From: Jiasheng Jiang <jiasheng@purdue.edu>
Date: Sat, 23 Mar 2024 15:37:43 +0000 (+0000)
Subject: signature/sm2_sig.c: Add the check for the EVP_MD_CTX_get_size()
X-Git-Tag: openssl-3.4.0-alpha1~790
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64963c8b7a11728b5d252420f56f82532c14076d;p=thirdparty%2Fopenssl.git

signature/sm2_sig.c: Add the check for the EVP_MD_CTX_get_size()

Add the check for the return value of EVP_MD_CTX_get_size() to avoid invalid negative numbers.

Fixes: d0b79f8631 ("Add SM2 signature algorithm to default provider")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23959)
---

diff --git a/providers/implementations/signature/sm2_sig.c b/providers/implementations/signature/sm2_sig.c
index 479e4eebe8e..6b8936b9594 100644
--- a/providers/implementations/signature/sm2_sig.c
+++ b/providers/implementations/signature/sm2_sig.c
@@ -313,6 +313,7 @@ int sm2sig_digest_verify_final(void *vpsm2ctx, const unsigned char *sig,
 
     if (psm2ctx == NULL
         || psm2ctx->mdctx == NULL
+        || EVP_MD_get_size(psm2ctx->md) <= 0
         || EVP_MD_get_size(psm2ctx->md) > (int)sizeof(digest))
         return 0;