diff options
author | Matt Caswell <matt@openssl.org> | 2018-09-10 16:53:17 +0100 |
---|---|---|
committer | Matt Caswell <matt@openssl.org> | 2018-09-10 17:28:33 +0100 |
commit | d689f313cc5ebe2763fb26d1e7f8cd53b7da6a4a (patch) | |
tree | 91a4974000ece0e4b8c34a53f92afd17b93058f3 | |
parent | 52307f94f8f3e5a1cd392f0a48802a24ccf73ba2 (diff) |
Validate the SM2 digest len before use
Fixes a Coverity complaint.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7170)
-rw-r--r-- | crypto/sm2/sm2_pmeth.c | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/crypto/sm2/sm2_pmeth.c b/crypto/sm2/sm2_pmeth.c index 3e420658d2..d187699cc4 100644 --- a/crypto/sm2/sm2_pmeth.c +++ b/crypto/sm2/sm2_pmeth.c @@ -259,6 +259,7 @@ static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) SM2_PKEY_CTX *smctx = ctx->data; EC_KEY *ec = ctx->pkey->pkey.ec; const EVP_MD *md = EVP_MD_CTX_md(mctx); + int mdlen = EVP_MD_size(md); if (!smctx->id_set) { /* @@ -270,11 +271,16 @@ static int pkey_sm2_digest_custom(EVP_PKEY_CTX *ctx, EVP_MD_CTX *mctx) return 0; } + if (mdlen < 0) { + SM2err(SM2_F_PKEY_SM2_DIGEST_CUSTOM, SM2_R_INVALID_DIGEST); + return 0; + } + /* get hashed prefix 'z' of tbs message */ if (!sm2_compute_z_digest(z, md, smctx->id, smctx->id_len, ec)) return 0; - return EVP_DigestUpdate(mctx, z, EVP_MD_size(md)); + return EVP_DigestUpdate(mctx, z, (size_t)mdlen); } const EVP_PKEY_METHOD sm2_pkey_meth = { |