KDF interface returns truncated output if the algorithm doesn't support requested length #2347
Comments
|
Not intentional, this is a bug, we just let the counter overflow :( Thanks for reporting. |
|
Apologies, actually this is intended behavior of the KDF interface. If the output requested is too large for the KDF to support we return a truncated amount. I'm not sure if this is good behavior - in fact it seems almost certainly not good - but it is how the KDF interface currently works and I'm not sure if we can in the immediate term change it without breaking compat. I've now officially deprecated this behavior so we can fix it in 3.0, but in the meantime you'll probably have to skip this test for Botan in cryptofuzz. |
|
Ok thanks, workaround in Cryptofuzz has been implemented, you may close this report when you want. |
randombit
changed the title
|
@guidovranken The KDF truncation behavior has been removed on master so you should be able to enable KDF testing in cryptofuzz again. |
|
@randombit Great. I've removed the workaround for this bug in Cryptofuzz. |
Eg. HKDF + MD5 with a key size > 4080 returns 4080 bytes.
4080 is 255 * 16 (MD5 output size).
The spec says key sizes larger than (255 * digest size) are illegal: https://tools.ietf.org/html/rfc5869#section-2.3 and most libraries I've tested simply return an error/throw an exception in those cases.
This is how I am invoking Botan's HKDF: https://github.com/guidovranken/cryptofuzz/blob/690e0d3199d6bd51f13957d31d8c89dca8cd91f0/modules/botan/module.cpp#L363-L382
Is Botan's behavior intentional?
The text was updated successfully, but these errors were encountered: