mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 03:05:43 +01:00
Fix zero-length seed or label in TLS 1.2 PRF
The psa_tls12_prf_set_seed() and psa_tls12_prf_set_label() functions did not work on platforms where malloc(0) returns NULL. It does not affect the TLS use case but these PRFs are used in other protocols as well and might not be used the same way. For example EAP uses the TLS PRF with an empty secret. (This would not trigger the bug, but is a strong indication that it is not safe to assume that certain inputs to this function are not zero length.) The conditional block includes the memcpy() call as well to avoid passing a NULL pointer as a parameter resulting in undefined behaviour. The current tests are already using zero length label and seed, there is no need to add new test for this bug.
This commit is contained in:
parent
0c1ed84258
commit
d6dce9f4f3
@ -4901,12 +4901,15 @@ static psa_status_t psa_tls12_prf_set_seed( psa_tls12_prf_key_derivation_t *prf,
|
||||
if( prf->state != TLS12_PRF_STATE_INIT )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
prf->seed = mbedtls_calloc( 1, data_length );
|
||||
if( prf->seed == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
if( data_length != 0 )
|
||||
{
|
||||
prf->seed = mbedtls_calloc( 1, data_length );
|
||||
if( prf->seed == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
||||
memcpy( prf->seed, data, data_length );
|
||||
prf->seed_length = data_length;
|
||||
memcpy( prf->seed, data, data_length );
|
||||
prf->seed_length = data_length;
|
||||
}
|
||||
|
||||
prf->state = TLS12_PRF_STATE_SEED_SET;
|
||||
|
||||
@ -4973,12 +4976,15 @@ static psa_status_t psa_tls12_prf_set_label( psa_tls12_prf_key_derivation_t *prf
|
||||
if( prf->state != TLS12_PRF_STATE_KEY_SET )
|
||||
return( PSA_ERROR_BAD_STATE );
|
||||
|
||||
prf->label = mbedtls_calloc( 1, data_length );
|
||||
if( prf->label == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
if( data_length != 0 )
|
||||
{
|
||||
prf->label = mbedtls_calloc( 1, data_length );
|
||||
if( prf->label == NULL )
|
||||
return( PSA_ERROR_INSUFFICIENT_MEMORY );
|
||||
|
||||
memcpy( prf->label, data, data_length );
|
||||
prf->label_length = data_length;
|
||||
memcpy( prf->label, data, data_length );
|
||||
prf->label_length = data_length;
|
||||
}
|
||||
|
||||
prf->state = TLS12_PRF_STATE_LABEL_SET;
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user