From 222333cf01e2fec4a20c107ac9e820694611a4db Mon Sep 17 00:00:00 2001 From: Richard Levitte Date: Tue, 20 Dec 2016 12:56:14 +0100 Subject: M_check_autoarg: sanity check the key For now, checking that the size is non-zero will suffice. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2120) (cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb) --- crypto/evp/evp.h | 6 ++++-- crypto/evp/evp_err.c | 3 ++- crypto/evp/pmeth_fn.c | 7 ++++++- 3 files changed, 12 insertions(+), 4 deletions(-) (limited to 'crypto') diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 39ab7937d2..d258ef870a 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -1370,6 +1370,7 @@ void EVP_add_alg_module(void); * The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. */ + void ERR_load_EVP_strings(void); /* Error codes for the EVP functions. */ @@ -1489,6 +1490,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_INPUT_NOT_INITIALIZED 111 # define EVP_R_INVALID_DIGEST 152 # define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_KEY 171 # define EVP_R_INVALID_KEY_LENGTH 130 # define EVP_R_INVALID_OPERATION 148 # define EVP_R_IV_TOO_LARGE 102 @@ -1528,7 +1530,7 @@ void ERR_load_EVP_strings(void); # define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109 # define EVP_R_WRONG_PUBLIC_KEY_TYPE 110 -#ifdef __cplusplus +# ifdef __cplusplus } -#endif +# endif #endif diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 15cf5532b3..bcd841eb77 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -192,6 +192,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, {ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"}, diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index a8b7f2f6d5..e11ad3d265 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -68,7 +68,12 @@ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ { \ size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ - if (!arg) \ + if (pksize == 0) \ + { \ + EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\ + return 0; \ + } \ + else if (!arg) \ { \ *arglen = pksize; \ return 1; \ -- cgit v1.2.3