Skip to content

Commit fc4c034

Browse files
guidovrankenmattcaswell
guidovranken
authored and
mattcaswell
committed
Enforce a strict output length check in CRYPTO_ccm128_tag
Return error if the output tag buffer size doesn't match the tag size exactly. This prevents the caller from using that portion of the tag buffer that remains uninitialized after an otherwise succesfull call to CRYPTO_ccm128_tag. Bug found by OSS-Fuzz. Fix suggested by Kurt Roeckx. Signed-off-by: Guido Vranken <guidovranken@gmail.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from #8810) (cherry picked from commit 514c9da)
1 parent 282360e commit fc4c034

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

crypto/modes/ccm128.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -425,7 +425,7 @@ size_t CRYPTO_ccm128_tag(CCM128_CONTEXT *ctx, unsigned char *tag, size_t len)
425425

426426
M *= 2;
427427
M += 2;
428-
if (len < M)
428+
if (len != M)
429429
return 0;
430430
memcpy(tag, ctx->cmac.c, M);
431431
return M;

0 commit comments

Comments
 (0)