HKDF: be more robust if we reach the maximum ouptut length In psa_generator_hkdf_read, return BAD_STATE if we're trying to construct more output than the algorithm allows. This can't happen through the API due to the capacity limit, but it could potentially happen in an internal call. Also add a test case that verifies that we can set up HKDF with its maximum capacity and read up to the maximum capacity.

commit: d54931c7c4d199ec709d7f6f7516d361cdff4b4b [log] [tgz]
author: Gilles Peskine <Gilles.Peskine@arm.com> Tue Jul 17 21:06:59 2018 +0200
committer: itayzafrir <itay.zafrir@arm.com> Wed Sep 12 16:50:05 2018 +0300
tree: 7349effca47f15211de0b39aaf50e56d0f88a8c8
parent: 0386fbaa70883c9ef7f8390c2a264f11ef8596ec [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 9e8f90b..ef99403 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -3047,8 +3047,15 @@
         output += n;
         output_length -= n;
         hkdf->offset_in_block += n;
-        if( output_length == 0 || hkdf->block_number == 0xff )
+        if( output_length == 0 )
             break;
+        /* We can't be wanting more output after block 0xff, otherwise
+         * the capacity check in psa_generator_read() would have
+         * prevented this call. It could happen only if the generator
+         * object was corrupted or if this function is called directly
+         * inside the library. */
+        if( hkdf->block_number == 0xff )
+            return( PSA_ERROR_BAD_STATE );
 
         /* We need a new block */
         ++hkdf->block_number;
commit	d54931c7c4d199ec709d7f6f7516d361cdff4b4b	[log] [tgz]
author	Gilles Peskine <Gilles.Peskine@arm.com>	Tue Jul 17 21:06:59 2018 +0200
committer	itayzafrir <itay.zafrir@arm.com>	Wed Sep 12 16:50:05 2018 +0300
tree	7349effca47f15211de0b39aaf50e56d0f88a8c8
parent	0386fbaa70883c9ef7f8390c2a264f11ef8596ec [diff] [blame]