From 185e5163098f078b5c1eea442a9189f70da16d35 Mon Sep 17 00:00:00 2001 From: Hanno Becker Date: Wed, 19 Dec 2018 09:48:50 +0000 Subject: [PATCH] Minor fixes to ECJPAKE parameter validation --- include/mbedtls/ecjpake.h | 6 +++--- library/ecjpake.c | 4 ++++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/ecjpake.h b/include/mbedtls/ecjpake.h index cf4ab87ad..f9291644a 100644 --- a/include/mbedtls/ecjpake.h +++ b/include/mbedtls/ecjpake.h @@ -110,8 +110,8 @@ void mbedtls_ecjpake_init( mbedtls_ecjpake_context *ctx ); * #MBEDTLS_ECJPAKE_CLIENT or #MBEDTLS_ECJPAKE_SERVER. * \param hash The identifier of the hash function to use, * for example #MBEDTLS_MD_SHA256. - * \param curve The identifier of the Telliptic curve to use, - * for example #MBEDTLS_ECP_DP_SECP192K1. + * \param curve The identifier of the elliptic curve to use, + * for example #MBEDTLS_ECP_DP_SECP256R1. * \param secret The pre-shared secret (passphrase). This must be * a readable buffer of length \p len Bytes, but need * only be valid for the duration of this call. It may @@ -209,7 +209,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, * (TLS: contents of the Client/ServerKeyExchange). * * \param ctx The ECJPAKE context to use. This must be initialized - * and set up and have performed roudn one. + * and set up and have performed round one. * \param buf The buffer holding the second round message. This must * be a readable buffer of length \p len Bytes. * \param len The length in Bytes of \p buf. diff --git a/library/ecjpake.c b/library/ecjpake.c index c5ab4cbba..be941b14b 100644 --- a/library/ecjpake.c +++ b/library/ecjpake.c @@ -111,6 +111,7 @@ int mbedtls_ecjpake_setup( mbedtls_ecjpake_context *ctx, size_t len ) { int ret; + ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( role == MBEDTLS_ECJPAKE_CLIENT || role == MBEDTLS_ECJPAKE_SERVER ); @@ -579,6 +580,7 @@ int mbedtls_ecjpake_read_round_two( mbedtls_ecjpake_context *ctx, const unsigned char *end = buf + len; mbedtls_ecp_group grp; mbedtls_ecp_point G; /* C: GB, S: GA */ + ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL ); @@ -673,6 +675,7 @@ int mbedtls_ecjpake_write_round_two( mbedtls_ecjpake_context *ctx, unsigned char *p = buf; const unsigned char *end = buf + len; size_t ec_len; + ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL ); ECJPAKE_VALIDATE_RET( olen != NULL ); @@ -752,6 +755,7 @@ int mbedtls_ecjpake_derive_secret( mbedtls_ecjpake_context *ctx, mbedtls_mpi m_xm2_s, one; unsigned char kx[MBEDTLS_ECP_MAX_BYTES]; size_t x_bytes; + ECJPAKE_VALIDATE_RET( ctx != NULL ); ECJPAKE_VALIDATE_RET( buf != NULL ); ECJPAKE_VALIDATE_RET( olen != NULL );