From: Jiasheng Jiang <jiashengjiangcool@outlook.com>
Date: Fri, 30 Aug 2024 19:36:51 +0000 (+0000)
Subject: Add error return value information for EVP_MD_get_size()
X-Git-Tag: openssl-3.5.0-alpha1~1179
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=09ae1c9f5acdaaf2fe893d513b1e98dbff489c50;p=thirdparty%2Fopenssl.git

Add error return value information for EVP_MD_get_size()

Add error return value information for EVP_MD_get_size() and
EVP_MD_CTX_get_size() to better guide their usages and avoid
the integer overflow, such as
4a50882 ("ssl_cipher_get_overhead(): Replace size_t with int and add the checks")
and ef9ac2f ("test/bad_dtls_test.c: Add checks for the EVP_MD_CTX_get_size()").

Signed-off-by: Jiasheng Jiang <jiashengjiangcool@outlook.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25282)
---

diff --git a/doc/man3/EVP_DigestInit.pod b/doc/man3/EVP_DigestInit.pod
index ed327480a1c..49625c31348 100644
--- a/doc/man3/EVP_DigestInit.pod
+++ b/doc/man3/EVP_DigestInit.pod
@@ -386,9 +386,9 @@ B<EVP_MD>.
 
 =item EVP_MD_get_size()
 
-Return the size of the message digest when passed an B<EVP_MD> or an
-B<EVP_MD_CTX> structure, i.e. the size of the hash.
-For an XOF this returns 0.
+Return the size of the message digest when passed an B<EVP_MD>, i.e. the size of
+the hash. A negative value or 0 can occur for invalid size.
+For an XOF with no default size this returns 0.
 
 =item EVP_MD_CTX_get_size_ex(), EVP_MD_CTX_get_size()