From: Jiasheng Jiang Date: Sat, 23 Mar 2024 16:09:01 +0000 (+0000) Subject: ts/ts_rsp_sign.c: Add the check for the EVP_MD_CTX_get_size() X-Git-Tag: openssl-3.4.0-alpha1~724 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f5fde94c54a1ad49663391750fd1b2f47550a4b6;p=thirdparty%2Fopenssl.git ts/ts_rsp_sign.c: Add the check for the EVP_MD_CTX_get_size() Add the check for the return value of EVP_MD_CTX_get_size() to avoid invalid negative numbers. Fixes: c7235be6e3 ("RFC 3161 compliant time stamp request creation, response generation and response verification.") Signed-off-by: Jiasheng Jiang Reviewed-by: Shane Lontis Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/23960) --- diff --git a/crypto/ts/ts_rsp_sign.c b/crypto/ts/ts_rsp_sign.c index 79d3e678374..d3a4677292b 100644 --- a/crypto/ts/ts_rsp_sign.c +++ b/crypto/ts/ts_rsp_sign.c @@ -445,7 +445,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) char md_alg_name[OSSL_MAX_NAME_SIZE]; const ASN1_OCTET_STRING *digest; const EVP_MD *md = NULL; - int i; + int i, md_size; if (TS_REQ_get_version(request) != 1) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, @@ -470,6 +470,10 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) return 0; } + md_size = EVP_MD_get_size(md); + if (md_size <= 0) + return 0; + if (md_alg->parameter && ASN1_TYPE_get(md_alg->parameter) != V_ASN1_NULL) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Superfluous message digest " @@ -478,7 +482,7 @@ static int ts_RESP_check_request(TS_RESP_CTX *ctx) return 0; } digest = msg_imprint->hashed_msg; - if (digest->length != EVP_MD_get_size(md)) { + if (digest->length != md_size) { TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Bad message digest."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_BAD_DATA_FORMAT);