git.librecmc.org Git - oweals/openssl.git/commit

author	Matt Caswell <matt@openssl.org>
	Thu, 14 Nov 2019 16:05:19 +0000 (16:05 +0000)
committer	Matt Caswell <matt@openssl.org>
	Tue, 19 Nov 2019 13:33:54 +0000 (13:33 +0000)
commit	d23adad1133c5445cd834cab0e598d7817effc6b
tree	dc8c9bc7b108d453097a85898541d1bcc225df0c	tree \| snapshot
parent	dbca036435e210348e73d43a8dad14f0de6a9a18	commit \| diff

EVP_CIPHER_CTX_set_keylen should not succeed if a bad keylen is passed

EVP_CIPHER_CTX_set_keylen() was succeeding even though a bad key length
is passed to it. This is because the set_ctx_params() were all accepting
this parameter and blindly changing the keylen even though the cipher did
not accept a variable key length. Even removing this didn't entirely
resolve the issue because set_ctx_params() functions succeed even if
passed a parameter they do not recognise.

This should fix various issues found by OSSfuzz/Cryptofuzz.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/10449)

crypto/evp/evp_enc.c		diff \| blob \| history
providers/common/ciphers/cipher_common.c		diff \| blob \| history
providers/common/ciphers/cipher_gcm.c		diff \| blob \| history
providers/common/include/prov/ciphercommon.h		diff \| blob \| history
providers/implementations/ciphers/cipher_blowfish.c		diff \| blob \| history
providers/implementations/ciphers/cipher_cast5.c		diff \| blob \| history
providers/implementations/ciphers/cipher_rc2.c		diff \| blob \| history
providers/implementations/ciphers/cipher_rc4.c		diff \| blob \| history
providers/implementations/ciphers/cipher_rc5.c		diff \| blob \| history