Revision - e88dfd5 - Add Missing Error Messages for AES-OCB Tag Length Validation – ENEA Mirror of the Software Heritage archive

Revision e88dfd5ee50f9d934edd966369339ee5573c67d4 authored by erbsland-dev on 10 September 2024, 19:24:59 UTC, committed by Tomas Mraz on 13 September 2024, 08:13:32 UTC

Add Missing Error Messages for AES-OCB Tag Length Validation

Related to #8331
Addressing found issues by adding specific error messages to improve
feedback when tag length checks fail for the `EVP_CTRL_AEAD_SET_TAG`
parameter in the AES-OCB algorithm.

- Added PROV_R_INVALID_TAG_LENGTH error to indicate when the current tag
  length exceeds the maximum tag length of the algorithm.
- Added `PROV_R_INVALID_TAG_LENGTH` error to indicate when the current tag
  length in the context does not match a custom tag length provided as
  a parameter.
- Added `ERR_R_PASSED_INVALID_ARGUMENT` error to handle cases where an
  invalid pointer is passed in encryption mode.

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25425)

(cherry picked from commit 645edf50f0274448174d9739543bf01b1708b2f5)

1 parent 1727cbb

Files
Changes

Permalinks

29-dtls-sctp-label-bug.cnf

# Generated with generate_ssl_tests.pl

num_tests = 4

test-0 = 0-SCTPLabelBug-good1
test-1 = 1-SCTPLabelBug-good2
test-2 = 2-SCTPLabelBug-bad1
test-3 = 3-SCTPLabelBug-bad2
# ===========================================================

[0-SCTPLabelBug-good1]
ssl_conf = 0-SCTPLabelBug-good1-ssl

[0-SCTPLabelBug-good1-ssl]
server = 0-SCTPLabelBug-good1-server
client = 0-SCTPLabelBug-good1-client

[0-SCTPLabelBug-good1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[0-SCTPLabelBug-good1-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

[test-0]
EnableClientSCTPLabelBug = No
EnableServerSCTPLabelBug = No
ExpectedResult = Success
Method = DTLS
UseSCTP = Yes


# ===========================================================

[1-SCTPLabelBug-good2]
ssl_conf = 1-SCTPLabelBug-good2-ssl

[1-SCTPLabelBug-good2-ssl]
server = 1-SCTPLabelBug-good2-server
client = 1-SCTPLabelBug-good2-client

[1-SCTPLabelBug-good2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[1-SCTPLabelBug-good2-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

[test-1]
EnableClientSCTPLabelBug = Yes
EnableServerSCTPLabelBug = Yes
ExpectedResult = Success
Method = DTLS
UseSCTP = Yes


# ===========================================================

[2-SCTPLabelBug-bad1]
ssl_conf = 2-SCTPLabelBug-bad1-ssl

[2-SCTPLabelBug-bad1-ssl]
server = 2-SCTPLabelBug-bad1-server
client = 2-SCTPLabelBug-bad1-client

[2-SCTPLabelBug-bad1-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[2-SCTPLabelBug-bad1-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

[test-2]
EnableClientSCTPLabelBug = Yes
EnableServerSCTPLabelBug = No
ExpectedResult = ClientFail
Method = DTLS
UseSCTP = Yes


# ===========================================================

[3-SCTPLabelBug-bad2]
ssl_conf = 3-SCTPLabelBug-bad2-ssl

[3-SCTPLabelBug-bad2-ssl]
server = 3-SCTPLabelBug-bad2-server
client = 3-SCTPLabelBug-bad2-client

[3-SCTPLabelBug-bad2-server]
Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
CipherString = DEFAULT
PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem

[3-SCTPLabelBug-bad2-client]
CipherString = DEFAULT
VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
VerifyMode = Peer

[test-3]
EnableClientSCTPLabelBug = No
EnableServerSCTPLabelBug = Yes
ExpectedResult = ClientFail
Method = DTLS
UseSCTP = Yes

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...