kdf: put back argument null checks

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/28204)

diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.c.in b/providers/implementations/kdfs/hmacdrbg_kdf.c.in
index 7173799b4369d85fe43f1c99b5a6cb8e941f4729..5ee659707bf4cec705984bcc1cbce977e5e16169 100644 (file)
--- a/providers/implementations/kdfs/hmacdrbg_kdf.c.in
+++ b/providers/implementations/kdfs/hmacdrbg_kdf.c.in
@@ -191,17 +191,20 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
                                         const OSSL_PARAM params[])
 {
     KDF_HMAC_DRBG *hmac = (KDF_HMAC_DRBG *)vctx;
-    PROV_DRBG_HMAC *drbg = &hmac->base;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(hmac->provctx);
+    PROV_DRBG_HMAC *drbg;
+    OSSL_LIB_CTX *libctx;
     const EVP_MD *md;
     struct hmac_drbg_kdf_set_ctx_params_st p;
     void *ptr = NULL;
     size_t size = 0;
     int md_size;
 
-    if (!hmac_drbg_kdf_set_ctx_params_decoder(params, &p))
+    if (hmac == NULL || !hmac_drbg_kdf_set_ctx_params_decoder(params, &p))
         return 0;
 
+    drbg = &hmac->base;
+    libctx = PROV_LIBCTX_OF(hmac->provctx);
+
     if (p.ent != NULL) {
         if (!OSSL_PARAM_get_octet_string(p.ent, &ptr, 0, &size))
             return 0;

diff --git a/providers/implementations/kdfs/kbkdf.c.in b/providers/implementations/kdfs/kbkdf.c.in
index f4fee5cfd75a937e64e78504bd1489774bf17e5a..c633e3b97712b4f8c7f2062c2463d4250818bd6a 100644 (file)
--- a/providers/implementations/kdfs/kbkdf.c.in
+++ b/providers/implementations/kdfs/kbkdf.c.in
@@ -388,13 +388,15 @@ done:
 static int kbkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     KBKDF *ctx = (KBKDF *)vctx;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx;
     struct kbkdf_set_ctx_params_st p;
     const char *s;
 
-    if (!kbkdf_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !kbkdf_set_ctx_params_decoder(params, &p))
         return 0;
 
+    libctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k))
         return 0;
 

diff --git a/providers/implementations/kdfs/krb5kdf.c.in b/providers/implementations/kdfs/krb5kdf.c.in
index e85152ad20fcba9ec147166685c7c2ee9a9661ec..1ad62444db2f8c8afcc97c23f84e533be0a2d25b 100644 (file)
--- a/providers/implementations/kdfs/krb5kdf.c.in
+++ b/providers/implementations/kdfs/krb5kdf.c.in
@@ -166,11 +166,13 @@ static int krb5kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct krb5kdf_set_ctx_params_st p;
     KRB5KDF_CTX *ctx = vctx;
-    OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *provctx;
 
-    if (!krb5kdf_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !krb5kdf_set_ctx_params_decoder(params, &p))
         return 0;
 
+    provctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (!ossl_prov_cipher_load(&ctx->cipher, p.cipher, p.propq, p.engine, provctx))
         return 0;
 

diff --git a/providers/implementations/kdfs/pbkdf1.c.in b/providers/implementations/kdfs/pbkdf1.c.in
index 8f8ffcfef9396e396145af07b3d6567343a3c04c..9602c7d6bc253384575cca4b5211cf60dcc7d8e8 100644 (file)
--- a/providers/implementations/kdfs/pbkdf1.c.in
+++ b/providers/implementations/kdfs/pbkdf1.c.in
@@ -215,11 +215,13 @@ static int kdf_pbkdf1_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct pbkdf1_set_ctx_params_st p;
     KDF_PBKDF1 *ctx = vctx;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx;
 
-    if (!pbkdf1_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !pbkdf1_set_ctx_params_decoder(params, &p))
         return 0;
 
+    libctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (!ossl_prov_digest_load(&ctx->digest, p.digest,
                                p.propq, p.engine, libctx))
         return 0;

diff --git a/providers/implementations/kdfs/pbkdf2.c.in b/providers/implementations/kdfs/pbkdf2.c.in
index 72f6ffb072f96339eb1ae4f5173fbc9cbbd17a0e..10175614d843bc411e70ad6eec7b18e242e1b321 100644 (file)
--- a/providers/implementations/kdfs/pbkdf2.c.in
+++ b/providers/implementations/kdfs/pbkdf2.c.in
@@ -296,14 +296,16 @@ static int kdf_pbkdf2_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct pbkdf2_set_ctx_params_st p;
     KDF_PBKDF2 *ctx = vctx;
-    OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *provctx;
     int pkcs5;
     uint64_t iter;
     const EVP_MD *md;
 
-    if (!pbkdf2_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !pbkdf2_set_ctx_params_decoder(params, &p))
         return 0;
 
+    provctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (p.digest != NULL) {
         if (!ossl_prov_digest_load(&ctx->digest, p.digest,
                                    p.propq, p.engine, provctx))

diff --git a/providers/implementations/kdfs/pkcs12kdf.c.in b/providers/implementations/kdfs/pkcs12kdf.c.in
index 2b980f92d9fbcac8a7689cc70fcd785398be2fec..f8a7d52bafeae492679ccd3978ef33a680320f0f 100644 (file)
--- a/providers/implementations/kdfs/pkcs12kdf.c.in
+++ b/providers/implementations/kdfs/pkcs12kdf.c.in
@@ -257,11 +257,13 @@ static int kdf_pkcs12_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct pkcs12_set_ctx_params_st p;
     KDF_PKCS12 *ctx = vctx;
-    OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *provctx;
 
-    if (!pkcs12_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !pkcs12_set_ctx_params_decoder(params, &p))
         return 0;
 
+    provctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (!ossl_prov_digest_load(&ctx->digest, p.digest,
                                p.propq, p.engine, provctx))
         return 0;

diff --git a/providers/implementations/kdfs/pvkkdf.c.in b/providers/implementations/kdfs/pvkkdf.c.in
index eade43e5c0c86ab6bfba4fc5b33a4c3190955f4b..f4f4baeff84faccded833af8b9d85249df06c568 100644 (file)
--- a/providers/implementations/kdfs/pvkkdf.c.in
+++ b/providers/implementations/kdfs/pvkkdf.c.in
@@ -193,11 +193,13 @@ static int kdf_pvk_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct pvk_set_ctx_params_st p;
     KDF_PVK *ctx = vctx;
-    OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *provctx;
 
-    if (!pvk_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !pvk_set_ctx_params_decoder(params, &p))
         return 0;
 
+    provctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (!ossl_prov_digest_load(&ctx->digest, p.digest, p.propq, p.engine,
                                provctx))
         return 0;

diff --git a/providers/implementations/kdfs/sshkdf.c.in b/providers/implementations/kdfs/sshkdf.c.in
index 00a9b3e5c1e78f265a9fe736503192cddc1f58a1..e7d435128b7346f95e366176f8b5a0770f76b578 100644 (file)
--- a/providers/implementations/kdfs/sshkdf.c.in
+++ b/providers/implementations/kdfs/sshkdf.c.in
@@ -225,11 +225,13 @@ static int kdf_sshkdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct sshkdf_set_ctx_params_st p;
     KDF_SSHKDF *ctx = vctx;
-    OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *provctx;
 
-    if (!sshkdf_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !sshkdf_set_ctx_params_decoder(params, &p))
         return 0;
 
+    provctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_d))
         return 0;
     if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, p.ind_k))

diff --git a/providers/implementations/kdfs/tls1_prf.c.in b/providers/implementations/kdfs/tls1_prf.c.in
index 1705b4b6f1f48dfee77ab5a84420b629e1102941..ffd093d9cef68dff4033be02e7888f5ca45e06b0 100644 (file)
--- a/providers/implementations/kdfs/tls1_prf.c.in
+++ b/providers/implementations/kdfs/tls1_prf.c.in
@@ -301,11 +301,13 @@ static int kdf_tls1_prf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct tls1prf_set_ctx_params_st p;
     TLS1_PRF *ctx = vctx;
-    OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *libctx;
 
-    if (!tls1prf_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !tls1prf_set_ctx_params_decoder(params, &p))
         return 0;
 
+    libctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_e))
         return 0;
     if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE1, p.ind_d))

diff --git a/providers/implementations/kdfs/x942kdf.c.in b/providers/implementations/kdfs/x942kdf.c.in
index 18a89942d2be468cd145835f9aeb6ecfa6cc63d4..e05d4fb3f65ed2bbe5dc836ea0c19679b6792042 100644 (file)
--- a/providers/implementations/kdfs/x942kdf.c.in
+++ b/providers/implementations/kdfs/x942kdf.c.in
@@ -550,14 +550,16 @@ static int x942kdf_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 {
     struct sshkdf_set_ctx_params_st p;
     KDF_X942 *ctx = vctx;
-    OSSL_LIB_CTX *provctx = PROV_LIBCTX_OF(ctx->provctx);
+    OSSL_LIB_CTX *provctx;
     const char *cekalg, *propq = NULL;
     const EVP_MD *md;
     size_t id;
 
-    if (!sshkdf_set_ctx_params_decoder(params, &p))
+    if (ctx == NULL || !sshkdf_set_ctx_params_decoder(params, &p))
         return 0;
 
+    provctx = PROV_LIBCTX_OF(ctx->provctx);
+
     if (!OSSL_FIPS_IND_SET_CTX_FROM_PARAM(ctx, OSSL_FIPS_IND_SETTABLE0, p.ind_k))
         return 0;
 

diff --git a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
index 5d53fff0b08e1632461a40c07debc7e2b68fb357..2683bca34e781411c0c44169182a587a83cb4549 100644 (file)
--- a/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
+++ b/providers/implementations/keymgmt/ml_kem_kmgmt.c.in
@@ -577,12 +577,14 @@ static int ml_kem_get_key_param(const ML_KEM_KEY *key, OSSL_PARAM *p,
 static int ml_kem_get_params(void *vkey, OSSL_PARAM params[])
 {
     ML_KEM_KEY *key = vkey;
-    const ML_KEM_VINFO *v = ossl_ml_kem_key_vinfo(key);
+    const ML_KEM_VINFO *v;
     struct ml_kem_get_params_st p;
 
-    if (!ml_kem_get_params_decoder(params, &p))
+    if (key == NULL || !ml_kem_get_params_decoder(params, &p))
         return 0;
 
+    v = ossl_ml_kem_key_vinfo(key);
+
     if (p.bits != NULL && !OSSL_PARAM_set_size_t(p.bits, v->bits))
         return 0;
 

diff --git a/providers/implementations/keymgmt/mlx_kmgmt.c.in b/providers/implementations/keymgmt/mlx_kmgmt.c.in
index c0f1efac4b4753e156d812931fe3f4cb3735f5dd..7738b2d45444052192d7888b7000ad2355fdd828 100644 (file)
--- a/providers/implementations/keymgmt/mlx_kmgmt.c.in
+++ b/providers/implementations/keymgmt/mlx_kmgmt.c.in
@@ -499,10 +499,8 @@ static int mlx_kem_get_params(void *vkey, OSSL_PARAM params[])
     EXPORT_CB_ARG sub_arg;
     int selection;
     struct mlx_get_params_st p;
-    size_t publen = key->minfo->pubkey_bytes + key->xinfo->pubkey_bytes;
-    size_t prvlen = key->minfo->prvkey_bytes + key->xinfo->prvkey_bytes;
 
-    if (!mlx_get_params_decoder(params, &p))
+    if (key == NULL || !mlx_get_params_decoder(params, &p))
         return 0;
 
     /* The reported "bit" count is those of the ML-KEM key */
@@ -530,6 +528,8 @@ static int mlx_kem_get_params(void *vkey, OSSL_PARAM params[])
 
     memset(&sub_arg, 0, sizeof(sub_arg));
     if ((pub = p.pub) != NULL) {
+        size_t publen = key->minfo->pubkey_bytes + key->xinfo->pubkey_bytes;
+
         if (pub->data_type != OSSL_PARAM_OCTET_STRING)
             return 0;
         pub->return_size = publen;
@@ -547,6 +547,8 @@ static int mlx_kem_get_params(void *vkey, OSSL_PARAM params[])
     }
     if (mlx_kem_have_prvkey(key)) {
         if ((prv = p.priv) != NULL) {
+            size_t prvlen = key->minfo->prvkey_bytes + key->xinfo->prvkey_bytes;
+
             if (prv->data_type != OSSL_PARAM_OCTET_STRING)
                 return 0;
             prv->return_size = prvlen;