Add additional error checking
Initialise client and server secret buffers and check their
lengths.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
diff --git a/programs/pkey/ecdh_curve25519.c b/programs/pkey/ecdh_curve25519.c
index 017d01c..555a2a0 100644
--- a/programs/pkey/ecdh_curve25519.c
+++ b/programs/pkey/ecdh_curve25519.c
@@ -61,7 +61,8 @@
const char pers[] = "ecdh";
size_t olen;
- unsigned char secret_cli[32], secret_srv[32];
+ unsigned char secret_cli[32] = { 0 };
+ unsigned char secret_srv[32] = { 0 };
const unsigned char *p_cli_to_srv = cli_to_srv;
((void) argc);
@@ -175,6 +176,8 @@
goto exit;
}
+ size_t secret_cli_olen = olen;
+
ret = mbedtls_ecdh_calc_secret( &ctx_srv, &olen, secret_srv,
sizeof( secret_srv ),
mbedtls_ctr_drbg_random, &ctr_drbg );
@@ -185,6 +188,8 @@
goto exit;
}
+ size_t secret_srv_olen = olen;
+
mbedtls_printf( " ok\n" );
/*
@@ -193,8 +198,8 @@
mbedtls_printf( " . Check if both calculated secrets are equal..." );
fflush( stdout );
- ret = memcmp( secret_srv, secret_cli, sizeof( secret_srv ) );
- if( ret != 0 )
+ ret = memcmp( secret_srv, secret_cli, sizeof( secret_srv_olen ) );
+ if( ret != 0 || ( secret_cli_olen != secret_srv_olen ) )
{
mbedtls_printf( " failed\n ! Shared secrets not equal.\n" );
goto exit;