diff options
| author | tb <> | 2023-06-01 02:34:23 +0000 |
|---|---|---|
| committer | tb <> | 2023-06-01 02:34:23 +0000 |
| commit | 8d97f6e802c7062366965028c126c73141f3591d (patch) | |
| tree | f159b2332ccecebfdae2451d699152f7058f09af | |
| parent | 3ba21940ac4b9113827f1f795fef37bf02f40ce5 (diff) | |
| download | openbsd-8d97f6e802c7062366965028c126c73141f3591d.tar.gz openbsd-8d97f6e802c7062366965028c126c73141f3591d.tar.bz2 openbsd-8d97f6e802c7062366965028c126c73141f3591d.zip | |
Avoid a potentially overflowing check
This doesn't actually overflow, but still is poor style.
Speaking of which: this is now the second time I get to fix something
reported by Nicky Mouha by way of a blog post. The first time was the
actual SHA-3 buffer overflow in Python where it is not entirely clear
who screwed up and how. Hopefully next time proper communication will
happen and work.
ok jsing
| -rw-r--r-- | src/lib/libcrypto/hkdf/hkdf.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/hkdf/hkdf.c b/src/lib/libcrypto/hkdf/hkdf.c index 47ad4ec131..9e0e206324 100644 --- a/src/lib/libcrypto/hkdf/hkdf.c +++ b/src/lib/libcrypto/hkdf/hkdf.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: hkdf.c,v 1.8 2022/11/26 16:08:53 tb Exp $ */ | 1 | /* $OpenBSD: hkdf.c,v 1.9 2023/06/01 02:34:23 tb Exp $ */ |
| 2 | /* Copyright (c) 2014, Google Inc. | 2 | /* Copyright (c) 2014, Google Inc. |
| 3 | * | 3 | * |
| 4 | * Permission to use, copy, modify, and/or distribute this software for any | 4 | * Permission to use, copy, modify, and/or distribute this software for any |
| @@ -102,7 +102,7 @@ HKDF_expand(uint8_t *out_key, size_t out_len, | |||
| 102 | goto out; | 102 | goto out; |
| 103 | 103 | ||
| 104 | todo = digest_len; | 104 | todo = digest_len; |
| 105 | if (done + todo > out_len) | 105 | if (todo > out_len - done) |
| 106 | todo = out_len - done; | 106 | todo = out_len - done; |
| 107 | 107 | ||
| 108 | memcpy(out_key + done, previous, todo); | 108 | memcpy(out_key + done, previous, todo); |