diff options
author | Vitaly Chikunov <vt@altlinux.org> | 2018-08-02 16:59:14 +0300 |
---|---|---|
committer | Vitaly Chikunov <vt@altlinux.org> | 2018-08-08 21:15:23 +0300 |
commit | 10ae275fd54e600c08ee330eaf9738aa476e0ca4 (patch) | |
tree | edec2417be2f5bd50d2b05cee3ed1491a12d56b5 /gost_omac.c | |
parent | 636dd0c1f36872f0abcb4f8a465e837929ed19d1 (diff) | |
download | gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.zip gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.tar.gz gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.tar.bz2 |
Fix possible overflow of digest result writing
Openssl is already have output result size in EVP_MD.md_size
We should not exceed its value when writing digest output.
This should be fixed more consistently, probably, by removing
dgst_size from OMAC_CTX.
Diffstat (limited to 'gost_omac.c')
-rw-r--r-- | gost_omac.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/gost_omac.c b/gost_omac.c index af6eb2a..d1f897a 100644 --- a/gost_omac.c +++ b/gost_omac.c @@ -7,6 +7,8 @@ #include "e_gost_err.h" #include "gost_lcl.h" +#define min(a,b) (((a) < (b)) ? (a) : (b)) + typedef struct omac_ctx { CMAC_CTX *cmac_ctx; size_t dgst_size; @@ -71,7 +73,8 @@ int omac_imit_final(EVP_MD_CTX *ctx, unsigned char *md) CMAC_Final(c->cmac_ctx, mac, &mac_size); - memcpy(md, mac, c->dgst_size); + int md_size = EVP_MD_meth_get_result_size(EVP_MD_CTX_md(ctx)); + memcpy(md, mac, min(md_size, c->dgst_size)); return 1; } |