From e0f0c788dc0f268965c0f63eb33d9f98c0575d58 Mon Sep 17 00:00:00 2001
From: NIIBE Yutaka <gniibe@fsij.org>
Date: Tue, 21 Jun 2022 13:58:12 +0900
Subject: kdf: Add input check for hkdf.

* cipher/kdf.c (hkdf_open): Validate the output size.

--

In RFC 5869, section 2.3, it specifies: L <= 255*HashLen.

Reported-by: Guido Vranken <guidovranken@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
---
 cipher/kdf.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/cipher/kdf.c b/cipher/kdf.c
index c3e45f84..2e5eef32 100644
--- a/cipher/kdf.c
+++ b/cipher/kdf.c
@@ -1697,6 +1697,10 @@ hkdf_open (gcry_kdf_hd_t *hd, int macalgo,
       xfree (h);
       return GPG_ERR_MAC_ALGO;
     }
+
+  if (outlen > 255 * h->blklen)
+    return GPG_ERR_INV_VALUE;
+
   ec = _gcry_mac_open (&h->md, macalgo, 0, NULL);
   if (ec)
     {
-- 
cgit v1.2.1