validate requested key length in kdf_pbkdf1_do_derive

When using pbkdf1 key deriviation, it is possible to request a key length larger than the maximum digest size a given digest can produce, leading to a read of random stack memory. fix it by returning an error if the requested key size n is larger than the EVP_MD_size of the digest Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23174)
author: Neil Horman <nhorman@openssl.org> 2024-01-01 17:53:50 +0100
committer: Neil Horman <nhorman@openssl.org> 2024-01-03 16:05:49 +0100
commit: 8d89050f0f676b429043fd5445e5a570d54ad225 (patch)
tree: 9c8a1924ae16a8730aa143ddfc267c8ae89094a8 /providers/implementations/kdfs
parent: provider-keymgmt.pod: fix typo (diff)
download: openssl-8d89050f0f676b429043fd5445e5a570d54ad225.tar.xz
openssl-8d89050f0f676b429043fd5445e5a570d54ad225.zip
1 files changed, 5 insertions, 0 deletions
diff --git a/providers/implementations/kdfs/pbkdf1.c b/providers/implementations/kdfs/pbkdf1.c
index 6f95df071b..4fa6afd104 100644
--- a/providers/implementations/kdfs/pbkdf1.c
+++ b/providers/implementations/kdfs/pbkdf1.c
@@ -72,6 +72,11 @@ static int kdf_pbkdf1_do_derive(const unsigned char *pass, size_t passlen,
     mdsize = EVP_MD_size(md_type);
     if (mdsize < 0)
         goto err;
+    if (n > (size_t)mdsize) {
+        ERR_raise(ERR_LIB_PROV, PROV_R_LENGTH_TOO_LARGE);
+        goto err;
+    }
+
     for (i = 1; i < iter; i++) {
         if (!EVP_DigestInit_ex(ctx, md_type, NULL))
             goto err;
author	Neil Horman <nhorman@openssl.org>	2024-01-01 17:53:50 +0100
committer	Neil Horman <nhorman@openssl.org>	2024-01-03 16:05:49 +0100
commit	8d89050f0f676b429043fd5445e5a570d54ad225 (patch)
tree	9c8a1924ae16a8730aa143ddfc267c8ae89094a8 /providers/implementations/kdfs
parent	provider-keymgmt.pod: fix typo (diff)
download	openssl-8d89050f0f676b429043fd5445e5a570d54ad225.tar.xz openssl-8d89050f0f676b429043fd5445e5a570d54ad225.zip