Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Quick fixes from Trail of Bits audit Week 1 #1869

Merged
merged 6 commits into from
Jul 29, 2024
Merged
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
fixup! Add missing OpenSSL guards
Signed-off-by: Spencer Wilson <spencer.wilson@uwaterloo.ca>
SWilson4 committed Jul 25, 2024
commit 92f7e0583a3327ece0819cce8eb2ea2adc56b4e5
32 changes: 16 additions & 16 deletions src/common/common.h
Original file line number Diff line number Diff line change
@@ -24,12 +24,12 @@ extern "C" {
* Macro for terminating the program if x is
* a null pointer.
*/
#define OQS_EXIT_IF_NULLPTR(x, loc) \
do { \
if ( (x) == (void*)0 ) { \
#define OQS_EXIT_IF_NULLPTR(x, loc) \
do { \
if ( (x) == (void*)0 ) { \
fprintf(stderr, "Unexpected NULL returned from %s API. Exiting.\n", loc); \
exit(EXIT_FAILURE); \
} \
exit(EXIT_FAILURE); \
} \
} while (0)

/**
@@ -44,21 +44,21 @@ extern "C" {
* handling strategy is developed.
*/
#if defined(OQS_USE_OPENSSL) && !defined(OPENSSL_NO_STDIO)
#define OQS_OPENSSL_GUARD(x) \
do { \
if( 1 != (x) ) { \
#define OQS_OPENSSL_GUARD(x) \
do { \
if( 1 != (x) ) { \
fprintf(stderr, "Error return value from OpenSSL API: %d. Exiting.\n", x); \
OSSL_FUNC(ERR_print_errors_fp)(stderr);
exit(EXIT_FAILURE); \
} \
OSSL_FUNC(ERR_print_errors_fp)(stderr); \
exit(EXIT_FAILURE); \
} \
} while (0)
#else
#define OQS_OPENSSL_GUARD(x) \
do { \
if( 1 != (x) ) { \
#define OQS_OPENSSL_GUARD(x) \
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is the following #define triggered if "OQS_USE_OPENSSL" is NOT set? Wouldn't seem quite right.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. I've refactored the directives so that the guard is defined if and only if OQS_USE_OPENSSL is defined.

do { \
if( 1 != (x) ) { \
fprintf(stderr, "Error return value from OpenSSL API: %d. Exiting.\n", x); \
exit(EXIT_FAILURE); \
} \
exit(EXIT_FAILURE); \
} \
} while (0)
#endif // defined(OQS_USE_OPENSSL) && !defined(OPENSSL_NO_STDIO)

2 changes: 1 addition & 1 deletion src/common/rand/rand_nist.c
Original file line number Diff line number Diff line change
@@ -44,7 +44,7 @@ static void AES256_ECB(unsigned char *key, unsigned char *ctr, unsigned char *bu

/* Create and initialise the context */
ctx = OSSL_FUNC(EVP_CIPHER_CTX_new)();
OQS_EXIT_IF_NULLPTR(ctx);
OQS_EXIT_IF_NULLPTR(ctx, "OpenSSL");

OQS_OPENSSL_GUARD(OSSL_FUNC(EVP_EncryptInit_ex)(ctx, oqs_aes_256_ecb(), NULL, key, NULL));
OQS_OPENSSL_GUARD(OSSL_FUNC(EVP_EncryptUpdate)(ctx, buffer, &len, ctr, 16));