From: Pauli Date: Wed, 5 Feb 2020 05:13:49 +0000 (+1000) Subject: Params: change UTF8 construct calls to avoid explicit strlen(3) calls. X-Git-Tag: openssl-3.0.0-alpha1~545 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=8b6ffd40401bd3b78538cb8d496db0c6926185b0;p=oweals%2Fopenssl.git Params: change UTF8 construct calls to avoid explicit strlen(3) calls. It is better, safer and smaller to let the library routine handle the strlen(3) call. Added a note to the documentation suggesting this. Reviewed-by: Tim Hudson (Merged from https://github.com/openssl/openssl/pull/11019) --- diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c index a1bbea3013..23bc8acb73 100644 --- a/crypto/dh/dh_kdf.c +++ b/crypto/dh/dh_kdf.c @@ -43,14 +43,14 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen, if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL) goto err; *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, strlen(mdname) + 1); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (unsigned char *)Z, Zlen); if (ukm != NULL) *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM, (unsigned char *)ukm, ukmlen); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG, - (char *)oid_sn, strlen(oid_sn) + 1); + (char *)oid_sn, 0); *p = OSSL_PARAM_construct_end(); ret = EVP_KDF_CTX_set_params(kctx, params) > 0 && EVP_KDF_derive(kctx, out, outlen) > 0; diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c index bc9c968655..80675ccf96 100644 --- a/crypto/ec/ecdh_kdf.c +++ b/crypto/ec/ecdh_kdf.c @@ -34,8 +34,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen, if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) { *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, - strlen(mdname) + 1); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (void *)Z, Zlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 2a27f53047..aa8ab98756 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -52,7 +52,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, (unsigned char *)salt, saltlen); *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, strlen(mdname) + 1); + (char *)mdname, 0); *p = OSSL_PARAM_construct_end(); if (EVP_KDF_CTX_set_params(kctx, params) != 1 || EVP_KDF_derive(kctx, out, keylen) != 1) diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c index b1337f511a..818c89eab2 100644 --- a/crypto/evp/pkey_kdf.c +++ b/crypto/evp/pkey_kdf.c @@ -186,8 +186,7 @@ static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) case T_DIGEST: mdname = EVP_MD_name((const EVP_MD *)p2); - params[0] = OSSL_PARAM_construct_utf8_string(name, (char *)mdname, - strlen(mdname) + 1); + params[0] = OSSL_PARAM_construct_utf8_string(name, (char *)mdname, 0); break; /* diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index 2cbd3ff284..3089d84fa0 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -704,8 +704,7 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md) * Cast away the const. This is read * only so should be safe */ - (char *)name, - strlen(name) + 1); + (char *)name, 0); *p++ = OSSL_PARAM_construct_end(); return EVP_PKEY_CTX_set_params(ctx, sig_md_params); diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index f538f72d14..634c251efe 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -851,8 +851,7 @@ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, * Cast away the const. This is read * only so should be safe */ - (char *)mdname, - strlen(mdname) + 1); + (char *)mdname, 0); if (mdprops != NULL) { *p++ = OSSL_PARAM_construct_utf8_string( OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS, @@ -860,8 +859,7 @@ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname, * Cast away the const. This is read * only so should be safe */ - (char *)mdprops, - strlen(mdprops) + 1); + (char *)mdprops, 0); } *p++ = OSSL_PARAM_construct_end(); @@ -979,8 +977,7 @@ int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, * Cast away the const. This is read * only so should be safe */ - (char *)mdname, - strlen(mdname) + 1); + (char *)mdname, 0); if (mdprops != NULL) { *p++ = OSSL_PARAM_construct_utf8_string( OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS, @@ -988,8 +985,7 @@ int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname, * Cast away the const. This is read * only so should be safe */ - (char *)mdprops, - strlen(mdprops) + 1); + (char *)mdprops, 0); } *p++ = OSSL_PARAM_construct_end(); diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod index 8d4aa90c6d..99e4fcf088 100644 --- a/doc/man3/OSSL_PARAM_int.pod +++ b/doc/man3/OSSL_PARAM_int.pod @@ -167,7 +167,9 @@ size B is created. OSSL_PARAM_construct_utf8_string() is a function that constructs a UTF8 string OSSL_PARAM structure. A parameter with name B, storage B and size B is created. -If B is zero, the string length is determined using strlen(3). +If B is zero, the string length is determined using strlen(3) + 1 for the +null termination byte. +Generally pass zero for B instead of calling strlen(3) yourself. OSSL_PARAM_construct_octet_string() is a function that constructs an OCTET string OSSL_PARAM structure. diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c index 5937d91e60..59bf789af0 100644 --- a/ssl/t1_enc.c +++ b/ssl/t1_enc.c @@ -55,7 +55,7 @@ static int tls1_PRF(SSL *s, goto err; mdname = EVP_MD_name(md); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, strlen(mdname) + 1); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET, (unsigned char *)sec, (size_t)slen); diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c index 9c44813ccb..181f3920a1 100644 --- a/ssl/tls13_enc.c +++ b/ssl/tls13_enc.c @@ -97,7 +97,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret, *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, strlen(mdname) + 1); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (unsigned char *)secret, hashlen); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO, @@ -252,7 +252,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md, *p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode); *p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST, - (char *)mdname, strlen(mdname) + 1); + (char *)mdname, 0); *p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY, (unsigned char *)insecret, insecretlen);