From: Nicky Mouha Date: Wed, 17 May 2023 20:46:41 +0000 (-0400) Subject: Update hkdf.c to avoid potentially vulnerable code pattern X-Git-Tag: openssl-3.2.0-alpha1~799 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=56a51b5a1ecd54eadc80bed4bfe5044a340787c1;p=thirdparty%2Fopenssl.git Update hkdf.c to avoid potentially vulnerable code pattern The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This pattern is the root cause of CVE-2022-37454, a buffer overflow vulnerability in the "official" SHA-3 implementation. It has been confirmed that the addition in https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534 cannot overflow. So this is only a minor change proposal to avoid a potentially vulnerable code pattern and to improve readability. More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959 CLA: trivial Reviewed-by: Paul Dale Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/20990) --- diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c index f0b46a1fc50..7f42f426479 100644 --- a/providers/implementations/kdfs/hkdf.c +++ b/providers/implementations/kdfs/hkdf.c @@ -531,7 +531,7 @@ static int HKDF_Expand(const EVP_MD *evp_md, if (!HMAC_Final(hmac, prev, NULL)) goto err; - copy_len = (done_len + dig_len > okm_len) ? + copy_len = (dig_len > okm_len - done_len) ? okm_len - done_len : dig_len;