diff options
| author | Richard Levitte <levitte@openssl.org> | 2016-12-20 12:56:14 +0100 |
|---|---|---|
| committer | Richard Levitte <levitte@openssl.org> | 2016-12-20 23:03:45 +0100 |
| commit | 222333cf01e2fec4a20c107ac9e820694611a4db (patch) | |
| tree | 23d655f1dbd6d7297752c0a07ef26c7ee7a30c1f | |
| parent | 3fb9f875e7d6295129782837db5d4a21940d2efa (diff) | |
| download | openssl-new-222333cf01e2fec4a20c107ac9e820694611a4db.tar.gz | |
M_check_autoarg: sanity check the key
For now, checking that the size is non-zero will suffice.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)
(cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb)
| -rw-r--r-- | crypto/evp/evp.h | 6 | ||||
| -rw-r--r-- | crypto/evp/evp_err.c | 3 | ||||
| -rw-r--r-- | crypto/evp/pmeth_fn.c | 7 |
3 files changed, 12 insertions, 4 deletions
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 39ab7937d2..d258ef870a 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -1370,6 +1370,7 @@ void EVP_add_alg_module(void); * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ + void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ @@ -1489,6 +1490,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_INPUT_NOT_INITIALIZED 111 # define EVP_R_INVALID_DIGEST 152 # define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_KEY 171 # define EVP_R_INVALID_KEY_LENGTH 130 # define EVP_R_INVALID_OPERATION 148 # define EVP_R_IV_TOO_LARGE 102 @@ -1528,7 +1530,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 # define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 15cf5532b3..bcd841eb77 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -192,6 +192,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index a8b7f2f6d5..e11ad3d265 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -68,7 +68,12 @@ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ { \ size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ - if (!arg) \ + if (pksize == 0) \ + { \ + EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\ + return 0; \ + } \ + else if (!arg) \ { \ *arglen = pksize; \ return 1; \ |