mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-12 13:36:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
56a51b5a1e
openssl/providers/implementations/kdfs
History
Nicky Mouha 56a51b5a1e Update hkdf.c to avoid potentially vulnerable code pattern 
The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.

This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.

It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)
2023-05-19 12:42:08 +02:00
..
argon2.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
build.info providers: add Argon2 KDF 2023-03-17 11:12:47 +11:00
hkdf.c Update hkdf.c to avoid potentially vulnerable code pattern 2023-05-19 12:42:08 +02:00
hmacdrbg_kdf.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
kbkdf.c Update KDFs to use shared functions. 2023-04-26 08:01:46 +10:00
krb5kdf.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
pbkdf1.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
pbkdf2_fips.c
pbkdf2.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
pbkdf2.h
pkcs12kdf.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
pvkkdf.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
scrypt.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
sshkdf.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
sskdf.c Update KDFs to use shared functions. 2023-04-26 08:01:46 +10:00
tls1_prf.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00
x942kdf.c Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays 2023-04-21 16:19:11 +02:00