X-Git-Url: https://git.openssl.org/?a=blobdiff_plain;f=crypto%2Fkdf%2Ftls1_prf.c;h=f618362c0a2c6b4f6bb07dbe1021357d37d113eb;hb=e32b52a27e20a45f51f489e4efc04d1ca72b9609;hp=fa13732bbf9219612ad56a711d25463a2560066a;hpb=d2e9e320186f0917cc940f46bdf1a7e4120da9b0;p=openssl.git diff --git a/crypto/kdf/tls1_prf.c b/crypto/kdf/tls1_prf.c index fa13732bbf..f618362c0a 100644 --- a/crypto/kdf/tls1_prf.c +++ b/crypto/kdf/tls1_prf.c @@ -115,6 +115,8 @@ static int pkey_tls1_prf_ctrl_str(EVP_PKEY_CTX *ctx, return EVP_PKEY_CTX_str2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); if (strcmp(type, "hexseed") == 0) return EVP_PKEY_CTX_hex2ctrl(ctx, EVP_PKEY_CTRL_TLS_SEED, value); + + KDFerr(KDF_F_PKEY_TLS1_PRF_CTRL_STR, KDF_R_UNKNOWN_PARAMETER_TYPE); return -2; } @@ -122,8 +124,16 @@ static int pkey_tls1_prf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, size_t *keylen) { TLS1_PRF_PKEY_CTX *kctx = ctx->data; - if (kctx->md == NULL || kctx->sec == NULL || kctx->seedlen == 0) { - KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_PARAMETER); + if (kctx->md == NULL) { + KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_MESSAGE_DIGEST); + return 0; + } + if (kctx->sec == NULL) { + KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SECRET); + return 0; + } + if (kctx->seedlen == 0) { + KDFerr(KDF_F_PKEY_TLS1_PRF_DERIVE, KDF_R_MISSING_SEED); return 0; } return tls1_prf_alg(kctx->md, kctx->sec, kctx->seclen, @@ -174,7 +184,8 @@ static int tls1_prf_P_hash(const EVP_MD *md, int ret = 0; chunk = EVP_MD_size(md); - OPENSSL_assert(chunk >= 0); + if (!ossl_assert(chunk > 0)) + goto err; ctx = EVP_MD_CTX_new(); ctx_tmp = EVP_MD_CTX_new(); @@ -182,7 +193,7 @@ static int tls1_prf_P_hash(const EVP_MD *md, if (ctx == NULL || ctx_tmp == NULL || ctx_init == NULL) goto err; EVP_MD_CTX_set_flags(ctx_init, EVP_MD_CTX_FLAG_NON_FIPS_ALLOW); - mac_key = EVP_PKEY_new_mac_key(EVP_PKEY_HMAC, NULL, sec, sec_len); + mac_key = EVP_PKEY_new_private_key(EVP_PKEY_HMAC, NULL, sec, sec_len); if (mac_key == NULL) goto err; if (!EVP_DigestSignInit(ctx_init, NULL, md, NULL, mac_key))