diff options
author | Jiasheng Jiang <jiasheng@purdue.edu> | 2024-03-22 22:33:57 +0000 |
---|---|---|
committer | Neil Horman <nhorman@openssl.org> | 2024-04-01 13:58:16 -0400 |
commit | 7638f4016a9438dccaf183a3ae7353d363dfc25a (patch) | |
tree | d2a5f8f6f173d05c923866f0063f32cfcf0a4d90 /providers | |
parent | ef9ac2f9b8b648406424c7c002fb94b0fae0434a (diff) |
kdfs/hmacdrbg_kdf.c: Add checks for the EVP_MD_get_size()
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.
Fixes: f3090fc710 ("Implement deterministic ECDSA sign (RFC6979)")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23950)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/kdfs/hmacdrbg_kdf.c | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.c b/providers/implementations/kdfs/hmacdrbg_kdf.c index 30f1dfbd24..3df5221580 100644 --- a/providers/implementations/kdfs/hmacdrbg_kdf.c +++ b/providers/implementations/kdfs/hmacdrbg_kdf.c @@ -183,6 +183,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx, const OSSL_PARAM *p; void *ptr = NULL; size_t size = 0; + int md_size; if (params == NULL) return 1; @@ -220,7 +221,10 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx, ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED); return 0; } - drbg->blocklen = EVP_MD_get_size(md); + md_size = EVP_MD_get_size(md); + if (md_size <= 0) + return 0; + drbg->blocklen = (size_t)md_size; } return ossl_prov_macctx_load_from_params(&drbg->ctx, params, "HMAC", NULL, NULL, libctx); |