projects / openssl.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: cf8fea8) | patch
validate requested key length in kdf_pbkdf1_do_derive
authorNeil Horman <nhorman@openssl.org>
Mon, 1 Jan 2024 16:53:50 +0000 (11:53 -0500)
committerNeil Horman <nhorman@openssl.org>
Wed, 3 Jan 2024 15:05:49 +0000 (10:05 -0500)
commit8d89050f0f676b429043fd5445e5a570d54ad225
tree9c8a1924ae16a8730aa143ddfc267c8ae89094a8tree | snapshot
parentcf8fea86f73c4606f132133cb34c07f8dad42482commit | diff
validate requested key length in kdf_pbkdf1_do_derive

When using pbkdf1 key deriviation, it is possible to request a key
length larger than the maximum digest size a given digest can produce,
leading to a read of random stack memory.

fix it by returning an error if the requested key size n is larger than
the EVP_MD_size of the digest

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23174)
providers/implementations/kdfs/pbkdf1.c diff | blob | history
test/evp_kdf_test.c diff | blob | history
Unnamed repository; edit this file 'description' to name the repository.