diff options
author | James Muir <james@openssl.org> | 2023-11-28 22:43:52 -0500 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2023-12-01 11:55:23 +0100 |
commit | f7668698d1ea36dd0ff8935c7d084ebe7b4d9e83 (patch) | |
tree | 58b463488391bc1a3a094c2ec8ec73b7b89e9d3f /test | |
parent | 1b0089da4ae2424fab98e5978d5d08269d670140 (diff) |
evp-cmac: do not seg-fault when getting mac-size before init
Add null check to cmac_size(). This avoids a seg-fault encountered
with cmac when EVP_MAC_CTX_get_mac_size() is called before init.
Extend mac testing in evp_test.c to check that the sizes returned by
EVP_MAC_CTX_get_mac_size() before and after init make sense (this also
ensures that we no longer seg-fault).
Fixes #22842
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22858)
(cherry picked from commit ff181969e28c1503b077b47a9ded3683524b3fd8)
Diffstat (limited to 'test')
-rw-r--r-- | test/evp_test.c | 23 |
1 files changed, 22 insertions, 1 deletions
diff --git a/test/evp_test.c b/test/evp_test.c index d74da09616..cef7b1b9e8 100644 --- a/test/evp_test.c +++ b/test/evp_test.c @@ -1514,6 +1514,7 @@ static int mac_test_run_mac(EVP_TEST *t) EVP_MAC_CTX *ctx = NULL; unsigned char *got = NULL; size_t got_len = 0, size = 0; + size_t size_before_init, size_after_init, size_val = 0; int i, block_size = -1, output_size = -1; OSSL_PARAM params[21], sizes[3], *psizes = sizes; size_t params_n = 0; @@ -1610,6 +1611,9 @@ static int mac_test_run_mac(EVP_TEST *t) } params_n++; + if (strcmp(tmpkey, "size") == 0) + size_val = (size_t)strtoul(tmpval, NULL, 0); + OPENSSL_free(tmpkey); } params[params_n] = OSSL_PARAM_construct_end(); @@ -1618,11 +1622,28 @@ static int mac_test_run_mac(EVP_TEST *t) t->err = "MAC_CREATE_ERROR"; goto err; } - + size_before_init = EVP_MAC_CTX_get_mac_size(ctx); if (!EVP_MAC_init(ctx, expected->key, expected->key_len, params)) { t->err = "MAC_INIT_ERROR"; goto err; } + size_after_init = EVP_MAC_CTX_get_mac_size(ctx); + if (!TEST_false(size_before_init == 0 && size_after_init == 0)) { + t->err = "MAC SIZE not set"; + goto err; + } + if (size_before_init != 0) { + /* mac-size not modified by init params */ + if (size_val == 0 && !TEST_size_t_eq(size_before_init, size_after_init)) { + t->err = "MAC SIZE check failed"; + goto err; + } + /* mac-size modified by init params */ + if (size_val != 0 && !TEST_size_t_eq(size_val, size_after_init)) { + t->err = "MAC SIZE check failed"; + goto err; + } + } if (expected->output_size >= 0) *psizes++ = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_SIZE, &output_size); |