Pass correct maximum output length to provider derive operation

author Tomas Mraz <tmraz@fedoraproject.org>

Thu, 14 Jan 2021 13:40:23 +0000 (14:40 +0100)

committer Tomas Mraz <tomas@openssl.org>

Thu, 21 Jan 2021 17:08:02 +0000 (18:08 +0100)
author Tomas Mraz <tmraz@fedoraproject.org>
Thu, 14 Jan 2021 13:40:23 +0000 (14:40 +0100)
committer Tomas Mraz <tomas@openssl.org>
Thu, 21 Jan 2021 17:08:02 +0000 (18:08 +0100)
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c

index 501645fa0c9d23fd3fcf4a0ca9bc499bdde4d996..1721db94a7928d5f78673ed607baa9a002a4f48f 100644 (file)
--- a/crypto/evp/exchange.c
+++ b/crypto/evp/exchange.c
@@ -183,7 +183,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx)
      const char *supported_exch = NULL;
  
      if (ctx == NULL) {
-        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
          return -2;
      }
  
@@ -318,8 +318,8 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer)
      void *provkey = NULL;
  
      if (ctx == NULL) {
-        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
      }
  
      if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.exchprovctx == NULL)
@@ -413,9 +413,9 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
  {
      int ret;
  
-    if (ctx == NULL) {
-        ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
-        return -2;
+    if (ctx == NULL || pkeylen == NULL) {
+        ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
+        return -1;
      }
  
      if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) {
@@ -427,11 +427,11 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen)
          goto legacy;
  
      ret = ctx->op.kex.exchange->derive(ctx->op.kex.exchprovctx, key, pkeylen,
-                                       SIZE_MAX);
+                                       key != NULL ? *pkeylen : 0);
  
      return ret;
   legacy:
-    if (ctx ==  NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
+    if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) {
          ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
          return -2;
      }
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c

index 0d76778ab58f6706adbb6f320c710304ef5fba70..c80a2c0dbc04a0de308a7183e467fccdb21638ea 100644 (file)
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -361,7 +361,7 @@ static int self_test_ka(const ST_KAT_KAS *t,
      OSSL_PARAM *params = NULL;
      OSSL_PARAM *params_peer = NULL;
      unsigned char secret[256];
-    size_t secret_len;
+    size_t secret_len = sizeof(secret);
      OSSL_PARAM_BLD *bld = NULL;
      BN_CTX *bnctx = NULL;
author	Tomas Mraz <tmraz@fedoraproject.org>
	Thu, 14 Jan 2021 13:40:23 +0000 (14:40 +0100)
committer	Tomas Mraz <tomas@openssl.org>
	Thu, 21 Jan 2021 17:08:02 +0000 (18:08 +0100)
crypto/evp/exchange.c		patch \| blob \| blame \| history
providers/fips/self_test_kats.c		patch \| blob \| blame \| history