aboutsummaryrefslogtreecommitdiff
path: root/providers/implementations
diff options
context:
space:
mode:
Diffstat (limited to 'providers/implementations')
-rw-r--r--providers/implementations/ciphers/cipher_aes_ocb.c12
-rw-r--r--providers/implementations/encode_decode/encode_key2text.c3
-rw-r--r--providers/implementations/kdfs/hkdf.c2
-rw-r--r--providers/implementations/kdfs/scrypt.c5
-rw-r--r--providers/implementations/kem/rsa_kem.c54
-rw-r--r--providers/implementations/keymgmt/dsa_kmgmt.c2
-rw-r--r--providers/implementations/keymgmt/ecx_kmgmt.c2
-rw-r--r--providers/implementations/keymgmt/mac_legacy_kmgmt.c6
-rw-r--r--providers/implementations/signature/eddsa_sig.c3
-rw-r--r--providers/implementations/storemgmt/file_store.c2
10 files changed, 74 insertions, 17 deletions
diff --git a/providers/implementations/ciphers/cipher_aes_ocb.c b/providers/implementations/ciphers/cipher_aes_ocb.c
index eab315453ef1..891e73f6726c 100644
--- a/providers/implementations/ciphers/cipher_aes_ocb.c
+++ b/providers/implementations/ciphers/cipher_aes_ocb.c
@@ -369,12 +369,20 @@ static int aes_ocb_set_ctx_params(void *vctx, const OSSL_PARAM params[])
}
if (p->data == NULL) {
/* Tag len must be 0 to 16 */
- if (p->data_size > OCB_MAX_TAG_LEN)
+ if (p->data_size > OCB_MAX_TAG_LEN) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
return 0;
+ }
ctx->taglen = p->data_size;
} else {
- if (p->data_size != ctx->taglen || ctx->base.enc)
+ if (ctx->base.enc) {
+ ERR_raise(ERR_LIB_PROV, ERR_R_PASSED_INVALID_ARGUMENT);
+ return 0;
+ }
+ if (p->data_size != ctx->taglen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_TAG_LENGTH);
return 0;
+ }
memcpy(ctx->tag, p->data, p->data_size);
}
}
diff --git a/providers/implementations/encode_decode/encode_key2text.c b/providers/implementations/encode_decode/encode_key2text.c
index 3e75a9afb370..637fcf6a1214 100644
--- a/providers/implementations/encode_decode/encode_key2text.c
+++ b/providers/implementations/encode_decode/encode_key2text.c
@@ -112,7 +112,8 @@ static int print_labeled_bignum(BIO *out, const char *label, const BIGNUM *bn)
use_sep = 0; /* The first byte on the next line doesnt have a : */
}
if (BIO_printf(out, "%s%c%c", use_sep ? ":" : "",
- tolower(p[0]), tolower(p[1])) <= 0)
+ tolower((unsigned char)p[0]),
+ tolower((unsigned char)p[1])) <= 0)
goto err;
++bytes;
p += 2;
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index 3db8b43891a0..69ef565d04fc 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -669,7 +669,7 @@ static int prov_tls13_hkdf_generate_secret(OSSL_LIB_CTX *libctx,
EVP_MD_CTX_free(mctx);
/* Generate the pre-extract secret */
- if (!prov_tls13_hkdf_expand(md, prevsecret, mdlen,
+ if (!prov_tls13_hkdf_expand(md, prevsecret, prevsecretlen,
prefix, prefixlen, label, labellen,
hash, mdlen, preextractsec, mdlen))
return 0;
diff --git a/providers/implementations/kdfs/scrypt.c b/providers/implementations/kdfs/scrypt.c
index a7072f785f08..6fa4192600fd 100644
--- a/providers/implementations/kdfs/scrypt.c
+++ b/providers/implementations/kdfs/scrypt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2017-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2017-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -88,7 +88,9 @@ static void kdf_scrypt_reset(void *vctx)
KDF_SCRYPT *ctx = (KDF_SCRYPT *)vctx;
OPENSSL_free(ctx->salt);
+ ctx->salt = NULL;
OPENSSL_clear_free(ctx->pass, ctx->pass_len);
+ ctx->pass = NULL;
kdf_scrypt_init(ctx);
}
@@ -128,7 +130,6 @@ static int set_digest(KDF_SCRYPT *ctx)
EVP_MD_free(ctx->sha256);
ctx->sha256 = EVP_MD_fetch(ctx->libctx, "sha256", ctx->propq);
if (ctx->sha256 == NULL) {
- OPENSSL_free(ctx);
ERR_raise(ERR_LIB_PROV, PROV_R_UNABLE_TO_LOAD_SHA256);
return 0;
}
diff --git a/providers/implementations/kem/rsa_kem.c b/providers/implementations/kem/rsa_kem.c
index 882cf161258a..94c5bceea597 100644
--- a/providers/implementations/kem/rsa_kem.c
+++ b/providers/implementations/kem/rsa_kem.c
@@ -264,6 +264,17 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
*secretlen = nlen;
return 1;
}
+
+ /*
+ * If outlen is specified, then it must report the length
+ * of the out buffer on input so that we can confirm
+ * its size is sufficent for encapsulation
+ */
+ if (outlen != NULL && *outlen < nlen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
+ return 0;
+ }
+
/*
* Step (2): Generate a random byte string z of nlen bytes where
* 1 < z < n - 1
@@ -285,15 +296,33 @@ static int rsasve_generate(PROV_RSA_CTX *prsactx,
return ret;
}
-/*
- * NIST.SP.800-56Br2
+/**
+ * rsasve_recover - Recovers a secret value from ciphertext using an RSA
+ * private key. Once, recovered, the secret value is considered to be a
+ * shared secret. Algorithm is preformed as per
+ * NIST SP 800-56B Rev 2
* 7.2.1.3 RSASVE Recovery Operation (RSASVE.RECOVER).
+ *
+ * This function performs RSA decryption using the private key from the
+ * provided RSA context (`prsactx`). It takes the input ciphertext, decrypts
+ * it, and writes the decrypted message to the output buffer.
+ *
+ * @prsactx: The RSA context containing the private key.
+ * @out: The output buffer to store the decrypted message.
+ * @outlen: On input, the size of the output buffer. On successful
+ * completion, the actual length of the decrypted message.
+ * @in: The input buffer containing the ciphertext to be decrypted.
+ * @inlen: The length of the input ciphertext in bytes.
+ *
+ * Returns 1 on success, or 0 on error. In case of error, appropriate
+ * error messages are raised using the ERR_raise function.
*/
static int rsasve_recover(PROV_RSA_CTX *prsactx,
unsigned char *out, size_t *outlen,
const unsigned char *in, size_t inlen)
{
size_t nlen;
+ int ret;
/* Step (1): get the byte length of n */
nlen = RSA_size(prsactx->rsa);
@@ -307,13 +336,30 @@ static int rsasve_recover(PROV_RSA_CTX *prsactx,
return 1;
}
- /* Step (2): check the input ciphertext 'inlen' matches the nlen */
+ /*
+ * Step (2): check the input ciphertext 'inlen' matches the nlen
+ * and that outlen is at least nlen bytes
+ */
if (inlen != nlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_LENGTH);
return 0;
}
+
+ /*
+ * If outlen is specified, then it must report the length
+ * of the out buffer, so that we can confirm that it is of
+ * sufficient size to hold the output of decapsulation
+ */
+ if (outlen != NULL && *outlen < nlen) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_OUTPUT_LENGTH);
+ return 0;
+ }
+
/* Step (3): out = RSADP((n,d), in) */
- return (RSA_private_decrypt(inlen, in, out, prsactx->rsa, RSA_NO_PADDING) > 0);
+ ret = RSA_private_decrypt(inlen, in, out, prsactx->rsa, RSA_NO_PADDING);
+ if (ret > 0 && outlen != NULL)
+ *outlen = ret;
+ return ret > 0;
}
static int rsakem_generate(void *vprsactx, unsigned char *out, size_t *outlen,
diff --git a/providers/implementations/keymgmt/dsa_kmgmt.c b/providers/implementations/keymgmt/dsa_kmgmt.c
index 2f5742cfcc07..e3c3fd6916ed 100644
--- a/providers/implementations/keymgmt/dsa_kmgmt.c
+++ b/providers/implementations/keymgmt/dsa_kmgmt.c
@@ -426,7 +426,7 @@ static void *dsa_gen_init(void *provctx, int selection,
gctx->hindex = 0;
}
if (!dsa_gen_set_params(gctx, params)) {
- OPENSSL_free(gctx);
+ dsa_gen_cleanup(gctx);
gctx = NULL;
}
return gctx;
diff --git a/providers/implementations/keymgmt/ecx_kmgmt.c b/providers/implementations/keymgmt/ecx_kmgmt.c
index 987d38456fba..94e62f755c20 100644
--- a/providers/implementations/keymgmt/ecx_kmgmt.c
+++ b/providers/implementations/keymgmt/ecx_kmgmt.c
@@ -487,7 +487,7 @@ static void *ecx_gen_init(void *provctx, int selection,
gctx->selection = selection;
}
if (!ecx_gen_set_params(gctx, params)) {
- OPENSSL_free(gctx);
+ ecx_gen_cleanup(gctx);
gctx = NULL;
}
return gctx;
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index 1fae4407fca6..b02a0a91c6f6 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -399,7 +399,7 @@ static void *mac_gen_init(void *provctx, int selection,
struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection);
if (gctx != NULL && !mac_gen_set_params(gctx, params)) {
- OPENSSL_free(gctx);
+ mac_gen_cleanup(gctx);
gctx = NULL;
}
return gctx;
@@ -411,7 +411,7 @@ static void *cmac_gen_init(void *provctx, int selection,
struct mac_gen_ctx *gctx = mac_gen_init_common(provctx, selection);
if (gctx != NULL && !cmac_gen_set_params(gctx, params)) {
- OPENSSL_free(gctx);
+ mac_gen_cleanup(gctx);
gctx = NULL;
}
return gctx;
diff --git a/providers/implementations/signature/eddsa_sig.c b/providers/implementations/signature/eddsa_sig.c
index c78f1fbb5fa6..9ec910af2527 100644
--- a/providers/implementations/signature/eddsa_sig.c
+++ b/providers/implementations/signature/eddsa_sig.c
@@ -1,5 +1,5 @@
/*
- * Copyright 2020-2022 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2025 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the Apache License 2.0 (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -133,6 +133,7 @@ static int eddsa_digest_signverify_init(void *vpeddsactx, const char *mdname,
/* Should never happen */
ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR);
ossl_ecx_key_free(edkey);
+ WPACKET_cleanup(&pkt);
return 0;
}
if (ret && WPACKET_finish(&pkt)) {
diff --git a/providers/implementations/storemgmt/file_store.c b/providers/implementations/storemgmt/file_store.c
index bb8b2ab8625a..3049a9c81133 100644
--- a/providers/implementations/storemgmt/file_store.c
+++ b/providers/implementations/storemgmt/file_store.c
@@ -238,7 +238,7 @@ static void *file_open(void *provctx, const char *uri)
#ifdef _WIN32
/* Windows file: URIs with a drive letter start with a / */
if (p[0] == '/' && p[2] == ':' && p[3] == '/') {
- char c = tolower(p[1]);
+ char c = tolower((unsigned char)p[1]);
if (c >= 'a' && c <= 'z') {
p++;
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-01 19:50:25 +0000