]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 8a9e0d0)
Handle 0 return values from DH key computations as errors
authorFrederik Wedel-Heinen <frederik.wedel-heinen@dencrypt.dk>
Tue, 20 May 2025 17:58:11 +0000 (19:58 +0200)
committerTomas Mraz <tomas@openssl.org>
Tue, 3 Jun 2025 12:26:54 +0000 (14:26 +0200)
Returned 0 from ossl_dh_compute_key(), DH_compute_key_padded() and
DH_compute_key() needs to be treated as an error.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27673)

crypto/dh/dh_pmeth.c patch | blob | blame | history
test/dhtest.c patch | blob | blame | history

diff --git a/crypto/dh/dh_pmeth.c b/crypto/dh/dh_pmeth.c
index c11ada98267c724cbaa71640d5abbdd94f04d518..5095d8c2d678c7526ae510d94ae65558516b4ed2 100644 (file)
--- a/crypto/dh/dh_pmeth.c
+++ b/crypto/dh/dh_pmeth.c
@@ -422,7 +422,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
             ret = DH_compute_key_padded(key, dhpubbn, dh);
         else
             ret = DH_compute_key(key, dhpubbn, dh);
-        if (ret < 0)
+        if (ret <= 0)
             return ret;
         *keylen = ret;
         return 1;
diff --git a/test/dhtest.c b/test/dhtest.c
index bef706909c734688bd303fb7709ed99f2762cbc4..7b101df1a078bae84ad7eb7fa1caf109ecae1f21 100644 (file)
--- a/test/dhtest.c
+++ b/test/dhtest.c
@@ -208,17 +208,17 @@ static int dh_test(void)
 
     alen = DH_size(a);
     if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
-            || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
+            || !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0))
         goto err3;
 
     blen = DH_size(b);
     if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
-            || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
+            || !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0))
         goto err3;
 
     clen = DH_size(c);
     if (!TEST_ptr(cbuf = OPENSSL_malloc(clen))
-            || !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1))
+            || !TEST_int_gt((cout = DH_compute_key(cbuf, apub_key, c)), 0))
         goto err3;
 
     if (!TEST_true(aout >= 20)
@@ -694,12 +694,12 @@ static int rfc7919_test(void)
 
     alen = DH_size(a);
     if (!TEST_int_gt(alen, 0) || !TEST_ptr(abuf = OPENSSL_malloc(alen))
-            || !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
+            || !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0))
         goto err;
 
     blen = DH_size(b);
     if (!TEST_int_gt(blen, 0) || !TEST_ptr(bbuf = OPENSSL_malloc(blen))
-            || !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
+            || !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0))
         goto err;
 
     if (!TEST_true(aout >= 20)
Mirror of https://github.com/openssl/openssl.git