Commit 514c9da4 authored by Guido Vranken's avatar Guido Vranken Committed by Matt Caswell
Browse files

Enforce a strict output length check in CRYPTO_ccm128_tag 



Return error if the output tag buffer size doesn't match
the tag size exactly. This prevents the caller from
using that portion of the tag buffer that remains
uninitialized after an otherwise succesfull call to
CRYPTO_ccm128_tag.

Bug found by OSS-Fuzz.

Fix suggested by Kurt Roeckx.

Signed-off-by: default avatarGuido Vranken <guidovranken@gmail.com>

Reviewed-by: default avatarMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: default avatarPaul Dale <paul.dale@oracle.com>
Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8810)
parent 87930507

crypto/modes/ccm128.c

+1 −1
Original line number Diff line number Diff line
@@ -425,7 +425,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len) 


    M *= 2;

    M += 2;

    if (len < M)

    if (len != M)

        return 0;

    memcpy(tag, ctx->cmac.c, M);

    return M;