From: Jiasheng Jiang <jiashengjiangcool@gmail.com>
Date: Thu, 26 Jun 2025 00:58:51 +0000 (+0000)
Subject: crypto/slh_dsa/slh_hash.c: Add check for EVP_MD_get_size()
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b72837f13f889a4b1b99c7bfa88bb5020e16607a;p=thirdparty%2Fopenssl.git

crypto/slh_dsa/slh_hash.c: Add check for EVP_MD_get_size()

Add the check for the return value of EVP_MD_get_size() to avoid invalid size.

Fixes: 2f9e152d86 ("Add SLH_DSA signature verification.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>

Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Paul Yang <paulyang.inf@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/27900)

(cherry picked from commit 36614faa98c5a947a635d3f44e78c7c36b722534)
---

diff --git a/crypto/slh_dsa/slh_hash.c b/crypto/slh_dsa/slh_hash.c
index 6a8d6bab03c..8eb8ab4e860 100644
--- a/crypto/slh_dsa/slh_hash.c
+++ b/crypto/slh_dsa/slh_hash.c
@@ -158,6 +158,9 @@ slh_hmsg_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *r, const uint8_t *pk_seed,
     int sz = EVP_MD_get_size(hctx->key->md_big);
     size_t seed_len = (size_t)sz + 2 * n;
 
+    if (sz <= 0)
+        return 0;
+
     memcpy(seed, r, n);
     memcpy(seed + n, pk_seed, n);
     return digest_4(hctx->md_big_ctx, r, n, pk_seed, n, pk_root, n, msg, msg_len,