From: Matt Caswell <matt@openssl.org>
Date: Thu, 7 Oct 2021 13:06:32 +0000 (+0100)
Subject: Enforce a size check in EVP_MAC_final()
X-Git-Tag: openssl-3.2.0-alpha1~3453
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=b97f4dd73b4711eebf731ae0efa6e9b77c7f3304;p=thirdparty%2Fopenssl.git

Enforce a size check in EVP_MAC_final()

Make sure that the outsize for the buffer is large enough for the
output from the MAC.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
---

diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 1a68c58919e..24fdb35c8ef 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -132,6 +132,7 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
     size_t l;
     int res;
     OSSL_PARAM params[2];
+    size_t macsize;
 
     if (ctx == NULL || ctx->meth == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
@@ -142,14 +143,19 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
         return 0;
     }
 
+    macsize = EVP_MAC_CTX_get_mac_size(ctx);
     if (out == NULL) {
         if (outl == NULL) {
             ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
             return 0;
         }
-        *outl = EVP_MAC_CTX_get_mac_size(ctx);
+        *outl = macsize;
         return 1;
     }
+    if (outsize < macsize) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
     if (xof) {
         params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof);
         params[1] = OSSL_PARAM_construct_end();