Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check HKDF-Expand length of output <= 255*HashLen #2956

Merged
merged 2 commits into from
May 8, 2020
Merged

Check HKDF-Expand length of output <= 255*HashLen #2956

merged 2 commits into from
May 8, 2020

Conversation

tmael
Copy link
Contributor

@tmael tmael commented May 6, 2020

This PR adds a length check in wc_HKDF_Expand() to address issues reported in ZD#10261 and GitHub issues #2951.

RFC 5869 section 2.3 states that the length of output keying material in octets must be L <= 255*HashLen

where HashLen is the size in octets of the hash function's digest.

However, wc_HKDF_Expand was missing this check.

@tmael tmael requested a review from JacobBarthelmeh May 6, 2020 23:32
JacobBarthelmeh
JacobBarthelmeh reviewed May 7, 2020
View reviewed changes
wolfcrypt/src/hmac.c Outdated
@@ -1215,11 +1215,18 @@ int wolfSSL_GetHmacMaxSize(void)
word32 outIdx = 0;
word32 hashSz = wc_HmacSizeByType(type);
byte n = 0x1;
word32 N = 0; /* rf5869: N = ceil(L/HashLen)*/
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why add an additional variable to the stack when we can just check that L <= (255 * hashSz)? Also please put a comment on why 255 is used here to explain the hard set number

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@JacobBarthelmeh, Good point. Fixed. FYI. The additional variable was for clarity and I wanted to avoid multiplications.

@tmael tmael assigned JacobBarthelmeh and unassigned tmael May 8, 2020
@JacobBarthelmeh JacobBarthelmeh merged commit 81dc0ac into wolfSSL:master May 8, 2020
@JacobBarthelmeh JacobBarthelmeh mentioned this pull request Jul 7, 2020
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@JacobBarthelmeh JacobBarthelmeh JacobBarthelmeh approved these changes

Assignees

@JacobBarthelmeh JacobBarthelmeh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tmael @JacobBarthelmeh