replace atoi(3) usage with strtonum(3); ok/tweaks tb@

author: op <> 2024-08-26 22:01:28 +0000
committer: op <> 2024-08-26 22:01:28 +0000
commit: ecaaddb84944c0b5282670c1e6dfd04f3cf35c10 (patch)
tree: b4380f19ddfae3ecff8a6134f17a46a472cdd415
parent: 60298806bf99f206c5f6cfe260a00f54b00e0583 (diff)
download: openbsd-ecaaddb84944c0b5282670c1e6dfd04f3cf35c10.tar.gz
openbsd-ecaaddb84944c0b5282670c1e6dfd04f3cf35c10.tar.bz2
openbsd-ecaaddb84944c0b5282670c1e6dfd04f3cf35c10.zip
3 files changed, 64 insertions, 16 deletions
diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c
index 16fc07642a..d422765b00 100644
--- a/src/lib/libcrypto/ec/ec_pmeth.c
+++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ec_pmeth.c,v 1.21 2023/12/28 22:12:37 tb Exp $ */
+/* $OpenBSD: ec_pmeth.c,v 1.22 2024/08/26 22:01:28 op Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -57,6 +57,7 @@
 */
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <openssl/asn1t.h>
@@ -445,10 +446,15 @@ pkey_ec_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
                }
                return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);
        } else if (strcmp(type, "ecdh_cofactor_mode") == 0) {
-                int co_mode;
+                int cofactor_mode;
-                co_mode = atoi(value);
+                const char *errstr;
-                return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode);
+                cofactor_mode = strtonum(value, -1, 1, &errstr);
+                if (errstr != NULL)
+                        return -2;
+                return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, cofactor_mode);
        }
        return -2;
 }
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 9be9079613..a1bdeb3b36 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_pmeth.c,v 1.40 2023/12/28 21:59:07 tb Exp $ */
+/* $OpenBSD: rsa_pmeth.c,v 1.41 2024/08/26 22:01:28 op Exp $ */
 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
 * project 2006.
 */
@@ -58,6 +58,7 @@
 #include <limits.h>
 #include <stdio.h>
+#include <stdlib.h>
 #include <string.h>
 #include <openssl/opensslconf.h>
@@ -630,6 +631,8 @@ pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
 static int
 pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
 {
+        const char *errstr;
        if (!value) {
                RSAerror(RSA_R_VALUE_MISSING);
                return 0;
@@ -664,13 +667,24 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
                        saltlen = RSA_PSS_SALTLEN_MAX;
                else if (!strcmp(value, "auto"))
                        saltlen = RSA_PSS_SALTLEN_AUTO;
-                else
+                else {
-                        saltlen = atoi(value);
+                        saltlen = strtonum(value, 0, INT_MAX, &errstr);
+                        if (errstr != NULL) {
+                                RSAerror(RSA_R_INVALID_PSS_SALTLEN);
+                                return -2;
+                        }
+                }
                return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
        }
        if (strcmp(type, "rsa_keygen_bits") == 0) {
-                int nbits = atoi(value);
+                int nbits;
+                nbits = strtonum(value, 0, INT_MAX, &errstr);
+                if (errstr != NULL) {
+                        RSAerror(RSA_R_INVALID_KEYBITS);
+                        return -2;
+                }
                return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
        }
@@ -702,7 +716,13 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
                            EVP_PKEY_CTRL_MD, value);
                if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
-                        int saltlen = atoi(value);
+                        int saltlen;
+                        saltlen = strtonum(value, 0, INT_MAX, &errstr);
+                        if (errstr != NULL) {
+                                RSAerror(RSA_R_INVALID_PSS_SALTLEN);
+                                return -2;
+                        }
                        return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen);
                }
diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c
index ef8569ef04..bd499238f5 100644
--- a/src/lib/libcrypto/ts/ts_conf.c
+++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ts_conf.c,v 1.14 2024/03/26 00:39:22 beck Exp $ */
+/* $OpenBSD: ts_conf.c,v 1.15 2024/08/26 22:01:28 op Exp $ */
 /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
 * project 2002.
 */
@@ -56,6 +56,8 @@
 *
 */
+#include <limits.h>
+#include <stdlib.h>
 #include <string.h>
 #include <openssl/opensslconf.h>
@@ -394,6 +396,7 @@ TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
        int secs = 0, millis = 0, micros = 0;
        STACK_OF(CONF_VALUE) *list = NULL;
        char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
+        const char *errstr;
        if (accuracy && !(list = X509V3_parse_list(accuracy))) {
                TS_CONF_invalid(section, ENV_ACCURACY);
@@ -402,14 +405,33 @@ TS_CONF_set_accuracy(CONF *conf, const char *section, TS_RESP_CTX *ctx)
        for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
                CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
                if (strcmp(val->name, ENV_VALUE_SECS) == 0) {
-                        if (val->value)
+                        if (val->value) {
-                                secs = atoi(val->value);
+                                secs = strtonum(val->value, 0, INT_MAX,
+                                    &errstr);
+                                if (errstr != NULL) {
+                                        TS_CONF_invalid(section,
+                                            ENV_VALUE_SECS);
+                                        goto err;
+                                }
+                        }
                } else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) {
-                        if (val->value)
+                        if (val->value) {
-                                millis = atoi(val->value);
+                                millis = strtonum(val->value, 1, 999, &errstr);
+                                if (errstr != NULL) {
+                                        TS_CONF_invalid(section,
+                                            ENV_VALUE_MILLISECS);
+                                        goto err;
+                                }
+                        }
                } else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) {
-                        if (val->value)
+                        if (val->value) {
-                                micros = atoi(val->value);
+                                micros = strtonum(val->value, 1, 999, &errstr);
+                                if (errstr != NULL) {
+                                        TS_CONF_invalid(section,
+                                            ENV_VALUE_MICROSECS);
+                                        goto err;
+                                }
+                        }
                } else {
                        TS_CONF_invalid(section, ENV_ACCURACY);
                        goto err;
author	op <>	2024-08-26 22:01:28 +0000
committer	op <>	2024-08-26 22:01:28 +0000
commit	ecaaddb84944c0b5282670c1e6dfd04f3cf35c10 (patch)
tree	b4380f19ddfae3ecff8a6134f17a46a472cdd415
parent	60298806bf99f206c5f6cfe260a00f54b00e0583 (diff)
download	openbsd-ecaaddb84944c0b5282670c1e6dfd04f3cf35c10.tar.gz openbsd-ecaaddb84944c0b5282670c1e6dfd04f3cf35c10.tar.bz2 openbsd-ecaaddb84944c0b5282670c1e6dfd04f3cf35c10.zip

diff --git a/src/lib/libcrypto/ec/ec_pmeth.c b/src/lib/libcrypto/ec/ec_pmeth.c index 16fc07642a..d422765b00 100644 --- a/src/lib/libcrypto/ec/ec_pmeth.c +++ b/src/lib/libcrypto/ec/ec_pmeth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ec_pmeth.c,v 1.21 2023/12/28 22:12:37 tb Exp $ */	1	/* $OpenBSD: ec_pmeth.c,v 1.22 2024/08/26 22:01:28 op Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -57,6 +57,7 @@
57	*/	57	*/
58		58
59	#include <stdio.h>	59	#include <stdio.h>
		60	#include <stdlib.h>
60	#include <string.h>	61	#include <string.h>
61		62
62	#include <openssl/asn1t.h>	63	#include <openssl/asn1t.h>
@@ -445,10 +446,15 @@ pkey_ec_ctrl_str(EVP_PKEY_CTX ctx, const char type, const char *value)
445	}	446	}
446	return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);	447	return EVP_PKEY_CTX_set_ecdh_kdf_md(ctx, md);
447	} else if (strcmp(type, "ecdh_cofactor_mode") == 0) {	448	} else if (strcmp(type, "ecdh_cofactor_mode") == 0) {
448	int co_mode;	449	int cofactor_mode;
449	co_mode = atoi(value);	450	const char *errstr;
450	return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, co_mode);	451
		452	cofactor_mode = strtonum(value, -1, 1, &errstr);
		453	if (errstr != NULL)
		454	return -2;
		455	return EVP_PKEY_CTX_set_ecdh_cofactor_mode(ctx, cofactor_mode);
451	}	456	}
		457
452	return -2;	458	return -2;
453	}	459	}
454		460


diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c index 9be9079613..a1bdeb3b36 100644 --- a/src/lib/libcrypto/rsa/rsa_pmeth.c +++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_pmeth.c,v 1.40 2023/12/28 21:59:07 tb Exp $ */	1	/* $OpenBSD: rsa_pmeth.c,v 1.41 2024/08/26 22:01:28 op Exp $ */
2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL	2	/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3	* project 2006.	3	* project 2006.
4	*/	4	*/
@@ -58,6 +58,7 @@
58		58
59	#include <limits.h>	59	#include <limits.h>
60	#include <stdio.h>	60	#include <stdio.h>
		61	#include <stdlib.h>
61	#include <string.h>	62	#include <string.h>
62		63
63	#include <openssl/opensslconf.h>	64	#include <openssl/opensslconf.h>
@@ -630,6 +631,8 @@ pkey_rsa_ctrl(EVP_PKEY_CTX ctx, int type, int p1, void p2)
630	static int	631	static int
631	pkey_rsa_ctrl_str(EVP_PKEY_CTX ctx, const char type, const char *value)	632	pkey_rsa_ctrl_str(EVP_PKEY_CTX ctx, const char type, const char *value)
632	{	633	{
		634	const char *errstr;
		635
633	if (!value) {	636	if (!value) {
634	RSAerror(RSA_R_VALUE_MISSING);	637	RSAerror(RSA_R_VALUE_MISSING);
635	return 0;	638	return 0;
@@ -664,13 +667,24 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX ctx, const char type, const char *value)
664	saltlen = RSA_PSS_SALTLEN_MAX;	667	saltlen = RSA_PSS_SALTLEN_MAX;
665	else if (!strcmp(value, "auto"))	668	else if (!strcmp(value, "auto"))
666	saltlen = RSA_PSS_SALTLEN_AUTO;	669	saltlen = RSA_PSS_SALTLEN_AUTO;
667	else	670	else {
668	saltlen = atoi(value);	671	saltlen = strtonum(value, 0, INT_MAX, &errstr);
		672	if (errstr != NULL) {
		673	RSAerror(RSA_R_INVALID_PSS_SALTLEN);
		674	return -2;
		675	}
		676	}
669	return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);	677	return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
670	}	678	}
671		679
672	if (strcmp(type, "rsa_keygen_bits") == 0) {	680	if (strcmp(type, "rsa_keygen_bits") == 0) {
673	int nbits = atoi(value);	681	int nbits;
		682
		683	nbits = strtonum(value, 0, INT_MAX, &errstr);
		684	if (errstr != NULL) {
		685	RSAerror(RSA_R_INVALID_KEYBITS);
		686	return -2;
		687	}
674		688
675	return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);	689	return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
676	}	690	}
@@ -702,7 +716,13 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX ctx, const char type, const char *value)
702	EVP_PKEY_CTRL_MD, value);	716	EVP_PKEY_CTRL_MD, value);
703		717
704	if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {	718	if (strcmp(type, "rsa_pss_keygen_saltlen") == 0) {
705	int saltlen = atoi(value);	719	int saltlen;
		720
		721	saltlen = strtonum(value, 0, INT_MAX, &errstr);
		722	if (errstr != NULL) {
		723	RSAerror(RSA_R_INVALID_PSS_SALTLEN);
		724	return -2;
		725	}
706		726
707	return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen);	727	return EVP_PKEY_CTX_set_rsa_pss_keygen_saltlen(ctx, saltlen);
708	}	728	}


diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c index ef8569ef04..bd499238f5 100644 --- a/src/lib/libcrypto/ts/ts_conf.c +++ b/src/lib/libcrypto/ts/ts_conf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ts_conf.c,v 1.14 2024/03/26 00:39:22 beck Exp $ */	1	/* $OpenBSD: ts_conf.c,v 1.15 2024/08/26 22:01:28 op Exp $ */
2	/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL	2	/* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL
3	* project 2002.	3	* project 2002.
4	*/	4	*/
@@ -56,6 +56,8 @@
56	*	56	*
57	*/	57	*/
58		58
		59	#include <limits.h>
		60	#include <stdlib.h>
59	#include <string.h>	61	#include <string.h>
60		62
61	#include <openssl/opensslconf.h>	63	#include <openssl/opensslconf.h>
@@ -394,6 +396,7 @@ TS_CONF_set_accuracy(CONF conf, const char section, TS_RESP_CTX *ctx)
394	int secs = 0, millis = 0, micros = 0;	396	int secs = 0, millis = 0, micros = 0;
395	STACK_OF(CONF_VALUE) *list = NULL;	397	STACK_OF(CONF_VALUE) *list = NULL;
396	char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);	398	char *accuracy = NCONF_get_string(conf, section, ENV_ACCURACY);
		399	const char *errstr;
397		400
398	if (accuracy && !(list = X509V3_parse_list(accuracy))) {	401	if (accuracy && !(list = X509V3_parse_list(accuracy))) {
399	TS_CONF_invalid(section, ENV_ACCURACY);	402	TS_CONF_invalid(section, ENV_ACCURACY);
@@ -402,14 +405,33 @@ TS_CONF_set_accuracy(CONF conf, const char section, TS_RESP_CTX *ctx)
402	for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {	405	for (i = 0; i < sk_CONF_VALUE_num(list); ++i) {
403	CONF_VALUE *val = sk_CONF_VALUE_value(list, i);	406	CONF_VALUE *val = sk_CONF_VALUE_value(list, i);
404	if (strcmp(val->name, ENV_VALUE_SECS) == 0) {	407	if (strcmp(val->name, ENV_VALUE_SECS) == 0) {
405	if (val->value)	408	if (val->value) {
406	secs = atoi(val->value);	409	secs = strtonum(val->value, 0, INT_MAX,
		410	&errstr);
		411	if (errstr != NULL) {
		412	TS_CONF_invalid(section,
		413	ENV_VALUE_SECS);
		414	goto err;
		415	}
		416	}
407	} else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) {	417	} else if (strcmp(val->name, ENV_VALUE_MILLISECS) == 0) {
408	if (val->value)	418	if (val->value) {
409	millis = atoi(val->value);	419	millis = strtonum(val->value, 1, 999, &errstr);
		420	if (errstr != NULL) {
		421	TS_CONF_invalid(section,
		422	ENV_VALUE_MILLISECS);
		423	goto err;
		424	}
		425	}
410	} else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) {	426	} else if (strcmp(val->name, ENV_VALUE_MICROSECS) == 0) {
411	if (val->value)	427	if (val->value) {
412	micros = atoi(val->value);	428	micros = strtonum(val->value, 1, 999, &errstr);
		429	if (errstr != NULL) {
		430	TS_CONF_invalid(section,
		431	ENV_VALUE_MICROSECS);
		432	goto err;
		433	}
		434	}
413	} else {	435	} else {
414	TS_CONF_invalid(section, ENV_ACCURACY);	436	TS_CONF_invalid(section, ENV_ACCURACY);
415	goto err;	437	goto err;