From: tb <tb@openbsd.org>
Date: Fri, 14 Oct 2022 06:56:33 +0000 (+0000)
Subject: Error out if the out secret wasn't properly initialized
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=21af0d4a4aea382cc464fbdade62f809252417b9;p=openbsd

Error out if the out secret wasn't properly initialized

Calling HKDF_expand() with a length of 0 happens to succeed due to a quirk
in the API inherited from BoringSSL.  This hides caller-side errors during
development.  Error out to catch such mistakes early on.

ok jsing
---

diff --git a/lib/libssl/tls13_key_schedule.c b/lib/libssl/tls13_key_schedule.c
index d88faab0b18..2c23be8d3ed 100644
--- a/lib/libssl/tls13_key_schedule.c
+++ b/lib/libssl/tls13_key_schedule.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_key_schedule.c,v 1.15 2022/07/07 17:09:45 tb Exp $ */
+/* $OpenBSD: tls13_key_schedule.c,v 1.16 2022/10/14 06:56:33 tb Exp $ */
 /*
  * Copyright (c) 2018, Bob Beck <beck@openbsd.org>
  *
@@ -175,7 +175,11 @@ tls13_hkdf_expand_label_with_length(struct tls13_secret *out,
 	int ret;
 
 	if (!CBB_init(&cbb, 256))
-		return 0;
+		goto err;
+
+	if (out->data == NULL || out->len == 0)
+		goto err;
+
 	if (!CBB_add_u16(&cbb, out->len))
 		goto err;
 	if (!CBB_add_u8_length_prefixed(&cbb, &child))