]> git.ipfire.org Git - thirdparty/openssl.git/commitdiff
projects / thirdparty / openssl.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: f5fde94)
ffc/ffc_params_generate.c: Add the check for the EVP_MD_get_size()
authorJiasheng Jiang <jiasheng@purdue.edu>
Mon, 25 Mar 2024 16:54:55 +0000 (16:54 +0000)
committerTomas Mraz <tomas@openssl.org>
Tue, 9 Apr 2024 18:47:47 +0000 (20:47 +0200)
Add the check for the EVP_MD_get_size() to avoid invalid negative numbers.

Fixes: 4f2271d58a ("Add ACVP fips module tests")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23970)

crypto/ffc/ffc_params_generate.c patch | blob | blame | history

diff --git a/crypto/ffc/ffc_params_generate.c b/crypto/ffc/ffc_params_generate.c
index 8294fbec36b20621da33ef27695271bf390b4c9c..14834e5f7eef1ad2f6538663c6c2f665271f2711 100644 (file)
--- a/crypto/ffc/ffc_params_generate.c
+++ b/crypto/ffc/ffc_params_generate.c
@@ -814,6 +814,7 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
     BIGNUM *r0, *test, *tmp, *g = NULL, *q = NULL, *p = NULL;
     BN_MONT_CTX *mont = NULL;
     EVP_MD *md = NULL;
+    int md_size;
     size_t qsize;
     int n = 0, m = 0;
     int counter = 0, pcounter = 0, use_random_seed;
@@ -842,8 +843,11 @@ int ossl_ffc_params_FIPS186_2_gen_verify(OSSL_LIB_CTX *libctx,
     }
     if (md == NULL)
         goto err;
+    md_size = EVP_MD_get_size(md);
+    if (md_size <= 0)
+        goto err;
     if (N == 0)
-        N = EVP_MD_get_size(md) * 8;
+        N = md_size * 8;
     qsize = N >> 3;
 
     /*
A mirror of the official openssl repository