From: Igor Ustinov Date: Mon, 23 Mar 2026 13:35:30 +0000 (+0100) Subject: Add NULL checks for the arguments in OSSL_PARAM_BLD_push_*() functions X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d5ad0b89b15522ceec93db5c97ac3fed2ccbeaa6;p=thirdparty%2Fopenssl.git Add NULL checks for the arguments in OSSL_PARAM_BLD_push_*() functions Reviewed-by: Eugene Syromiatnikov Reviewed-by: Paul Dale MergeDate: Fri Mar 27 16:46:48 2026 (Merged from https://github.com/openssl/openssl/pull/30542) --- diff --git a/crypto/param_build.c b/crypto/param_build.c index b1b7c3518bb..d4ada8f767e 100644 --- a/crypto/param_build.c +++ b/crypto/param_build.c @@ -121,12 +121,22 @@ void OSSL_PARAM_BLD_free(OSSL_PARAM_BLD *bld) int OSSL_PARAM_BLD_push_int(OSSL_PARAM_BLD *bld, const char *key, int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, unsigned int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -134,12 +144,22 @@ int OSSL_PARAM_BLD_push_uint(OSSL_PARAM_BLD *bld, const char *key, int OSSL_PARAM_BLD_push_long(OSSL_PARAM_BLD *bld, const char *key, long int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, unsigned long int num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -147,12 +167,22 @@ int OSSL_PARAM_BLD_push_ulong(OSSL_PARAM_BLD *bld, const char *key, int OSSL_PARAM_BLD_push_int32(OSSL_PARAM_BLD *bld, const char *key, int32_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, uint32_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -160,12 +190,22 @@ int OSSL_PARAM_BLD_push_uint32(OSSL_PARAM_BLD *bld, const char *key, int OSSL_PARAM_BLD_push_int64(OSSL_PARAM_BLD *bld, const char *key, int64_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, uint64_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -173,6 +213,11 @@ int OSSL_PARAM_BLD_push_uint64(OSSL_PARAM_BLD *bld, const char *key, int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, size_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_UNSIGNED_INTEGER); } @@ -180,6 +225,11 @@ int OSSL_PARAM_BLD_push_size_t(OSSL_PARAM_BLD *bld, const char *key, int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key, time_t num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_INTEGER); } @@ -187,6 +237,11 @@ int OSSL_PARAM_BLD_push_time_t(OSSL_PARAM_BLD *bld, const char *key, int OSSL_PARAM_BLD_push_double(OSSL_PARAM_BLD *bld, const char *key, double num) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + return param_push_num(bld, key, &num, sizeof(num), OSSL_PARAM_REAL); } @@ -196,6 +251,11 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key, int n, secure = 0; OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (!ossl_assert(type == OSSL_PARAM_UNSIGNED_INTEGER || type == OSSL_PARAM_INTEGER)) return 0; @@ -233,6 +293,11 @@ static int push_BN(OSSL_PARAM_BLD *bld, const char *key, int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, const BIGNUM *bn) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bn != NULL && BN_is_negative(bn)) return push_BN(bld, key, bn, BN_num_bytes(bn) + 1, OSSL_PARAM_INTEGER); @@ -243,6 +308,11 @@ int OSSL_PARAM_BLD_push_BN(OSSL_PARAM_BLD *bld, const char *key, int OSSL_PARAM_BLD_push_BN_pad(OSSL_PARAM_BLD *bld, const char *key, const BIGNUM *bn, size_t sz) { + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bn != NULL && BN_is_negative(bn)) return push_BN(bld, key, bn, BN_num_bytes(bn), OSSL_PARAM_INTEGER); @@ -255,6 +325,11 @@ int OSSL_PARAM_BLD_push_utf8_string(OSSL_PARAM_BLD *bld, const char *key, OSSL_PARAM_BLD_DEF *pd; int secure; + if (bld == NULL || key == NULL || buf == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bsize == 0) bsize = strlen(buf); secure = CRYPTO_secure_allocated(buf); @@ -270,6 +345,11 @@ int OSSL_PARAM_BLD_push_utf8_ptr(OSSL_PARAM_BLD *bld, const char *key, { OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + if (bsize == 0) bsize = strlen(buf); pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_UTF8_PTR, 0); @@ -285,6 +365,11 @@ int OSSL_PARAM_BLD_push_octet_string(OSSL_PARAM_BLD *bld, const char *key, OSSL_PARAM_BLD_DEF *pd; int secure; + if (bld == NULL || key == NULL || buf == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + secure = CRYPTO_secure_allocated(buf); pd = param_push(bld, key, bsize, bsize, OSSL_PARAM_OCTET_STRING, secure); if (pd == NULL) @@ -298,6 +383,11 @@ int OSSL_PARAM_BLD_push_octet_ptr(OSSL_PARAM_BLD *bld, const char *key, { OSSL_PARAM_BLD_DEF *pd; + if (bld == NULL || key == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + pd = param_push(bld, key, bsize, sizeof(buf), OSSL_PARAM_OCTET_PTR, 0); if (pd == NULL) return 0; @@ -362,10 +452,18 @@ OSSL_PARAM *OSSL_PARAM_BLD_to_param(OSSL_PARAM_BLD *bld) { OSSL_PARAM_ALIGNED_BLOCK *blk, *s = NULL; OSSL_PARAM *params, *last; - const int num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); - const size_t p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params)); - const size_t total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks); - const size_t ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks; + int num; + size_t p_blks, total, ss; + + if (bld == NULL) { + ERR_raise(ERR_LIB_CRYPTO, ERR_R_PASSED_NULL_PARAMETER); + return 0; + } + + num = sk_OSSL_PARAM_BLD_DEF_num(bld->params); + p_blks = ossl_param_bytes_to_blocks((1 + num) * sizeof(*params)); + total = OSSL_PARAM_ALIGN_SIZE * (p_blks + bld->total_blocks); + ss = OSSL_PARAM_ALIGN_SIZE * bld->secure_blocks; if (ss > 0) { s = OPENSSL_secure_malloc(ss);