prf: don't crash when called before handshake completion

If a gnutls_prf*() function is called before the handshake is completed,
return GNUTLS_E_INVALID_REQUEST instead of crashing.

Signed-off-by: Miroslav Lichvar <mlichvar@redhat.com>

diff --git a/lib/prf.c b/lib/prf.c
index 107f4770814771677026aa0ba776c2773af2f175..bb76e2ed4e46463b8d75070eb842367592bf47bf 100644 (file)
--- a/lib/prf.c
+++ b/lib/prf.c
@@ -80,6 +80,9 @@ gnutls_prf_raw(gnutls_session_t session,
        if (vers && vers->tls13_sem)
                return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
 
+       if (session->security_parameters.prf == NULL)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
        ret = _gnutls_prf_raw(session->security_parameters.prf->id,
                          GNUTLS_MASTER_SIZE, session->security_parameters.master_secret,
                          label_size, label,
@@ -165,6 +168,9 @@ gnutls_prf_rfc5705(gnutls_session_t session,
        const version_entry_st *vers = get_version(session);
        int ret;
 
+       if (session->security_parameters.prf == NULL)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
        if (vers && vers->tls13_sem) {
                ret = _tls13_derive_exporter(session->security_parameters.prf,
                                             session,
@@ -309,6 +315,9 @@ gnutls_prf(gnutls_session_t session,
                        return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
        }
 
+       if (session->security_parameters.prf == NULL)
+               return gnutls_assert_val(GNUTLS_E_INVALID_REQUEST);
+
        seed = gnutls_malloc(seedsize);
        if (!seed) {
                gnutls_assert();

diff --git a/tests/prf.c b/tests/prf.c
index ff839fe73ca37bf3aa81ee3871ca1a14d4ff642c..c4c7a0dac2ffe0b14612836cb57bac6b45766785 100644 (file)
--- a/tests/prf.c
+++ b/tests/prf.c
@@ -283,6 +283,14 @@ static void client(int fd)
        gnutls_handshake_set_random(session, &hrnd);
        gnutls_transport_set_int(session, fd);
 
+       if (gnutls_prf(session, 4, "aaaa", 0, 0, NULL, sizeof(err), (char *)&err) !=
+                       GNUTLS_E_INVALID_REQUEST ||
+           gnutls_prf_rfc5705(session, 4, "aaaa", 0, NULL, sizeof(err), (char *)&err) !=
+                       GNUTLS_E_INVALID_REQUEST) {
+               fprintf(stderr, "unexpected prf error code\n");
+               exit(1);
+       }
+
        /* Perform the TLS handshake
         */
        do {