macs/kmac_prov.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t. Fixes: 6e624a6453 ("KMAC implementation using EVP_MAC") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23946)
author: Jiasheng Jiang <jiasheng@purdue.edu> 2024-03-22 20:21:46 +0000
committer: Neil Horman <nhorman@openssl.org> 2024-04-01 15:16:44 -0400
commit: e97f468589e807e7f4722b150458edd53f374cd0 (patch)
tree: 91a34101497fc9040562a386bb80f6e5cfd02af3 /providers
parent: 6c0f154750a3380cced8ddab44d7ad100b6ab984 (diff)
1 files changed, 7 insertions, 1 deletions
diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
index ddaab4ba86..82cbb4c387 100644
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -178,6 +178,7 @@ static struct kmac_data_st *kmac_new(void *provctx)
 static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
 {
     struct kmac_data_st *kctx = kmac_new(provctx);
+    int md_size;
 
     if (kctx == NULL)
         return 0;
@@ -187,7 +188,12 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
         return 0;
     }
 
-    kctx->out_len = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
+    md_size = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
+    if (md_size <= 0) {
+        kmac_free(kctx);
+        return 0;
+    }
+    kctx->out_len = (size_t)md_size;
     return kctx;
 }
author	Jiasheng Jiang <jiasheng@purdue.edu>	2024-03-22 20:21:46 +0000
committer	Neil Horman <nhorman@openssl.org>	2024-04-01 15:16:44 -0400
commit	e97f468589e807e7f4722b150458edd53f374cd0 (patch)
tree	91a34101497fc9040562a386bb80f6e5cfd02af3 /providers
parent	6c0f154750a3380cced8ddab44d7ad100b6ab984 (diff)