diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index b70948863e..5f2f3073a8 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -1832,35 +1832,35 @@ int wolfSSL_GetHmacMaxSize(void) word32 hashSz; byte n = 0x1; + if (inKey == NULL || out == NULL) + return BAD_FUNC_ARG; + + ret = wc_HmacSizeByType(type); + if (ret < 0) + return ret; + hashSz = (word32)ret; + + /* RFC 5869 states that the length of output keying material in + * octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ + if (outSz/hashSz + ((outSz % hashSz) != 0) > 255) + return BAD_FUNC_ARG; + #ifdef WOLF_CRYPTO_CB /* Try crypto callback first for complete operation */ if (devId != INVALID_DEVID) { - ret = wc_CryptoCb_Hkdf_Expand(type, inKey, inKeySz, info, infoSz, + ret = wc_CryptoCb_Hkdf_Expand(type, inKey, inKeySz, info, infoSz, out, outSz, devId); if (ret != WC_NO_ERR_TRACE(CRYPTOCB_UNAVAILABLE)) return ret; } #endif - ret = wc_HmacSizeByType(type); - if (ret < 0) { - return ret; - } - hashSz = (word32)ret; - - /* RFC 5869 states that the length of output keying material in - * octets must be L <= 255*HashLen or N = ceil(L/HashLen) */ - - if (out == NULL || ((outSz/hashSz) + ((outSz % hashSz) != 0)) > 255) { - return BAD_FUNC_ARG; - } - WC_ALLOC_VAR_EX(myHmac, Hmac, 1, NULL, DYNAMIC_TYPE_HMAC, return MEMORY_E); ret = wc_HmacInit(myHmac, heap, devId); if (ret != 0) { - WC_FREE_VAR_EX(myHmac, NULL, DYNAMIC_TYPE_HMAC); + WC_FREE_VAR_EX(myHmac, NULL, DYNAMIC_TYPE_HMAC); return ret; } diff --git a/wolfssl/wolfcrypt/types.h b/wolfssl/wolfcrypt/types.h index 81d3da6f92..a71dadb7d8 100644 --- a/wolfssl/wolfcrypt/types.h +++ b/wolfssl/wolfcrypt/types.h @@ -1440,9 +1440,9 @@ enum wc_AlgoType { enum wc_KdfType { WC_KDF_TYPE_NONE = 0, WC_KDF_TYPE_HKDF = 1, - WC_KDF_TYPE_HKDF_EXTRACT = 2, - WC_KDF_TYPE_HKDF_EXPAND = 3, - WC_KDF_TYPE_TWOSTEP_CMAC = 4 /* NIST SP 800-56C two-step cmac kdf. */ + WC_KDF_TYPE_TWOSTEP_CMAC = 2, /* NIST SP 800-56C two-step cmac kdf. */ + WC_KDF_TYPE_HKDF_EXTRACT = 3, + WC_KDF_TYPE_HKDF_EXPAND = 4 /* Future: WC_KDF_TYPE_PBKDF2 = 5, WC_KDF_TYPE_SCRYPT = 6, etc. */ };