Commit ef9ac2f9 authored Mar 22, 2024 by Jiasheng Jiang Committed by Neil Horman Apr 01, 2024

test/bad_dtls_test.c: Add checks for the EVP_MD_CTX_get_size()



Add the check for the EVP_MD_CTX_get_size() to avoid integer overflow when it is implicitly casted from int to size_t in evp_pkey_ctx_store_cached_data().
The call path is do_PRF() -> EVP_PKEY_CTX_add1_tls1_prf_seed() -> evp_pkey_ctx_set1_octet_string() -> EVP_PKEY_CTX_ctrl() -> evp_pkey_ctx_store_cached_data().

Fixes: 16938284 ("Add basic test for Cisco DTLS1_BAD_VER and record replay handling")
Signed-off-by: Jiasheng Jiang <jiasheng@purdue.edu>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23952)

parent 99fe4c10

Hide whitespace changes

Inline Side-by-side

mirror @mirror
mentioned in commit 09ae1c9f
· Sep 06, 2024

mentioned in commit 09ae1c9f

mentioned in commit 09ae1c9f5acdaaf2fe893d513b1e98dbff489c50

Toggle commit list
mirror @mirror
mentioned in commit 8af5dfb2
· Sep 06, 2024

mentioned in commit 8af5dfb2

mentioned in commit 8af5dfb254ada55571bd7d6246af6ba008e8472c

Toggle commit list

Please register or to comment