Make info valid only after secret for HKDF-EXPAND + adapt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

commit: cde3f783f5cb213ca30b40d599385bf5a13b4072 [log] [tgz]
author: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Fri Jun 03 16:12:27 2022 +0200
committer: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Mon Jun 06 11:26:02 2022 +0200
tree: 1826bd027e138541eab289d10436375df826d9c9
parent: 0586f4c4ea2cd36179ca80ae21c65c7bb32e5d09 [diff] [blame]
diff --git a/library/psa_crypto.c b/library/psa_crypto.c
index 3ecaebb..8c68077 100644
--- a/library/psa_crypto.c
+++ b/library/psa_crypto.c

@@ -5285,6 +5285,11 @@
             if( PSA_ALG_IS_HKDF_EXTRACT( kdf_alg ) )
                 return( PSA_ERROR_INVALID_ARGUMENT );
 #endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
+#if defined(MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXPAND)
+            if( PSA_ALG_IS_HKDF_EXPAND( kdf_alg ) &&
+                hkdf->state == HKDF_STATE_INIT )
+                return( PSA_ERROR_BAD_STATE );
+#endif /* MBEDTLS_PSA_BUILTIN_ALG_HKDF_EXTRACT */
             if( hkdf->state == HKDF_STATE_OUTPUT )
                 return( PSA_ERROR_BAD_STATE );
             if( hkdf->info_set )
commit	cde3f783f5cb213ca30b40d599385bf5a13b4072	[log] [tgz]
author	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Fri Jun 03 16:12:27 2022 +0200
committer	Przemek Stekiel <przemyslaw.stekiel@mobica.com>	Mon Jun 06 11:26:02 2022 +0200
tree	1826bd027e138541eab289d10436375df826d9c9
parent	0586f4c4ea2cd36179ca80ae21c65c7bb32e5d09 [diff] [blame]