diff options
author | Jiasheng Jiang <jiasheng@purdue.edu> | 2024-03-22 20:49:27 +0000 |
---|---|---|
committer | Tomas Mraz <tomas@openssl.org> | 2024-04-09 20:44:17 +0200 |
commit | df0ee35b53a6cde959c119a165814d88e4492bb1 (patch) | |
tree | 3fc6a5d3094deefa0e439327d940593886d76244 /providers | |
parent | 4feb4a2b2cb7c45c0392e03453a658f29bd70bd2 (diff) |
signature/ecdsa_sig.c: Add checks for the EVP_MD_get_size()
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.
Fixes: edd3b7a309 ("Add ECDSA to providers")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23947)
Diffstat (limited to 'providers')
-rw-r--r-- | providers/implementations/signature/ecdsa_sig.c | 11 |
1 files changed, 9 insertions, 2 deletions
diff --git a/providers/implementations/signature/ecdsa_sig.c b/providers/implementations/signature/ecdsa_sig.c index fe65ed8dc6..7cf1f08381 100644 --- a/providers/implementations/signature/ecdsa_sig.c +++ b/providers/implementations/signature/ecdsa_sig.c @@ -227,7 +227,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, { EVP_MD *md = NULL; size_t mdname_len; - int md_nid, sha1_allowed; + int md_nid, sha1_allowed, md_size; WPACKET pkt; if (mdname == NULL) @@ -247,6 +247,13 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, "%s could not be fetched", mdname); return 0; } + md_size = EVP_MD_get_size(md); + if (md_size <= 0) { + ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST, + "%s has invalid md size %d", mdname, md_size); + EVP_MD_free(md); + return 0; + } sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN); md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md, sha1_allowed); @@ -282,7 +289,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname, WPACKET_cleanup(&pkt); ctx->mdctx = NULL; ctx->md = md; - ctx->mdsize = EVP_MD_get_size(ctx->md); + ctx->mdsize = (size_t)md_size; OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname)); return 1; |