From: Klavishnik <evg.shtanov@gmail.com>
Date: Wed, 9 Aug 2023 14:05:03 +0000 (+0300)
Subject: Avoid divide-by-zero in kmac_prov.c's bytepad()
X-Git-Tag: openssl-3.2.0-beta1~109
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=91895e39b10033178e662fc7427a09d7562cf8e1;p=thirdparty%2Fopenssl.git

Avoid divide-by-zero in kmac_prov.c's bytepad()

This would happen if EVP_MD_get_block_size() returned 0
so we return an error instead.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21698)
---

diff --git a/providers/implementations/macs/kmac_prov.c b/providers/implementations/macs/kmac_prov.c
index 4d920c249a7..ddaab4ba86d 100644
--- a/providers/implementations/macs/kmac_prov.c
+++ b/providers/implementations/macs/kmac_prov.c
@@ -249,7 +249,7 @@ static int kmac_setkey(struct kmac_data_st *kctx, const unsigned char *key,
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH);
         return 0;
     }
-    if (w < 0) {
+    if (w <= 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
         return 0;
     }
@@ -289,7 +289,7 @@ static int kmac_init(void *vmacctx, const unsigned char *key,
         return 0;
 
     t = EVP_MD_get_block_size(ossl_prov_digest_md(&kctx->digest));
-    if (t < 0) {
+    if (t <= 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_LENGTH);
         return 0;
     }