diff options
author | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-11-07 22:12:43 +0000 |
---|---|---|
committer | Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 2019-11-07 22:12:43 +0000 |
commit | 570a13f5eeeb1ffcf2c4d57b2f5230560d0950fa (patch) | |
tree | 39a2e6408acb206bdd0c21c78a67af1a2e282d95 | |
parent | 03fe7c089122ec50231012df3a6bfbc4a464f229 (diff) | |
parent | ba6b9689b8952401a54ff9b8ea54ac1cd31c95d0 (diff) | |
download | gnutls-570a13f5eeeb1ffcf2c4d57b2f5230560d0950fa.tar.gz |
Merge branch 'prf-crash' into 'master'
prf: don't crash when called before handshake completion
See merge request gnutls/gnutls!1116
-rw-r--r-- | lib/prf.c | 9 | ||||
-rw-r--r-- | tests/prf.c | 8 |
2 files changed, 17 insertions, 0 deletions
@@ -80,6 +80,9 @@ gnutls_prf_raw(gnutls_session_t session, if (vers && vers->tls13_sem) return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (session->security_parameters.prf == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + ret = _gnutls_prf_raw(session->security_parameters.prf->id, GNUTLS_MASTER_SIZE, session->security_parameters.master_secret, label_size, label, @@ -165,6 +168,9 @@ gnutls_prf_rfc5705(gnutls_session_t session, const version_entry_st *vers = get_version(session); int ret; + if (session->security_parameters.prf == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + if (vers && vers->tls13_sem) { ret = _tls13_derive_exporter(session->security_parameters.prf, session, @@ -309,6 +315,9 @@ gnutls_prf(gnutls_session_t session, return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); } + if (session->security_parameters.prf == NULL) + return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST); + seed = gnutls_malloc(seedsize); if (!seed) { gnutls_assert(); diff --git a/tests/prf.c b/tests/prf.c index ff839fe73c..c4c7a0dac2 100644 --- a/tests/prf.c +++ b/tests/prf.c @@ -283,6 +283,14 @@ static void client(int fd) gnutls_handshake_set_random(session, &hrnd); gnutls_transport_set_int(session, fd); + if (gnutls_prf(session, 4, "aaaa", 0, 0, NULL, sizeof(err), (char *)&err) != + GNUTLS_E_INVALID_REQUEST || + gnutls_prf_rfc5705(session, 4, "aaaa", 0, NULL, sizeof(err), (char *)&err) != + GNUTLS_E_INVALID_REQUEST) { + fprintf(stderr, "unexpected prf error code\n"); + exit(1); + } + /* Perform the TLS handshake */ do { |