Enforce a strict output length check in CRYPTO_ccm128_tag

Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken <[email protected]> Reviewed-by: Matthias St. Pierre <[email protected]> Reviewed-by: Paul Dale <[email protected]> Reviewed-by: Matt Caswell <[email protected]> (Merged from openssl#8810)
pewscorner · Apr 25, 2019 · 514c9da · 514c9da
1 parent 8793050
commit 514c9da
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c
@@ -425,7 +425,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
 
     M *= 2;
     M += 2;
-    if (len < M)
+    if (len != M)
         return 0;
     memcpy(tag, ctx->cmac.c, M);
     return M;