Fix coverity-1604666

Coverity recently flaged an error in which the return value for EVP_MD_get_size wasn't checked for negative values prior to use, which can cause underflow later in the function. Just add the check and error out if get_size returns an error. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24896) (cherry picked from commit 22e08c7cdc596d4f16749811d1022fb8b07a8e41)
author: Neil Horman <nhorman@openssl.org> 2024-07-15 14:30:16 -0400
committer: Tomas Mraz <tomas@openssl.org> 2024-07-17 16:31:32 +0200
commit: 7209a6b5f4bc758349f45d35f68d6dc41b11a8d3 (patch)
tree: c8b28c65a778be8eddc841f87c9fe4ebd22ea4cf
parent: ed96c0ddfa0ecab9e8ec3f7f0407b92b07908528 (diff)
download: openssl-7209a6b5f4bc758349f45d35f68d6dc41b11a8d3.zip
openssl-7209a6b5f4bc758349f45d35f68d6dc41b11a8d3.tar.gz
openssl-7209a6b5f4bc758349f45d35f68d6dc41b11a8d3.tar.bz2
1 files changed, 1 insertions, 1 deletions
diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index b903044..52a0e8f 100644
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -184,7 +184,7 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
 
     mdlen = EVP_MD_get_size(md);
 
-    if (tlen <= 0 || flen <= 0)
+    if (tlen <= 0 || flen <= 0 || mdlen <= 0)
         return -1;
     /*
      * |num| is the length of the modulus; |flen| is the length of the
author	Neil Horman <nhorman@openssl.org>	2024-07-15 14:30:16 -0400
committer	Tomas Mraz <tomas@openssl.org>	2024-07-17 16:31:32 +0200
commit	7209a6b5f4bc758349f45d35f68d6dc41b11a8d3 (patch)
tree	c8b28c65a778be8eddc841f87c9fe4ebd22ea4cf
parent	ed96c0ddfa0ecab9e8ec3f7f0407b92b07908528 (diff)
download	openssl-7209a6b5f4bc758349f45d35f68d6dc41b11a8d3.zip openssl-7209a6b5f4bc758349f45d35f68d6dc41b11a8d3.tar.gz openssl-7209a6b5f4bc758349f45d35f68d6dc41b11a8d3.tar.bz2