projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
validate requested key length in kdf_pbkdf1_do_derive
[openssl.git]
/
providers
/
implementations
/
kdfs
/
pbkdf1.c
diff --git
a/providers/implementations/kdfs/pbkdf1.c
b/providers/implementations/kdfs/pbkdf1.c
index ff51074c4819e0878424c857f4ea27219a2eb2fe..10b27f5a6271a70b7ea6ea6a3b152b25a2622748 100644
(file)
--- a/
providers/implementations/kdfs/pbkdf1.c
+++ b/
providers/implementations/kdfs/pbkdf1.c
@@
-72,6
+72,11
@@
static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen,
mdsize = EVP_MD_size(md_type);
if (mdsize < 0)
goto err;
+ if (n > (size_t)mdsize) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
+ goto err;
+ }
+
for (i = 1; i < iter; i++) {
if (!EVP_DigestInit_ex(ctx, md_type, NULL))
goto err;