crypto/slh_dsa/slh_hash.c: Add check for EVP_MD_get_size() by JiangJias · Pull Request #27900 · openssl/openssl · GitHub | Latest TMZ Celebrity News & Gossip | Watch TMZ Live
Skip to content

crypto/slh_dsa/slh_hash.c: Add check for EVP_MD_get_size() #27900

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

crypto/slh_dsa/slh_hash.c: Add check for EVP_MD_get_size() #27900

wants to merge 1 commit into from
+3 −0

Conversation

JiangJias
Copy link
Contributor

Add the check for the return value of EVP_MD_get_size() to avoid invalid size.

Fixes: 2f9e152 ("Add SLH_DSA signature verification.")

Checklist
  • documentation is added or updated
  • tests are added or updated

crypto/slh_dsa/slh_hash.c: Add check for EVP_MD_get_size()
7ae597b 
Add the check for the return value of EVP_MD_get_size() to avoid invalid size.

Fixes: 2f9e152 ("Add SLH_DSA signature verification.")
Signed-off-by: Jiasheng Jiang <jiashengjiangcool@gmail.com>
@github-actions github-actions bot added the severity: fips change The pull request changes FIPS provider sources label Jun 26, 2025
@paulidale paulidale added branch: master Merge to master branch approval: review pending This pull request needs review by a committer triaged: bug The issue/pr is/fixes a bug tests: exempted The PR is exempt from requirements for testing branch: 3.5 Merge to openssl-3.5 labels Jun 26, 2025
slontis
slontis reviewed Jun 26, 2025
View reviewed changes
crypto/slh_dsa/slh_hash.c
@@ -158,6 +158,9 @@ slh_hmsg_sha2(SLH_DSA_HASH_CTX *hctx, const uint8_t *r, const uint8_t *pk_seed,
int sz = EVP_MD_get_size(hctx->key->md_big);
size_t seed_len = (size_t)sz + 2 * n;

if (sz <= 0)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The only possible values for the digest here are "SHA2-256" or "SHA2-512".. i.e. the NULL case would error.. So this seems unlikely.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, the current logic only allows "SHA2-256" and "SHA2-512", so a NULL shouldn't occur. But the check is mostly for robustness — just in case future changes introduce new callers that might pass an unexpected digest. It’s a small safeguard to make the function more resilient.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slontis slontis slontis left review comments

@paulidale paulidale paulidale approved these changes

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
approval: review pending This pull request needs review by a committer branch: master Merge to master branch branch: 3.5 Merge to openssl-3.5 severity: fips change The pull request changes FIPS provider sources tests: exempted The PR is exempt from requirements for testing triaged: bug The issue/pr is/fixes a bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JiangJias @paulidale @slontis

TMZ Celebrity News – Breaking Stories, Videos & Gossip

Looking for the latest TMZ celebrity news? You've come to the right place. From shocking Hollywood scandals to exclusive videos, TMZ delivers it all in real time.

Whether it’s a red carpet slip-up, a viral paparazzi moment, or a legal drama involving your favorite stars, TMZ news is always first to break the story. Stay in the loop with daily updates, insider tips, and jaw-dropping photos.

🎥 Watch TMZ Live

TMZ Live brings you daily celebrity news and interviews straight from the TMZ newsroom. Don’t miss a beat—watch now and see what’s trending in Hollywood.