signature/rsa_sig.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t. Fixes: 6f4b766315 ("PROV: add RSA signature implementation") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23949)
author: Jiasheng Jiang <jiasheng@purdue.edu> 2024-03-22 22:22:23 +0000
committer: Neil Horman <nhorman@openssl.org> 2024-04-01 14:11:52 -0400
commit: 6c0f154750a3380cced8ddab44d7ad100b6ab984 (patch)
tree: 0971752ec80c75d746fdf203d98fa0a48dbb2095 /providers
parent: 7638f4016a9438dccaf183a3ae7353d363dfc25a (diff)
1 files changed, 8 insertions, 2 deletions
diff --git a/providers/implementations/signature/rsa_sig.c b/providers/implementations/signature/rsa_sig.c
index 76db37dd02..cc7353bbca 100644
--- a/providers/implementations/signature/rsa_sig.c
+++ b/providers/implementations/signature/rsa_sig.c
@@ -114,8 +114,14 @@ typedef struct {
 
 static size_t rsa_get_md_size(const PROV_RSA_CTX *prsactx)
 {
-    if (prsactx->md != NULL)
-        return EVP_MD_get_size(prsactx->md);
+    int md_size;
+
+    if (prsactx->md != NULL) {
+        md_size = EVP_MD_get_size(prsactx->md);
+        if (md_size <= 0)
+            return 0;
+        return md_size;
+    }
     return 0;
 }
author	Jiasheng Jiang <jiasheng@purdue.edu>	2024-03-22 22:22:23 +0000
committer	Neil Horman <nhorman@openssl.org>	2024-04-01 14:11:52 -0400
commit	6c0f154750a3380cced8ddab44d7ad100b6ab984 (patch)
tree	0971752ec80c75d746fdf203d98fa0a48dbb2095 /providers
parent	7638f4016a9438dccaf183a3ae7353d363dfc25a (diff)