openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity

test/bad_dtls_test.c: Add checks for the EVP_MD_CTX_get_size() 

Add the check for the EVP_MD_CTX_get_size() to avoid integer overflow when it is implicitly casted from int to size_t in evp_pkey_ctx_store_cached_data().
The call path is do_PRF() -> EVP_PKEY_CTX_add1_tls1_prf_seed() -> evp_pkey_ctx_set1_octet_string() -> EVP_PKEY_CTX_ctrl() -> evp_pkey_ctx_store_cached_data().

Fixes: 16938284cf ("Add basic test for Cisco DTLS1_BAD_VER and record replay handling")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23952)
This commit is contained in:
Jiasheng Jiang 2024-03-22 23:05:00 +00:00 committed by Neil Horman
parent 99fe4c1066
commit ef9ac2f9b8
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
test/bad_dtls_test.c
View File

@ -370,6 +370,7 @@ static int send_finished(SSL *s, BIO *rbio)
/* Finished MAC (12 bytes) */
};
unsigned char handshake_hash[EVP_MAX_MD_SIZE];
int md_size;
/* Derive key material */
do_PRF(TLS_MD_KEY_EXPANSION_CONST, TLS_MD_KEY_EXPANSION_CONST_SIZE,
@ -381,8 +382,11 @@ static int send_finished(SSL *s, BIO *rbio)
if (!EVP_DigestFinal_ex(handshake_md, handshake_hash, NULL))
return 0;
md_size = EVP_MD_CTX_get_size(handshake_md);
if (md_size <= 0)
return 0;
do_PRF(TLS_MD_SERVER_FINISH_CONST, TLS_MD_SERVER_FINISH_CONST_SIZE,
handshake_hash, EVP_MD_CTX_get_size(handshake_md),
handshake_hash, md_size,
NULL, 0,
finished_msg + DTLS1_HM_HEADER_LENGTH, TLS1_FINISH_MAC_LENGTH);