From: Matt Caswell <matt@openssl.org>
Date: Thu, 7 Oct 2021 13:14:52 +0000 (+0100)
Subject: Fix SSKDF to not claim a buffer size that is too small for the MAC
X-Git-Tag: openssl-3.2.0-alpha1~3452
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=7be8ba546267787c1b0df8a4fddaf9cb29944cbb;p=thirdparty%2Fopenssl.git

Fix SSKDF to not claim a buffer size that is too small for the MAC

We also check that our buffer is sufficiently sized for the MAC output

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/16789)
---

diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
index 56ac1e63340..297ddcdc2de 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -239,7 +239,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
         goto end;
 
     out_len = EVP_MAC_CTX_get_mac_size(ctx_init); /* output size */
-    if (out_len <= 0)
+    if (out_len <= 0 || (mac == mac_buf && out_len > sizeof(mac_buf)))
         goto end;
     len = derived_key_len;
 
@@ -263,7 +263,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
             if (len == 0)
                 break;
         } else {
-            if (!EVP_MAC_final(ctx, mac, NULL, len))
+            if (!EVP_MAC_final(ctx, mac, NULL, out_len))
                 goto end;
             memcpy(out, mac, len);
             break;