diff options
author | NIIBE Yutaka <gniibe@fsij.org> | 2022-06-21 13:58:12 +0900 |
---|---|---|
committer | NIIBE Yutaka <gniibe@fsij.org> | 2022-06-21 13:58:12 +0900 |
commit | e0f0c788dc0f268965c0f63eb33d9f98c0575d58 (patch) | |
tree | efcf5bf844dbf3122bc2aebe89edcd00537ada7f | |
parent | fbddfb964f0b1c1ec131194b2273c3f834041c84 (diff) | |
download | libgcrypt-e0f0c788dc0f268965c0f63eb33d9f98c0575d58.tar.gz |
kdf: Add input check for hkdf.
* cipher/kdf.c (hkdf_open): Validate the output size.
--
In RFC 5869, section 2.3, it specifies: L <= 255*HashLen.
Reported-by: Guido Vranken <guidovranken@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
-rw-r--r-- | cipher/kdf.c | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/cipher/kdf.c b/cipher/kdf.c index c3e45f84..2e5eef32 100644 --- a/cipher/kdf.c +++ b/cipher/kdf.c @@ -1697,6 +1697,10 @@ hkdf_open (gcry_kdf_hd_t *hd, int macalgo, xfree (h); return GPG_ERR_MAC_ALGO; } + + if (outlen > 255 * h->blklen) + return GPG_ERR_INV_VALUE; + ec = _gcry_mac_open (&h->md, macalgo, 0, NULL); if (ec) { |