EVP_PKEY_get_{bits,security_bits,size}(): add missing error queue entry on failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22459)

3 files changed, 23 insertions, 4 deletions

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 1211b500c3..fc30a2205a 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -781,11 +781,14 @@ EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE:215:unable to get maximum request size
 EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH:216:unable to get random strength
 EVP_R_UNABLE_TO_LOCK_CONTEXT:211:unable to lock context
 EVP_R_UNABLE_TO_SET_CALLBACKS:217:unable to set callbacks
+EVP_R_UNKNOWN_BITS:166:unknown bits
 EVP_R_UNKNOWN_CIPHER:160:unknown cipher
 EVP_R_UNKNOWN_DIGEST:161:unknown digest
 EVP_R_UNKNOWN_KEY_TYPE:207:unknown key type
+EVP_R_UNKNOWN_MAX_SIZE:167:unknown max size
 EVP_R_UNKNOWN_OPTION:169:unknown option
 EVP_R_UNKNOWN_PBE_ALGORITHM:121:unknown pbe algorithm
+EVP_R_UNKNOWN_SECURITY_BITS:168:unknown security bits
 EVP_R_UNSUPPORTED_ALGORITHM:156:unsupported algorithm
 EVP_R_UNSUPPORTED_CIPHER:107:unsupported cipher
 EVP_R_UNSUPPORTED_KEYLENGTH:123:unsupported keylength
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index c0d9232103..42dd7e4009 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -160,12 +160,16 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
     "unable to lock context"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_SET_CALLBACKS),
     "unable to set callbacks"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_BITS), "unknown bits"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_KEY_TYPE), "unknown key type"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_MAX_SIZE), "unknown max size"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM),
     "unknown pbe algorithm"},
+    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_SECURITY_BITS),
+    "unknown security bits"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM),
     "unsupported algorithm"},
     {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index eb937d52ca..06a127a820 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -68,7 +68,11 @@ int EVP_PKEY_get_bits(const EVP_PKEY *pkey)
         if (pkey->ameth != NULL && pkey->ameth->pkey_bits != NULL)
             size = pkey->ameth->pkey_bits(pkey);
     }
-    return size < 0 ? 0 : size;
+    if (size <= 0) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_BITS);
+        return 0;
+    }
+    return size;
 }
 
 int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey)
@@ -80,7 +84,11 @@ int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey)
         if (pkey->ameth != NULL && pkey->ameth->pkey_security_bits != NULL)
             size = pkey->ameth->pkey_security_bits(pkey);
     }
-    return size < 0 ? 0 : size;
+    if (size <= 0) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_SECURITY_BITS);
+        return 0;
+    }
+    return size;
 }
 
 int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode)
@@ -1812,7 +1820,11 @@ int EVP_PKEY_get_size(const EVP_PKEY *pkey)
             size = pkey->ameth->pkey_size(pkey);
 #endif
     }
-    return size < 0 ? 0 : size;
+    if (size <= 0) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_MAX_SIZE);
+        return 0;
+    }
+    return size;
 }
 
 const char *EVP_PKEY_get0_description(const EVP_PKEY *pkey)