crypto_data_hkdf/4: Fail if the length is too long.

Due to the way the counter is constructed in the HKDF specification,
the requested output length can be at most 255 times the size of the
digest algorithm's output.

Reported by @notoria in #527. Many thanks!

diff --git a/src/prolog/machine/system_calls.rs b/src/prolog/machine/system_calls.rs
index 17d456ed751fce882508d0a802bcde42f20ca191..c71fc5bab286594bf4005e33bdad0beae2cf308b 100644 (file)
--- a/src/prolog/machine/system_calls.rs
+++ b/src/prolog/machine/system_calls.rs
@@ -5266,7 +5266,10 @@ impl MachineState {
                              let salt = hkdf::Salt::new(digest_alg, &salt);
                              let mut bytes : Vec<u8> = Vec::new();
                              bytes.resize(length, 0);
-                             salt.extract(&data).expand(&[&info[..]], MyKey(length)).unwrap().fill(&mut bytes).unwrap();
+                             match salt.extract(&data).expand(&[&info[..]], MyKey(length)) {
+                                 Ok(r) => { r.fill(&mut bytes).unwrap(); }
+                                 _ => { self.fail = true; return Ok(()); }
+                             }
 
                              Addr::HeapCell(self.heap.to_list(bytes.iter().map(|b| HeapCellValue::Integer(Rc::new(Integer::from(*b))))))
                         };