Revision - a5170a8 - Add Missing Error Messages for AES-OCB Tag Length Validation – ENEA Mirror of the Software Heritage archive

Revision a5170a8249d01e4e9cf5890b49ff6623637df09b authored by erbsland-dev on 10 September 2024, 19:24:59 UTC, committed by Tomas Mraz on 13 September 2024, 08:13:16 UTC

Add Missing Error Messages for AES-OCB Tag Length Validation

Related to #8331
Addressing found issues by adding specific error messages to improve
feedback when tag length checks fail for the `EVP_CTRL_AEAD_SET_TAG`
parameter in the AES-OCB algorithm.

- Added PROV_R_INVALID_TAG_LENGTH error to indicate when the current tag
  length exceeds the maximum tag length of the algorithm.
- Added `PROV_R_INVALID_TAG_LENGTH` error to indicate when the current tag
  length in the context does not match a custom tag length provided as
  a parameter.
- Added `ERR_R_PASSED_INVALID_ARGUMENT` error to handle cases where an
  invalid pointer is passed in encryption mode.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25425)

(cherry picked from commit 645edf50f0274448174d9739543bf01b1708b2f5)

1 parent 5cd025c

Files
Changes

Permalinks

srtp.h

/*
 * Copyright 2011-2016 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the Apache License 2.0 (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

/*
 * DTLS code by Eric Rescorla <ekr@rtfm.com>
 *
 * Copyright (C) 2006, Network Resonance, Inc. Copyright (C) 2011, RTFM, Inc.
 */

#ifndef OPENSSL_SRTP_H
# define OPENSSL_SRTP_H
# pragma once

# include <openssl/macros.h>
# ifndef OPENSSL_NO_DEPRECATED_3_0
#  define HEADER_D1_SRTP_H
# endif

# include <openssl/ssl.h>

#ifdef  __cplusplus
extern "C" {
#endif

# define SRTP_AES128_CM_SHA1_80                     0x0001
# define SRTP_AES128_CM_SHA1_32                     0x0002
# define SRTP_AES128_F8_SHA1_80                     0x0003
# define SRTP_AES128_F8_SHA1_32                     0x0004
# define SRTP_NULL_SHA1_80                          0x0005
# define SRTP_NULL_SHA1_32                          0x0006

/* AEAD SRTP protection profiles from RFC 7714 */
# define SRTP_AEAD_AES_128_GCM                      0x0007
# define SRTP_AEAD_AES_256_GCM                      0x0008

/* DOUBLE AEAD SRTP protection profiles from RFC 8723 */
# define SRTP_DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM   0x0009
# define SRTP_DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM   0x000A

/* ARIA SRTP protection profiles from RFC 8269 */
# define SRTP_ARIA_128_CTR_HMAC_SHA1_80             0x000B
# define SRTP_ARIA_128_CTR_HMAC_SHA1_32             0x000C
# define SRTP_ARIA_256_CTR_HMAC_SHA1_80             0x000D
# define SRTP_ARIA_256_CTR_HMAC_SHA1_32             0x000E
# define SRTP_AEAD_ARIA_128_GCM                     0x000F
# define SRTP_AEAD_ARIA_256_GCM                     0x0010

# ifndef OPENSSL_NO_SRTP

__owur int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles);
__owur int SSL_set_tlsext_use_srtp(SSL *ssl, const char *profiles);

__owur STACK_OF(SRTP_PROTECTION_PROFILE) *SSL_get_srtp_profiles(SSL *ssl);
__owur SRTP_PROTECTION_PROFILE *SSL_get_selected_srtp_profile(SSL *s);

# endif

#ifdef  __cplusplus
}
#endif

#endif

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...