diff options
author | James Muir <james@openssl.org> | 2023-11-28 22:43:52 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-12-01 11:55:31 +0100 |
commit | a3d6fc8cf7059cfbe32e56d6ac810fed0872a449 (patch) | |
tree | 10e61aafebe17b6c9a4f23aa230e65d46ee9b170 /providers | |
parent | 4fffbbcbb97cd627e72b90683ba1b87115940a7d (diff) |
evp-cmac: do not seg-fault when getting mac-size before init
Add null check to cmac_size(). This avoids a seg-fault encountered
with cmac when EVP_MAC_CTX_get_mac_size() is called before init.
Extend mac testing in evp_test.c to check that the sizes returned by
EVP_MAC_CTX_get_mac_size() before and after init make sense (this also
ensures that we no longer seg-fault).
Fixes #22842
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22858)
(cherry picked from commit ff181969e28c1503b077b47a9ded3683524b3fd8)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/macs/cmac_prov.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index fc9f911beb..ba89616398 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -101,8 +101,12 @@ static void *cmac_dup(void *vsrc) static size_t cmac_size(void *vmacctx) { struct cmac_data_st *macctx = vmacctx; + const EVP_CIPHER_CTX *cipherctx = CMAC_CTX_get0_cipher_ctx(macctx->ctx); - return EVP_CIPHER_CTX_get_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx)); + if (EVP_CIPHER_CTX_get0_cipher(cipherctx) == NULL) + return 0; + + return EVP_CIPHER_CTX_get_block_size(cipherctx); } static int cmac_setkey(struct cmac_data_st *macctx, |