Skip to content

Commit c1339ab

Browse files
dgarskedgarske
authored
Merge pull request #9323 from philljj/fix_coverity_onestep
KDF onestep: hashOutSz err check.
2 parents 6f9ca6c + c1032a8 commit c1339ab

File tree

2 files changed

+5
-1
lines changed

2 files changed

+5
-1
lines changed

wolfcrypt/src/kdf.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1385,7 +1385,7 @@ int wc_KDA_KDF_onestep(const byte* z, word32 zSz, const byte* fixedInfo,
13851385
return BAD_FUNC_ARG;
13861386

13871387
hashOutSz = wc_HashGetDigestSize(hashType);
1388-
if (hashOutSz == WC_NO_ERR_TRACE(HASH_TYPE_E))
1388+
if (hashOutSz <= 0)
13891389
return BAD_FUNC_ARG;
13901390

13911391
/* According to SP800_56C, table 1, the max input size (max_H_inputBits)

wolfcrypt/test/test.c

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1466,6 +1466,10 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t nist_sp80056c_kdf_test(void)
14661466
WC_HASH_TYPE_SHA256, output, 16);
14671467
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
14681468
return WC_TEST_RET_ENC_NC;
1469+
ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,
1470+
WC_HASH_TYPE_NONE, output, 16);
1471+
if (ret != WC_NO_ERR_TRACE(BAD_FUNC_ARG))
1472+
return WC_TEST_RET_ENC_NC;
14691473

14701474
/* allow empty FixedInfo */
14711475
ret = wc_KDA_KDF_onestep((byte*)"secret", sizeof("secret"), NULL, 0, 16,

0 commit comments

Comments
 (0)