openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

ssl/t1_lib.c: Add checks for the EVP_MD_get_size() 

Add checks for the EVP_MD_get_size() to avoid unexpected negative numbers.

Fixes: b362ccab5c ("Security framework.")
Fixes: 0fe3db251a ("Use size of server key when selecting signature algorithm.")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23943)
This commit is contained in:
Jiasheng Jiang 2024-03-22 19:18:34 +00:00 committed by Neil Horman
parent 68d6dd3354
commit 9f6a48749a
1 changed files with 4 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
ssl/t1_lib.c
View File

@ -1649,6 +1649,8 @@ static int rsa_pss_check_min_key_size(SSL_CTX *ctx, const EVP_PKEY *pkey,
return 0;
if (!tls1_lookup_md(ctx, lu, &md) || md == NULL)
return 0;
if (EVP_MD_get_size(md) <= 0)
return 0;
if (EVP_PKEY_get_size(pkey) < RSA_PSS_MINIMUM_KEY_SIZE(md))
return 0;
return 1;
@ -1831,6 +1833,8 @@ static int sigalg_security_bits(SSL_CTX *ctx, const SIGALG_LOOKUP *lu)
/* Security bits: half digest bits */
secbits = EVP_MD_get_size(md) * 4;
if (secbits <= 0)
return 0;
/*
* SHA1 and MD5 are known to be broken. Reduce security bits so that
* they're no longer accepted at security level 1. The real values don't