From: Jiasheng Jiang Date: Fri, 22 Mar 2024 19:51:28 +0000 (+0000) Subject: rands/drbg_hash.c: Add checks for the EVP_MD_get_size() X-Git-Tag: openssl-3.4.0-alpha1~778 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=68d6dd3354597de01e7a9534be813756004e1351;p=thirdparty%2Fopenssl.git rands/drbg_hash.c: Add checks for the EVP_MD_get_size() Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t. Fixes: 8bf3665196 ("Added DRBG_HMAC & DRBG_HASH + Added defaults for setting DRBG for master/public/private + renamed generate_counter back to reseed_counter + generated new cavs data tests") Signed-off-by: Jiasheng Jiang Reviewed-by: Tomas Mraz Reviewed-by: Paul Dale Reviewed-by: Tom Cosgrove Reviewed-by: Neil Horman (Merged from https://github.com/openssl/openssl/pull/23944) --- diff --git a/providers/implementations/rands/drbg_hash.c b/providers/implementations/rands/drbg_hash.c index a35c1f153e2..daeedb00564 100644 --- a/providers/implementations/rands/drbg_hash.c +++ b/providers/implementations/rands/drbg_hash.c @@ -507,6 +507,7 @@ static int drbg_hash_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[] PROV_DRBG_HASH *hash = (PROV_DRBG_HASH *)ctx->data; OSSL_LIB_CTX *libctx = PROV_LIBCTX_OF(ctx->provctx); const EVP_MD *md; + int md_size; if (!ossl_prov_digest_load_from_params(&hash->digest, params, libctx)) return 0; @@ -517,7 +518,10 @@ static int drbg_hash_set_ctx_params_locked(void *vctx, const OSSL_PARAM params[] return 0; /* Error already raised for us */ /* These are taken from SP 800-90 10.1 Table 2 */ - hash->blocklen = EVP_MD_get_size(md); + md_size = EVP_MD_get_size(md); + if (md_size <= 0) + return 0; + hash->blocklen = md_size; /* See SP800-57 Part1 Rev4 5.6.1 Table 3 */ ctx->strength = 64 * (hash->blocklen >> 3); if (ctx->strength > 256)