Skip to content

Commit

Permalink
improve TLS1PRF comments
Browse files Browse the repository at this point in the history
  • Loading branch information
qmuntal committed Sep 8, 2023
1 parent 3e5af4f commit 573b670
Showing 1 changed file with 4 additions and 2 deletions.
6 changes: 4 additions & 2 deletions tls1prf.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,7 +16,7 @@ func SupportsTLS1PRF() bool {
(vMajor >= 1 && vMinor >= 1)
}

// TLS1PRF implements the TLS 1.0/1.1 pseudo-random function if h is nil or crypto.MD5SHA1,
// TLS1PRF implements the TLS 1.0/1.1 pseudo-random function if h is nil,
// else it implements the TLS 1.2 pseudo-random function.
// The pseudo-random number will be written to result and will be of length len(result).
func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error {
Expand Down Expand Up @@ -93,8 +93,10 @@ func TLS1PRF(result, secret, label, seed []byte, h func() hash.Hash) error {
if C.go_openssl_EVP_PKEY_derive(ctx, base(result), &outLen) != 1 {
return newOpenSSLError("EVP_PKEY_derive")
}
// The Go standard library expects TLS1PRF to return the requested number of bytes,
// fail if it doesn't.
if outLen != C.size_t(len(result)) {
return errors.New("tls1-prf: entropy limit reached")
return errors.New("tls1-prf: derived less bytes than requested")
}
return nil
}

0 comments on commit 573b670

Please sign in to comment.