Minor fixes to ECJPAKE parameter validation

This commit is contained in:
Hanno Becker 2018-12-19 09:48:50 +00:00
parent 8ce3d939be
commit 185e516309
2 changed files with 7 additions and 3 deletions

View file

@ -110,8 +110,8 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx );
* #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER. * #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER.
* \param hash The identifier of the hash function to use, * \param hash The identifier of the hash function to use,
* for example #MBEDTLS_MD_SHA256. * for example #MBEDTLS_MD_SHA256.
* \param curve The identifier of the Telliptic curve to use, * \param curve The identifier of the elliptic curve to use,
* for example #MBEDTLS_ECP_DP_SECP192K1. * for example #MBEDTLS_ECP_DP_SECP256R1.
* \param secret The pre-shared secret (passphrase). This must be * \param secret The pre-shared secret (passphrase). This must be
* a readable buffer of length \p len Bytes, but need * a readable buffer of length \p len Bytes, but need
* only be valid for the duration of this call. It may * only be valid for the duration of this call. It may
@ -209,7 +209,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
* (TLS: contents of the Client/ServerKeyExchange). * (TLS: contents of the Client/ServerKeyExchange).
* *
* \param ctx The ECJPAKE context to use. This must be initialized * \param ctx The ECJPAKE context to use. This must be initialized
* and set up and have performed roudn one. * and set up and have performed round one.
* \param buf The buffer holding the second round message. This must * \param buf The buffer holding the second round message. This must
* be a readable buffer of length \p len Bytes. * be a readable buffer of length \p len Bytes.
* \param len The length in Bytes of \p buf. * \param len The length in Bytes of \p buf.

View file

@ -111,6 +111,7 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx,
size_t len ) size_t len )
{ {
int ret; int ret;
ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( ctx != NULL );
ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT || ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT ||
role == MBEDTLS_ECJPAKE_SERVER ); role == MBEDTLS_ECJPAKE_SERVER );
@ -579,6 +580,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx,
const unsigned char *end = buf + len; const unsigned char *end = buf + len;
mbedtls_ecp_group grp; mbedtls_ecp_group grp;
mbedtls_ecp_point G; /* C: GB, S: GA */ mbedtls_ecp_point G; /* C: GB, S: GA */
ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( ctx != NULL );
ECJPAKE_VALIDATE_RET( buf != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL );
@ -673,6 +675,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx,
unsigned char *p = buf; unsigned char *p = buf;
const unsigned char *end = buf + len; const unsigned char *end = buf + len;
size_t ec_len; size_t ec_len;
ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( ctx != NULL );
ECJPAKE_VALIDATE_RET( buf != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL );
ECJPAKE_VALIDATE_RET( olen != NULL ); ECJPAKE_VALIDATE_RET( olen != NULL );
@ -752,6 +755,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx,
mbedtls_mpi m_xm2_s, one; mbedtls_mpi m_xm2_s, one;
unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
size_t x_bytes; size_t x_bytes;
ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( ctx != NULL );
ECJPAKE_VALIDATE_RET( buf != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL );
ECJPAKE_VALIDATE_RET( olen != NULL ); ECJPAKE_VALIDATE_RET( olen != NULL );