From c1243feef24d5e0a910ea9b4881d4657a67ad166 Mon Sep 17 00:00:00 2001
From: Steffen Jaeckel <s@jaeckel.eu>
Date: Fri, 23 Nov 2012 03:03:54 +0100
Subject: [PATCH] hkdf: improve argument validation

---
 src/misc/hkdf/hkdf.c | 24 ++++++++++++++++++++----
 1 file changed, 20 insertions(+), 4 deletions(-)

diff --git a/src/misc/hkdf/hkdf.c b/src/misc/hkdf/hkdf.c
index ee65c61..80ea2ab 100644
--- a/src/misc/hkdf/hkdf.c
+++ b/src/misc/hkdf/hkdf.c
@@ -32,7 +32,7 @@ int hkdf_expand(int hash_idx, const unsigned char *info, unsigned long infolen,
                               const unsigned char *in,   unsigned long inlen,
                                     unsigned char *out,  unsigned long outlen)
 {
-   const unsigned long hashsize = hash_descriptor[hash_idx].hashsize;
+   unsigned long hashsize;
    int err;
    unsigned char N;
    unsigned long Noutlen, outoff;
@@ -40,12 +40,19 @@ int hkdf_expand(int hash_idx, const unsigned char *info, unsigned long infolen,
    unsigned char *T,  *dat;
    unsigned long Tlen, datlen;
 
+   /* make sure hash descriptor is valid */
+   if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+      return err;
+   }
+
+   hashsize = hash_descriptor[hash_idx].hashsize;
+
    /* RFC5869 parameter restrictions */
    if (inlen < hashsize || outlen > hashsize * 255)
       return CRYPT_INVALID_ARG;
    if (info == NULL && infolen != 0)
       return CRYPT_INVALID_ARG;
-   assert(out != NULL);
+   LTC_ARGCHK(out != NULL);
 
    Tlen = hashsize + infolen + 1;
    T = XMALLOC(Tlen); /* Replace with static buffer? */
@@ -92,9 +99,18 @@ int hkdf(int hash_idx, const unsigned char *salt, unsigned long saltlen,
                        const unsigned char *in,   unsigned long inlen,
                              unsigned char *out,  unsigned long outlen)
 {
-   unsigned long hashsize = hash_descriptor[hash_idx].hashsize;
+   unsigned long hashsize;
    int err;
-   unsigned char *extracted = XMALLOC(hashsize); /* replace with static buffer? */
+   unsigned char *extracted;
+
+   /* make sure hash descriptor is valid */
+   if ((err = hash_is_valid(hash_idx)) != CRYPT_OK) {
+      return err;
+   }
+
+   hashsize = hash_descriptor[hash_idx].hashsize;
+
+   extracted = XMALLOC(hashsize); /* replace with static buffer? */
    if (extracted == NULL) {
       return CRYPT_MEM;
    }