38 lines
1.1 KiB
Diff
38 lines
1.1 KiB
Diff
|
From 515ac8b5e544dd713a2b4cabfc54b722d122c218 Mon Sep 17 00:00:00 2001
|
||
|
|
From: Matt Caswell <matt@openssl.org>
|
||
|
|
Date: Fri, 13 Aug 2021 16:58:21 +0100
|
||
|
|
Subject: [PATCH] Check the plaintext buffer is large enough when decrypting
|
||
|
|
SM2
|
||
|
|
|
||
|
|
Previously there was no check that the supplied buffer was large enough.
|
||
|
|
It was just assumed to be sufficient. Instead we should check and fail if
|
||
|
|
not.
|
||
|
|
|
||
|
|
Reviewed-by: Paul Dale <pauli@openssl.org>
|
||
|
|
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
|
||
|
|
|
||
|
|
Reference: https://github.com/openssl/openssl/commit/515ac8b5e544dd713a2b4cabfc54b722d122c218
|
||
|
|
Conflict: NA
|
||
|
|
---
|
||
|
|
crypto/sm2/sm2_crypt.c | 4 ++++
|
||
|
|
1 file changed, 4 insertions(+)
|
||
|
|
|
||
|
|
diff --git a/crypto/sm2/sm2_crypt.c b/crypto/sm2/sm2_crypt.c
|
||
|
|
index 1188abfc6b..00055a4e51 100644
|
||
|
|
--- a/crypto/sm2/sm2_crypt.c
|
||
|
|
+++ b/crypto/sm2/sm2_crypt.c
|
||
|
|
@@ -294,6 +294,10 @@ int sm2_decrypt(const EC_KEY *key,
|
||
|
|
C2 = sm2_ctext->C2->data;
|
||
|
|
C3 = sm2_ctext->C3->data;
|
||
|
|
msg_len = sm2_ctext->C2->length;
|
||
|
|
+ if (*ptext_len < (size_t)msg_len) {
|
||
|
|
+ SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
|
||
|
|
+ goto done;
|
||
|
|
+ }
|
||
|
|
|
||
|
|
ctx = BN_CTX_new();
|
||
|
|
if (ctx == NULL) {
|
||
|
|
--
|
||
|
|
2.23.0
|
||
|
|
|