Perform bounds checks in hmac_signctx.

Match the other EVP_DigestSignFinal implementations. Fix the instances in ssl/t1_enc.c which were not following the EVP_DigestSignFinal contract; on entry, *out_len should contain the size of the buffer. Change-Id: Icd44d97a4c98704dea975798c0101d5a37274d17 Reviewed-on: https://boringssl-review.googlesource.com/1130 Reviewed-by: Adam Langley <agl@google.com>
author: David Benjamin <davidben@chromium.org> 2014-07-10 20:04:11 +0400
committer: Adam Langley <agl@google.com> 2014-07-11 00:59:10 +0400
commit: 7bf334a9ff0236da88424f649f6f976bd1f7bf38 (patch)
tree: 86b139035698689f8f5f9cd91071a58db4f69d13 /ssl/t1_enc.c
parent: 09020c2f08df11179b93e6548117806a4c0d0d45 (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/ssl/t1_enc.c b/ssl/t1_enc.c
index dac71b4d..d32315ea 100644
--- a/ssl/t1_enc.c
+++ b/ssl/t1_enc.c
@@ -186,6 +186,7 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 		goto err;
 	if (seed5 && !EVP_DigestSignUpdate(&ctx,seed5,seed5_len))
 		goto err;
+	A1_len = EVP_MAX_MD_SIZE;
 	if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
 		goto err;
 
@@ -211,16 +212,19 @@ static int tls1_P_hash(const EVP_MD *md, const unsigned char *sec,
 
 		if (olen > chunk)
 			{
+			j = olen;
 			if (!EVP_DigestSignFinal(&ctx,out,&j))
 				goto err;
 			out+=j;
 			olen-=j;
 			/* calc the next A1 value */
+			A1_len = EVP_MAX_MD_SIZE;
 			if (!EVP_DigestSignFinal(&ctx_tmp,A1,&A1_len))
 				goto err;
 			}
 		else	/* last one */
 			{
+			A1_len = EVP_MAX_MD_SIZE;
 			if (!EVP_DigestSignFinal(&ctx,A1,&A1_len))
 				goto err;
 			memcpy(out,A1,olen);
author	David Benjamin <davidben@chromium.org>	2014-07-10 20:04:11 +0400
committer	Adam Langley <agl@google.com>	2014-07-11 00:59:10 +0400
commit	7bf334a9ff0236da88424f649f6f976bd1f7bf38 (patch)
tree	86b139035698689f8f5f9cd91071a58db4f69d13 /ssl/t1_enc.c
parent	09020c2f08df11179b93e6548117806a4c0d0d45 (diff)