Diffusion libgcrypt e0f0c788dc0f

kdf: Add input check for hkdf.
e0f0c788dc0f
Actions

Tags

None

Subscribers

None

Description

kdf: Add input check for hkdf.

* cipher/kdf.c (hkdf_open): Validate the output size.

In RFC 5869, section 2.3, it specifies: L <= 255*HashLen.

Reported-by: Guido Vranken <guidovranken@gmail.com>
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>

Details

Provenance

Authored on Jun 21 2022, 6:58 AM

Parents

rCfbddfb964f0b: kdf: Add HKDF of RFC5869.

Branches

Unknown

Tags

Unknown

Event Timeline

• gniibe committed rCe0f0c788dc0f: kdf: Add input check for hkdf. (authored by • gniibe).Jun 21 2022, 6:58 AM

• gniibe mentioned this in rCe2a7a0c9f5d2: kdf: Fix memory leak on error..Jul 5 2022, 4:09 AM

Changes (1)

Path

Size

cipher/

rCe0f0c788dc0f

cipher/kdf.c

Loading...