validate requested key length in kdf_pbkdf1_do_derive

When using pbkdf1 key deriviation, it is possible to request a key length larger than the maximum digest size a given digest can produce, leading to a read of random stack memory. fix it by returning an error if the requested key size n is larger than the EVP_MD_size of the digest Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23174) (cherry picked from commit 8d89050f0f676b429043fd5445e5a570d54ad225)
author: Neil Horman <nhorman@openssl.org> 2024-01-01 11:53:50 -0500
committer: Neil Horman <nhorman@openssl.org> 2024-01-03 10:20:46 -0500
commit: 0b36386633b8b875de74313abe91ac1c48a06a8e (patch)
tree: a57e7c7e9ee15a4c4d83431188ed209132ebfae6 /providers
parent: c739d762b8b28079467eb7f08f749b3d896beb6e (diff)
1 files changed, 5 insertions, 0 deletions
diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c
index ff51074c48..10b27f5a62 100644
--- a/providers/implementations/kdfs/pbkdf1.c
+++ b/providers/implementations/kdfs/pbkdf1.c
@@ -72,6 +72,11 @@ static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen,
     mdsize = EVP_MD_size(md_type);
     if (mdsize < 0)
         goto err;
+    if (n > (size_t)mdsize) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
+        goto err;
+    }
+
     for (i = 1; i < iter; i++) {
         if (!EVP_DigestInit_ex(ctx, md_type, NULL))
             goto err;
author	Neil Horman <nhorman@openssl.org>	2024-01-01 11:53:50 -0500
committer	Neil Horman <nhorman@openssl.org>	2024-01-03 10:20:46 -0500
commit	0b36386633b8b875de74313abe91ac1c48a06a8e (patch)
tree	a57e7c7e9ee15a4c4d83431188ed209132ebfae6 /providers
parent	c739d762b8b28079467eb7f08f749b3d896beb6e (diff)