mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 11:00:54 +02:00
add NULL validation to KDF APIs
This commit is contained in:
@@ -1590,6 +1590,10 @@ int wolfSSL_GetHmacMaxSize(void)
|
||||
const byte* localSalt; /* either points to user input or tmp */
|
||||
word32 hashSz;
|
||||
|
||||
if (out == NULL || (inKey == NULL && inKeySz > 0)) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
ret = wc_HmacSizeByType(type);
|
||||
if (ret < 0) {
|
||||
return ret;
|
||||
|
||||
+6
-4
@@ -1009,7 +1009,8 @@ int wc_SRTP_KDF(const byte* key, word32 keySz, const byte* salt, word32 saltSz,
|
||||
|
||||
/* Validate parameters. */
|
||||
if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
|
||||
(saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24)) {
|
||||
(saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24) ||
|
||||
((kdrIdx >= 0) && (idx == NULL))) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -1103,7 +1104,8 @@ int wc_SRTCP_KDF_ex(const byte* key, word32 keySz, const byte* salt, word32 salt
|
||||
|
||||
/* Validate parameters. */
|
||||
if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
|
||||
(saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24)) {
|
||||
(saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24) ||
|
||||
((kdrIdx >= 0) && (idx == NULL))) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -1194,7 +1196,7 @@ int wc_SRTP_KDF_label(const byte* key, word32 keySz, const byte* salt,
|
||||
/* Validate parameters. */
|
||||
if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
|
||||
(saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24) ||
|
||||
(outKey == NULL)) {
|
||||
(outKey == NULL) || ((kdrIdx >= 0) && (idx == NULL))) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
@@ -1267,7 +1269,7 @@ int wc_SRTCP_KDF_label(const byte* key, word32 keySz, const byte* salt,
|
||||
/* Validate parameters. */
|
||||
if ((key == NULL) || (keySz > AES_256_KEY_SIZE) || (salt == NULL) ||
|
||||
(saltSz > WC_SRTP_MAX_SALT) || (kdrIdx < -1) || (kdrIdx > 24) ||
|
||||
(outKey == NULL)) {
|
||||
(outKey == NULL) || ((kdrIdx >= 0) && (idx == NULL))) {
|
||||
ret = BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
||||
+30
-1
@@ -31466,7 +31466,18 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t hkdf_test(void)
|
||||
#endif /* !NO_SHA256 */
|
||||
#endif /* !NO_SHA || !NO_SHA256 */
|
||||
|
||||
return ret;
|
||||
#ifndef NO_SHA256
|
||||
/* wc_HKDF_Extract bad arg: NULL out */
|
||||
ret = wc_HKDF_Extract(WC_SHA256, NULL, 0, ikm1, (word32)sizeof(ikm1), NULL);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
/* wc_HKDF_Extract bad arg: NULL inKey with non-zero inKeySz */
|
||||
ret = wc_HKDF_Extract(WC_SHA256, NULL, 0, NULL, 5, okm1);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
return WC_TEST_RET_ENC_EC(ret);
|
||||
#endif /* !NO_SHA256 */
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
#endif /* HAVE_HKDF */
|
||||
@@ -33402,6 +33413,24 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t srtpkdf_test(void)
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
/* kdrIdx >= 0 requires non-NULL idx. */
|
||||
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
|
||||
0, NULL, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
ret = wc_SRTCP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
|
||||
0, NULL, keyE, tv[i].keSz, keyA, tv[i].kaSz, keyS, tv[i].ksSz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
ret = wc_SRTP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
|
||||
0, NULL, WC_SRTP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
ret = wc_SRTCP_KDF_label(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
|
||||
0, NULL, WC_SRTCP_LABEL_ENCRYPTION, keyE, tv[i].keSz);
|
||||
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
|
||||
ERROR_OUT(WC_TEST_RET_ENC_EC(ret), out);
|
||||
|
||||
ret = wc_SRTP_KDF(tv[i].key, tv[i].keySz, tv[i].salt, tv[i].saltSz,
|
||||
tv[i].kdfIdx, tv[i].index, NULL, tv[i].keSz, keyA, tv[i].kaSz,
|
||||
keyS, tv[i].ksSz);
|
||||
|
||||
Reference in New Issue
Block a user