From e960818735b39568cc39226eb5f840c756ee3455 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Thu, 26 Mar 2015 11:47:47 +0100 Subject: [PATCH] Check return value of the TLS PRF --- library/ssl_tls.c | 34 +++++++++++++++++++++++++--------- 1 file changed, 25 insertions(+), 9 deletions(-) diff --git a/library/ssl_tls.c b/library/ssl_tls.c index 41ae2beac..25f3a02a1 100644 --- a/library/ssl_tls.c +++ b/library/ssl_tls.c @@ -607,17 +607,28 @@ int ssl_derive_keys( ssl_context *ssl ) SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len ); - handshake->tls_prf( handshake->premaster, handshake->pmslen, - "extended master secret", - session_hash, hash_len, session->master, 48 ); + ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, + "extended master secret", + session_hash, hash_len, + session->master, 48 ); + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "prf", ret ); + return( ret ); + } } else #endif - handshake->tls_prf( handshake->premaster, handshake->pmslen, - "master secret", - handshake->randbytes, 64, session->master, 48 ); - + ret = handshake->tls_prf( handshake->premaster, handshake->pmslen, + "master secret", + handshake->randbytes, 64, + session->master, 48 ); + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "prf", ret ); + return( ret ); + } polarssl_zeroize( handshake->premaster, sizeof(handshake->premaster) ); } @@ -644,8 +655,13 @@ int ssl_derive_keys( ssl_context *ssl ) * TLSv1: * key block = PRF( master, "key expansion", randbytes ) */ - handshake->tls_prf( session->master, 48, "key expansion", - handshake->randbytes, 64, keyblk, 256 ); + ret = handshake->tls_prf( session->master, 48, "key expansion", + handshake->randbytes, 64, keyblk, 256 ); + if( ret != 0 ) + { + SSL_DEBUG_RET( 1, "prf", ret ); + return( ret ); + } SSL_DEBUG_MSG( 3, ( "ciphersuite = %s", ssl_get_ciphersuite_name( session->ciphersuite ) ) );