signature/sm2_sig.c: Add the check for the EVP_MD_CTX_get_size()

Add the check for the return value of EVP_MD_CTX_get_size() to avoid invalid negative numbers.

Fixes: d0b79f8631 ("Add SM2 signature algorithm to default provider")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23959)

diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c
index 479e4eebe8eff03893cf5161dab223302864fd9d..6b8936b9594321ff4171b0ab698e33ff8fe0532e 100644 (file)
--- a/providers/implementations/signature/sm2_sig.c
+++ b/providers/implementations/signature/sm2_sig.c
@@ -313,6 +313,7 @@ int sm2sig_digest_verify_final(void *vpsm2ctx, const unsigned char *sig,
 
     if (psm2ctx == NULL
         || psm2ctx->mdctx == NULL
+        || EVP_MD_get_size(psm2ctx->md) <= 0
         || EVP_MD_get_size(psm2ctx->md) > (int)sizeof(digest))
         return 0;