Guard against invalid fixed_info

Yubico · Mar 21, 2024 · a6b86fb · a6b86fb
1 parent 108c11a
commit a6b86fb
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/pkcs11/util_pkcs11.c b/pkcs11/util_pkcs11.c
@@ -5310,6 +5310,10 @@ bool match_meta_attributes(yubihsm_pkcs11_session *session,
 
 CK_RV ecdh_kdf(ecdh_session_key *shared_secret, uint8_t *fixed_info, size_t fixed_len,
                 CK_ULONG kdf, size_t value_len) {
+  if(fixed_len > 0 && fixed_info == NULL) {
+    return CKR_MECHANISM_PARAM_INVALID;
+  }
+
   hash_ctx hash = NULL;
   switch (kdf) {
     case CKD_YUBICO_SHA1_KDF_SP800: