mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-04-24 20:51:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

Enforce a size check in EVP_MAC_final()

Browse Source 
Make sure that the outsize for the buffer is large enough for the
output from the MAC.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
This commit is contained in:
Matt Caswell 2021-10-07 14:06:32 +01:00
parent 43da9a14f0
commit b97f4dd73b
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/evp/mac_lib.c
View File

@ -132,6 +132,7 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
size_t l; size_t l;
int res; int res;
OSSL_PARAM params[2]; OSSL_PARAM params[2];
size_t macsize;
if (ctx == NULL || ctx->meth == NULL) { if (ctx == NULL || ctx->meth == NULL) {
ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM); ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
@ -142,14 +143,19 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
return 0; return 0;
} }
macsize = EVP_MAC_CTX_get_mac_size(ctx);
if (out == NULL) { if (out == NULL) {
if (outl == NULL) { if (outl == NULL) {
ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER); ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
return 0; return 0;
} }
*outl = EVP_MAC_CTX_get_mac_size(ctx); *outl = macsize;
return 1; return 1;
} }
if (outsize < macsize) {
ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL);
return 0;
}
if (xof) { if (xof) {
params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof); params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof);
params[1] = OSSL_PARAM_construct_end(); params[1] = OSSL_PARAM_construct_end();