From 64963c8b7a11728b5d252420f56f82532c14076d Mon Sep 17 00:00:00 2001
From: Jiasheng Jiang <jiasheng@purdue.edu>
Date: Sat, 23 Mar 2024 15:37:43 +0000
Subject: signature/sm2_sig.c: Add the check for the EVP_MD_CTX_get_size()

Add the check for the return value of EVP_MD_CTX_get_size() to avoid invalid negative numbers.

Fixes: d0b79f8631 ("Add SM2 signature algorithm to default provider")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23959)
---
 providers/implementations/signature/sm2_sig.c | 1 +
 1 file changed, 1 insertion(+)

(limited to 'providers')

diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c
index 479e4eebe8..6b8936b959 100644
--- a/providers/implementations/signature/sm2_sig.c
+++ b/providers/implementations/signature/sm2_sig.c
@@ -313,6 +313,7 @@ int sm2sig_digest_verify_final(void *vpsm2ctx, const unsigned char *sig,
 
     if (psm2ctx == NULL
         || psm2ctx->mdctx == NULL
+        || EVP_MD_get_size(psm2ctx->md) <= 0
         || EVP_MD_get_size(psm2ctx->md) > (int)sizeof(digest))
         return 0;
 
-- 
cgit v1.2.3