-
-
Notifications
You must be signed in to change notification settings - Fork 9.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
HKDF + BLAKE2S256 outputs uninitialized memory #22708
Comments
Introduced by #22444 @nabijaczleweli |
Assuming the repro code's This is quite surprising given that this PR only touched the hash algorithm driver itself, and not any KDF code. |
Building with debug on and a small bisexion, this corresponds to providers/implementations/kdfs/hkdf.c#HKDF()'s What's less rosy is that it's actually
so this means I replaced all the 512s with a macro parameter but not the 64s, of which there appears to be just one: static int blake##variantsize##_get_params(OSSL_PARAM params[]) \
{ \
return ossl_digest_default_get_params(params, BLAKE##VARIANT##_BLOCKBYTES, 64, 0); \
} \ which is mildly surprising a test didn't catch (and more so, mayhap, that it wasn't a macro already). Replacing that with
|
Thank you. With my fuzzer I've confirmed that your patch resolves the issue. Tested on x64 and x86. |
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #22710)
This should print:
But instead it outputs random, uninitialized memory. Bug was introduced very recently (it was still working correctly on November 7). Found by OSS-Fuzz.
The text was updated successfully, but these errors were encountered: