From 21af0d4a4aea382cc464fbdade62f809252417b9 Mon Sep 17 00:00:00 2001 From: tb Date: Fri, 14 Oct 2022 06:56:33 +0000 Subject: [PATCH] Error out if the out secret wasn't properly initialized Calling HKDF_expand() with a length of 0 happens to succeed due to a quirk in the API inherited from BoringSSL. This hides caller-side errors during development. Error out to catch such mistakes early on. ok jsing --- lib/libssl/tls13_key_schedule.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/lib/libssl/tls13_key_schedule.c b/lib/libssl/tls13_key_schedule.c index d88faab0b18..2c23be8d3ed 100644 --- a/lib/libssl/tls13_key_schedule.c +++ b/lib/libssl/tls13_key_schedule.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_key_schedule.c,v 1.15 2022/07/07 17:09:45 tb Exp $ */ +/* $OpenBSD: tls13_key_schedule.c,v 1.16 2022/10/14 06:56:33 tb Exp $ */ /* * Copyright (c) 2018, Bob Beck * @@ -175,7 +175,11 @@ tls13_hkdf_expand_label_with_length(struct tls13_secret *out, int ret; if (!CBB_init(&cbb, 256)) - return 0; + goto err; + + if (out->data == NULL || out->len == 0) + goto err; + if (!CBB_add_u16(&cbb, out->len)) goto err; if (!CBB_add_u8_length_prefixed(&cbb, &child)) -- 2.20.1