wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-26 19:32:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9323 from philljj/fix_coverity_onestep

Browse Source 
KDF onestep: hashOutSz err check.
This commit is contained in:
David Garske
2025-10-21 08:23:05 -07:00
committed by GitHub
parent 6f9ca6cb52 c1032a8cb6
commit c1339abc05
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
wolfcrypt/src/kdf.c
View File

@@ -1385,7 +1385,7 @@ int wc_KDA_KDF_onestep(const byte* z, word32 zSz, const byte* fixedInfo,
return BAD_FUNC_ARG;
hashOutSz = wc_HashGetDigestSize(hashType);
if (hashOutSz == WC_NO_ERR_TRACE(HASH_TYPE_E))
if (hashOutSz <= 0)
return BAD_FUNC_ARG;
/* According to SP800_56C, table 1, the max input size (max_H_inputBits)

4
wolfcrypt/test/test.c
View File

@@ -1466,6 +1466,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
WC_HASH_TYPE_SHA256, output, 16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,
WC_HASH_TYPE_NONE, output, 16);
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
return WC_TEST_RET_ENC_NC;
/* allow empty FixedInfo */
ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,