You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If sig is not NULL then before the call the siglen parameter should contain the length of the sig buffer.
This implies that the siglen parameter actually has some significance and is being checked to be sufficiently large by the function(s) that fill(s) the sig buffer. The expectation is that the function fails if that check fails. Indeed, this mechanism can be observed here:
reiniert
changed the title
All PKEY methods implementing signing or secure hashing should check the siglen parameter and fail if its value is too small
All PKEY methods implementing signing or secure hashing should fail if the value for siglen is too small
Aug 7, 2020
The documentation for
EVP_DigestSignFinal()
mentions the following precondition:If
sig
is notNULL
then before the call thesiglen
parameter should contain the length of thesig
buffer.This implies that the
siglen
parameter actually has some significance and is being checked to be sufficiently large by the function(s) that fill(s) thesig
buffer. The expectation is that the function fails if that check fails. Indeed, this mechanism can be observed here:openssl/crypto/ec/ec_pmeth.c
Line 118 in e2e09d9
However, most
PKEY
sign(-like) methods do not seem to include such a check. For example seeopenssl/crypto/hmac/hm_pmeth.c
Line 127 in 894da2f
The text was updated successfully, but these errors were encountered: