kdfs/hmacdrbg_kdf.c: Add checks for the EVP_MD_get_size()

[thirdparty/openssl.git] / providers / implementations / kdfs / hmacdrbg_kdf.c

diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.c b/providers/implementations/kdfs/hmacdrbg_kdf.c
index 30f1dfbd2439fd95be1217c41dabc8fd079d7a7e..3df5221580a80d3e091d04e78dee4713281c8b03 100644 (file)
--- a/providers/implementations/kdfs/hmacdrbg_kdf.c
+++ b/providers/implementations/kdfs/hmacdrbg_kdf.c
@@ -183,6 +183,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
     const OSSL_PARAM *p;
     void *ptr = NULL;
     size_t size = 0;
+    int md_size;
 
     if (params == NULL)
         return 1;
@@ -220,7 +221,10 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
                 ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
                 return 0;
             }
-            drbg->blocklen = EVP_MD_get_size(md);
+            md_size = EVP_MD_get_size(md);
+            if (md_size <= 0)
+                return 0;
+            drbg->blocklen = (size_t)md_size;
         }
         return ossl_prov_macctx_load_from_params(&drbg->ctx, params,
                                                  "HMAC", NULL, NULL, libctx);