diff options
author | Neil Horman <nhorman@openssl.org> | 2024-01-01 11:53:50 -0500 |
---|---|---|
committer | Neil Horman <nhorman@openssl.org> | 2024-01-03 10:20:59 -0500 |
commit | 12fe0d59581b1760723531b064ab1b66b9bc50a7 (patch) | |
tree | c847da675775795d425b2ee28b2e3ab4cfa53812 /providers | |
parent | 8a843dc19b9057464596231f2d855a57e82b20bf (diff) |
validate requested key length in kdf_pbkdf1_do_derive
When using pbkdf1 key deriviation, it is possible to request a key
length larger than the maximum digest size a given digest can produce,
leading to a read of random stack memory.
fix it by returning an error if the requested key size n is larger than
the EVP_MD_size of the digest
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23174)
(cherry picked from commit 8d89050f0f676b429043fd5445e5a570d54ad225)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/kdfs/pbkdf1.c | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c index 6f95df071b..4fa6afd104 100644 --- a/providers/implementations/kdfs/pbkdf1.c +++ b/providers/implementations/kdfs/pbkdf1.c @@ -72,6 +72,11 @@ static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen, mdsize = EVP_MD_size(md_type); if (mdsize < 0) goto err; + if (n > (size_t)mdsize) { + ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE); + goto err; + } + for (i = 1; i < iter; i++) { if (!EVP_DigestInit_ex(ctx, md_type, NULL)) goto err; |