Browse Source

Check the plaintext buffer is large enough when decrypting SM2

Previously there was no check that the supplied buffer was large enough.
It was just assumed to be sufficient. Instead we should check and fail if
not.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
master
Matt Caswell 2 months ago
parent
commit
ad1ca777f9
1 changed files with 4 additions and 0 deletions
  1. +4
    -0
      crypto/sm2/sm2_crypt.c

+ 4
- 0
crypto/sm2/sm2_crypt.c View File

@ -312,6 +312,10 @@ int ossl_sm2_decrypt(const EC_KEY *key,
C2 = sm2_ctext->C2->data;
C3 = sm2_ctext->C3->data;
msg_len = sm2_ctext->C2->length;
if (*ptext_len < (size_t)msg_len) {
SM2err(SM2_F_SM2_DECRYPT, SM2_R_BUFFER_TOO_SMALL);
goto done;
}
ctx = BN_CTX_new_ex(libctx);
if (ctx == NULL) {


Loading…
Cancel
Save