From: Pauli Date: Wed, 5 Aug 2020 05:26:48 +0000 (+1000) Subject: mac: add some consistency to setting the XXX_final output length. X-Git-Tag: openssl-3.0.0-alpha7~643 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35;p=thirdparty%2Fopenssl.git mac: add some consistency to setting the XXX_final output length. The various MACs were all over the place with respects to what they did with the output length in the final call. Now they all unconditionally set the output length and the EVP layer handles the possibility of a NULL pointer. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12582) --- diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index a5c1b44666d..2198c466805 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -120,11 +120,13 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen) int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, size_t *outl, size_t outsize) { - size_t l = EVP_MAC_size(ctx); + size_t l; int res = 1; if (out != NULL) res = ctx->meth->final(ctx->data, out, &l, outsize); + else + l = EVP_MAC_size(ctx); if (outl != NULL) *outl = l; return res; diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c index 586a5462145..d4e61e44a4b 100644 --- a/providers/implementations/macs/blake2_mac_impl.c +++ b/providers/implementations/macs/blake2_mac_impl.c @@ -101,6 +101,7 @@ static int blake2_mac_final(void *vmacctx, { struct blake2_mac_data_st *macctx = vmacctx; + *outl = blake2_mac_size(macctx); return BLAKE2_FINAL(out, &macctx->ctx); } diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index 109f93d243e..af2a2098cda 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -130,8 +130,7 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, if (!HMAC_Final(macctx->ctx, out, &hlen)) return 0; - if (outl != NULL) - *outl = hlen; + *outl = hlen; return 1; } diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index 46b0bd644a2..792bc6c5bb0 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -298,8 +298,7 @@ static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl, ok = right_encode(encoded_outlen, &len, lbits) && EVP_DigestUpdate(ctx, encoded_outlen, len) && EVP_DigestFinalXOF(ctx, out, kctx->out_len); - if (ok && outl != NULL) - *outl = kctx->out_len; + *outl = kctx->out_len; return ok; } diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c index eef546047f0..748cafbaca2 100644 --- a/providers/implementations/macs/poly1305_prov.c +++ b/providers/implementations/macs/poly1305_prov.c @@ -94,6 +94,7 @@ static int poly1305_final(void *vmacctx, unsigned char *out, size_t *outl, struct poly1305_data_st *ctx = vmacctx; Poly1305_Final(&ctx->poly1305, out); + *outl = poly1305_size(); return 1; }