Invalid read reported by valgrind in call to gcry_kdf_derive

[Jussi Kivilinna]

Hello,

On 3.2.2021 15.09, Guido Vranken via Gcrypt-devel wrote:
> Tested on the latest repository checkout.
> 
> ==17149== Invalid read of size 32
> ==17149==    at 0x525B90: ??? (sha256-avx2-bmi2-amd64.S:307)
> ==17149==    by 0x4F7777: _gcry_md_block_write (hash-common.c:176)
> ==17149==    by 0x480B8F: _gcry_sha256_hash_buffer (sha256.c:639)
> ==17149==    by 0x45B412: prepare_macpads (md.c:962)
> ==17149==    by 0x45B412: _gcry_md_setkey (md.c:1034)
> ==17149==    by 0x456C09: _gcry_kdf_pkdf2 (kdf.c:185)
> ==17149==    by 0x477DB7: _gcry_kdf_scrypt (scrypt.c:306)
> ==17149==    by 0x429362: gcry_kdf_derive (visibility.c:1312)
> ==17149==    by 0x42497A: main (libgcrypt_scrypt_oob_read.c:23)
> ==17149==  Address 0x6025300 is 6 bytes after a block of size 90 alloc'd
> ==17149==    at 0x4C31B0F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
> ==17149==    by 0x4248DB: main (libgcrypt_scrypt_oob_read.c:15)
> 
> Found by Cryptofuzz running on OSS-Fuzz.
> 

Thanks for reporting. I'll be posting patch to mailing-list soon.

-Jussi