Avoid a potentially overflowing check

This doesn't actually overflow, but still is poor style. Speaking of which: this is now the second time I get to fix something reported by Nicky Mouha by way of a blog post. The first time was the actual SHA-3 buffer overflow in Python where it is not entirely clear who screwed up and how. Hopefully next time proper communication will happen and work. ok jsing
author: tb <> 2023-06-01 02:34:23 +0000
committer: tb <> 2023-06-01 02:34:23 +0000
commit: 15d3c912ab27ed23d29447224f0220efc5eb1044 (patch)
tree: f159b2332ccecebfdae2451d699152f7058f09af /src/lib/libcrypto/hkdf/hkdf.c
parent: 5ad6656dad44c1cc6f5d9f207bc4df24339c6f56 (diff)
download: openbsd-15d3c912ab27ed23d29447224f0220efc5eb1044.tar.gz
openbsd-15d3c912ab27ed23d29447224f0220efc5eb1044.tar.bz2
openbsd-15d3c912ab27ed23d29447224f0220efc5eb1044.zip
1 files changed, 2 insertions, 2 deletions
diff --git a/src/lib/libcrypto/hkdf/hkdf.c b/src/lib/libcrypto/hkdf/hkdf.c
index 47ad4ec131..9e0e206324 100644
--- a/src/lib/libcrypto/hkdf/hkdf.c
+++ b/src/lib/libcrypto/hkdf/hkdf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: hkdf.c,v 1.8 2022/11/26 16:08:53 tb Exp $ */
+/* $OpenBSD: hkdf.c,v 1.9 2023/06/01 02:34:23 tb Exp $ */
 /* Copyright (c) 2014, Google Inc.
 *
 * Permission to use, copy, modify, and/or distribute this software for any
@@ -102,7 +102,7 @@ HKDF_expand(uint8_t *out_key, size_t out_len,
                        goto out;
                todo = digest_len;
-                if (done + todo > out_len)
+                if (todo > out_len - done)
                        todo = out_len - done;
                memcpy(out_key + done, previous, todo);
author	tb <>	2023-06-01 02:34:23 +0000
committer	tb <>	2023-06-01 02:34:23 +0000
commit	15d3c912ab27ed23d29447224f0220efc5eb1044 (patch)
tree	f159b2332ccecebfdae2451d699152f7058f09af /src/lib/libcrypto/hkdf/hkdf.c
parent	5ad6656dad44c1cc6f5d9f207bc4df24339c6f56 (diff)
download	openbsd-15d3c912ab27ed23d29447224f0220efc5eb1044.tar.gz openbsd-15d3c912ab27ed23d29447224f0220efc5eb1044.tar.bz2 openbsd-15d3c912ab27ed23d29447224f0220efc5eb1044.zip

diff --git a/src/lib/libcrypto/hkdf/hkdf.c b/src/lib/libcrypto/hkdf/hkdf.c index 47ad4ec131..9e0e206324 100644 --- a/src/lib/libcrypto/hkdf/hkdf.c +++ b/src/lib/libcrypto/hkdf/hkdf.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: hkdf.c,v 1.8 2022/11/26 16:08:53 tb Exp $ */	1	/* $OpenBSD: hkdf.c,v 1.9 2023/06/01 02:34:23 tb Exp $ */
2	/* Copyright (c) 2014, Google Inc.	2	/* Copyright (c) 2014, Google Inc.
3	*	3	*
4	* Permission to use, copy, modify, and/or distribute this software for any	4	* Permission to use, copy, modify, and/or distribute this software for any
@@ -102,7 +102,7 @@ HKDF_expand(uint8_t *out_key, size_t out_len,
102	goto out;	102	goto out;
103		103
104	todo = digest_len;	104	todo = digest_len;
105	if (done + todo > out_len)	105	if (todo > out_len - done)
106	todo = out_len - done;	106	todo = out_len - done;
107		107
108	memcpy(out_key + done, previous, todo);	108	memcpy(out_key + done, previous, todo);