mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-12 13:36:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

Improve error reporting in key exchange provider implementations

Browse Source 
Added some error reporting in dh_exch.c and unified error reporting
with it in other key exchange methods.

Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14367)
This commit is contained in:
Tomas Mraz 2021-03-01 16:07:15 +01:00 committed by Pauli
parent f5c629a00a
commit 77b03f0e8f
3 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
providers/implementations/exchange/dh_exch.c
View File

@ -19,6 +19,7 @@
#include <openssl/core_names.h>
#include <openssl/dh.h>
#include <openssl/err.h>
#include <openssl/proverr.h>
#include <openssl/params.h>
#include "prov/providercommon.h"
#include "prov/implementations.h"
@ -130,17 +131,20 @@ static int dh_plain_derive(void *vpdhctx,
size_t dhsize;
const BIGNUM *pub_key = NULL;
/* TODO(3.0): Add errors to stack */
if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL)
if (pdhctx->dh == NULL || pdhctx->dhpeer == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
return 0;
}
dhsize = (size_t)DH_size(pdhctx->dh);
if (secret == NULL) {
*secretlen = dhsize;
return 1;
}
if (outlen < dhsize)
if (outlen < dhsize) {
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
DH_get0_key(pdhctx->dhpeer, &pub_key, NULL);
if (pdhctx->pad)
@ -167,8 +171,10 @@ static int dh_X9_42_kdf_derive(void *vpdhctx, unsigned char *secret,
return 1;
}
if (pdhctx->kdf_outlen > outlen)
if (pdhctx->kdf_outlen > outlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
if (!dh_plain_derive(pdhctx, NULL, &stmplen, 0))
return 0;
if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) {

7
providers/implementations/exchange/ecdh_exch.c
View File

@ -21,6 +21,7 @@
#include <openssl/ec.h>
#include <openssl/params.h>
#include <openssl/err.h>
#include <openssl/proverr.h>
#include "prov/provider_ctx.h"
#include "prov/providercommon.h"
#include "prov/implementations.h"
@ -408,7 +409,7 @@ int ecdh_plain_derive(void *vpecdhctx, unsigned char *secret,
int key_cofactor_mode;
if (pecdhctx->k == NULL || pecdhctx->peerk == NULL) {
ERR_raise(ERR_LIB_PROV, EC_R_KEYS_NOT_SET);
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
return 0;
}
@ -486,8 +487,10 @@ int ecdh_X9_63_kdf_derive(void *vpecdhctx, unsigned char *secret,
return 1;
}
if (pecdhctx->kdf_outlen > outlen)
if (pecdhctx->kdf_outlen > outlen) {
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
if (!ecdh_plain_derive(vpecdhctx, NULL, &stmplen, 0))
return 0;
if ((stmp = OPENSSL_secure_malloc(stmplen)) == NULL) {

4
providers/implementations/exchange/ecx_exch.c
View File

@ -123,7 +123,7 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen,
if (ecxctx->key == NULL
|| ecxctx->key->privkey == NULL
|| ecxctx->peerkey == NULL) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY);
ERR_raise(ERR_LIB_PROV, PROV_R_MISSING_KEY);
return 0;
}
@ -138,7 +138,7 @@ static int ecx_derive(void *vecxctx, unsigned char *secret, size_t *secretlen,
return 1;
}
if (outlen < ecxctx->keylen) {
ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
ERR_raise(ERR_LIB_PROV, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}