From: Jiasheng Jiang <jiasheng@purdue.edu>
Date: Fri, 22 Mar 2024 22:33:57 +0000 (+0000)
Subject: kdfs/hmacdrbg_kdf.c: Add checks for the EVP_MD_get_size()
X-Git-Tag: openssl-3.4.0-alpha1~783
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=7638f4016a9438dccaf183a3ae7353d363dfc25a;p=thirdparty%2Fopenssl.git

kdfs/hmacdrbg_kdf.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: f3090fc710 ("Implement deterministic ECDSA sign (RFC6979)")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23950)
---

diff --git a/providers/implementations/kdfs/hmacdrbg_kdf.c b/providers/implementations/kdfs/hmacdrbg_kdf.c
index 30f1dfbd243..3df5221580a 100644
--- a/providers/implementations/kdfs/hmacdrbg_kdf.c
+++ b/providers/implementations/kdfs/hmacdrbg_kdf.c
@@ -183,6 +183,7 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
     const OSSL_PARAM *p;
     void *ptr = NULL;
     size_t size = 0;
+    int md_size;
 
     if (params == NULL)
         return 1;
@@ -220,7 +221,10 @@ static int hmac_drbg_kdf_set_ctx_params(void *vctx,
                 ERR_raise(ERR_LIB_PROV, PROV_R_XOF_DIGESTS_NOT_ALLOWED);
                 return 0;
             }
-            drbg->blocklen = EVP_MD_get_size(md);
+            md_size = EVP_MD_get_size(md);
+            if (md_size <= 0)
+                return 0;
+            drbg->blocklen = (size_t)md_size;
         }
         return ossl_prov_macctx_load_from_params(&drbg->ctx, params,
                                                  "HMAC", NULL, NULL, libctx);