root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Handle 0 return values from DH key computations as errors 

Returned 0 from ossl_dh_compute_key(), DH_compute_key_padded() and
DH_compute_key() needs to be treated as an error.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27673)

(cherry picked from commit 1c1ce2a6ee)
This commit is contained in:
Frederik Wedel-Heinen 2025-05-20 19:58:11 +02:00 committed by Tomas Mraz
parent cad59670f2
commit aa33fc08c5
2 changed files with 6 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/dh/dh_pmeth.c
View File

@ -422,7 +422,7 @@ static int pkey_dh_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
ret = DH_compute_key_padded(key, dhpubbn, dh);
else
ret = DH_compute_key(key, dhpubbn, dh);
if (ret < 0)
if (ret <= 0)
return ret;
*keylen = ret;
return 1;

10
test/dhtest.c
View File

@ -208,17 +208,17 @@ static int dh_test(void)
alen = DH_size(a);
if (!TEST_ptr(abuf = OPENSSL_malloc(alen))
|| !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
|| !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0))
goto err3;
blen = DH_size(b);
if (!TEST_ptr(bbuf = OPENSSL_malloc(blen))
|| !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
|| !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0))
goto err3;
clen = DH_size(c);
if (!TEST_ptr(cbuf = OPENSSL_malloc(clen))
|| !TEST_true((cout = DH_compute_key(cbuf, apub_key, c)) != -1))
|| !TEST_int_gt((cout = DH_compute_key(cbuf, apub_key, c)), 0))
goto err3;
if (!TEST_true(aout >= 20)
@ -694,12 +694,12 @@ static int rfc7919_test(void)
alen = DH_size(a);
if (!TEST_int_gt(alen, 0) || !TEST_ptr(abuf = OPENSSL_malloc(alen))
|| !TEST_true((aout = DH_compute_key(abuf, bpub_key, a)) != -1))
|| !TEST_int_gt((aout = DH_compute_key(abuf, bpub_key, a)), 0))
goto err;
blen = DH_size(b);
if (!TEST_int_gt(blen, 0) || !TEST_ptr(bbuf = OPENSSL_malloc(blen))
|| !TEST_true((bout = DH_compute_key(bbuf, apub_key, b)) != -1))
|| !TEST_int_gt((bout = DH_compute_key(bbuf, apub_key, b)), 0))
goto err;
if (!TEST_true(aout >= 20)