mac: add some consistency to setting the XXX_final output length.

The various MACs were all over the place with respects to what they did with
the output length in the final call.  Now they all unconditionally set the
output length and the EVP layer handles the possibility of a NULL pointer.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12582)

diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index a5c1b44666ddc38b2b47f6b0feda8626ab130cdf..2198c466805f2d61be6dc36a0e85e51536801a67 100644 (file)
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -120,11 +120,13 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen)
 int EVP_MAC_final(EVP_MAC_CTX *ctx,
                   unsigned char *out, size_t *outl, size_t outsize)
 {
-    size_t l = EVP_MAC_size(ctx);
+    size_t l;
     int res = 1;
 
     if (out != NULL)
         res = ctx->meth->final(ctx->data, out, &l, outsize);
+    else
+        l = EVP_MAC_size(ctx);
     if (outl != NULL)
         *outl = l;
     return res;

diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c
index 586a5462145e438b64075fe28daa3392cbe25e80..d4e61e44a4b41c5d9f7dc38eb3bb3c3faa53e808 100644 (file)
--- a/providers/implementations/macs/blake2_mac_impl.c
+++ b/providers/implementations/macs/blake2_mac_impl.c
@@ -101,6 +101,7 @@ static int blake2_mac_final(void *vmacctx,
 {
     struct blake2_mac_data_st *macctx = vmacctx;
 
+    *outl = blake2_mac_size(macctx);
     return BLAKE2_FINAL(out, &macctx->ctx);
 }
 

diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c
index 109f93d243e203d7585f2655229ba5fca3a4400e..af2a2098cdae660dc230e5879ceb066f750951fd 100644 (file)
--- a/providers/implementations/macs/hmac_prov.c
+++ b/providers/implementations/macs/hmac_prov.c
@@ -130,8 +130,7 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl,
 
     if (!HMAC_Final(macctx->ctx, out, &hlen))
         return 0;
-    if (outl != NULL)
-        *outl = hlen;
+    *outl = hlen;
     return 1;
 }
 

diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
index 46b0bd644a20f0177a83fe788d2ad13604377bbc..792bc6c5bb0a973ad33dbac55d263b2cf8b0f70e 100644 (file)
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -298,8 +298,7 @@ static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl,
     ok = right_encode(encoded_outlen, &len, lbits)
         && EVP_DigestUpdate(ctx, encoded_outlen, len)
         && EVP_DigestFinalXOF(ctx, out, kctx->out_len);
-    if (ok && outl != NULL)
-        *outl = kctx->out_len;
+    *outl = kctx->out_len;
     return ok;
 }
 

diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c
index eef546047f0dfc9898a81f805a6088362c372193..748cafbaca2f28cf6a3fa84d1b741291eb676c1b 100644 (file)
--- a/providers/implementations/macs/poly1305_prov.c
+++ b/providers/implementations/macs/poly1305_prov.c
@@ -94,6 +94,7 @@ static int poly1305_final(void *vmacctx, unsigned char *out, size_t *outl,
     struct poly1305_data_st *ctx = vmacctx;
 
     Poly1305_Final(&ctx->poly1305, out);
+    *outl = poly1305_size();
     return 1;
 }