diff options
author | Benjamin Kaduk <bkaduk@akamai.com> | 2021-03-22 15:02:04 -0700 |
---|---|---|
committer | Benjamin Kaduk <kaduk@mit.edu> | 2021-03-30 16:40:28 -0700 |
commit | 20c2876f24d0ccf9581ace08c7882d544d2588ea (patch) | |
tree | 81e068a87166630e280e970221dd61ed9b1af532 /providers | |
parent | c6b09ea0fe23a572a781681b3c1f436e8b0932fe (diff) |
Increase HKDF_MAXBUF from 1024 to 2048
We've encountered some scenarios that need to use more than 1 kB of
data as the HKDF-Expand() "info" argument (which, per RFC 5869,
contains "optional context and application specific information").
Since HKDF_MAXBUF is used to size an array in the HKDF_PKEY_CTX
structure, this adds 1 kB of memory footprint to each EVP_PKEY_CTX
used for HKDF.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14649)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/kdfs/hkdf.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index 52b284c662..2d3c72f501 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -30,7 +30,7 @@ #include "prov/provider_util.h" #include "e_os.h" -#define HKDF_MAXBUF 1024 +#define HKDF_MAXBUF 2048 static OSSL_FUNC_kdf_newctx_fn kdf_hkdf_new; static OSSL_FUNC_kdf_freectx_fn kdf_hkdf_free; |