Enforce a strict output length check in CRYPTO_ccm128_tag

Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken <guidovranken@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8810)
author: Guido Vranken <guidovranken@gmail.com> 2019-04-22 14:11:12 +0200
committer: Matt Caswell <matt@openssl.org> 2019-04-25 10:44:18 +0100
commit: 514c9da48b860153079748b0d588cd42191f0b6a (patch)
tree: 9266aa1367212101417a8ca925445f22879a5e32 /crypto/modes
parent: 87930507ff1c020d4ba1ca895ef3ef08e17253b3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c
index 9edf0270e2..bfa2d4604c 100644
--- a/crypto/modes/ccm128.c
+++ b/crypto/modes/ccm128.c
@@ -425,7 +425,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
 
     M *= 2;
     M += 2;
-    if (len < M)
+    if (len != M)
         return 0;
     memcpy(tag, ctx->cmac.c, M);
     return M;
author	Guido Vranken <guidovranken@gmail.com>	2019-04-22 14:11:12 +0200
committer	Matt Caswell <matt@openssl.org>	2019-04-25 10:44:18 +0100
commit	514c9da48b860153079748b0d588cd42191f0b6a (patch)
tree	9266aa1367212101417a8ca925445f22879a5e32 /crypto/modes
parent	87930507ff1c020d4ba1ca895ef3ef08e17253b3 (diff)