EVP_PKEY_new_raw_private_key: Allow zero length keys

Allocate at least one byte to distinguish a zero length key from an unset key. Fixes #15632 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15643)
author: Tomas Mraz <tomas@openssl.org> 2021-06-07 11:54:04 +0200
committer: Pauli <pauli@openssl.org> 2021-06-08 22:01:34 +1000
commit: 92b835376a81ed310c9b365094ba670bc231f64c (patch)
tree: 7080552657604486248bab5e655675f3d2c8d37b /providers/implementations/keymgmt
parent: 907720f0644bf6b7ad4fa94f03ac29402ae597ab (diff)
1 files changed, 2 insertions, 1 deletions
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index 3b378d38ff..e1e2609dfa 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -190,7 +190,8 @@ static int mac_key_fromdata(MAC_KEY *key, const OSSL_PARAM params[])
             return 0;
         }
         OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len);
-        key->priv_key = OPENSSL_secure_malloc(p->data_size);
+        /* allocate at least one byte to distinguish empty key from no key set */
+        key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1);
         if (key->priv_key == NULL) {
             ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
             return 0;
author	Tomas Mraz <tomas@openssl.org>	2021-06-07 11:54:04 +0200
committer	Pauli <pauli@openssl.org>	2021-06-08 22:01:34 +1000
commit	92b835376a81ed310c9b365094ba670bc231f64c (patch)
tree	7080552657604486248bab5e655675f3d2c8d37b /providers/implementations/keymgmt
parent	907720f0644bf6b7ad4fa94f03ac29402ae597ab (diff)