diff options
author | Shane Lontis <shane.lontis@oracle.com> | 2021-05-01 14:49:25 +1000 |
---|---|---|
committer | Shane Lontis <shane.lontis@oracle.com> | 2021-05-05 17:39:27 +1000 |
commit | 2b05439f8441a5483da65fd4208d82d9e007f448 (patch) | |
tree | 82dee791ba1aa5f7e8cb99fdef48c46437100fd9 /providers/fips-sources.checksums | |
parent | 029875dc5ba28f18e3067c883fb53c9ae91d6954 (diff) |
Fix KMAC bounds checks.
Setting an output length higher than 8191 was causing a buffer overflow.
This was reported by Acumen (FIPS lab).
The max output size has increased to ~2M and it now checks this during set_parameters.
The encoder related functions now pass in the maximum size of the output buffer so they
can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in
order to calculate and check the length before encoding.
Note that right_encode() is currently only used in one place but this
may change if other algorithms are supported (such as TupleHash).
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15106)
Diffstat (limited to 'providers/fips-sources.checksums')
-rw-r--r-- | providers/fips-sources.checksums | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/providers/fips-sources.checksums b/providers/fips-sources.checksums index 8c46849215..a7ee231b15 100644 --- a/providers/fips-sources.checksums +++ b/providers/fips-sources.checksums @@ -328,7 +328,7 @@ f3b089fd3dcccc8e3ebfbbdbf87c47d58330f82bd0e2a1223da74977930cccf1 providers/comm 390b2b6ba321bddc416688d4a51d9e04db7d84d4f398947d496d043e8fb22a01 providers/common/der/der_sm2_sig.c d447cd774869da68a2cc0bbb19c547ee6ed4858c7aee1f3d5bba7796f97823a9 providers/common/digest_to_nid.c 737cc1228106e555e9bab24e3c2438982e04e05b0d5b9ee6995d71df16c49143 providers/common/provider_ctx.c -fcbb0f2859f28ea1eb3922447bb96588d2097695f9ce23c3c64025bfbe9d2bad providers/common/provider_err.c +71c3fbb9bd80f5e7a217cf8005df61f96a645fbdd9daca9949ceef6d33a1feb0 providers/common/provider_err.c 9eae3e2cac89c7b63d091fdca1b6d80c5c5d52aa79c8ba4ce0158c5437ad62f3 providers/common/provider_seeding.c eec462d685dd3b4764b076a3c18ecd9dd254350a0b78ddc2f8a60587829e1ce3 providers/common/provider_util.c 494723d55bc6ecdb70f59499a2c42260cabc5fa30681ac3b48267dfa242158b3 providers/common/securitycheck.c @@ -432,7 +432,7 @@ c48eb00f0de1c28baaa3cf7c0e85d4d2a20592783aa545f8934da487c05a3e87 providers/impl 25d20ceb61cadb495ec890ae2c49c5c1c840b39ac77f20058ee87249cab341ef providers/implementations/macs/cmac_prov.c f51b074d55028d3e24656da348d21ca79f6680fdb30383d936251f1b3467caab providers/implementations/macs/gmac_prov.c 35505704fda658c0911f95974913c1f2dd75c8f91c5d2ec597c70c52624bdfdf providers/implementations/macs/hmac_prov.c -3201d82d1e17c22a80b26dedae627be10b6dc1af623d1fd0c3c923e0125a42e7 providers/implementations/macs/kmac_prov.c +e42823cce1d08d9cb6cb32cc6b913241573c2cbbd856ff77a331b0956ee5aa02 providers/implementations/macs/kmac_prov.c 94d80682125b40ba694242fdfa978b802c6e70f2b0167215c9d689c0ccf5820f providers/implementations/macs/poly1305_prov.c d594704aa3173afdb2b1e95253285cdb245a42078f9ca06b68aaeecb858b10fd providers/implementations/macs/siphash_prov.c dcc1afbe2965de7c5ac0a17ab1b19b8ed512049376833cb410db30f8dc4e2064 providers/implementations/rands/crngt.c |