openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

macs/kmac_prov.c: Add checks for the EVP_MD_get_size() 

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 6e624a6453 ("KMAC implementation using EVP_MAC")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23946)
This commit is contained in:
Jiasheng Jiang 2024-03-22 20:21:46 +00:00 committed by Neil Horman
parent 6c0f154750
commit e97f468589
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
providers/implementations/macs/kmac_prov.c
View File

@ -178,6 +178,7 @@ static struct kmac_data_st *kmac_new(void *provctx)
static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
{
struct kmac_data_st *kctx = kmac_new(provctx);
int md_size;
if (kctx == NULL)
return 0;
@ -187,7 +188,12 @@ static void *kmac_fetch_new(void *provctx, const OSSL_PARAM *params)
return 0;
}
kctx->out_len = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
md_size = EVP_MD_get_size(ossl_prov_digest_md(&kctx->digest));
if (md_size <= 0) {
kmac_free(kctx);
return 0;
}
kctx->out_len = (size_t)md_size;
return kctx;
}