summaryrefslogtreecommitdiffstats
path: root/providers/fips-sources.checksums
diff options
context:
space:
mode:
authorShane Lontis <shane.lontis@oracle.com>2021-05-01 14:49:25 +1000
committerShane Lontis <shane.lontis@oracle.com>2021-05-05 17:39:27 +1000
commit2b05439f8441a5483da65fd4208d82d9e007f448 (patch)
tree82dee791ba1aa5f7e8cb99fdef48c46437100fd9 /providers/fips-sources.checksums
parent029875dc5ba28f18e3067c883fb53c9ae91d6954 (diff)
Fix KMAC bounds checks.
Setting an output length higher than 8191 was causing a buffer overflow. This was reported by Acumen (FIPS lab). The max output size has increased to ~2M and it now checks this during set_parameters. The encoder related functions now pass in the maximum size of the output buffer so they can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in order to calculate and check the length before encoding. Note that right_encode() is currently only used in one place but this may change if other algorithms are supported (such as TupleHash). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15106)
Diffstat (limited to 'providers/fips-sources.checksums')
-rw-r--r--providers/fips-sources.checksums4
1 files changed, 2 insertions, 2 deletions
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums
index 8c46849215..a7ee231b15 100644
--- a/providers/fips-sources.checksums
+++ b/providers/fips-sources.checksums
@@ -328,7 +328,7 @@ f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1 providers/comm
390b2b6ba321bddc416688d4a51d9e04db7d84d4f398947d496d043e8fb22a01 providers/common/der/der_sm2_sig.c
d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9 providers/common/digest_to_nid.c
737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143 providers/common/provider_ctx.c
-fcbb0f2859f28ea1eb3922447bb96588d2097695f9ce23c3c64025bfbe9d2bad providers/common/provider_err.c
+71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0 providers/common/provider_err.c
9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c
eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c
494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3 providers/common/securitycheck.c
@@ -432,7 +432,7 @@ c48eb00f0de1c28baaa3cf7c0e85d4d2a20592783aa545f8934da487c05a3e87 providers/impl
25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef providers/implementations/macs/cmac_prov.c
f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab providers/implementations/macs/gmac_prov.c
35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf providers/implementations/macs/hmac_prov.c
-3201d82d1e17c22a80b26dedae627be10b6dc1af623d1fd0c3c923e0125a42e7 providers/implementations/macs/kmac_prov.c
+e42823cce1d08d9cb6cb32cc6b913241573c2cbbd856ff77a331b0956ee5aa02 providers/implementations/macs/kmac_prov.c
94d80682125b40ba694242fdfa978b802c6e70f2b0167215c9d689c0ccf5820f providers/implementations/macs/poly1305_prov.c
d594704aa3173afdb2b1e95253285cdb245a42078f9ca06b68aaeecb858b10fd providers/implementations/macs/siphash_prov.c
dcc1afbe2965de7c5ac0a17ab1b19b8ed512049376833cb410db30f8dc4e2064 providers/implementations/rands/crngt.c
generated by cgit v1.2.3 (git 2.25.1) at 2024-08-04 10:16:03 +0000