[openssl] master update

kaduk at mit.edu kaduk at mit.edu
Wed Mar 31 00:24:00 UTC 2021

The branch master has been updated
       via  20c2876f24d0ccf9581ace08c7882d544d2588ea (commit)
      from  c6b09ea0fe23a572a781681b3c1f436e8b0932fe (commit)

- Log -----------------------------------------------------------------
commit 20c2876f24d0ccf9581ace08c7882d544d2588ea
Author: Benjamin Kaduk <bkaduk at akamai.com>
Date:   Mon Mar 22 15:02:04 2021 -0700

    Increase HKDF_MAXBUF from 1024 to 2048
    We've encountered some scenarios that need to use more than 1 kB of
    data as the HKDF-Expand() "info" argument (which, per RFC 5869,
    contains "optional context and application specific information").
    Since HKDF_MAXBUF is used to size an array in the HKDF_PKEY_CTX
    structure, this adds 1 kB of memory footprint to each EVP_PKEY_CTX
    used for HKDF.
    Reviewed-by: Shane Lontis <shane.lontis at oracle.com>
    Reviewed-by: Paul Dale <pauli at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/14649)


Summary of changes:
 providers/implementations/kdfs/hkdf.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/providers/implementations/kdfs/hkdf.c b/providers/implementations/kdfs/hkdf.c
index 52b284c662..2d3c72f501 100644
--- a/providers/implementations/kdfs/hkdf.c
+++ b/providers/implementations/kdfs/hkdf.c
@@ -30,7 +30,7 @@
 #include "prov/provider_util.h"
 #include "e_os.h"
-#define HKDF_MAXBUF 1024
+#define HKDF_MAXBUF 2048
 static OSSL_FUNC_kdf_newctx_fn kdf_hkdf_new;
 static OSSL_FUNC_kdf_freectx_fn kdf_hkdf_free;

More information about the openssl-commits mailing list