Limit subkeys to 128-512 bit.
This commit is contained in:
parent
4f7c28563d
commit
c3bb896f40
@ -190,8 +190,8 @@ static const char *mpw_sitePasswordFromDerive_v0(
|
|||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
int resultParamInt = atoi( resultParam );
|
int resultParamInt = atoi( resultParam );
|
||||||
if (resultParamInt <= 0 || resultParamInt > UINT16_MAX || resultParamInt % 8 != 0) {
|
if (resultParamInt < 128 || resultParamInt > 512 || resultParamInt % 8 != 0) {
|
||||||
err( "Parameter is not a valid key size: %s\n", resultParam );
|
err( "Parameter is not a valid key size (should be 128 - 512): %s\n", resultParam );
|
||||||
return NULL;
|
return NULL;
|
||||||
}
|
}
|
||||||
uint16_t keySize = (uint16_t)(resultParamInt / 8);
|
uint16_t keySize = (uint16_t)(resultParamInt / 8);
|
||||||
|
@ -164,7 +164,10 @@ uint8_t const *mpw_kdf_blake2b(const size_t subkeySize, const uint8_t *key, cons
|
|||||||
return NULL;
|
return NULL;
|
||||||
|
|
||||||
#if HAS_SODIUM
|
#if HAS_SODIUM
|
||||||
if (personal && strlen( personal ) > crypto_generichash_blake2b_PERSONALBYTES) {
|
if (keySize < crypto_generichash_blake2b_KEYBYTES_MIN || keySize > crypto_generichash_blake2b_KEYBYTES_MAX ||
|
||||||
|
subkeySize < crypto_generichash_blake2b_KEYBYTES_MIN || subkeySize > crypto_generichash_blake2b_KEYBYTES_MAX ||
|
||||||
|
contextSize < crypto_generichash_blake2b_BYTES_MIN || contextSize > crypto_generichash_blake2b_BYTES_MAX ||
|
||||||
|
(personal && strlen( personal ) > crypto_generichash_blake2b_PERSONALBYTES)) {
|
||||||
errno = EINVAL;
|
errno = EINVAL;
|
||||||
free( subkey );
|
free( subkey );
|
||||||
return NULL;
|
return NULL;
|
||||||
|
Loading…
Reference in New Issue
Block a user