Fix missing state check for tls12_prf output

Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive about missing inputs. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2025-01-13 07:25:31 +00:00 · 2021-06-11 22:41:46 +02:00 · 2021-06-11 22:41:46 +02:00 · f216f0d5d4
parent d40a21cff1
commit f216f0d5d4
2 changed files with 14 additions and 0 deletions
--- a/ChangeLog.d/psa_key_derivation-bad_workflow.txt
+++ b/ChangeLog.d/psa_key_derivation-bad_workflow.txt
@ -0,0 +1,3 @@
+Bugfix
+   * Fix PSA_ALG_TLS12_PRF and PSA_ALG_TLS12_PSK_TO_MS being too permissive
+     about missing inputs.
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c
@ -3785,6 +3785,17 @@ static psa_status_t psa_key_derivation_tls12_prf_read(
    psa_status_t status;
    uint8_t offset, length;

+    switch( tls12_prf->state )
+    {
+        case PSA_TLS12_PRF_STATE_LABEL_SET:
+            tls12_prf->state = PSA_TLS12_PRF_STATE_OUTPUT;
+            break;
+        case PSA_TLS12_PRF_STATE_OUTPUT:
+            break;
+        default:
+            return( PSA_ERROR_BAD_STATE );
+    }
+
    while( output_length != 0 )
    {
        /* Check if we have fully processed the current block. */