[openssl] master update
Dr. Paul Dale
pauli at openssl.org
Thu Feb 6 06:22:27 UTC 2020
The branch master has been updated
via 8b6ffd40401bd3b78538cb8d496db0c6926185b0 (commit)
from b744f915ca8bb37631909728dd2529289bda8438 (commit)
- Log -----------------------------------------------------------------
commit 8b6ffd40401bd3b78538cb8d496db0c6926185b0
Author: Pauli <paul.dale at oracle.com>
Date: Wed Feb 5 15:13:49 2020 +1000
Params: change UTF8 construct calls to avoid explicit strlen(3) calls.
It is better, safer and smaller to let the library routine handle the
strlen(3) call.
Added a note to the documentation suggesting this.
Reviewed-by: Tim Hudson <tjh at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/11019)
-----------------------------------------------------------------------
Summary of changes:
crypto/dh/dh_kdf.c | 4 ++--
crypto/ec/ecdh_kdf.c | 3 +--
crypto/evp/p5_crpt2.c | 2 +-
crypto/evp/pkey_kdf.c | 3 +--
crypto/evp/pmeth_lib.c | 3 +--
crypto/rsa/rsa_lib.c | 12 ++++--------
doc/man3/OSSL_PARAM_int.pod | 4 +++-
ssl/t1_enc.c | 2 +-
ssl/tls13_enc.c | 4 ++--
9 files changed, 16 insertions(+), 21 deletions(-)
diff --git a/crypto/dh/dh_kdf.c b/crypto/dh/dh_kdf.c
index a1bbea3013..23bc8acb73 100644
--- a/crypto/dh/dh_kdf.c
+++ b/crypto/dh/dh_kdf.c
@@ -43,14 +43,14 @@ int DH_KDF_X9_42(unsigned char *out, size_t outlen,
if ((kctx = EVP_KDF_CTX_new(kdf)) == NULL)
goto err;
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
- (char *)mdname, strlen(mdname) + 1);
+ (char *)mdname, 0);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
(unsigned char *)Z, Zlen);
if (ukm != NULL)
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_UKM,
(unsigned char *)ukm, ukmlen);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_CEK_ALG,
- (char *)oid_sn, strlen(oid_sn) + 1);
+ (char *)oid_sn, 0);
*p = OSSL_PARAM_construct_end();
ret = EVP_KDF_CTX_set_params(kctx, params) > 0
&& EVP_KDF_derive(kctx, out, outlen) > 0;
diff --git a/crypto/ec/ecdh_kdf.c b/crypto/ec/ecdh_kdf.c
index bc9c968655..80675ccf96 100644
--- a/crypto/ec/ecdh_kdf.c
+++ b/crypto/ec/ecdh_kdf.c
@@ -34,8 +34,7 @@ int ecdh_KDF_X9_63(unsigned char *out, size_t outlen,
if ((kctx = EVP_KDF_CTX_new(kdf)) != NULL) {
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
- (char *)mdname,
- strlen(mdname) + 1);
+ (char *)mdname, 0);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
(void *)Z, Zlen);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c
index 2a27f53047..aa8ab98756 100644
--- a/crypto/evp/p5_crpt2.c
+++ b/crypto/evp/p5_crpt2.c
@@ -52,7 +52,7 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen,
(unsigned char *)salt, saltlen);
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_ITER, &iter);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
- (char *)mdname, strlen(mdname) + 1);
+ (char *)mdname, 0);
*p = OSSL_PARAM_construct_end();
if (EVP_KDF_CTX_set_params(kctx, params) != 1
|| EVP_KDF_derive(kctx, out, keylen) != 1)
diff --git a/crypto/evp/pkey_kdf.c b/crypto/evp/pkey_kdf.c
index b1337f511a..818c89eab2 100644
--- a/crypto/evp/pkey_kdf.c
+++ b/crypto/evp/pkey_kdf.c
@@ -186,8 +186,7 @@ static int pkey_kdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
case T_DIGEST:
mdname = EVP_MD_name((const EVP_MD *)p2);
- params[0] = OSSL_PARAM_construct_utf8_string(name, (char *)mdname,
- strlen(mdname) + 1);
+ params[0] = OSSL_PARAM_construct_utf8_string(name, (char *)mdname, 0);
break;
/*
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 2cbd3ff284..3089d84fa0 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -704,8 +704,7 @@ int EVP_PKEY_CTX_set_signature_md(EVP_PKEY_CTX *ctx, const EVP_MD *md)
* Cast away the const. This is read
* only so should be safe
*/
- (char *)name,
- strlen(name) + 1);
+ (char *)name, 0);
*p++ = OSSL_PARAM_construct_end();
return EVP_PKEY_CTX_set_params(ctx, sig_md_params);
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index f538f72d14..634c251efe 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -851,8 +851,7 @@ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
* Cast away the const. This is read
* only so should be safe
*/
- (char *)mdname,
- strlen(mdname) + 1);
+ (char *)mdname, 0);
if (mdprops != NULL) {
*p++ = OSSL_PARAM_construct_utf8_string(
OSSL_ASYM_CIPHER_PARAM_OAEP_DIGEST_PROPS,
@@ -860,8 +859,7 @@ int EVP_PKEY_CTX_set_rsa_oaep_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
* Cast away the const. This is read
* only so should be safe
*/
- (char *)mdprops,
- strlen(mdprops) + 1);
+ (char *)mdprops, 0);
}
*p++ = OSSL_PARAM_construct_end();
@@ -979,8 +977,7 @@ int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
* Cast away the const. This is read
* only so should be safe
*/
- (char *)mdname,
- strlen(mdname) + 1);
+ (char *)mdname, 0);
if (mdprops != NULL) {
*p++ = OSSL_PARAM_construct_utf8_string(
OSSL_ASYM_CIPHER_PARAM_MGF1_DIGEST_PROPS,
@@ -988,8 +985,7 @@ int EVP_PKEY_CTX_set_rsa_mgf1_md_name(EVP_PKEY_CTX *ctx, const char *mdname,
* Cast away the const. This is read
* only so should be safe
*/
- (char *)mdprops,
- strlen(mdprops) + 1);
+ (char *)mdprops, 0);
}
*p++ = OSSL_PARAM_construct_end();
diff --git a/doc/man3/OSSL_PARAM_int.pod b/doc/man3/OSSL_PARAM_int.pod
index 8d4aa90c6d..99e4fcf088 100644
--- a/doc/man3/OSSL_PARAM_int.pod
+++ b/doc/man3/OSSL_PARAM_int.pod
@@ -167,7 +167,9 @@ size B<rsize> is created.
OSSL_PARAM_construct_utf8_string() is a function that constructs a UTF8
string OSSL_PARAM structure.
A parameter with name B<key>, storage B<buf> and size B<bsize> is created.
-If B<bsize> is zero, the string length is determined using strlen(3).
+If B<bsize> is zero, the string length is determined using strlen(3) + 1 for the
+null termination byte.
+Generally pass zero for B<bsize> instead of calling strlen(3) yourself.
OSSL_PARAM_construct_octet_string() is a function that constructs an OCTET
string OSSL_PARAM structure.
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index 5937d91e60..59bf789af0 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -55,7 +55,7 @@ static int tls1_PRF(SSL *s,
goto err;
mdname = EVP_MD_name(md);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
- (char *)mdname, strlen(mdname) + 1);
+ (char *)mdname, 0);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_SECRET,
(unsigned char *)sec,
(size_t)slen);
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 9c44813ccb..181f3920a1 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -97,7 +97,7 @@ int tls13_hkdf_expand(SSL *s, const EVP_MD *md, const unsigned char *secret,
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
- (char *)mdname, strlen(mdname) + 1);
+ (char *)mdname, 0);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
(unsigned char *)secret, hashlen);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_INFO,
@@ -252,7 +252,7 @@ int tls13_generate_secret(SSL *s, const EVP_MD *md,
*p++ = OSSL_PARAM_construct_int(OSSL_KDF_PARAM_MODE, &mode);
*p++ = OSSL_PARAM_construct_utf8_string(OSSL_KDF_PARAM_DIGEST,
- (char *)mdname, strlen(mdname) + 1);
+ (char *)mdname, 0);
*p++ = OSSL_PARAM_construct_octet_string(OSSL_KDF_PARAM_KEY,
(unsigned char *)insecret,
insecretlen);
More information about the openssl-commits
mailing list