lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity

Merge pull request #5767 from leorosen/avoid-null-args

Browse Source 
Avoid potentially passing NULL arguments
This commit is contained in:
Dave Rodgman
2022-05-30 11:40:21 +01:00
committed by GitHub
parent 52625b739e 114203814a
commit a3344f7bac
1 changed files with 17 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
library/ssl_tls12_server.c
View File

@ -2504,8 +2504,9 @@ static int ssl_write_server_hello( mbedtls_ssl_context *ssl )
#if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \ #if defined(MBEDTLS_ECDH_C) || defined(MBEDTLS_ECDSA_C) || \
defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED) defined(MBEDTLS_KEY_EXCHANGE_ECJPAKE_ENABLED)
if ( mbedtls_ssl_ciphersuite_uses_ec( const mbedtls_ssl_ciphersuite_t *suite =
mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite ) ) ) mbedtls_ssl_ciphersuite_from_id( ssl->session_negotiate->ciphersuite );
if ( suite != NULL && mbedtls_ssl_ciphersuite_uses_ec( suite) )
{ {
ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen ); ssl_write_supported_point_formats_ext( ssl, p + 2 + ext_len, &olen );
ext_len += olen; ext_len += olen;
@ -2825,7 +2826,14 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
{ {
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ! mbedtls_pk_can_do( mbedtls_ssl_own_key( ssl ), MBEDTLS_PK_ECKEY ) ) const mbedtls_pk_context *private_key = mbedtls_ssl_own_key( ssl );
if( private_key == NULL)
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "got no server private key" ) );
return( MBEDTLS_ERR_SSL_PRIVATE_KEY_REQUIRED );
}
if( ! mbedtls_pk_can_do( private_key, MBEDTLS_PK_ECKEY ) )
{ {
MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) ); MBEDTLS_SSL_DEBUG_MSG( 1, ( "server key not ECDH capable" ) );
return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH ); return( MBEDTLS_ERR_SSL_PK_TYPE_MISMATCH );
@ -3160,6 +3168,12 @@ curve_matching_done:
#if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED) #if defined(MBEDTLS_KEY_EXCHANGE_WITH_SERVER_SIGNATURE_ENABLED)
if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) ) if( mbedtls_ssl_ciphersuite_uses_server_signature( ciphersuite_info ) )
{ {
if( dig_signed == NULL )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
}
size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed; size_t dig_signed_len = ssl->out_msg + ssl->out_msglen - dig_signed;
size_t hashlen = 0; size_t hashlen = 0;
#if defined(MBEDTLS_USE_PSA_CRYPTO) #if defined(MBEDTLS_USE_PSA_CRYPTO)