diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-05-01 14:49:25 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-05-05 17:39:27 +1000 |
commit | 2b05439f8441a5483da65fd4208d82d9e007f448 (patch) | |
tree | 82dee791ba1aa5f7e8cb99fdef48c46437100fd9 /crypto/err | |
parent | 029875dc5ba28f18e3067c883fb53c9ae91d6954 (diff) |
Fix KMAC bounds checks.
Setting an output length higher than 8191 was causing a buffer overflow.
This was reported by Acumen (FIPS lab).
The max output size has increased to ~2M and it now checks this during set_parameters.
The encoder related functions now pass in the maximum size of the output buffer so they
can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in
order to calculate and check the length before encoding.
Note that right_encode() is currently only used in one place but this
may change if other algorithms are supported (such as TupleHash).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15106)
Diffstat (limited to 'crypto/err')
-rw-r--r-- | crypto/err/openssl.txt | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index d3e29a5553..d964b9adc4 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -994,6 +994,7 @@ PROV_R_INVALID_KEY_LENGTH:105:invalid key length PROV_R_INVALID_MAC:151:invalid mac PROV_R_INVALID_MGF1_MD:167:invalid mgf1 md PROV_R_INVALID_MODE:125:invalid mode +PROV_R_INVALID_OUTPUT_LENGTH:217:invalid output length PROV_R_INVALID_PADDING_MODE:168:invalid padding mode PROV_R_INVALID_PUBINFO:198:invalid pubinfo PROV_R_INVALID_SALT_LENGTH:112:invalid salt length |