<div dir="ltr">HKDF prohibits output sizes which exceed digest size * 255. See section 2.3 of RFC 5869.<div><br></div><div>In the following code, the abort() should not be reached:</div><div><br></div><div>#include <gcrypt.h><br><br>#define CF_CHECK_EQ(expr, res) if ( (expr) != (res) ) { goto end; }<br><br>#define OUTSIZE ((32 * 255) + 1)<br><br>int main(void)<br>{<br>    const unsigned char password[] = {0x00};<br>    const unsigned char salt[] = {0x00};<br>    const unsigned char info[] = {0x00};<br><br>    gcry_kdf_hd_t hd = {0};<br>    uint8_t out[OUTSIZE];<br>    unsigned long param[1] = {OUTSIZE};<br><br>    CF_CHECK_EQ(gcry_kdf_open(<br>                &hd,<br>                GCRY_KDF_HKDF,<br>                GCRY_MAC_HMAC_SHA256,<br>                param,<br>                1,<br>                password, sizeof(password),<br>                NULL, 0,<br>                salt, sizeof(salt),<br>                info, sizeof(info)), GPG_ERR_NO_ERROR);<br><br>    CF_CHECK_EQ(gcry_kdf_compute(hd, NULL), GPG_ERR_NO_ERROR);<br>    CF_CHECK_EQ(gcry_kdf_final(hd, OUTSIZE, out), GPG_ERR_NO_ERROR);<br><br>    /* Should not be reached */<br>    abort();<br><br>end:<br>    gcry_kdf_close(hd);<br>    return 0;<br>}<br></div></div>