From 5f6a0b2ff055cf3ad09a1d49a4b95b13e1106b35 Mon Sep 17 00:00:00 2001 From: Pauli Date: Wed, 5 Aug 2020 15:26:48 +1000 Subject: [PATCH] mac: add some consistency to setting the XXX_final output length. The various MACs were all over the place with respects to what they did with the output length in the final call. Now they all unconditionally set the output length and the EVP layer handles the possibility of a NULL pointer. Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/12582) --- crypto/evp/mac_lib.c | 4 +++- providers/implementations/macs/blake2_mac_impl.c | 1 + providers/implementations/macs/hmac_prov.c | 3 +-- providers/implementations/macs/kmac_prov.c | 3 +-- providers/implementations/macs/poly1305_prov.c | 1 + 5 files changed, 7 insertions(+), 5 deletions(-) diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c index a5c1b44666d..2198c466805 100644 --- a/crypto/evp/mac_lib.c +++ b/crypto/evp/mac_lib.c @@ -120,11 +120,13 @@ int EVP_MAC_update(EVP_MAC_CTX *ctx, const unsigned char *data, size_t datalen) int EVP_MAC_final(EVP_MAC_CTX *ctx, unsigned char *out, size_t *outl, size_t outsize) { - size_t l = EVP_MAC_size(ctx); + size_t l; int res = 1; if (out != NULL) res = ctx->meth->final(ctx->data, out, &l, outsize); + else + l = EVP_MAC_size(ctx); if (outl != NULL) *outl = l; return res; diff --git a/providers/implementations/macs/blake2_mac_impl.c b/providers/implementations/macs/blake2_mac_impl.c index 586a5462145..d4e61e44a4b 100644 --- a/providers/implementations/macs/blake2_mac_impl.c +++ b/providers/implementations/macs/blake2_mac_impl.c @@ -101,6 +101,7 @@ static int blake2_mac_final(void *vmacctx, { struct blake2_mac_data_st *macctx = vmacctx; + *outl = blake2_mac_size(macctx); return BLAKE2_FINAL(out, &macctx->ctx); } diff --git a/providers/implementations/macs/hmac_prov.c b/providers/implementations/macs/hmac_prov.c index 109f93d243e..af2a2098cda 100644 --- a/providers/implementations/macs/hmac_prov.c +++ b/providers/implementations/macs/hmac_prov.c @@ -130,8 +130,7 @@ static int hmac_final(void *vmacctx, unsigned char *out, size_t *outl, if (!HMAC_Final(macctx->ctx, out, &hlen)) return 0; - if (outl != NULL) - *outl = hlen; + *outl = hlen; return 1; } diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c index 46b0bd644a2..792bc6c5bb0 100644 --- a/providers/implementations/macs/kmac_prov.c +++ b/providers/implementations/macs/kmac_prov.c @@ -298,8 +298,7 @@ static int kmac_final(void *vmacctx, unsigned char *out, size_t *outl, ok = right_encode(encoded_outlen, &len, lbits) && EVP_DigestUpdate(ctx, encoded_outlen, len) && EVP_DigestFinalXOF(ctx, out, kctx->out_len); - if (ok && outl != NULL) - *outl = kctx->out_len; + *outl = kctx->out_len; return ok; } diff --git a/providers/implementations/macs/poly1305_prov.c b/providers/implementations/macs/poly1305_prov.c index eef546047f0..748cafbaca2 100644 --- a/providers/implementations/macs/poly1305_prov.c +++ b/providers/implementations/macs/poly1305_prov.c @@ -94,6 +94,7 @@ static int poly1305_final(void *vmacctx, unsigned char *out, size_t *outl, struct poly1305_data_st *ctx = vmacctx; Poly1305_Final(&ctx->poly1305, out); + *outl = poly1305_size(); return 1; } -- 2.47.2