Fix possible overflow of digest result writing

Openssl is already have output result size in EVP_MD.md_size We should not exceed its value when writing digest output. This should be fixed more consistently, probably, by removing dgst_size from OMAC_CTX.
author: Vitaly Chikunov <vt@altlinux.org> 2018-08-02 16:59:14 +0300
committer: Vitaly Chikunov <vt@altlinux.org> 2018-08-08 21:15:23 +0300
commit: 10ae275fd54e600c08ee330eaf9738aa476e0ca4 (patch)
tree: edec2417be2f5bd50d2b05cee3ed1491a12d56b5 /gost_omac.c
parent: 636dd0c1f36872f0abcb4f8a465e837929ed19d1 (diff)
download: gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.zip
gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.tar.gz
gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.tar.bz2
1 files changed, 4 insertions, 1 deletions
diff --git a/gost_omac.c b/gost_omac.c
index af6eb2a..d1f897a 100644
--- a/gost_omac.c
+++ b/gost_omac.c
@@ -7,6 +7,8 @@
 #include "e_gost_err.h"
 #include "gost_lcl.h"
 
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+
 typedef struct omac_ctx {
 	CMAC_CTX *cmac_ctx;
 	size_t   dgst_size;
@@ -71,7 +73,8 @@ int omac_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
 
 		CMAC_Final(c->cmac_ctx, mac, &mac_size);
 
-    memcpy(md, mac, c->dgst_size);
+    int md_size = EVP_MD_meth_get_result_size(EVP_MD_CTX_md(ctx));
+    memcpy(md, mac, min(md_size, c->dgst_size));
     return 1;
 }
author	Vitaly Chikunov <vt@altlinux.org>	2018-08-02 16:59:14 +0300
committer	Vitaly Chikunov <vt@altlinux.org>	2018-08-08 21:15:23 +0300
commit	10ae275fd54e600c08ee330eaf9738aa476e0ca4 (patch)
tree	edec2417be2f5bd50d2b05cee3ed1491a12d56b5 /gost_omac.c
parent	636dd0c1f36872f0abcb4f8a465e837929ed19d1 (diff)
download	gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.zip gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.tar.gz gost-engine-10ae275fd54e600c08ee330eaf9738aa476e0ca4.tar.bz2