From: Pauli <pauli@openssl.org>
Date: Tue, 17 Aug 2021 03:17:17 +0000 (+1000)
Subject: pkcs12: check for zero length digest to avoid division by zero
X-Git-Tag: openssl-3.0.0~108
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9f81ef9c0b6f3f9b3a091c5c40af52fb3f8556e3;p=thirdparty%2Fopenssl.git

pkcs12: check for zero length digest to avoid division by zero

Fixes #16331

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/16332)
---

diff --git a/providers/implementations/kdfs/pkcs12kdf.c b/providers/implementations/kdfs/pkcs12kdf.c
index 0ca83dd2432..2037b458c8b 100644
--- a/providers/implementations/kdfs/pkcs12kdf.c
+++ b/providers/implementations/kdfs/pkcs12kdf.c
@@ -64,7 +64,7 @@ static int pkcs12kdf_derive(const unsigned char *pass, size_t passlen,
     }
     vi = EVP_MD_get_block_size(md_type);
     ui = EVP_MD_get_size(md_type);
-    if (ui < 0 || vi <= 0) {
+    if (ui <= 0 || vi <= 0) {
         ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_DIGEST_SIZE);
         goto end;
     }