Skip to content

Commit

Permalink
APPS/pkeyutl: strengthen error message on too long sign/verify input
Browse files Browse the repository at this point in the history
  • Loading branch information
DDvO committed Oct 30, 2024
1 parent 0aaafad commit e9f6206
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions apps/pkeyutl.c
Original file line number Diff line number Diff line change
Expand Up @@ -490,12 +490,14 @@ int pkeyutl_main(int argc, char **argv)

/* Sanity check the input if the input is not raw */
if (!rawin
&& buf_inlen > EVP_MAX_MD_SIZE
&& (pkey_op == EVP_PKEY_OP_SIGN
|| pkey_op == EVP_PKEY_OP_VERIFY)) {
BIO_printf(bio_err,
"Error: The input data looks too long to be a hash\n");
goto end;
&& (pkey_op == EVP_PKEY_OP_SIGN || pkey_op == EVP_PKEY_OP_VERIFY
|| pkey_op == EVP_PKEY_OP_VERIFYRECOVER)) {
if (buf_inlen > EVP_MAX_MD_SIZE) {
BIO_printf(bio_err,
"Error: The non-raw input data length %d is too long - max supported hashed size is %d\n",
buf_inlen, EVP_MAX_MD_SIZE);
goto end;
}
}

if (pkey_op == EVP_PKEY_OP_VERIFY) {
Expand Down

0 comments on commit e9f6206

Please sign in to comment.