Fix SSKDF to not claim a buffer size that is too small for the MAC

We also check that our buffer is sufficiently sized for the MAC output Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16789) (cherry picked from commit 7be8ba546267787c1b0df8a4fddaf9cb29944cbb)
author: Matt Caswell <matt@openssl.org> 2021-10-07 14:14:52 +0100
committer: Matt Caswell <matt@openssl.org> 2021-10-22 08:44:59 +0100
commit: 55398b354f55955a1f504f591b8cf64a559a5793 (patch)
tree: 00fd9abdd124c388c3c6422337a2e374eba5f229 /providers
parent: 4fffef3dedcb80d2bfa657d4b7c2850dddaef1b4 (diff)
1 files changed, 2 insertions, 2 deletions
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
index 56ac1e6334..297ddcdc2d 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -239,7 +239,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
         goto end;
 
     out_len = EVP_MAC_CTX_get_mac_size(ctx_init); /* output size */
-    if (out_len <= 0)
+    if (out_len <= 0 || (mac == mac_buf && out_len > sizeof(mac_buf)))
         goto end;
     len = derived_key_len;
 
@@ -263,7 +263,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
             if (len == 0)
                 break;
         } else {
-            if (!EVP_MAC_final(ctx, mac, NULL, len))
+            if (!EVP_MAC_final(ctx, mac, NULL, out_len))
                 goto end;
             memcpy(out, mac, len);
             break;
author	Matt Caswell <matt@openssl.org>	2021-10-07 14:14:52 +0100
committer	Matt Caswell <matt@openssl.org>	2021-10-22 08:44:59 +0100
commit	55398b354f55955a1f504f591b8cf64a559a5793 (patch)
tree	00fd9abdd124c388c3c6422337a2e374eba5f229 /providers
parent	4fffef3dedcb80d2bfa657d4b7c2850dddaef1b4 (diff)