diff options
author | Neil Horman <nhorman@openssl.org> | 2024-01-01 11:53:50 -0500 |
---|---|---|
committer | Neil Horman <nhorman@openssl.org> | 2024-01-03 10:20:46 -0500 |
commit | 0b36386633b8b875de74313abe91ac1c48a06a8e (patch) | |
tree | a57e7c7e9ee15a4c4d83431188ed209132ebfae6 /providers | |
parent | c739d762b8b28079467eb7f08f749b3d896beb6e (diff) |
validate requested key length in kdf_pbkdf1_do_derive
When using pbkdf1 key deriviation, it is possible to request a key
length larger than the maximum digest size a given digest can produce,
leading to a read of random stack memory.
fix it by returning an error if the requested key size n is larger than
the EVP_MD_size of the digest
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23174)
(cherry picked from commit 8d89050f0f676b429043fd5445e5a570d54ad225)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/kdfs/pbkdf1.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c index ff51074c48..10b27f5a62 100644 --- a/providers/implementations/kdfs/pbkdf1.c +++ b/providers/implementations/kdfs/pbkdf1.c @@ -72,6 +72,11 @@ static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen, mdsize = EVP_MD_size(md_type); if (mdsize < 0) goto err; + if (n > (size_t)mdsize) { + ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE); + goto err; + } + for (i = 1; i < iter; i++) { if (!EVP_DigestInit_ex(ctx, md_type, NULL)) goto err; |