From: Richard Levitte Date: Tue, 20 Dec 2016 11:56:14 +0000 (+0100) Subject: M_check_autoarg: sanity check the key X-Git-Tag: OpenSSL_1_1_1-pre1~2827 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=d7c8f142ea5953bf260b70a58739c1c9b0f038eb;p=oweals%2Fopenssl.git M_check_autoarg: sanity check the key For now, checking that the size is non-zero will suffice. Reviewed-by: Rich Salz (Merged from https://github.com/openssl/openssl/pull/2120) --- diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index d2e43fefb1..7fcbdcded5 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -120,6 +120,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"}, {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"}, {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"}, + {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"}, {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"}, {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"}, @@ -135,7 +136,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE), "operation not supported for this keytype"}, {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"}, - {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, + {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), + "partially overlapping buffers"}, {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"}, {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"}, {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"}, @@ -143,14 +145,14 @@ static ERR_STRING_DATA EVP_str_reasons[] = { {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"}, {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, - {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), - "unsupported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION), "unsupported key derivation function"}, {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"}, + {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS), + "unsupported number of rounds"}, {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"}, {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM), "unsupported private key algorithm"}, diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c index 8ff50da33a..e9b20a6088 100644 --- a/crypto/evp/pmeth_fn.c +++ b/crypto/evp/pmeth_fn.c @@ -18,7 +18,12 @@ if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \ { \ size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \ - if (!arg) \ + if (pksize == 0) \ + { \ + EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\ + return 0; \ + } \ + else if (!arg) \ { \ *arglen = pksize; \ return 1; \ diff --git a/include/openssl/evp.h b/include/openssl/evp.h index b9c83b2b52..8216a8f2c4 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h @@ -1546,6 +1546,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_INPUT_NOT_INITIALIZED 111 # define EVP_R_INVALID_DIGEST 152 # define EVP_R_INVALID_FIPS_MODE 168 +# define EVP_R_INVALID_KEY 163 # define EVP_R_INVALID_KEY_LENGTH 130 # define EVP_R_INVALID_OPERATION 148 # define EVP_R_KEYGEN_FAILURE 120 @@ -1568,12 +1569,12 @@ int ERR_load_EVP_strings(void); # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_OPTION 169 # define EVP_R_UNKNOWN_PBE_ALGORITHM 121 -# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 # define EVP_R_UNSUPPORTED_ALGORITHM 156 # define EVP_R_UNSUPPORTED_CIPHER 107 # define EVP_R_UNSUPPORTED_KEYLENGTH 123 # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION 124 # define EVP_R_UNSUPPORTED_KEY_SIZE 108 +# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS 135 # define EVP_R_UNSUPPORTED_PRF 125 # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM 118 # define EVP_R_UNSUPPORTED_SALT_TYPE 126