root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Increase HKDF_MAXBUF from 1024 to 2048 

We've encountered some scenarios that need to use more than 1 kB of
data as the HKDF-Expand() "info" argument (which, per RFC 5869,
contains "optional context and application specific information").

Since HKDF_MAXBUF is used to size an array in the HKDF_PKEY_CTX
structure, this adds 1 kB of memory footprint to each EVP_PKEY_CTX
used for HKDF.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14649)
This commit is contained in:
Benjamin Kaduk 2021-03-22 15:02:04 -07:00 committed by Benjamin Kaduk
parent c6b09ea0fe
commit 20c2876f24
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
providers/implementations/kdfs/hkdf.c
View File

@ -30,7 +30,7 @@
#include "prov/provider_util.h" #include "prov/provider_util.h"
#include "e_os.h" #include "e_os.h"
#define HKDF_MAXBUF 1024 #define HKDF_MAXBUF 2048
static OSSL_FUNC_kdf_newctx_fn kdf_hkdf_new; static OSSL_FUNC_kdf_newctx_fn kdf_hkdf_new;
static OSSL_FUNC_kdf_freectx_fn kdf_hkdf_free; static OSSL_FUNC_kdf_freectx_fn kdf_hkdf_free;