Commit 222333cf authored by Richard Levitte's avatar Richard Levitte
Browse files

M_check_autoarg: sanity check the key 



For now, checking that the size is non-zero will suffice.

Reviewed-by: default avatarRich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)
(cherry picked from commit d7c8f142)
parent 3fb9f875

crypto/evp/evp.h

+4 −2
Original line number Diff line number Diff line
@@ -1370,6 +1370,7 @@ void EVP_add_alg_module(void); 
 * The following lines are auto generated by the script mkerr.pl. Any changes

 * made after this point may be overwritten when the script is next run.

 */



void ERR_load_EVP_strings(void);



/* Error codes for the EVP functions. */
@@ -1489,6 +1490,7 @@ void ERR_load_EVP_strings(void); 
# define EVP_R_INPUT_NOT_INITIALIZED                      111

# define EVP_R_INVALID_DIGEST                             152

# define EVP_R_INVALID_FIPS_MODE                          168

# define EVP_R_INVALID_KEY                                171

# define EVP_R_INVALID_KEY_LENGTH                         130

# define EVP_R_INVALID_OPERATION                          148

# define EVP_R_IV_TOO_LARGE                               102

crypto/evp/evp_err.c

+2 −1
Original line number Diff line number Diff line 
/* crypto/evp/evp_err.c */

/* ====================================================================

 * Copyright (c) 1999-2013 The OpenSSL Project.  All rights reserved.

 * Copyright (c) 1999-2016 The OpenSSL Project.  All rights reserved.

 *

 * Redistribution and use in source and binary forms, with or without

 * modification, are permitted provided that the following conditions
@@ -192,6 +192,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { 
    {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},

    {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},

    {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},

    {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},

    {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},

    {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},

    {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},

crypto/evp/pmeth_fn.c

+6 −1
Original line number Diff line number Diff line
@@ -68,7 +68,12 @@ 
        if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \

                { \

                size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \

                if (!arg) \

                if (pksize == 0) \

                        { \

                        EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\

                        return 0; \

                        } \

                else if (!arg)                 \

                        { \

                        *arglen = pksize; \

                        return 1; \