Add error return value information for EVP_MD_get_size()

Add error return value information for EVP_MD_get_size() and
EVP_MD_CTX_get_size() to better guide their usages and avoid
the integer overflow, such as
4a50882 ("ssl_cipher_get_overhead(): Replace size_t with int and add the checks")
and ef9ac2f ("test/bad_dtls_test.c: Add checks for the EVP_MD_CTX_get_size()").

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25282)

diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index ed327480a1ca10004a7fdf055f8d4d881894c88d..49625c31348a9ef7f4f6f25fdca19b1b4e805d58 100644 (file)
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -386,9 +386,9 @@ B<EVP_MD>.
 
 =item EVP_MD_get_size()
 
-Return the size of the message digest when passed an B<EVP_MD> or an
-B<EVP_MD_CTX> structure, i.e. the size of the hash.
-For an XOF this returns 0.
+Return the size of the message digest when passed an B<EVP_MD>, i.e. the size of
+the hash. A negative value or 0 can occur for invalid size.
+For an XOF with no default size this returns 0.
 
 =item EVP_MD_CTX_get_size_ex(), EVP_MD_CTX_get_size()