From ea0d95e27b91aa3a1ad3edd7bfcc5a889e15b246 Mon Sep 17 00:00:00 2001 From: Gilles Peskine Date: Thu, 29 Apr 2021 21:18:14 +0200 Subject: [PATCH] Make psa_key_derivation_setup return early if the hash is not supported Otherwise the systematically generated algorithm-not-supported tests complain when they try to start an operation and succeed. Signed-off-by: Gilles Peskine --- library/psa_crypto.c | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/library/psa_crypto.c b/library/psa_crypto.c index 16a136e347..c1c351b5a7 100644 --- a/library/psa_crypto.c +++ b/library/psa_crypto.c @@ -4370,6 +4370,14 @@ static int is_kdf_alg_supported( psa_algorithm_t kdf_alg ) return( 0 ); } +static psa_status_t psa_hash_try_support( psa_algorithm_t alg ) +{ + psa_hash_operation_t operation = PSA_HASH_OPERATION_INIT; + psa_status_t status = psa_hash_setup( &operation, alg ); + psa_hash_abort( &operation ); + return( status ); +} + static psa_status_t psa_key_derivation_setup_kdf( psa_key_derivation_operation_t *operation, psa_algorithm_t kdf_alg ) @@ -4382,16 +4390,27 @@ static psa_status_t psa_key_derivation_setup_kdf( if( ! is_kdf_alg_supported( kdf_alg ) ) return( PSA_ERROR_NOT_SUPPORTED ); + /* All currently supported key derivation algorithms are based on a + * hash algorithm. */ psa_algorithm_t hash_alg = PSA_ALG_HKDF_GET_HASH( kdf_alg ); size_t hash_size = PSA_HASH_LENGTH( hash_alg ); if( hash_size == 0 ) return( PSA_ERROR_NOT_SUPPORTED ); + + /* Make sure that hash_alg is a supported hash algorithm. Otherwise + * we might fail later, which is somewhat unfriendly and potentially + * risk-prone. */ + psa_status_t status = psa_hash_try_support( hash_alg ); + if( status != PSA_SUCCESS ) + return( status ); + if( ( PSA_ALG_IS_TLS12_PRF( kdf_alg ) || PSA_ALG_IS_TLS12_PSK_TO_MS( kdf_alg ) ) && ! ( hash_alg == PSA_ALG_SHA_256 || hash_alg == PSA_ALG_SHA_384 ) ) { return( PSA_ERROR_NOT_SUPPORTED ); } + operation->capacity = 255 * hash_size; return( PSA_SUCCESS ); }