From fd7778b5ed5d8adb4b1203b735a5710e56ce614f Mon Sep 17 00:00:00 2001
From: Jouni Malinen <j@w1.fi>
Date: Thu, 27 Jun 2019 18:08:16 +0300
Subject: [PATCH] Return success/failure result from tls_prf_sha256()

The hash functions used within this function could fail in theory, so
provide the result to the caller.

Signed-off-by: Jouni Malinen <j@w1.fi>
---
 src/crypto/sha256-tlsprf.c | 15 ++++++++++-----
 src/crypto/sha256.h        |  6 +++---
 2 files changed, 13 insertions(+), 8 deletions(-)

diff --git a/src/crypto/sha256-tlsprf.c b/src/crypto/sha256-tlsprf.c
index 0528dadfd..9045cd36b 100644
--- a/src/crypto/sha256-tlsprf.c
+++ b/src/crypto/sha256-tlsprf.c
@@ -26,8 +26,8 @@
  * This function is used to derive new, cryptographically separate keys from a
  * given key in TLS. This PRF is defined in RFC 2246, Chapter 5.
  */
-void tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
-		    const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
+int tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
+		   const u8 *seed, size_t seed_len, u8 *out, size_t outlen)
 {
 	size_t clen;
 	u8 A[SHA256_MAC_LEN];
@@ -50,12 +50,15 @@ void tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
 	 * PRF(secret, label, seed) = P_SHA256(secret, label + seed)
 	 */
 
-	hmac_sha256_vector(secret, secret_len, 2, &addr[1], &len[1], A);
+	if (hmac_sha256_vector(secret, secret_len, 2, &addr[1], &len[1], A) < 0)
+		return -1;
 
 	pos = 0;
 	while (pos < outlen) {
-		hmac_sha256_vector(secret, secret_len, 3, addr, len, P);
-		hmac_sha256(secret, secret_len, A, SHA256_MAC_LEN, A);
+		if (hmac_sha256_vector(secret, secret_len, 3, addr, len, P) <
+		    0 ||
+		    hmac_sha256(secret, secret_len, A, SHA256_MAC_LEN, A) < 0)
+			return -1;
 
 		clen = outlen - pos;
 		if (clen > SHA256_MAC_LEN)
@@ -63,4 +66,6 @@ void tls_prf_sha256(const u8 *secret, size_t secret_len, const char *label,
 		os_memcpy(out + pos, P, clen);
 		pos += clen;
 	}
+
+	return 0;
 }
diff --git a/src/crypto/sha256.h b/src/crypto/sha256.h
index 5219022ed..8054bbe5c 100644
--- a/src/crypto/sha256.h
+++ b/src/crypto/sha256.h
@@ -20,9 +20,9 @@ int sha256_prf(const u8 *key, size_t key_len, const char *label,
 int sha256_prf_bits(const u8 *key, size_t key_len, const char *label,
 		    const u8 *data, size_t data_len, u8 *buf,
 		    size_t buf_len_bits);
-void tls_prf_sha256(const u8 *secret, size_t secret_len,
-		    const char *label, const u8 *seed, size_t seed_len,
-		    u8 *out, size_t outlen);
+int tls_prf_sha256(const u8 *secret, size_t secret_len,
+		   const char *label, const u8 *seed, size_t seed_len,
+		   u8 *out, size_t outlen);
 int hmac_sha256_kdf(const u8 *secret, size_t secret_len,
 		    const char *label, const u8 *seed, size_t seed_len,
 		    u8 *out, size_t outlen);