upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-23 10:37:43 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
bind9/lib/isc/crypto
History
Aydın Mercan a531f00a75
wipe hmac keys correctly pre-3.0 libcrypto 
A lingering `sizeof` from the prototype era of !11094 caused the
key-wipe in `isc_hmac_key_destroy` to use `sizeof(key->len)` instead of
`key->len` for the length argument of `isc_safe_memwipe`.

This results in a buffer overflow of zero bytes in HMAC keys that are
less than 4 bytes. As such, the overflow can only be visibile in keys
that are less than 32-bits, which is beyond broken and creating such
keys are only possible in testing.

Therefore, this change is *not* a security fix since the conditions are
never reachable in any imaginable deployment scenario.

Builds that use OpenSSL >=3.0 are unaffected as the `sizeof` was only
remaining in pre-3.0 builds.
2026-02-06 14:14:43 +03:00
..
meson.build initial openssl version splitting 2026-02-02 11:12:53 +03:00
ossl1_1.c wipe hmac keys correctly pre-3.0 libcrypto 2026-02-06 14:14:43 +03:00
ossl3.c expose isc__crypto_md in isc/ossl_wrap.h 2026-02-02 11:50:14 +03:00
ossl_common.c expose isc__crypto_md in isc/ossl_wrap.h 2026-02-02 11:50:14 +03:00