CTX *out = EVP_MD_CTX_new(); - - if (out != NULL && !EVP_MD_CTX_copy_ex(out, in)) { - EVP_MD_CTX_free(out); - out = NULL; - } - return out; -} - -#if OPENSSL_VERSION_PATCH < 4 -int OPENSSL_strcasecmp(const char *s1, const char *s2) -{ - return strcasecmp(s1, s2); -} -#endif // OPENSSL_VERSION_PATCH < 4 - -#endif // OPENSSL_VERSION_MINOR == 0 - #ifdef __cplusplus } #endif \ No newline at end of file diff --git a/SymCryptProvider/src/p_scossl_ecc.c b/SymCryptProvider/src/p_scossl_ecc.c index 704c7803..94d306a1 100644 --- a/SymCryptProvider/src/p_scossl_ecc.c +++ b/SymCryptProvider/src/p_scossl_ecc.c @@ -52,11 +52,14 @@ SCOSSL_ECC_KEY_CTX *p_scossl_ecc_dup_ctx(SCOSSL_ECC_KEY_CTX *keyCtx, int selecti SIZE_T cbPublicKey = 0; SIZE_T cbPrivateKey = 0; SCOSSL_STATUS success = SCOSSL_FAILURE; - SYMCRYPT_ECPOINT_FORMAT pointFormat = keyCtx->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; + SYMCRYPT_ECPOINT_FORMAT pointFormat; SYMCRYPT_ERROR scError = SYMCRYPT_NO_ERROR; + SCOSSL_ECC_KEY_CTX *copyCtx; - SCOSSL_ECC_KEY_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_ECC_KEY_CTX)); + if (keyCtx == NULL) + return NULL; + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_ECC_KEY_CTX)); if (copyCtx != NULL) { copyCtx->isX25519 = keyCtx->isX25519; @@ -74,6 +77,8 @@ SCOSSL_ECC_KEY_CTX *p_scossl_ecc_dup_ctx(SCOSSL_ECC_KEY_CTX *keyCtx, int selecti if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 && keyCtx->initialized) { + pointFormat = keyCtx->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : (SYMCRYPT_ECPOINT_FORMAT)keyCtx->conversionFormat; + if (copyCtx->curve == NULL) { ERR_raise(ERR_LIB_PROV, PROV_R_NO_PARAMETERS_SET); diff --git a/SymCryptProvider/src/p_scossl_rand.c b/SymCryptProvider/src/p_scossl_rand.c index 318df6b0..bb2aafd6 100644 --- a/SymCryptProvider/src/p_scossl_rand.c +++ b/SymCryptProvider/src/p_scossl_rand.c @@ -7,6 +7,7 @@ #include #include "scossl_helpers.h" +#include "p_scossl_base.h" #define SCOSSL_DRBG_STRENGTH 256 #define SCOSSL_DRBG_MAX_REQUEST_SIZE (1 << 16) @@ -101,23 +102,25 @@ static const OSSL_PARAM *p_scossl_rand_gettable_ctx_params(ossl_unused void *ctx static SCOSSL_STATUS p_scossl_rand_get_ctx_params(ossl_unused void *ctx, _Inout_ OSSL_PARAM params[]) { - OSSL_PARAM *p = NULL; + OSSL_PARAM *p; // State managed by symcrypt module - p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE); - if (p != NULL && !OSSL_PARAM_set_int(p, 1)) + if ((p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STATE)) != NULL && + !OSSL_PARAM_set_int(p, 1)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH); - if (p != NULL && !OSSL_PARAM_set_uint(p, SCOSSL_DRBG_STRENGTH)) + + if ((p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_STRENGTH)) != NULL && + !OSSL_PARAM_set_uint(p, SCOSSL_DRBG_STRENGTH)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; } - p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST); - if (p != NULL && !OSSL_PARAM_set_size_t(p, SCOSSL_DRBG_MAX_REQUEST_SIZE)) + + if ((p = OSSL_PARAM_locate(params, OSSL_RAND_PARAM_MAX_REQUEST)) != NULL && + !OSSL_PARAM_set_size_t(p, SCOSSL_DRBG_MAX_REQUEST_SIZE)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); return SCOSSL_FAILURE; diff --git a/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c b/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c index f455901a..c3d7915b 100644 --- a/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_ecdsa_signature.c @@ -77,7 +77,12 @@ static void p_scossl_ecdsa_freectx(SCOSSL_ECDSA_CTX *ctx) static SCOSSL_ECDSA_CTX *p_scossl_ecdsa_dupctx(_In_ SCOSSL_ECDSA_CTX *ctx) { - SCOSSL_ECDSA_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_ECDSA_CTX)); + SCOSSL_ECDSA_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_ECDSA_CTX)); if (copyCtx != NULL) { if ((ctx->propq != NULL && ((copyCtx->propq = OPENSSL_strdup(ctx->propq)) == NULL)) || @@ -330,7 +335,12 @@ static int p_scossl_ecdsa_digest_verify_final(_In_ SCOSSL_ECDSA_CTX *ctx, static const OSSL_PARAM *p_scossl_ecdsa_settable_ctx_params(_In_ SCOSSL_ECDSA_CTX *ctx, ossl_unused void *provctx) { - return ctx->allowMdUpdates ? p_scossl_ecdsa_ctx_settable_param_types : p_scossl_ecdsa_ctx_settable_param_types_no_digest; + if (ctx == NULL || ctx->allowMdUpdates) + { + return p_scossl_ecdsa_ctx_settable_param_types; + } + + return p_scossl_ecdsa_ctx_settable_param_types_no_digest; } static SCOSSL_STATUS p_scossl_ecdsa_set_ctx_params(_Inout_ SCOSSL_ECDSA_CTX *ctx, _In_ const OSSL_PARAM params[]) @@ -339,6 +349,17 @@ static SCOSSL_STATUS p_scossl_ecdsa_set_ctx_params(_Inout_ SCOSSL_ECDSA_CTX *ctx const OSSL_PARAM *param_propq; const char *mdname, *mdprops; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL) { if (!OSSL_PARAM_get_utf8_string_ptr(p, &mdname)) @@ -401,15 +422,16 @@ static const OSSL_PARAM *p_scossl_ecdsa_gettable_ctx_params(ossl_unused void *ct static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_params(_In_ SCOSSL_ECDSA_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - if (params == NULL) - { - return SCOSSL_SUCCESS; - } - OSSL_PARAM *p; X509_ALGOR *x509Alg = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->md == NULL ? "" : EVP_MD_get0_name(ctx->md))) { @@ -516,9 +538,9 @@ static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_params(_In_ SCOSSL_ECDSA_CTX *ctx, _ static const OSSL_PARAM *p_scossl_ecdsa_gettable_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx) { - if (ctx->md == NULL) + if (ctx == NULL || ctx->md == NULL) { - return SCOSSL_FAILURE; + return NULL; } return EVP_MD_gettable_ctx_params(ctx->md); @@ -526,8 +548,9 @@ static const OSSL_PARAM *p_scossl_ecdsa_gettable_ctx_md_params(_In_ SCOSSL_ECDSA static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx, _Inout_ OSSL_PARAM *params) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } @@ -536,9 +559,9 @@ static SCOSSL_STATUS p_scossl_ecdsa_get_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx static const OSSL_PARAM *p_scossl_ecdsa_settable_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx) { - if (ctx->md == NULL) + if (ctx == NULL || ctx->md == NULL) { - return SCOSSL_FAILURE; + return NULL; } return EVP_MD_settable_ctx_params(ctx->md); @@ -546,8 +569,9 @@ static const OSSL_PARAM *p_scossl_ecdsa_settable_ctx_md_params(_In_ SCOSSL_ECDSA static SCOSSL_STATUS p_scossl_ecdsa_set_ctx_md_params(_In_ SCOSSL_ECDSA_CTX *ctx, _In_ const OSSL_PARAM params[]) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c index 43d0783f..24b3252d 100644 --- a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c @@ -2,8 +2,6 @@ // Copyright (c) Microsoft Corporation. Licensed under the MIT license. // -#include -#include #include #include @@ -117,7 +115,12 @@ static void p_scossl_rsa_freectx(SCOSSL_RSA_SIGN_CTX *ctx) static SCOSSL_RSA_SIGN_CTX *p_scossl_rsa_dupctx(_In_ SCOSSL_RSA_SIGN_CTX *ctx) { - SCOSSL_RSA_SIGN_CTX *copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_RSA_SIGN_CTX)); + SCOSSL_RSA_SIGN_CTX *copyCtx; + + if (ctx == NULL) + return NULL; + + copyCtx = OPENSSL_zalloc(sizeof(SCOSSL_RSA_SIGN_CTX)); if (copyCtx != NULL) { if ((ctx->propq != NULL && ((copyCtx->propq = OPENSSL_strdup(ctx->propq)) == NULL)) || @@ -225,7 +228,7 @@ static SCOSSL_STATUS p_scossl_rsa_sign(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _Out_writes_bytes_(*siglen) unsigned char *sig, _Out_ size_t *siglen, size_t sigsize, _In_reads_bytes_(tbslen) const unsigned char *tbs, size_t tbslen) { - int mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + int mdnid; SCOSSL_STATUS ret = SCOSSL_FAILURE; if (ctx == NULL || ctx->keyCtx == NULL) @@ -243,9 +246,11 @@ static SCOSSL_STATUS p_scossl_rsa_sign(_In_ SCOSSL_RSA_SIGN_CTX *ctx, if (sig != NULL && sigsize < SymCryptRsakeySizeofModulus(ctx->keyCtx->key)) { ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); - goto err; + return SCOSSL_FAILURE; } + mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + switch (ctx->padding) { case RSA_PKCS1_PADDING: @@ -280,7 +285,7 @@ static SCOSSL_STATUS p_scossl_rsa_verify(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _In_reads_bytes_(siglen) const unsigned char *sig, size_t siglen, _In_reads_bytes_(tbslen) const unsigned char *tbs, size_t tbslen) { - int mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + int mdnid; if (ctx == NULL || ctx->keyCtx == NULL) { @@ -294,6 +299,8 @@ static SCOSSL_STATUS p_scossl_rsa_verify(_In_ SCOSSL_RSA_SIGN_CTX *ctx, return SCOSSL_FAILURE; } + mdnid = ctx->mdInfo == NULL ? NID_undef : ctx->mdInfo->id; + switch (ctx->padding) { case RSA_PKCS1_PADDING: @@ -381,8 +388,9 @@ static SCOSSL_STATUS p_scossl_rsa_digest_verify_init(_In_ SCOSSL_RSA_SIGN_CTX *c static SCOSSL_STATUS p_scossl_rsa_digest_signverify_update(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _In_reads_bytes_(datalen) const unsigned char *data, size_t datalen) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } @@ -396,9 +404,10 @@ static SCOSSL_STATUS p_scossl_rsa_digest_sign_final(_In_ SCOSSL_RSA_SIGN_CTX *ct BYTE digest[EVP_MAX_MD_SIZE]; unsigned int cbDigest = 0; - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { - return ret; + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); + return SCOSSL_FAILURE; } // If sig is NULL, this is a size fetch, and the digest does not need to be computed @@ -417,8 +426,9 @@ static SCOSSL_STATUS p_scossl_rsa_digest_verify_final(_In_ SCOSSL_RSA_SIGN_CTX * BYTE digest[EVP_MAX_MD_SIZE]; unsigned int cbDigest = 0; - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } @@ -431,7 +441,12 @@ static SCOSSL_STATUS p_scossl_rsa_digest_verify_final(_In_ SCOSSL_RSA_SIGN_CTX * static const OSSL_PARAM *p_scossl_rsa_settable_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, ossl_unused void *provctx) { - return ctx->allowMdUpdates ? p_scossl_rsa_sig_ctx_settable_param_types : p_scossl_rsa_sig_ctx_settable_param_types_no_digest; + if (ctx == NULL || ctx->allowMdUpdates) + { + return p_scossl_rsa_sig_ctx_settable_param_types; + } + + return p_scossl_rsa_sig_ctx_settable_param_types_no_digest; } static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ctx, _In_ const OSSL_PARAM params[]) @@ -439,6 +454,17 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct const OSSL_PARAM *p; const char *mdName, *mdProps; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + + if (p_scossl_is_params_empty(params)) + { + return SCOSSL_SUCCESS; + } + if ((p = OSSL_PARAM_locate_const(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL) { EVP_MD *md = NULL; @@ -702,7 +728,12 @@ static SCOSSL_STATUS p_scossl_rsa_set_ctx_params(_Inout_ SCOSSL_RSA_SIGN_CTX *ct static const OSSL_PARAM *p_scossl_rsa_gettable_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, ossl_unused void *provctx) { - return ctx->padding == RSA_PKCS1_PSS_PADDING ? p_scossl_rsa_pss_sig_ctx_gettable_param_types : p_scossl_rsa_sig_ctx_gettable_param_types; + if (ctx == NULL || ctx->padding == RSA_PKCS1_PSS_PADDING) + { + return p_scossl_rsa_pss_sig_ctx_gettable_param_types; + } + + return p_scossl_rsa_sig_ctx_gettable_param_types; } static ASN1_STRING *p_scossl_rsa_pss_params_to_asn1_sequence(_In_ SCOSSL_RSA_SIGN_CTX *ctx) @@ -807,16 +838,17 @@ static ASN1_STRING *p_scossl_rsa_pss_params_to_asn1_sequence(_In_ SCOSSL_RSA_SIG static SCOSSL_STATUS p_scossl_rsa_get_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _Inout_ OSSL_PARAM params[]) { - if (params == NULL) - { - return SCOSSL_SUCCESS; - } - OSSL_PARAM *p; ASN1_STRING *pval = NULL; X509_ALGOR *x509Alg = NULL; SCOSSL_STATUS ret = SCOSSL_FAILURE; + if (ctx == NULL) + { + ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_NULL_PARAMETER); + return SCOSSL_FAILURE; + } + if ((p = OSSL_PARAM_locate(params, OSSL_SIGNATURE_PARAM_DIGEST)) != NULL && !OSSL_PARAM_set_utf8_string(p, ctx->mdInfo == NULL ? "" : ctx->mdInfo->ptr)) { @@ -1026,9 +1058,9 @@ static SCOSSL_STATUS p_scossl_rsa_get_ctx_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, static const OSSL_PARAM *p_scossl_rsa_gettable_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx) { - if (ctx->md == NULL) + if (ctx == NULL || ctx->md == NULL) { - return SCOSSL_FAILURE; + return NULL; } return EVP_MD_gettable_ctx_params(ctx->md); @@ -1036,8 +1068,9 @@ static const OSSL_PARAM *p_scossl_rsa_gettable_ctx_md_params(_In_ SCOSSL_RSA_SIG static SCOSSL_STATUS p_scossl_rsa_get_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _Inout_ OSSL_PARAM *params) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; } @@ -1046,9 +1079,9 @@ static SCOSSL_STATUS p_scossl_rsa_get_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ct static const OSSL_PARAM *p_scossl_rsa_settable_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx) { - if (ctx->md == NULL) + if (ctx == NULL || ctx->md == NULL) { - return SCOSSL_FAILURE; + return NULL; } return EVP_MD_settable_ctx_params(ctx->md); @@ -1056,8 +1089,9 @@ static const OSSL_PARAM *p_scossl_rsa_settable_ctx_md_params(_In_ SCOSSL_RSA_SIG static SCOSSL_STATUS p_scossl_rsa_set_ctx_md_params(_In_ SCOSSL_RSA_SIGN_CTX *ctx, _In_ const OSSL_PARAM params[]) { - if (ctx->mdctx == NULL) + if (ctx == NULL || ctx->mdctx == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_MESSAGE_DIGEST); return SCOSSL_FAILURE; }