Fix KMAC bounds checks.

Setting an output length higher than 8191 was causing a buffer overflow. This was reported by Acumen (FIPS lab). The max output size has increased to ~2M and it now checks this during set_parameters. The encoder related functions now pass in the maximum size of the output buffer so they can correctly check their size. kmac_bytepad_encode_key() calls bytepad twice in order to calculate and check the length before encoding. Note that right_encode() is currently only used in one place but this may change if other algorithms are supported (such as TupleHash). Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15106)
author: Shane Lontis <shane.lontis@oracle.com> 2021-05-01 14:49:25 +1000
committer: Shane Lontis <shane.lontis@oracle.com> 2021-05-05 17:39:27 +1000
commit: 2b05439f8441a5483da65fd4208d82d9e007f448 (patch)
tree: 82dee791ba1aa5f7e8cb99fdef48c46437100fd9 /include
parent: 029875dc5ba28f18e3067c883fb53c9ae91d6954 (diff)
1 files changed, 1 insertions, 0 deletions
diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h
index 29301124ec..bdfdda2c93 100644
--- a/include/openssl/proverr.h
+++ b/include/openssl/proverr.h
@@ -66,6 +66,7 @@
 # define PROV_R_INVALID_MAC                               151
 # define PROV_R_INVALID_MGF1_MD                           167
 # define PROV_R_INVALID_MODE                              125
+# define PROV_R_INVALID_OUTPUT_LENGTH                     217
 # define PROV_R_INVALID_PADDING_MODE                      168
 # define PROV_R_INVALID_PUBINFO                           198
 # define PROV_R_INVALID_SALT_LENGTH                       112
author	Shane Lontis <shane.lontis@oracle.com>	2021-05-01 14:49:25 +1000
committer	Shane Lontis <shane.lontis@oracle.com>	2021-05-05 17:39:27 +1000
commit	2b05439f8441a5483da65fd4208d82d9e007f448 (patch)
tree	82dee791ba1aa5f7e8cb99fdef48c46437100fd9 /include
parent	029875dc5ba28f18e3067c883fb53c9ae91d6954 (diff)