5605997699
68%
target-openssl: 68%

Ran 20 Jul 2023 02:25AM UTC

Jobs 1

Files 1355

Run time 19s

Badge

Embed ▾

Committed 19 May 2023 10:42AM UTC coverage: 68.062% (+0.007%) from 68.055%

Build # 5605997699

Build Type

push

github

Committed by

t8m

Commit Message

Update hkdf.c to avoid potentially vulnerable code pattern

The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.

This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.

It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)

Run Details

1 of 1 new or added line in 1 file covered. (100.0%)

172867 of 253986 relevant lines covered (68.06%)

2334263.54 hits per line

Jobs

ID	Job ID	Ran	Files	Coverage
1	5605997699.1	20 Jul 2023 02:25AM UTC	0	68.06	GitHub Action Run

Source Files on build 5605997699

Detailed source file information is not available for this build.

universal-ctags / target-openssl / 5605997699
68%
target-openssl: 68%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 5605997699

universal-ctags / target-openssl / 5605997699 68% target-openssl: 68%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 5605997699

universal-ctags / target-openssl / 5605997699
68%
target-openssl: 68%

README BADGES
x