diff options
| author | Tomas Mraz <tmraz@fedoraproject.org> | 2021-01-14 14:40:23 +0100 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2021-01-21 18:08:02 +0100 |
| commit | 6d9a54c6e661094c0668f0307213789c2d9be3ec (patch) | |
| tree | f764ddc17039509b4e60f99bd0fbe65d27ac8c48 /crypto | |
| parent | CMP: Allow PKCS#10 input also for ir, cr, kur, and rr messages (diff) | |
| download | openssl-6d9a54c6e661094c0668f0307213789c2d9be3ec.tar.xz openssl-6d9a54c6e661094c0668f0307213789c2d9be3ec.zip | |
Pass correct maximum output length to provider derive operation
And improve error checking in EVP_PKEY_derive* calls.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13869)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/evp/exchange.c | 16 |
1 files changed, 8 insertions, 8 deletions
diff --git a/crypto/evp/exchange.c b/crypto/evp/exchange.c index 501645fa0c..1721db94a7 100644 --- a/crypto/evp/exchange.c +++ b/crypto/evp/exchange.c @@ -183,7 +183,7 @@ int EVP_PKEY_derive_init(EVP_PKEY_CTX *ctx) const char *supported_exch = NULL; if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); return -2; } @@ -318,8 +318,8 @@ int EVP_PKEY_derive_set_peer(EVP_PKEY_CTX *ctx, EVP_PKEY *peer) void *provkey = NULL; if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); + return -1; } if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx) || ctx->op.kex.exchprovctx == NULL) @@ -413,9 +413,9 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) { int ret; - if (ctx == NULL) { - ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); - return -2; + if (ctx == NULL || pkeylen == NULL) { + ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); + return -1; } if (!EVP_PKEY_CTX_IS_DERIVE_OP(ctx)) { @@ -427,11 +427,11 @@ int EVP_PKEY_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *pkeylen) goto legacy; ret = ctx->op.kex.exchange->derive(ctx->op.kex.exchprovctx, key, pkeylen, - SIZE_MAX); + key != NULL ? *pkeylen : 0); return ret; legacy: - if (ctx == NULL || ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { + if (ctx->pmeth == NULL || ctx->pmeth->derive == NULL) { ERR_raise(ERR_LIB_EVP, EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); return -2; } |