Param build: make structures opaque.

Since this is public, it is best to make the underlying structure opaque. This means converting from stack allocation to dynamic allocation for all usages. Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> (Merged from https://github.com/openssl/openssl/pull/11390)
author: Pauli <paul.dale@oracle.com> 2020-03-26 09:28:01 +1000
committer: Pauli <paul.dale@oracle.com> 2020-03-28 12:27:22 +1000
commit: 6d4e6009d27712a405e1e3a4c33fb8a8566f134a (patch)
tree: 09d94a8c8f8f6f493cc758b6fd704837be82cb8c /providers
parent: be19d3caf0724b786ecc97ec4207c07cff63c745 (diff)
download: openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.zip
openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.tar.gz
openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.tar.bz2
6 files changed, 85 insertions, 65 deletions
diff --git a/providers/fips/fipsprov.c b/providers/fips/fipsprov.c
index 4664232..8fbb618 100644
--- a/providers/fips/fipsprov.c
+++ b/providers/fips/fipsprov.c
@@ -194,7 +194,7 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
     BIGNUM *p = NULL, *q = NULL, *g = NULL;
     BIGNUM *pub = NULL, *priv = NULL;
     OSSL_PARAM *params = NULL, *params_sig = NULL;
-    OSSL_PARAM_BLD bld;
+    OSSL_PARAM_BLD *bld = NULL;
     EVP_PKEY_CTX *sctx = NULL, *kctx = NULL;
     EVP_PKEY *pkey = NULL;
     unsigned char sig[64];
@@ -255,14 +255,15 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
         || !hextobn(dsa_priv_hex, &priv))
         goto err;
 
-    OSSL_PARAM_BLD_init(&bld);
-    if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
+    bld = OSSL_PARAM_BLD_new();
+    if (bld == NULL
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
         goto err;
-    params = OSSL_PARAM_BLD_to_param(&bld);
+    params = OSSL_PARAM_BLD_to_param(bld);
 
     /* Create a EVP_PKEY_CTX to load the DSA key into */
     kctx = EVP_PKEY_CTX_new_from_name(libctx, SN_dsa, "");
@@ -279,11 +280,10 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
         goto err;
 
     /* set signature parameters */
-    OSSL_PARAM_BLD_init(&bld);
-    if (!OSSL_PARAM_BLD_push_utf8_string(&bld, OSSL_SIGNATURE_PARAM_DIGEST,
+    if (!OSSL_PARAM_BLD_push_utf8_string(bld, OSSL_SIGNATURE_PARAM_DIGEST,
                                          SN_sha256,strlen(SN_sha256) + 1))
         goto err;
-    params_sig = OSSL_PARAM_BLD_to_param(&bld);
+    params_sig = OSSL_PARAM_BLD_to_param(bld);
     if (EVP_PKEY_CTX_set_params(sctx, params_sig) <= 0)
         goto err;
 
@@ -293,8 +293,9 @@ static int dsa_key_signature_test(OPENSSL_CTX *libctx)
         goto err;
     ret = 1;
 err:
-    OSSL_PARAM_BLD_free(params);
-    OSSL_PARAM_BLD_free(params_sig);
+    OSSL_PARAM_BLD_free_params(params);
+    OSSL_PARAM_BLD_free_params(params_sig);
+    OSSL_PARAM_BLD_free(bld);
     BN_free(p);
     BN_free(q);
     BN_free(g);
@@ -320,7 +321,7 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
     OSSL_PARAM *params_peer = NULL;
     unsigned char secret[256];
     size_t secret_len, kat_secret_len = 0;
-    OSSL_PARAM_BLD bld;
+    OSSL_PARAM_BLD *bld = NULL;
 
     /* DH KAT */
     static const char *dh_p_hex[] = {
@@ -404,23 +405,23 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
         || !hextobin(dh_secret_exptd_hex, &kat_secret, &kat_secret_len))
         goto err;
 
-    OSSL_PARAM_BLD_init(&bld);
-    if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
+    bld = OSSL_PARAM_BLD_new();
+    if (bld == NULL
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PRIV_KEY, priv))
         goto err;
-    params = OSSL_PARAM_BLD_to_param(&bld);
+    params = OSSL_PARAM_BLD_to_param(bld);
 
-    OSSL_PARAM_BLD_init(&bld);
-    if (!OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_P, p)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_Q, q)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_FFC_G, g)
-        || !OSSL_PARAM_BLD_push_BN(&bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
+    if (!OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_P, p)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_Q, q)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_FFC_G, g)
+        || !OSSL_PARAM_BLD_push_BN(bld, OSSL_PKEY_PARAM_PUB_KEY, pub_peer))
         goto err;
 
-    params_peer = OSSL_PARAM_BLD_to_param(&bld);
+    params_peer = OSSL_PARAM_BLD_to_param(bld);
     if (params == NULL || params_peer == NULL)
         goto err;
 
@@ -450,8 +451,9 @@ static int dh_key_exchange_test(OPENSSL_CTX *libctx)
         goto err;
     ret = 1;
 err:
-    OSSL_PARAM_BLD_free(params_peer);
-    OSSL_PARAM_BLD_free(params);
+    OSSL_PARAM_BLD_free(bld);
+    OSSL_PARAM_BLD_free_params(params_peer);
+    OSSL_PARAM_BLD_free_params(params);
     BN_free(p);
     BN_free(q);
     BN_free(g);
diff --git a/providers/implementations/keymgmt/dh_kmgmt.c b/providers/implementations/keymgmt/dh_kmgmt.c
index bb316e4..6514d8f 100644
--- a/providers/implementations/keymgmt/dh_kmgmt.c
+++ b/providers/implementations/keymgmt/dh_kmgmt.c
@@ -148,26 +148,31 @@ static int dh_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
                      void *cbarg)
 {
     DH *dh = keydata;
-    OSSL_PARAM_BLD tmpl;
+    OSSL_PARAM_BLD *tmpl;
     OSSL_PARAM *params = NULL;
     int ok = 1;
 
     if (dh == NULL)
         return 0;
 
-    OSSL_PARAM_BLD_init(&tmpl);
+    tmpl = OSSL_PARAM_BLD_new();
+    if (tmpl == NULL)
+        return 0;
 
     if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && domparams_to_params(dh, &tmpl);
+        ok = ok && domparams_to_params(dh, tmpl);
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
-        ok = ok && key_to_params(dh, &tmpl);
+        ok = ok && key_to_params(dh, tmpl);
 
     if (!ok
-        || (params = OSSL_PARAM_BLD_to_param(&tmpl)) == NULL)
+        || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
+        OSSL_PARAM_BLD_free(tmpl);
         return 0;
+    }
+    OSSL_PARAM_BLD_free(tmpl);
 
     ok = param_cb(params, cbarg);
-    OSSL_PARAM_BLD_free(params);
+    OSSL_PARAM_BLD_free_params(params);
     return ok;
 }
 
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 40995eb..78edcaa 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -153,26 +153,26 @@ static int dsa_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
                       void *cbarg)
 {
     DSA *dsa = keydata;
-    OSSL_PARAM_BLD tmpl;
+    OSSL_PARAM_BLD *tmpl = OSSL_PARAM_BLD_new();
     OSSL_PARAM *params = NULL;
     int ok = 1;
 
     if (dsa == NULL)
-        return 0;
-
-    OSSL_PARAM_BLD_init(&tmpl);
+        goto err;;
 
     if ((selection & OSSL_KEYMGMT_SELECT_ALL_PARAMETERS) != 0)
-        ok = ok && domparams_to_params(dsa, &tmpl);
+        ok = ok && domparams_to_params(dsa, tmpl);
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
-        ok = ok && key_to_params(dsa, &tmpl);
+        ok = ok && key_to_params(dsa, tmpl);
 
     if (!ok
-        || (params = OSSL_PARAM_BLD_to_param(&tmpl)) == NULL)
-        return 0;
+        || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
+        goto err;;
 
     ok = param_cb(params, cbarg);
-    OSSL_PARAM_BLD_free(params);
+    OSSL_PARAM_BLD_free_params(params);
+err:
+    OSSL_PARAM_BLD_free(tmpl);
     return ok;
 }
 
diff --git a/providers/implementations/keymgmt/ec_kmgmt.c b/providers/implementations/keymgmt/ec_kmgmt.c
index ed0470c..82ef3d3 100644
--- a/providers/implementations/keymgmt/ec_kmgmt.c
+++ b/providers/implementations/keymgmt/ec_kmgmt.c
@@ -312,7 +312,7 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
               void *cbarg)
 {
     EC_KEY *ec = keydata;
-    OSSL_PARAM_BLD tmpl;
+    OSSL_PARAM_BLD *tmpl;
     OSSL_PARAM *params = NULL;
     int ok = 1;
 
@@ -341,25 +341,29 @@ int ec_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
             && (selection & OSSL_KEYMGMT_SELECT_KEYPAIR) == 0)
         return 0;
 
-    OSSL_PARAM_BLD_init(&tmpl);
+    tmpl = OSSL_PARAM_BLD_new();
+    if (tmpl == NULL)
+        return 0;
 
     if ((selection & OSSL_KEYMGMT_SELECT_DOMAIN_PARAMETERS) != 0)
-        ok = ok && domparams_to_params(ec, &tmpl);
+        ok = ok && domparams_to_params(ec, tmpl);
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) {
         int include_private =
             selection & OSSL_KEYMGMT_SELECT_PRIVATE_KEY ? 1 : 0;
 
-        ok = ok && key_to_params(ec, &tmpl, include_private);
+        ok = ok && key_to_params(ec, tmpl, include_private);
     }
     if ((selection & OSSL_KEYMGMT_SELECT_OTHER_PARAMETERS) != 0)
-        ok = ok && otherparams_to_params(ec, &tmpl);
+        ok = ok && otherparams_to_params(ec, tmpl);
 
     if (!ok
-        || (params = OSSL_PARAM_BLD_to_param(&tmpl)) == NULL)
-        return 0;
+        || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL)
+        goto err;
 
     ok = param_cb(params, cbarg);
-    OSSL_PARAM_BLD_free(params);
+    OSSL_PARAM_BLD_free_params(params);
+err:
+    OSSL_PARAM_BLD_free(tmpl);
     return ok;
 }
 
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index 8d82f6b..be11f0b 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -111,26 +111,30 @@ static int ecx_export(void *keydata, int selection, OSSL_CALLBACK *param_cb,
                       void *cbarg)
 {
     ECX_KEY *key = keydata;
-    OSSL_PARAM_BLD tmpl;
+    OSSL_PARAM_BLD *tmpl;
     OSSL_PARAM *params = NULL;
     int ret;
 
     if (key == NULL)
         return 0;
 
-    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
-            && !key_to_params(key, &tmpl))
+    tmpl = OSSL_PARAM_BLD_new();
+    if (tmpl == NULL)
         return 0;
 
-    OSSL_PARAM_BLD_init(&tmpl);
-    params = OSSL_PARAM_BLD_to_param(&tmpl);
-    if (params == NULL) {
-        OSSL_PARAM_BLD_free(params);
+    if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0
+            && !key_to_params(key, tmpl)) {
+        OSSL_PARAM_BLD_free(tmpl);
         return 0;
     }
 
+    params = OSSL_PARAM_BLD_to_param(tmpl);
+    OSSL_PARAM_BLD_free(tmpl);
+    if (params == NULL)
+        return 0;
+
     ret = param_cb(params, cbarg);
-    OSSL_PARAM_BLD_free(params);
+    OSSL_PARAM_BLD_free_params(params);
     return ret;
 }
 
diff --git a/providers/implementations/keymgmt/rsa_kmgmt.c b/providers/implementations/keymgmt/rsa_kmgmt.c
index d7331c8..50647eb 100644
--- a/providers/implementations/keymgmt/rsa_kmgmt.c
+++ b/providers/implementations/keymgmt/rsa_kmgmt.c
@@ -175,7 +175,7 @@ static int rsa_export(void *keydata, int selection,
                       OSSL_CALLBACK *param_callback, void *cbarg)
 {
     RSA *rsa = keydata;
-    OSSL_PARAM_BLD tmpl;
+    OSSL_PARAM_BLD *tmpl;
     OSSL_PARAM *params = NULL;
     int ok = 1;
 
@@ -184,17 +184,22 @@ static int rsa_export(void *keydata, int selection,
 
     /* TODO(3.0) PSS and OAEP should bring on parameters */
 
-    OSSL_PARAM_BLD_init(&tmpl);
+    tmpl = OSSL_PARAM_BLD_new();
+    if (tmpl == NULL)
+        return 0;
 
     if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0)
-        ok = ok && key_to_params(rsa, &tmpl);
+        ok = ok && key_to_params(rsa, tmpl);
 
     if (!ok
-        || (params = OSSL_PARAM_BLD_to_param(&tmpl)) == NULL)
+        || (params = OSSL_PARAM_BLD_to_param(tmpl)) == NULL) {
+        OSSL_PARAM_BLD_free(tmpl);
         return 0;
+    }
+    OSSL_PARAM_BLD_free(tmpl);
 
     ok = param_callback(params, cbarg);
-    OSSL_PARAM_BLD_free(params);
+    OSSL_PARAM_BLD_free_params(params);
     return ok;
 }
author	Pauli <paul.dale@oracle.com>	2020-03-26 09:28:01 +1000
committer	Pauli <paul.dale@oracle.com>	2020-03-28 12:27:22 +1000
commit	6d4e6009d27712a405e1e3a4c33fb8a8566f134a (patch)
tree	09d94a8c8f8f6f493cc758b6fd704837be82cb8c /providers
parent	be19d3caf0724b786ecc97ec4207c07cff63c745 (diff)
download	openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.zip openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.tar.gz openssl-6d4e6009d27712a405e1e3a4c33fb8a8566f134a.tar.bz2