diff options
author | James Muir <james@openssl.org> | 2023-11-28 22:43:52 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-12-01 11:54:51 +0100 |
commit | ff181969e28c1503b077b47a9ded3683524b3fd8 (patch) | |
tree | 906297499c1eb664f865cc48984b9f61e4da2dc1 /providers | |
parent | bed7a878107818c297301c6602013d364b266c67 (diff) |
evp-cmac: do not seg-fault when getting mac-size before init
Add null check to cmac_size(). This avoids a seg-fault encountered
with cmac when EVP_MAC_CTX_get_mac_size() is called before init.
Extend mac testing in evp_test.c to check that the sizes returned by
EVP_MAC_CTX_get_mac_size() before and after init make sense (this also
ensures that we no longer seg-fault).
Fixes #22842
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22858)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/macs/cmac_prov.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/providers/implementations/macs/cmac_prov.c b/providers/implementations/macs/cmac_prov.c index 1b3893598d..fa0b576b97 100644 --- a/providers/implementations/macs/cmac_prov.c +++ b/providers/implementations/macs/cmac_prov.c @@ -101,8 +101,12 @@ static void *cmac_dup(void *vsrc) static size_t cmac_size(void *vmacctx) { struct cmac_data_st *macctx = vmacctx; + const EVP_CIPHER_CTX *cipherctx = CMAC_CTX_get0_cipher_ctx(macctx->ctx); - return EVP_CIPHER_CTX_get_block_size(CMAC_CTX_get0_cipher_ctx(macctx->ctx)); + if (EVP_CIPHER_CTX_get0_cipher(cipherctx) == NULL) + return 0; + + return EVP_CIPHER_CTX_get_block_size(cipherctx); } static int cmac_setkey(struct cmac_data_st *macctx, |