diff options
| author | Johannes Bauer <joe@johannes-bauer.com> | 2017-07-22 00:11:39 +0200 |
|---|---|---|
| committer | Dr. Stephen Henson <steve@openssl.org> | 2017-08-03 01:07:52 +0100 |
| commit | e65f650922f5aa9b8970a5ff935938ec46281c1a (patch) | |
| tree | f402cd41343a37f51423a4c71a662ae5291fac85 /crypto/kdf | |
| parent | d9ca12cbf6287aee7d86579f4c03be1155696c9f (diff) | |
| download | openssl-e65f650922f5aa9b8970a5ff935938ec46281c1a.tar.gz | |
Set error when HKDF used without parameters
Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER
error code when required parameters have not been set. This will make
"openssl pkeyutl -kdf HKDF" return a meaningful error message instead of
simply "Public Key operation error".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)
Diffstat (limited to 'crypto/kdf')
| -rw-r--r-- | crypto/kdf/hkdf.c | 4 | ||||
| -rw-r--r-- | crypto/kdf/kdf_err.c | 1 |
2 files changed, 4 insertions, 1 deletions
diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index 8b6eeb3bde..d83283fa14 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -177,8 +177,10 @@ static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, { HKDF_PKEY_CTX *kctx = ctx->data; - if (kctx->md == NULL || kctx->key == NULL) + if (kctx->md == NULL || kctx->key == NULL) { + KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_PARAMETER); return 0; + } switch (kctx->mode) { case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c index 5706d2d90b..f6193b2458 100644 --- a/crypto/kdf/kdf_err.c +++ b/crypto/kdf/kdf_err.c @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA KDF_str_functs[] = { + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0), "pkey_tls1_prf_ctrl_str"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), |