kdf: Add input check for hkdf.

* cipher/kdf.c (hkdf_open): Validate the output size. -- In RFC 5869, section 2.3, it specifies: L <= 255*HashLen. Reported-by: Guido Vranken <guidovranken@gmail.com> Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
author: NIIBE Yutaka <gniibe@fsij.org> 2022-06-21 13:58:12 +0900
committer: NIIBE Yutaka <gniibe@fsij.org> 2022-06-21 13:58:12 +0900
commit: e0f0c788dc0f268965c0f63eb33d9f98c0575d58 (patch)
tree: efcf5bf844dbf3122bc2aebe89edcd00537ada7f
parent: fbddfb964f0b1c1ec131194b2273c3f834041c84 (diff)
download: libgcrypt-e0f0c788dc0f268965c0f63eb33d9f98c0575d58.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/cipher/kdf.c b/cipher/kdf.c
index c3e45f84..2e5eef32 100644
--- a/cipher/kdf.c
+++ b/cipher/kdf.c
@@ -1697,6 +1697,10 @@ hkdf_open (gcry_kdf_hd_t *hd, int macalgo,
       xfree (h);
       return GPG_ERR_MAC_ALGO;
     }
+
+  if (outlen > 255 * h->blklen)
+    return GPG_ERR_INV_VALUE;
+
   ec = _gcry_mac_open (&h->md, macalgo, 0, NULL);
   if (ec)
     {
author	NIIBE Yutaka <gniibe@fsij.org>	2022-06-21 13:58:12 +0900
committer	NIIBE Yutaka <gniibe@fsij.org>	2022-06-21 13:58:12 +0900
commit	e0f0c788dc0f268965c0f63eb33d9f98c0575d58 (patch)
tree	efcf5bf844dbf3122bc2aebe89edcd00537ada7f
parent	fbddfb964f0b1c1ec131194b2273c3f834041c84 (diff)
download	libgcrypt-e0f0c788dc0f268965c0f63eb33d9f98c0575d58.tar.gz