signature/dsa_sig.c: Add checks for the EVP_MD_get_size()

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t. Fixes: 45a845e ("Add EVP_DigestSign/EVP_DigestVerify support for DSA") Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#23948)
0140454 · Apr 9, 2024 · f4174b6 · f4174b6
1 parent df0ee35
commit f4174b6
Showing 1 changed file with 8 additions and 2 deletions.
diff --git a/providers/implementations/signature/dsa_sig.c b/providers/implementations/signature/dsa_sig.c
@@ -93,8 +93,14 @@ typedef struct {
 
 static size_t dsa_get_md_size(const PROV_DSA_CTX *pdsactx)
 {
-    if (pdsactx->md != NULL)
-        return EVP_MD_get_size(pdsactx->md);
+    int md_size;
+
+    if (pdsactx->md != NULL) {
+        md_size = EVP_MD_get_size(pdsactx->md);
+        if (md_size <= 0)
+            return 0;
+        return (size_t)md_size;
+    }
     return 0;
 }