Make salt mandatory for HKDF-EXTRACT + adapt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

commit: 0586f4c4ea2cd36179ca80ae21c65c7bb32e5d09 [log] [tgz]
author: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Fri Jun 03 16:00:25 2022 +0200
committer: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Mon Jun 06 11:25:43 2022 +0200
tree: e161bb50664d8425ff8b922c66b679aae173c406
parent: 0e99391afe5f315dbbdf2ac94e3bcc98bc0ce259 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 06b549b..3ecaebb 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -5233,9 +5233,14 @@
             else
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND */
             {
-                /* If no salt was provided, use an empty salt. */
+                /* HKDF: If no salt was provided, use an empty salt.
+                 * HKDF-EXTRACT: salt is mandatory. */
                 if( hkdf->state == HKDF_STATE_INIT )
                 {
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT)
+                    if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
+                        return( PSA_ERROR_BAD_STATE );
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
                     status = psa_key_derivation_start_hmac( &hkdf->hmac,
                                                             hash_alg,
                                                             NULL, 0 );
commit	0586f4c4ea2cd36179ca80ae21c65c7bb32e5d09	[log] [tgz]
author	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Fri Jun 03 16:00:25 2022 +0200
committer	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Mon Jun 06 11:25:43 2022 +0200
tree	e161bb50664d8425ff8b922c66b679aae173c406
parent	0e99391afe5f315dbbdf2ac94e3bcc98bc0ce259 [diff] [blame]