mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-22 00:40:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix missing state check for tls12_prf output

Browse Source 
Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine 2021-06-11 22:41:46 +02:00
parent 93038fab2c
commit b1edaec18f
2 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ChangeLog.d/psa_key_derivation-bad_workflow.txt Normal file
View File

@ -0,0 +1,3 @@
Bugfix
* Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
about missing inputs.

11
library/psa_crypto.c
View File

@ -3731,6 +3731,17 @@ static psa_status_t psa_key_derivation_tls12_prf_read(
psa_status_t status; psa_status_t status;
uint8_t offset, length; uint8_t offset, length;
switch( tls12_prf->state )
{
case PSA_TLS12_PRF_STATE_LABEL_SET:
tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT;
break;
case PSA_TLS12_PRF_STATE_OUTPUT:
break;
default:
return( PSA_ERROR_BAD_STATE );
}
while( output_length != 0 ) while( output_length != 0 )
{ {
/* Check if we have fully processed the current block. */ /* Check if we have fully processed the current block. */