Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

signature/rsa_sig.c: Add checks for the EVP_MD_get_size() #23949

Closed
wants to merge 1 commit into from
Closed

signature/rsa_sig.c: Add checks for the EVP_MD_get_size() #23949

wants to merge 1 commit into from

Conversation

JiangJias
Copy link
Contributor

Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 6f4b766 ("PROV: add RSA signature implementation")

Checklist
  • documentation is added or updated
  • tests are added or updated

@JiangJias
signature/rsa_sig.c: Add checks for the EVP_MD_get_size()
9c76a8f 
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 6f4b766 ("PROV: add RSA signature implementation")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>
@github-actions github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Mar 22, 2024
@t8m t8m added branch: master Merge to master branch approval: review pending This pull request needs review by a committer triaged: refactor The issue/pr requests/implements refactoring tests: exempted The PR is exempt from requirements for testing labels Mar 25, 2024
@tmshort tmshort added approval: done This pull request has the required number of approvals and removed approval: review pending This pull request needs review by a committer labels Mar 26, 2024
@openssl-machine openssl-machine added approval: ready to merge The 24 hour grace period has passed, ready to merge and removed approval: done This pull request has the required number of approvals labels Mar 27, 2024
@openssl-machine
Copy link
Collaborator

This pull request is ready to merge

@nhorman
Copy link
Contributor

nhorman commented Apr 1, 2024

merged, thank you for your contribution

rhuijben pushed a commit to rhuijben/openssl that referenced this pull request Apr 1, 2024
@JiangJias @nhorman
signature/rsa_sig.c: Add checks for the EVP_MD_get_size()
6c0f154 
Add checks for the EVP_MD_get_size() to avoid integer overflow and then explicitly cast from int to size_t.

Fixes: 6f4b766 ("PROV: add RSA signature implementation")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from openssl/openssl#23949)
@nhorman
Copy link
Contributor

nhorman commented Apr 1, 2024

merged, thank you for your contribution

@nhorman nhorman closed this Apr 1, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t8m t8m t8m approved these changes

@tmshort tmshort tmshort approved these changes

Assignees
No one assigned
Labels
approval: ready to merge The 24 hour grace period has passed, ready to merge branch: master Merge to master branch severity: fips change The pull request changes FIPS provider sources tests: exempted The PR is exempt from requirements for testing triaged: refactor The issue/pr requests/implements refactoring
Projects
Project Board
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@JiangJias @openssl-machine @nhorman @t8m @tmshort