diff --git a/providers/implementations/exchange/dh_exch.c b/providers/implementations/exchange/dh_exch.c index 2638675da5..7f0fa3295e 100644 --- a/providers/implementations/exchange/dh_exch.c +++ b/providers/implementations/exchange/dh_exch.c @@ -19,6 +19,7 @@ #include #include #include +#include #include #include "prov/providercommon.h" #include "prov/implementations.h" @@ -130,17 +131,20 @@ static int dh_plain_derive(void *vpdhctx, size_t dhsize; const BIGNUM *pub_key = NULL; - /* TODO(3.0): Add errors to stack */ - if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL) + if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL) { + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; + } dhsize = (size_t)DH_size(pdhctx->dh); if (secret == NULL) { *secretlen = dhsize; return 1; } - if (outlen < dhsize) + if (outlen < dhsize) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } DH_get0_key(pdhctx->dhpeer, &pub_key, NULL); if (pdhctx->pad) @@ -167,8 +171,10 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret, return 1; } - if (pdhctx->kdf_outlen > outlen) + if (pdhctx->kdf_outlen > outlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } if (!dh_plain_derive(pdhctx, NULL, &stmplen, 0)) return 0; if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { diff --git a/providers/implementations/exchange/ecdh_exch.c b/providers/implementations/exchange/ecdh_exch.c index 6c24643255..a1b984769e 100644 --- a/providers/implementations/exchange/ecdh_exch.c +++ b/providers/implementations/exchange/ecdh_exch.c @@ -21,6 +21,7 @@ #include #include #include +#include #include "prov/provider_ctx.h" #include "prov/providercommon.h" #include "prov/implementations.h" @@ -408,7 +409,7 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret, int key_cofactor_mode; if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) { - ERR_raise(ERR_LIB_PROV, EC_R_KEYS_NOT_SET); + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; } @@ -486,8 +487,10 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret, return 1; } - if (pecdhctx->kdf_outlen > outlen) + if (pecdhctx->kdf_outlen > outlen) { + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } if (!ecdh_plain_derive(vpecdhctx, NULL, &stmplen, 0)) return 0; if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) { diff --git a/providers/implementations/exchange/ecx_exch.c b/providers/implementations/exchange/ecx_exch.c index 6d4471be3c..17861c0d75 100644 --- a/providers/implementations/exchange/ecx_exch.c +++ b/providers/implementations/exchange/ecx_exch.c @@ -123,7 +123,7 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, if (ecxctx->key == NULL || ecxctx->key->privkey == NULL || ecxctx->peerkey == NULL) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY); + ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY); return 0; } @@ -138,7 +138,7 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen, return 1; } if (outlen < ecxctx->keylen) { - ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); + ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; }