From: Martin Willi <martin@revosec.ch>
Date: Sat, 28 Mar 2015 07:36:35 +0000 (+0100)
Subject: fips-prf: Fail when trying to use append mode on FIPS-PRF
X-Git-Tag: 5.3.0~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b234fdfce8d010ac2d5981f40650f95f1454f7e3;p=thirdparty%2Fstrongswan.git

fips-prf: Fail when trying to use append mode on FIPS-PRF

Append mode hardly makes sense for the special stateful FIPS-PRF, which is
different to other PRFs.
---

diff --git a/src/libstrongswan/plugins/fips_prf/fips_prf.c b/src/libstrongswan/plugins/fips_prf/fips_prf.c
index 23825078e6..25accf996f 100644
--- a/src/libstrongswan/plugins/fips_prf/fips_prf.c
+++ b/src/libstrongswan/plugins/fips_prf/fips_prf.c
@@ -116,6 +116,12 @@ METHOD(prf_t, get_bytes, bool,
 	u_int8_t *xkey = this->key;
 	u_int8_t one[this->b];
 
+	if (!w)
+	{
+		/* append mode is not supported */
+		return FALSE;
+	}
+
 	memset(one, 0, this->b);
 	one[this->b - 1] = 0x01;
 
@@ -250,4 +256,3 @@ fips_prf_t *fips_prf_create(pseudo_random_function_t algo)
 
 	return &this->public;
 }
-