mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-02-17 14:32:04 +08:00
Code Issues Packages Projects Releases Wiki Activity

Fix SSKDF to not claim a buffer size that is too small for the MAC

Browse Source 
We also check that our buffer is sufficiently sized for the MAC output

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
This commit is contained in:
Matt Caswell 2021-10-07 14:14:52 +01:00
parent b97f4dd73b
commit 7be8ba5462
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
providers/implementations/kdfs/sskdf.c
View File

@ -239,7 +239,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
goto end; goto end;
out_len = EVP_MAC_CTX_get_mac_size(ctx_init); /* output size */ out_len = EVP_MAC_CTX_get_mac_size(ctx_init); /* output size */
if (out_len <= 0) if (out_len <= 0 || (mac == mac_buf && out_len > sizeof(mac_buf)))
goto end; goto end;
len = derived_key_len; len = derived_key_len;
@ -263,7 +263,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
if (len == 0) if (len == 0)
break; break;
} else { } else {
if (!EVP_MAC_final(ctx, mac, NULL, len)) if (!EVP_MAC_final(ctx, mac, NULL, out_len))
goto end; goto end;
memcpy(out, mac, len); memcpy(out, mac, len);
break; break;