Enforce a size check in EVP_MAC_final()

Make sure that the outsize for the buffer is large enough for the output from the MAC. Reviewed-by: N Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)

Enforce a size check in EVP_MAC_final()
Make sure that the outsize for the buffer is large enough for the output from the MAC. Reviewed-by: N Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789)
b97f4dd7 · Matt Caswell · 43da9a14 · b97f4dd7
隐藏空白更改
内联并排

Showing with 7 addition and 1 deletion

crypto/evp/mac_lib.c crypto/evp/mac_lib.c +7 -1

未找到文件。
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -132,6 +132,7 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
    size_t l;
    int res;
    OSSL_PARAM params[2];
+    size_t macsize;

    if (ctx == NULL || ctx->meth == NULL) {
        ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
@@ -142,14 +143,19 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
        return 0;
    }

+    macsize = EVP_MAC_CTX_get_mac_size(ctx);
    if (out == NULL) {
        if (outl == NULL) {
            ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
            return 0;
        }
-        *outl = EVP_MAC_CTX_get_mac_size(ctx);
+        *outl = macsize;
        return 1;
    }
+    if (outsize < macsize) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
    if (xof) {
        params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof);
        params[1] = OSSL_PARAM_construct_end();