Check the plaintext buffer is large enough when decrypting SM2

Previously there was no check that the supplied buffer was large enough. It was just assumed to be sufficient. Instead we should check and fail if not. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
author: Matt Caswell <matt@openssl.org> 2021-08-13 16:58:21 +0100
committer: Matt Caswell <matt@openssl.org> 2021-08-24 13:24:36 +0100
commit: 515ac8b5e544dd713a2b4cabfc54b722d122c218 (patch)
tree: 6d53d854034df3631552e0356b0a9d3c181fe802
parent: 733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
index 1188abfc6b..00055a4e51 100644
--- a/crypto/sm2/sm2_crypt.c
+++ b/crypto/sm2/sm2_crypt.c
@@ -294,6 +294,10 @@ int sm2_decrypt(const EC_KEY *key,
     C2 = sm2_ctext->C2->data;
     C3 = sm2_ctext->C3->data;
     msg_len = sm2_ctext->C2->length;
+    if (*ptext_len < (size_t)msg_len) {
+        SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
+        goto done;
+    }
 
     ctx = BN_CTX_new();
     if (ctx == NULL) {
author	Matt Caswell <matt@openssl.org>	2021-08-13 16:58:21 +0100
committer	Matt Caswell <matt@openssl.org>	2021-08-24 13:24:36 +0100
commit	515ac8b5e544dd713a2b4cabfc54b722d122c218 (patch)
tree	6d53d854034df3631552e0356b0a9d3c181fe802
parent	733fa41c3fc4bcac37f94aa917f7242420f8a5a6 (diff)