Adjust the few places where the string length was confused

Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14168)
author: Richard Levitte <levitte@openssl.org> 2021-02-13 06:49:05 +0100
committer: Richard Levitte <levitte@openssl.org> 2021-02-18 16:58:17 +0100
commit: 3262300a2c2351c6706f37b89fef015430988a31 (patch)
tree: 4caae10f143f2f4e8ace562540109d7893a73a00 /providers
parent: OSSL_PARAM: Correct the assumptions on the UTF8 string length (diff)
download: openssl-3262300a2c2351c6706f37b89fef015430988a31.tar.xz
openssl-3262300a2c2351c6706f37b89fef015430988a31.zip
2 files changed, 7 insertions, 6 deletions
diff --git a/providers/fips/self_test.c b/providers/fips/self_test.c
index aa9bbc770e..1848686ae3 100644
--- a/providers/fips/self_test.c
+++ b/providers/fips/self_test.c
@@ -182,8 +182,7 @@ static int verify_integrity(OSSL_CORE_BIO *bio, OSSL_FUNC_BIO_read_ex_fn read_ex
     if (ctx == NULL)
         goto err;
 
-    *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME,
-                                            strlen(DIGEST_NAME) + 1);
+    *p++ = OSSL_PARAM_construct_utf8_string("digest", DIGEST_NAME, 0);
     *p++ = OSSL_PARAM_construct_octet_string("key", fixed_key,
                                              sizeof(fixed_key));
     *p = OSSL_PARAM_construct_end();
diff --git a/providers/implementations/rands/drbg_ctr.c b/providers/implementations/rands/drbg_ctr.c
index 127d85a2cc..e10b4378b5 100644
--- a/providers/implementations/rands/drbg_ctr.c
+++ b/providers/implementations/rands/drbg_ctr.c
@@ -685,19 +685,21 @@ static int drbg_ctr_set_ctx_params(void *vctx, const OSSL_PARAM params[])
 
     if ((p = OSSL_PARAM_locate_const(params, OSSL_DRBG_PARAM_CIPHER)) != NULL) {
         const char *base = (const char *)p->data;
+        size_t ctr_str_len = sizeof("CTR") - 1;
+        size_t ecb_str_len = sizeof("ECB") - 1;
 
         if (p->data_type != OSSL_PARAM_UTF8_STRING
-                || p->data_size < 3)
+                || p->data_size < ctr_str_len)
             return 0;
-        if (strcasecmp("CTR", base + p->data_size - sizeof("CTR")) != 0) {
+        if (strcasecmp("CTR", base + p->data_size - ctr_str_len) != 0) {
             ERR_raise(ERR_LIB_PROV, PROV_R_REQUIRE_CTR_MODE_CIPHER);
             return 0;
         }
-        if ((ecb = OPENSSL_strdup(base)) == NULL) {
+        if ((ecb = OPENSSL_strndup(base, p->data_size)) == NULL) {
             ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
             return 0;
         }
-        strcpy(ecb + p->data_size - sizeof("ECB"), "ECB");
+        strcpy(ecb + p->data_size - ecb_str_len, "ECB");
         EVP_CIPHER_free(ctr->cipher_ecb);
         EVP_CIPHER_free(ctr->cipher_ctr);
         ctr->cipher_ctr = EVP_CIPHER_fetch(libctx, base, propquery);
author	Richard Levitte <levitte@openssl.org>	2021-02-13 06:49:05 +0100
committer	Richard Levitte <levitte@openssl.org>	2021-02-18 16:58:17 +0100
commit	3262300a2c2351c6706f37b89fef015430988a31 (patch)
tree	4caae10f143f2f4e8ace562540109d7893a73a00 /providers
parent	OSSL_PARAM: Correct the assumptions on the UTF8 string length (diff)
download	openssl-3262300a2c2351c6706f37b89fef015430988a31.tar.xz openssl-3262300a2c2351c6706f37b89fef015430988a31.zip