Set error when HKDF used without parameters

Introduce KDF_F_PKEY_HKDF_DERIVE and return the KDF_R_MISSING_PARAMETER
error code when required parameters have not been set. This will make
"openssl pkeyutl -kdf HKDF" return a meaningful error message instead of
simply "Public Key operation error".

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Stephen Henson <steve@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3989)

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d8fcb9ac6064060027b333b446289923c87c5dbc..af3bf775bf4652f46e4bfc0a1d566e5fb794b630 100644 (file)
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -700,6 +700,7 @@ EVP_F_PKEY_SET_TYPE:158:pkey_set_type
 EVP_F_RC2_MAGIC_TO_METH:109:rc2_magic_to_meth
 EVP_F_RC5_CTRL:125:rc5_ctrl
 EVP_F_UPDATE:173:update
+KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
 KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
 KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
 OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object

diff --git a/crypto/kdf/hkdf.c b/crypto/kdf/hkdf.c
index 8b6eeb3bdee77839141e46235547f2290f2e5e47..d83283fa14ee925ed5959e021472faafe5f96e73 100644 (file)
--- a/crypto/kdf/hkdf.c
+++ b/crypto/kdf/hkdf.c
@@ -177,8 +177,10 @@ static int pkey_hkdf_derive(EVP_PKEY_CTX *ctx, unsigned char *key,
 {
     HKDF_PKEY_CTX *kctx = ctx->data;
 
-    if (kctx->md == NULL || kctx->key == NULL)
+    if (kctx->md == NULL || kctx->key == NULL) {
+        KDFerr(KDF_F_PKEY_HKDF_DERIVE, KDF_R_MISSING_PARAMETER);
         return 0;
+    }
 
     switch (kctx->mode) {
     case EVP_PKEY_HKDEF_MODE_EXTRACT_AND_EXPAND:

diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c
index 5706d2d90b5b0af5c2681d63fbb6921b8fa5c484..f6193b2458c6f73178f3a6cf0d62501968f56843 100644 (file)
--- a/crypto/kdf/kdf_err.c
+++ b/crypto/kdf/kdf_err.c
@@ -14,6 +14,7 @@
 #ifndef OPENSSL_NO_ERR
 
 static const ERR_STRING_DATA KDF_str_functs[] = {
+    {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_HKDF_DERIVE, 0), "pkey_hkdf_derive"},
     {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),
      "pkey_tls1_prf_ctrl_str"},
     {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),

diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h
index f101cbfa91e2616bcedced1b8549ffc1ec86cb8e..aefdbff105d3aefe431da097e8e35bf6de0dd92a 100644 (file)
--- a/include/openssl/kdferr.h
+++ b/include/openssl/kdferr.h
@@ -22,6 +22,7 @@ int ERR_load_KDF_strings(void);
 /*
  * KDF function codes.
  */
+# define KDF_F_PKEY_HKDF_DERIVE                           102
 # define KDF_F_PKEY_TLS1_PRF_CTRL_STR                     100
 # define KDF_F_PKEY_TLS1_PRF_DERIVE                       101