From: Jiasheng Jiang <jiasheng@purdue.edu>
Date: Fri, 22 Mar 2024 23:39:19 +0000 (+0000)
Subject: store/store_lib.c: Add the checks for the EVP_MD_CTX_get_size()
X-Git-Tag: openssl-3.4.0-alpha1~786
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=18a30b5637cfaed0830183c1572cac76cfa40b4b;p=thirdparty%2Fopenssl.git

store/store_lib.c: Add the checks for the EVP_MD_CTX_get_size()

Add the checks for the return value of EVP_MD_CTX_get_size() before explicitly cast them to size_t to avoid the integer overflow.

Fixes: fac8673b8a ("STORE: Add the possibility to search for specific information")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23955)
---

diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 05a8044f895..56d01a48223 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -933,15 +933,20 @@ OSSL_STORE_SEARCH *OSSL_STORE_SEARCH_by_key_fingerprint(const EVP_MD *digest,
                                                         *bytes, size_t len)
 {
     OSSL_STORE_SEARCH *search = OPENSSL_zalloc(sizeof(*search));
+    int md_size;
 
     if (search == NULL)
         return NULL;
 
-    if (digest != NULL && len != (size_t)EVP_MD_get_size(digest)) {
+    md_size = EVP_MD_get_size(digest);
+    if (md_size <= 0)
+        return NULL;
+
+    if (digest != NULL && len != (size_t)md_size) {
         ERR_raise_data(ERR_LIB_OSSL_STORE,
                        OSSL_STORE_R_FINGERPRINT_SIZE_DOES_NOT_MATCH_DIGEST,
                        "%s size is %d, fingerprint size is %zu",
-                       EVP_MD_get0_name(digest), EVP_MD_get_size(digest), len);
+                       EVP_MD_get0_name(digest), md_size, len);
         OPENSSL_free(search);
         return NULL;
     }