fips-prf: Fail when trying to use append mode on FIPS-PRF
authorMartin Willi <martin@revosec.ch>
Sat, 28 Mar 2015 07:36:35 +0000 (08:36 +0100)
committerMartin Willi <martin@revosec.ch>
Sat, 28 Mar 2015 07:36:35 +0000 (08:36 +0100)
Append mode hardly makes sense for the special stateful FIPS-PRF, which is
different to other PRFs.

src/libstrongswan/plugins/fips_prf/fips_prf.c

index 2382507..25accf9 100644 (file)
@@ -116,6 +116,12 @@ METHOD(prf_t, get_bytes, bool,
        u_int8_t *xkey = this->key;
        u_int8_t one[this->b];
 
+       if (!w)
+       {
+               /* append mode is not supported */
+               return FALSE;
+       }
+
        memset(one, 0, this->b);
        one[this->b - 1] = 0x01;
 
@@ -250,4 +256,3 @@ fips_prf_t *fips_prf_create(pseudo_random_function_t algo)
 
        return &this->public;
 }
-