Fix possible overflow of digest result writing

Openssl is already have output result size in EVP_MD.md_size
We should not exceed its value when writing digest output.
This should be fixed more consistently, probably, by removing
dgst_size from OMAC_CTX.

diff --git a/compat.h b/compat.h
index 91afcf5125f5de72417b972c3fa01d001b5a8e9c..29a2ad3270ef71d159ba39f2de337b5a9cd4f630 100644 (file)
--- a/compat.h
+++ b/compat.h
@@ -252,6 +252,11 @@ static inline int EVP_MD_meth_set_result_size(EVP_MD *md, int resultsize)
     return 1;
 }
 
+static int EVP_MD_meth_get_result_size(const EVP_MD *md)
+{
+    return md->md_size;
+}
+
 static inline int EVP_MD_meth_set_input_blocksize(EVP_MD *md, int blocksize)
 {
     md->block_size = blocksize;

diff --git a/gost_omac.c b/gost_omac.c
index af6eb2a9e9e6e9cf2260754db5c7b147b2c912d8..d1f897a15c2227b8936e51625eeb73f818b433a3 100644 (file)
--- a/gost_omac.c
+++ b/gost_omac.c
@@ -7,6 +7,8 @@
 #include "e_gost_err.h"
 #include "gost_lcl.h"
 
+#define min(a,b) (((a) < (b)) ? (a) : (b))
+
 typedef struct omac_ctx {
        CMAC_CTX *cmac_ctx;
        size_t   dgst_size;
@@ -71,7 +73,8 @@ int omac_imit_final(EVP_MD_CTX *ctx, unsigned char *md)
 
                CMAC_Final(c->cmac_ctx, mac, &mac_size);
 
-    memcpy(md, mac, c->dgst_size);
+    int md_size = EVP_MD_meth_get_result_size(EVP_MD_CTX_md(ctx));
+    memcpy(md, mac, min(md_size, c->dgst_size));
     return 1;
 }