diff options
author | Pauli <paul.dale@oracle.com> | 2020-03-26 09:28:01 +1000 |
---|---|---|
committer | Pauli <paul.dale@oracle.com> | 2020-03-28 12:27:22 +1000 |
commit | 6d4e6009d27712a405e1e3a4c33fb8a8566f134a (patch) | |
tree | 09d94a8c8f8f6f493cc758b6fd704837be82cb8c /providers | |
parent | be19d3caf0724b786ecc97ec4207c07cff63c745 (diff) | |
download | openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.zip openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.tar.gz openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.tar.bz2 |
Param build: make structures opaque.
Since this is public, it is best to make the underlying structure opaque.
This means converting from stack allocation to dynamic allocation for all
usages.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/11390)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/fips/fipsprov.c | 60 | ||||
-rw-r--r-- | providers/implementations/keymgmt/dh_kmgmt.c | 17 | ||||
-rw-r--r-- | providers/implementations/keymgmt/dsa_kmgmt.c | 18 | ||||
-rw-r--r-- | providers/implementations/keymgmt/ec_kmgmt.c | 20 | ||||
-rw-r--r-- | providers/implementations/keymgmt/ecx_kmgmt.c | 20 | ||||
-rw-r--r-- | providers/implementations/keymgmt/rsa_kmgmt.c | 15 |
6 files changed, 85 insertions, 65 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c index 4664232..8fbb618 100644 --- a/providers/fips/fipsprov.c +++ b/providers/fips/fipsprov.c @@ -194,7 +194,7 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx) BIGNUM *p = NULL, *q = NULL, *g = NULL; BIGNUM *pub = NULL, *priv = NULL; OSSL_PARAM *params = NULL, *params_sig = NULL; - OSSL_PARAM_BLD bld; + OSSL_PARAM_BLD *bld = NULL; EVP_PKEY_CTX *sctx = NULL, *kctx = NULL; EVP_PKEY *pkey = NULL; unsigned char sig[64]; @@ -255,14 +255,15 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx) || !hextobn(dsa_priv_hex, &priv)) goto err; - OSSL_PARAM_BLD_init(&bld); - if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) + bld = OSSL_PARAM_BLD_new(); + if (bld == NULL + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) goto err; - params = OSSL_PARAM_BLD_to_param(&bld); + params = OSSL_PARAM_BLD_to_param(bld); /* Create a EVP_PKEY_CTX to load the DSA key into */ kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, ""); @@ -279,11 +280,10 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx) goto err; /* set signature parameters */ - OSSL_PARAM_BLD_init(&bld); - if (!OSSL_PARAM_BLD_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST, + if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST, SN_sha256,strlen(SN_sha256) + 1)) goto err; - params_sig = OSSL_PARAM_BLD_to_param(&bld); + params_sig = OSSL_PARAM_BLD_to_param(bld); if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0) goto err; @@ -293,8 +293,9 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx) goto err; ret = 1; err: - OSSL_PARAM_BLD_free(params); - OSSL_PARAM_BLD_free(params_sig); + OSSL_PARAM_BLD_free_params(params); + OSSL_PARAM_BLD_free_params(params_sig); + OSSL_PARAM_BLD_free(bld); BN_free(p); BN_free(q); BN_free(g); @@ -320,7 +321,7 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx) OSSL_PARAM *params_peer = NULL; unsigned char secret[256]; size_t secret_len, kat_secret_len = 0; - OSSL_PARAM_BLD bld; + OSSL_PARAM_BLD *bld = NULL; /* DH KAT */ static const char *dh_p_hex[] = { @@ -404,23 +405,23 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx) || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len)) goto err; - OSSL_PARAM_BLD_init(&bld); - if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) + bld = OSSL_PARAM_BLD_new(); + if (bld == NULL + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv)) goto err; - params = OSSL_PARAM_BLD_to_param(&bld); + params = OSSL_PARAM_BLD_to_param(bld); - OSSL_PARAM_BLD_init(&bld); - if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g) - || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer)) + if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g) + || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer)) goto err; - params_peer = OSSL_PARAM_BLD_to_param(&bld); + params_peer = OSSL_PARAM_BLD_to_param(bld); if (params == NULL || params_peer == NULL) goto err; @@ -450,8 +451,9 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx) goto err; ret = 1; err: - OSSL_PARAM_BLD_free(params_peer); - OSSL_PARAM_BLD_free(params); + OSSL_PARAM_BLD_free(bld); + OSSL_PARAM_BLD_free_params(params_peer); + OSSL_PARAM_BLD_free_params(params); BN_free(p); BN_free(q); BN_free(g); diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c index bb316e4..6514d8f 100644 --- a/providers/implementations/keymgmt/dh_kmgmt.c +++ b/providers/implementations/keymgmt/dh_kmgmt.c @@ -148,26 +148,31 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, void *cbarg) { DH *dh = keydata; - OSSL_PARAM_BLD tmpl; + OSSL_PARAM_BLD *tmpl; OSSL_PARAM *params = NULL; int ok = 1; if (dh == NULL) return 0; - OSSL_PARAM_BLD_init(&tmpl); + tmpl = OSSL_PARAM_BLD_new(); + if (tmpl == NULL) + return 0; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && domparams_to_params(dh, &tmpl); + ok = ok && domparams_to_params(dh, tmpl); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && key_to_params(dh, &tmpl); + ok = ok && key_to_params(dh, tmpl); if (!ok - || (params = OSSL_PARAM_BLD_to_param(&tmpl)) == NULL) + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { + OSSL_PARAM_BLD_free(tmpl); return 0; + } + OSSL_PARAM_BLD_free(tmpl); ok = param_cb(params, cbarg); - OSSL_PARAM_BLD_free(params); + OSSL_PARAM_BLD_free_params(params); return ok; } diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c index 40995eb..78edcaa 100644 --- a/providers/implementations/keymgmt/dsa_kmgmt.c +++ b/providers/implementations/keymgmt/dsa_kmgmt.c @@ -153,26 +153,26 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, void *cbarg) { DSA *dsa = keydata; - OSSL_PARAM_BLD tmpl; + OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new(); OSSL_PARAM *params = NULL; int ok = 1; if (dsa == NULL) - return 0; - - OSSL_PARAM_BLD_init(&tmpl); + goto err;; if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0) - ok = ok && domparams_to_params(dsa, &tmpl); + ok = ok && domparams_to_params(dsa, tmpl); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && key_to_params(dsa, &tmpl); + ok = ok && key_to_params(dsa, tmpl); if (!ok - || (params = OSSL_PARAM_BLD_to_param(&tmpl)) == NULL) - return 0; + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) + goto err;; ok = param_cb(params, cbarg); - OSSL_PARAM_BLD_free(params); + OSSL_PARAM_BLD_free_params(params); +err: + OSSL_PARAM_BLD_free(tmpl); return ok; } diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c index ed0470c..82ef3d3 100644 --- a/providers/implementations/keymgmt/ec_kmgmt.c +++ b/providers/implementations/keymgmt/ec_kmgmt.c @@ -312,7 +312,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, void *cbarg) { EC_KEY *ec = keydata; - OSSL_PARAM_BLD tmpl; + OSSL_PARAM_BLD *tmpl; OSSL_PARAM *params = NULL; int ok = 1; @@ -341,25 +341,29 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0) return 0; - OSSL_PARAM_BLD_init(&tmpl); + tmpl = OSSL_PARAM_BLD_new(); + if (tmpl == NULL) + return 0; if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0) - ok = ok && domparams_to_params(ec, &tmpl); + ok = ok && domparams_to_params(ec, tmpl); if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { int include_private = selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0; - ok = ok && key_to_params(ec, &tmpl, include_private); + ok = ok && key_to_params(ec, tmpl, include_private); } if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0) - ok = ok && otherparams_to_params(ec, &tmpl); + ok = ok && otherparams_to_params(ec, tmpl); if (!ok - || (params = OSSL_PARAM_BLD_to_param(&tmpl)) == NULL) - return 0; + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) + goto err; ok = param_cb(params, cbarg); - OSSL_PARAM_BLD_free(params); + OSSL_PARAM_BLD_free_params(params); +err: + OSSL_PARAM_BLD_free(tmpl); return ok; } diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c index 8d82f6b..be11f0b 100644 --- a/providers/implementations/keymgmt/ecx_kmgmt.c +++ b/providers/implementations/keymgmt/ecx_kmgmt.c @@ -111,26 +111,30 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb, void *cbarg) { ECX_KEY *key = keydata; - OSSL_PARAM_BLD tmpl; + OSSL_PARAM_BLD *tmpl; OSSL_PARAM *params = NULL; int ret; if (key == NULL) return 0; - if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 - && !key_to_params(key, &tmpl)) + tmpl = OSSL_PARAM_BLD_new(); + if (tmpl == NULL) return 0; - OSSL_PARAM_BLD_init(&tmpl); - params = OSSL_PARAM_BLD_to_param(&tmpl); - if (params == NULL) { - OSSL_PARAM_BLD_free(params); + if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0 + && !key_to_params(key, tmpl)) { + OSSL_PARAM_BLD_free(tmpl); return 0; } + params = OSSL_PARAM_BLD_to_param(tmpl); + OSSL_PARAM_BLD_free(tmpl); + if (params == NULL) + return 0; + ret = param_cb(params, cbarg); - OSSL_PARAM_BLD_free(params); + OSSL_PARAM_BLD_free_params(params); return ret; } diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c index d7331c8..50647eb 100644 --- a/providers/implementations/keymgmt/rsa_kmgmt.c +++ b/providers/implementations/keymgmt/rsa_kmgmt.c @@ -175,7 +175,7 @@ static int rsa_export(void *keydata, int selection, OSSL_CALLBACK *param_callback, void *cbarg) { RSA *rsa = keydata; - OSSL_PARAM_BLD tmpl; + OSSL_PARAM_BLD *tmpl; OSSL_PARAM *params = NULL; int ok = 1; @@ -184,17 +184,22 @@ static int rsa_export(void *keydata, int selection, /* TODO(3.0) PSS and OAEP should bring on parameters */ - OSSL_PARAM_BLD_init(&tmpl); + tmpl = OSSL_PARAM_BLD_new(); + if (tmpl == NULL) + return 0; if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) - ok = ok && key_to_params(rsa, &tmpl); + ok = ok && key_to_params(rsa, tmpl); if (!ok - || (params = OSSL_PARAM_BLD_to_param(&tmpl)) == NULL) + || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) { + OSSL_PARAM_BLD_free(tmpl); return 0; + } + OSSL_PARAM_BLD_free(tmpl); ok = param_callback(params, cbarg); - OSSL_PARAM_BLD_free(params); + OSSL_PARAM_BLD_free_params(params); return ok; } |