From 8e9eafaec5fe144d3fa05abc685dd7dc207e473f Mon Sep 17 00:00:00 2001 From: Pol Henarejos Date: Wed, 7 Dec 2022 16:35:19 +0100 Subject: [PATCH] Fix important potential buffer overflow deriving the credential key. Signed-off-by: Pol Henarejos --- src/fido/credential.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fido/credential.c b/src/fido/credential.c index 213ad80..6d63e1c 100644 --- a/src/fido/credential.c +++ b/src/fido/credential.c @@ -314,7 +314,7 @@ int credential_derive_chacha_key(uint8_t *outk) { int r = 0; if ((r = load_keydev(outk)) != 0) return r; - const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA512); + const mbedtls_md_info_t *md_info = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); mbedtls_md_hmac(md_info, outk, 32, (uint8_t *)"SLIP-0022", 9, outk); mbedtls_md_hmac(md_info, outk, 32, (uint8_t *)CRED_PROTO, 4, outk);