ssl/tls13_enc.c: Replace size_t with int and add the checks

Replace the type of variables with int to avoid implicit cast when they are assigned by EVP_MD_get_size(). Moreover, add the checks to avoid integer overflow. Fixes: 6612d87b89 ("Use the correct size for TLSv1.3 finished keys") Fixes: 34574f193b ("Add support for TLS1.3 secret generation") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23942)
author: Jiasheng Jiang <jiasheng@purdue.edu> 2024-03-22 18:41:58 +0000
committer: Neil Horman <nhorman@openssl.org> 2024-04-02 05:37:00 -0400
commit: bcf81f742dded19321dc7f76c1d729f615f8656c (patch)
tree: feaa8540896787e49aff246a92b5022e57b81b0c /ssl
parent: 9f6a48749afdcd5f35fb671651fc6af2b0b7d97a (diff)
1 files changed, 17 insertions, 3 deletions
diff --git a/ssl/tls13_enc.c b/ssl/tls13_enc.c
index 772a6fc173..17e9cb8688 100644
--- a/ssl/tls13_enc.c
+++ b/ssl/tls13_enc.c
@@ -247,8 +247,14 @@ int tls13_generate_master_secret(SSL_CONNECTION *s, unsigned char *out,
                                  size_t *secret_size)
 {
     const EVP_MD *md = ssl_handshake_md(s);
+    int tmpsize;
 
-    *secret_size = EVP_MD_get_size(md);
+    tmpsize = EVP_MD_get_size(md);
+    if (tmpsize <= 0) {
+        SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+        return 0;
+    }
+    *secret_size = (size_t)tmpsize;
     /* Calls SSLfatal() if required */
     return tls13_generate_secret(s, md, prev, NULL, 0, out);
 }
@@ -436,7 +442,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
     unsigned char *insecret;
     unsigned char *finsecret = NULL;
     const char *log_label = NULL;
-    size_t finsecretlen = 0;
+    int finsecretlen = 0;
     const unsigned char *label;
     size_t labellen, hashlen = 0;
     int ret = 0;
@@ -541,6 +547,10 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
             insecret = s->handshake_secret;
             finsecret = s->client_finished_secret;
             finsecretlen = EVP_MD_get_size(ssl_handshake_md(s));
+            if (finsecretlen <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
             label = client_handshake_traffic;
             labellen = sizeof(client_handshake_traffic) - 1;
             log_label = CLIENT_HANDSHAKE_LABEL;
@@ -573,6 +583,10 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
             insecret = s->handshake_secret;
             finsecret = s->server_finished_secret;
             finsecretlen = EVP_MD_get_size(ssl_handshake_md(s));
+            if (finsecretlen <= 0) {
+                SSLfatal(s, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
+                goto err;
+            }
             label = server_handshake_traffic;
             labellen = sizeof(server_handshake_traffic) - 1;
             log_label = SERVER_HANDSHAKE_LABEL;
@@ -657,7 +671,7 @@ int tls13_change_cipher_state(SSL_CONNECTION *s, int which)
 
     if (finsecret != NULL
             && !tls13_derive_finishedkey(s, ssl_handshake_md(s), secret,
-                                         finsecret, finsecretlen)) {
+                                         finsecret, (size_t)finsecretlen)) {
         /* SSLfatal() already called */
         goto err;
     }
author	Jiasheng Jiang <jiasheng@purdue.edu>	2024-03-22 18:41:58 +0000
committer	Neil Horman <nhorman@openssl.org>	2024-04-02 05:37:00 -0400
commit	bcf81f742dded19321dc7f76c1d729f615f8656c (patch)
tree	feaa8540896787e49aff246a92b5022e57b81b0c /ssl
parent	9f6a48749afdcd5f35fb671651fc6af2b0b7d97a (diff)