mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-11 14:22:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix SSKDF to not claim a buffer size that is too small for the MAC

Browse Source 
We also check that our buffer is sufficiently sized for the MAC output

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
This commit is contained in:
Matt Caswell 2021-10-07 14:14:52 +01:00
parent b97f4dd73b
commit 7be8ba5462
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
providers/implementations/kdfs/sskdf.c
View File

@ -239,7 +239,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
goto end;
out_len = EVP_MAC_CTX_get_mac_size(ctx_init); /* output size */
if (out_len <= 0)
if (out_len <= 0 || (mac == mac_buf && out_len > sizeof(mac_buf)))
goto end;
len = derived_key_len;
@ -263,7 +263,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
if (len == 0)
break;
} else {
if (!EVP_MAC_final(ctx, mac, NULL, len))
if (!EVP_MAC_final(ctx, mac, NULL, out_len))
goto end;
memcpy(out, mac, len);
break;