M_check_autoarg: sanity check the key

For now, checking that the size is non-zero will suffice. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2120)

M_check_autoarg: sanity check the key
For now, checking that the size is non-zero will suffice. Reviewed-by: N Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/2120)
d7c8f142 · Richard Levitte · 992155d0 · d7c8f142 · d7c8f142 · d7c8f142
隐藏空白更改
内联并排

Showing with 13 addition and 5 deletion

crypto/evp/evp_err.c crypto/evp/evp_err.c +5 -3

crypto/evp/pmeth_fn.c crypto/evp/pmeth_fn.c +6 -1

include/openssl/evp.h include/openssl/evp.h +2 -1

未找到文件。
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -120,6 +120,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
    {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
    {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
    {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
    {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
    {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
    {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
@@ -135,7 +136,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
    {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
     "operation not supported for this keytype"},
    {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
-    {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"},
+    {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
+     "partially overlapping buffers"},
    {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
    {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
    {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
@@ -143,14 +145,14 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
    {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
    {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
    {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
-     "unsupported number of rounds"},
    {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
    {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
    {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"},
    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
     "unsupported key derivation function"},
    {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
+     "unsupported number of rounds"},
    {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
    {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
     "unsupported private key algorithm"},

--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -18,7 +18,12 @@
        if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
                { \
                size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
-                if (!arg) \
+                if (pksize == 0) \
+                        { \
+                        EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\
+                        return 0; \
+                        } \
+                else if (!arg)                 \
                        { \
                        *arglen = pksize; \
                        return 1; \

--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1546,6 +1546,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_INPUT_NOT_INITIALIZED                      111
 # define EVP_R_INVALID_DIGEST                             152
 # define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_KEY                                163
 # define EVP_R_INVALID_KEY_LENGTH                         130
 # define EVP_R_INVALID_OPERATION                          148
 # define EVP_R_KEYGEN_FAILURE                             120
@@ -1568,12 +1569,12 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
-# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
 # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
 # define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
 # define EVP_R_UNSUPPORTED_PRF                            125
 # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
 # define EVP_R_UNSUPPORTED_SALT_TYPE                      126