diff options
author | Richard Levitte <levitte@openssl.org> | 2016-12-20 12:56:14 +0100 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2016-12-20 19:02:20 +0100 |
commit | 22e9f9211de80d7edcb1bd3b86eef7611718ab5c (patch) | |
tree | edcb250fdc9fcfa1d9b646f238263e003dd2fba3 /crypto/evp | |
parent | f7a2da1d584bed2e05774f92d69fee39ce3edda2 (diff) |
M_check_autoarg: sanity check the key
For now, checking that the size is non-zero will suffice.
Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)
(cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb)
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/evp_err.c | 8 | ||||
-rw-r--r-- | crypto/evp/pmeth_fn.c | 7 |
2 files changed, 11 insertions, 4 deletions
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index d2e43fefb1..7fcbdcded5 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -120,6 +120,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, @@ -135,7 +136,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, - {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, + {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), + "partially overlapping buffers"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -143,14 +145,14 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), - "unsupported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), "unsupported key derivation function"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"}, + {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), + "unsupported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), "unsupported private key algorithm"}, diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index 8ff50da33a..e9b20a6088 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -18,7 +18,12 @@ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ { \ size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ - if (!arg) \ + if (pksize == 0) \ + { \ + EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\ + return 0; \ + } \ + else if (!arg) \ { \ *arglen = pksize; \ return 1; \ |