projects
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
| inline |
side by side
validate requested key length in kdf_pbkdf1_do_derive
[openssl.git]
/
providers
/
implementations
/
kdfs
/
pbkdf1.c
diff --git
a/providers/implementations/kdfs/pbkdf1.c
b/providers/implementations/kdfs/pbkdf1.c
index 6f95df071b35999a5cb7530e5d65e1e111b83f9a..4fa6afd104a26dad37b0ca47d8749116fe0c2db7 100644
(file)
--- a/
providers/implementations/kdfs/pbkdf1.c
+++ b/
providers/implementations/kdfs/pbkdf1.c
@@
-72,6
+72,11
@@
static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen,
mdsize = EVP_MD_size(md_type);
if (mdsize < 0)
goto err;
+ if (n > (size_t)mdsize) {
+ ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
+ goto err;
+ }
+
for (i = 1; i < iter; i++) {
if (!EVP_DigestInit_ex(ctx, md_type, NULL))
goto err;