mirror of
https://github.com/openssl/openssl.git
synced 2024-11-27 05:21:51 +08:00
APPS/pkeyutl: strengthen error message on too long sign/verify input
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22910)
This commit is contained in:
parent
50c0241de2
commit
1ee906143c
@ -490,13 +490,15 @@ int pkeyutl_main(int argc, char **argv)
|
||||
|
||||
/* Sanity check the input if the input is not raw */
|
||||
if (!rawin
|
||||
&& buf_inlen > EVP_MAX_MD_SIZE
|
||||
&& (pkey_op == EVP_PKEY_OP_SIGN
|
||||
|| pkey_op == EVP_PKEY_OP_VERIFY)) {
|
||||
&& (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY
|
||||
|| pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
|
||||
if (buf_inlen > EVP_MAX_MD_SIZE) {
|
||||
BIO_printf(bio_err,
|
||||
"Error: The input data looks too long to be a hash\n");
|
||||
"Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
|
||||
buf_inlen, EVP_MAX_MD_SIZE);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (pkey_op == EVP_PKEY_OP_VERIFY) {
|
||||
if (rawin) {
|
||||
|
Loading…
Reference in New Issue
Block a user