openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

signature/ecdsa_sig.c: Add checks for the EVP_MD_get_size() 

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: edd3b7a309 ("Add ECDSA to providers")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23947)
This commit is contained in:
Jiasheng Jiang 2024-03-22 20:49:27 +00:00 committed by Tomas Mraz
parent 4feb4a2b2c
commit df0ee35b53
1 changed files with 9 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
providers/implementations/signature/ecdsa_sig.c
View File

@ -227,7 +227,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
{
EVP_MD *md = NULL;
size_t mdname_len;
int md_nid, sha1_allowed;
int md_nid, sha1_allowed, md_size;
WPACKET pkt;
if (mdname == NULL)
@ -247,6 +247,13 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
"%s could not be fetched", mdname);
return 0;
}
md_size = EVP_MD_get_size(md);
if (md_size <= 0) {
ERR_raise_data(ERR_LIB_PROV, PROV_R_INVALID_DIGEST,
"%s has invalid md size %d", mdname, md_size);
EVP_MD_free(md);
return 0;
}
sha1_allowed = (ctx->operation != EVP_PKEY_OP_SIGN);
md_nid = ossl_digest_get_approved_nid_with_sha1(ctx->libctx, md,
sha1_allowed);
@ -282,7 +289,7 @@ static int ecdsa_setup_md(PROV_ECDSA_CTX *ctx, const char *mdname,
WPACKET_cleanup(&pkt);
ctx->mdctx = NULL;
ctx->md = md;
ctx->mdsize = EVP_MD_get_size(ctx->md);
ctx->mdsize = (size_t)md_size;
OPENSSL_strlcpy(ctx->mdname, mdname, sizeof(ctx->mdname));
return 1;