diff options
| author | tb <> | 2022-10-14 06:56:33 +0000 |
|---|---|---|
| committer | tb <> | 2022-10-14 06:56:33 +0000 |
| commit | fcd92a15935245e973ad525798718590262c6a83 (patch) | |
| tree | 3cf34b9f01d3b82d3a9a378ab1589be712c889e1 /src | |
| parent | b645f2b4bb773550337fd6ab6965c7fc96dc9c62 (diff) | |
| download | openbsd-fcd92a15935245e973ad525798718590262c6a83.tar.gz openbsd-fcd92a15935245e973ad525798718590262c6a83.tar.bz2 openbsd-fcd92a15935245e973ad525798718590262c6a83.zip | |
Error out if the out secret wasn't properly initialized
Calling HKDF_expand() with a length of 0 happens to succeed due to a quirk
in the API inherited from BoringSSL. This hides caller-side errors during
development. Error out to catch such mistakes early on.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libssl/tls13_key_schedule.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/lib/libssl/tls13_key_schedule.c b/src/lib/libssl/tls13_key_schedule.c index d88faab0b1..2c23be8d3e 100644 --- a/src/lib/libssl/tls13_key_schedule.c +++ b/src/lib/libssl/tls13_key_schedule.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: tls13_key_schedule.c,v 1.15 2022/07/07 17:09:45 tb Exp $ */ | 1 | /* $OpenBSD: tls13_key_schedule.c,v 1.16 2022/10/14 06:56:33 tb Exp $ */ |
| 2 | /* | 2 | /* |
| 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> | 3 | * Copyright (c) 2018, Bob Beck <beck@openbsd.org> |
| 4 | * | 4 | * |
| @@ -175,7 +175,11 @@ tls13_hkdf_expand_label_with_length(struct tls13_secret *out, | |||
| 175 | int ret; | 175 | int ret; |
| 176 | 176 | ||
| 177 | if (!CBB_init(&cbb, 256)) | 177 | if (!CBB_init(&cbb, 256)) |
| 178 | return 0; | 178 | goto err; |
| 179 | |||
| 180 | if (out->data == NULL || out->len == 0) | ||
| 181 | goto err; | ||
| 182 | |||
| 179 | if (!CBB_add_u16(&cbb, out->len)) | 183 | if (!CBB_add_u16(&cbb, out->len)) |
| 180 | goto err; | 184 | goto err; |
| 181 | if (!CBB_add_u8_length_prefixed(&cbb, &child)) | 185 | if (!CBB_add_u8_length_prefixed(&cbb, &child)) |