diff options
| author | Tomas Mraz <tomas@openssl.org> | 2023-03-08 11:17:31 +0100 |
|---|---|---|
| committer | Pauli <pauli@openssl.org> | 2023-03-15 08:24:42 +1100 |
| commit | 559e078d94f1213318105b03f4e88b848fc28314 (patch) | |
| tree | e50d4fbe0c5741eba0d2be0e9cb1a7b457795cfe /crypto | |
| parent | 27093ba73372935fe4ef91d0a45ce6ea90a1ac8e (diff) | |
Fix size_t/int mismatch in cms_ec.c and rsa_sig.c
Fixes #20435
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20457)
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/cms/cms_dh.c | 2 | ||||
| -rw-r--r-- | crypto/cms/cms_ec.c | 12 |
2 files changed, 9 insertions, 5 deletions
diff --git a/crypto/cms/cms_dh.c b/crypto/cms/cms_dh.c index ea8b24528f..c1b763e98e 100644 --- a/crypto/cms/cms_dh.c +++ b/crypto/cms/cms_dh.c @@ -309,7 +309,7 @@ static int dh_cms_encrypt(CMS_RecipientInfo *ri) */ penc = NULL; penclen = i2d_X509_ALGOR(wrap_alg, &penc); - if (penc == NULL || penclen == 0) + if (penclen <= 0) goto err; wrap_str = ASN1_STRING_new(); if (wrap_str == NULL) diff --git a/crypto/cms/cms_ec.c b/crypto/cms/cms_ec.c index 896eda61da..2e4f19552f 100644 --- a/crypto/cms/cms_ec.c +++ b/crypto/cms/cms_ec.c @@ -8,6 +8,7 @@ */ #include <assert.h> +#include <limits.h> #include <openssl/cms.h> #include <openssl/err.h> #include <openssl/decoder.h> @@ -258,7 +259,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) ASN1_STRING *wrap_str; ASN1_OCTET_STRING *ukm; unsigned char *penc = NULL; - size_t penclen; + int penclen; int rv = 0; int ecdh_nid, kdf_type, kdf_nid, wrap_nid; const EVP_MD *kdf_md; @@ -275,9 +276,12 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) /* Is everything uninitialised? */ if (aoid == OBJ_nid2obj(NID_undef)) { /* Set the key */ + size_t enckeylen; - penclen = EVP_PKEY_get1_encoded_public_key(pkey, &penc); - ASN1_STRING_set0(pubkey, penc, penclen); + enckeylen = EVP_PKEY_get1_encoded_public_key(pkey, &penc); + if (enckeylen > INT_MAX || enckeylen == 0) + goto err; + ASN1_STRING_set0(pubkey, penc, (int)enckeylen); ossl_asn1_string_set_bits_left(pubkey, 0); penc = NULL; @@ -358,7 +362,7 @@ static int ecdh_cms_encrypt(CMS_RecipientInfo *ri) * of another AlgorithmIdentifier. */ penclen = i2d_X509_ALGOR(wrap_alg, &penc); - if (penc == NULL || penclen == 0) + if (penclen <= 0) goto err; wrap_str = ASN1_STRING_new(); if (wrap_str == NULL) |