From 2fb0dcd403c2f7871acf9fc4447565d2769e1f45 Mon Sep 17 00:00:00 2001
From: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Date: Thu, 19 May 2022 10:34:37 +0200
Subject: [PATCH] psa_hkdf_input: use more suitable condition and add comments

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
---
 library/psa_crypto.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 4462a328fc..691c27406e 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@@ -5196,10 +5196,15 @@ static psa_status_t psa_hkdf_input( psa_hkdf_key_derivation_t *hkdf,
         case PSA_KEY_DERIVATION_INPUT_SECRET:
             if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) )
             {
+                /* We shouldn't be in different state as HKDF_EXPAND only allows
+                 * two inputs: SECRET (this case) and INFO which does not modify
+                 * the state. It could happen only if the hkdf
+                 * object was corrupted. */
                 if( hkdf->state != HKDF_STATE_INIT )
                     return( PSA_ERROR_BAD_STATE );
 
-                if( data_length > sizeof( hkdf->prk ) )
+                /* Allow only input that fits expected prk size */
+                if( data_length != PSA_HASH_LENGTH( hash_alg ) )
                     return( PSA_ERROR_INVALID_ARGUMENT );
 
                 memcpy( hkdf->prk, data, data_length );