[openssl] OpenSSL_1_1_1-stable update

Matt Caswell matt at openssl.org
Thu Apr 25 10:05:21 UTC 2019


The branch OpenSSL_1_1_1-stable has been updated
       via  fc4c034ee823c18de34d72dc46da6aabbb6f551e (commit)
      from  282360e6be8f0089470b38c07458c23564f5447f (commit)


- Log -----------------------------------------------------------------
commit fc4c034ee823c18de34d72dc46da6aabbb6f551e
Author: Guido Vranken <guidovranken at gmail.com>
Date:   Mon Apr 22 14:11:12 2019 +0200

    Enforce a strict output length check in CRYPTO_ccm128_tag
    
    Return error if the output tag buffer size doesn't match
    the tag size exactly. This prevents the caller from
    using that portion of the tag buffer that remains
    uninitialized after an otherwise succesfull call to
    CRYPTO_ccm128_tag.
    
    Bug found by OSS-Fuzz.
    
    Fix suggested by Kurt Roeckx.
    
    Signed-off-by: Guido Vranken <guidovranken at gmail.com>
    
    Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
    Reviewed-by: Paul Dale <paul.dale at oracle.com>
    Reviewed-by: Matt Caswell <matt at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/8810)
    
    (cherry picked from commit 514c9da48b860153079748b0d588cd42191f0b6a)

-----------------------------------------------------------------------

Summary of changes:
 crypto/modes/ccm128.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/crypto/modes/ccm128.c b/crypto/modes/ccm128.c
index 85ce84f..742c63f 100644
--- a/crypto/modes/ccm128.c
+++ b/crypto/modes/ccm128.c
@@ -425,7 +425,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
 
     M *= 2;
     M += 2;
-    if (len < M)
+    if (len != M)
         return 0;
     memcpy(tag, ctx->cmac.c, M);
     return M;


More information about the openssl-commits mailing list