openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

store/store_lib.c: Add the checks for the EVP_MD_CTX_get_size() 

Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overflow.

Fixes: fac8673b8a ("STORE: Add the possibility to search for specific information")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23955)
This commit is contained in:
Jiasheng Jiang 2024-03-22 23:39:19 +00:00 committed by Neil Horman
parent 15e06b12ee
commit 18a30b5637
1 changed files with 7 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
crypto/store/store_lib.c
View File

@ -933,15 +933,20 @@ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
*bytes, size_t len)
{
OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
int md_size;
if (search == NULL)
return NULL;
if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
md_size = EVP_MD_get_size(digest);
if (md_size <= 0)
return NULL;
if (digest != NULL && len != (size_t)md_size) {
ERR_raise_data(ERR_LIB_OSSL_STORE,
OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
"%s size is %d, fingerprint size is %zu",
EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
EVP_MD_get0_name(digest), md_size, len);
OPENSSL_free(search);
return NULL;
}