mirror of https://github.com/openssl/openssl
store/store_lib.c: Add the checks for the EVP_MD_CTX_get_size()
Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overflow.
Fixes: fac8673b8a
("STORE: Add the possibility to search for specific information")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23955)
This commit is contained in:
parent
15e06b12ee
commit
18a30b5637
|
@ -933,15 +933,20 @@ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
|
|||
*bytes, size_t len)
|
||||
{
|
||||
OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
|
||||
int md_size;
|
||||
|
||||
if (search == NULL)
|
||||
return NULL;
|
||||
|
||||
if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
|
||||
md_size = EVP_MD_get_size(digest);
|
||||
if (md_size <= 0)
|
||||
return NULL;
|
||||
|
||||
if (digest != NULL && len != (size_t)md_size) {
|
||||
ERR_raise_data(ERR_LIB_OSSL_STORE,
|
||||
OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
|
||||
"%s size is %d, fingerprint size is %zu",
|
||||
EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
|
||||
EVP_MD_get0_name(digest), md_size, len);
|
||||
OPENSSL_free(search);
|
||||
return NULL;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue