Check return value of the TLS PRF

2025-07-08 04:10:40 +00:00 · 2015-03-26 11:47:47 +01:00 · 2015-03-26 11:47:47 +01:00 · e960818735
parent b7fcca33b9
commit e960818735
1 changed files with 25 additions and 9 deletions
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@ -607,17 +607,28 @@ int ssl_derive_keys( ssl_context *ssl )
            SSL_DEBUG_BUF( 3, "session hash", session_hash, hash_len );
-            handshake->tls_prf( handshake->premaster, handshake->pmslen,
+            ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
                                      "extended master secret",
-                                session_hash, hash_len, session->master, 48 );
+                                      session_hash, hash_len,
                                      session->master, 48 );
            if( ret != 0 )
            {
                SSL_DEBUG_RET( 1, "prf", ret );
                return( ret );
            }
        }
        else
 #endif
-        handshake->tls_prf( handshake->premaster, handshake->pmslen,
+        ret = handshake->tls_prf( handshake->premaster, handshake->pmslen,
                                  "master secret",
-                            handshake->randbytes, 64, session->master, 48 );
+                                  handshake->randbytes, 64,
-
+                                  session->master, 48 );
        if( ret != 0 )
        {
            SSL_DEBUG_RET( 1, "prf", ret );
            return( ret );
        }
        polarssl_zeroize( handshake->premaster, sizeof(handshake->premaster) );
    }
@ -644,8 +655,13 @@ int ssl_derive_keys( ssl_context *ssl )
     *  TLSv1:
     *    key block = PRF( master, "key expansion", randbytes )
     */
-    handshake->tls_prf( session->master, 48, "key expansion",
+    ret = handshake->tls_prf( session->master, 48, "key expansion",
                              handshake->randbytes, 64, keyblk, 256 );
    if( ret != 0 )
    {
        SSL_DEBUG_RET( 1, "prf", ret );
        return( ret );
    }
    SSL_DEBUG_MSG( 3, ( "ciphersuite = %s",
                   ssl_get_ciphersuite_name( session->ciphersuite ) ) );