Enforce a size check in EVP_MAC_final()

Make sure that the outsize for the buffer is large enough for the output from the MAC. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789) (cherry picked from commit b97f4dd73b4711eebf731ae0efa6e9b77c7f3304)
author: Matt Caswell <matt@openssl.org> 2021-10-07 14:06:32 +0100
committer: Matt Caswell <matt@openssl.org> 2021-10-22 08:44:59 +0100
commit: 4fffef3dedcb80d2bfa657d4b7c2850dddaef1b4 (patch)
tree: f4d069214a9ae024859d22aa98be787ab00741bb /crypto/evp/mac_lib.c
parent: 97c453a6395c5c5a53331c514d55b82be926d141 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 1a68c58919..24fdb35c8e 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -132,6 +132,7 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
     size_t l;
     int res;
     OSSL_PARAM params[2];
+    size_t macsize;
 
     if (ctx == NULL || ctx->meth == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
@@ -142,14 +143,19 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
         return 0;
     }
 
+    macsize = EVP_MAC_CTX_get_mac_size(ctx);
     if (out == NULL) {
         if (outl == NULL) {
             ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
             return 0;
         }
-        *outl = EVP_MAC_CTX_get_mac_size(ctx);
+        *outl = macsize;
         return 1;
     }
+    if (outsize < macsize) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
     if (xof) {
         params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof);
         params[1] = OSSL_PARAM_construct_end();
author	Matt Caswell <matt@openssl.org>	2021-10-07 14:06:32 +0100
committer	Matt Caswell <matt@openssl.org>	2021-10-22 08:44:59 +0100
commit	4fffef3dedcb80d2bfa657d4b7c2850dddaef1b4 (patch)
tree	f4d069214a9ae024859d22aa98be787ab00741bb /crypto/evp/mac_lib.c
parent	97c453a6395c5c5a53331c514d55b82be926d141 (diff)