Check length of additional input in DRBG generate function.
authorDr. Stephen Henson <steve@openssl.org>
Mon, 12 Sep 2011 18:45:05 +0000 (18:45 +0000)
committerDr. Stephen Henson <steve@openssl.org>
Mon, 12 Sep 2011 18:45:05 +0000 (18:45 +0000)
fips/rand/fips_drbg_lib.c

index 98bd10b..015b95a 100644 (file)
@@ -377,6 +377,12 @@ int FIPS_drbg_generate(DRBG_CTX *dctx, unsigned char *out, size_t outlen,
                return 0;
                }
 
+       if (adinlen > dctx->max_adin)
+               {
+               r = FIPS_R_ADDITIONAL_INPUT_TOO_LONG;
+               goto end;
+               }
+
        if (dctx->flags & DRBG_CUSTOM_RESEED)
                dctx->generate(dctx, NULL, outlen, NULL, 0);
        else if (dctx->reseed_counter >= dctx->reseed_interval)