diff options
| author | Nicky Mouha <nmouha@users.noreply.github.com> | 2023-05-17 16:46:41 -0400 |
|---|---|---|
| committer | Tomas Mraz <tomas@openssl.org> | 2023-05-19 12:43:39 +0200 |
| commit | d12cde7fc5561d463badcd8a73079cf92864c31e (patch) | |
| tree | 0e2296f394d07a3d6b247632efcf16cc6f5a2ef3 /providers | |
| parent | 5d6f13d90d5c4212737002bcd54871cf236a1220 (diff) | |
Update hkdf.c to avoid potentially vulnerable code pattern
The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.
This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.
It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)
(cherry picked from commit 56a51b5a1ecd54eadc80bed4bfe5044a340787c1)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/implementations/kdfs/hkdf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index dfa7786bde..f57c018d5a 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -554,7 +554,7 @@ static int HKDF_Expand(const EVP_MD *evp_md, if (!HMAC_Final(hmac, prev, NULL)) goto err; - copy_len = (done_len + dig_len > okm_len) ? + copy_len = (dig_len > okm_len - done_len) ? okm_len - done_len : dig_len; |