diff options
author | Johannes Bauer <joe@johannes-bauer.com> | 2017-07-22 00:11:39 +0200 |
---|---|---|
committer | Dr. Stephen Henson <steve@openssl.org> | 2017-08-03 01:07:52 +0100 |
commit | e65f650922f5aa9b8970a5ff935938ec46281c1a (patch) | |
tree | f402cd41343a37f51423a4c71a662ae5291fac85 | |
parent | d9ca12cbf6287aee7d86579f4c03be1155696c9f (diff) |
Set error when HKDF used without parameters
Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER
error code when required parameters have not been set. This will make
"openssl pkeyutl -kdf HKDF" return a meaningful error message instead of
simply "Public Key operation error".
Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)
-rw-r--r-- | crypto/err/openssl.txt | 1 | ||||
-rw-r--r-- | crypto/kdf/hkdf.c | 4 | ||||
-rw-r--r-- | crypto/kdf/kdf_err.c | 1 | ||||
-rw-r--r-- | include/openssl/kdferr.h | 1 |
4 files changed, 6 insertions, 1 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index d8fcb9ac60..af3bf775bf 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -700,6 +700,7 @@ EVP_F_PKEY_SET_TYPE:158:pkey_set_type EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth EVP_F_RC5_CTRL:125:rc5_ctrl EVP_F_UPDATE:173:update +KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c index 8b6eeb3bde..d83283fa14 100644 --- a/crypto/kdf/hkdf.c +++ b/crypto/kdf/hkdf.c @@ -177,8 +177,10 @@ static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key, { HKDF_PKEY_CTX *kctx = ctx->data; - if (kctx->md == NULL || kctx->key == NULL) + if (kctx->md == NULL || kctx->key == NULL) { + KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_PARAMETER); return 0; + } switch (kctx->mode) { case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND: diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c index 5706d2d90b..f6193b2458 100644 --- a/crypto/kdf/kdf_err.c +++ b/crypto/kdf/kdf_err.c @@ -14,6 +14,7 @@ #ifndef OPENSSL_NO_ERR static const ERR_STRING_DATA KDF_str_functs[] = { + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0), "pkey_tls1_prf_ctrl_str"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h index f101cbfa91..aefdbff105 100644 --- a/include/openssl/kdferr.h +++ b/include/openssl/kdferr.h @@ -22,6 +22,7 @@ int ERR_load_KDF_strings(void); /* * KDF function codes. */ +# define KDF_F_PKEY_HKDF_DERIVE 102 # define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 # define KDF_F_PKEY_TLS1_PRF_DERIVE 101 |