[openssl-commits] [openssl] OpenSSL_1_1_0-stable update

Richard Levitte levitte at openssl.org
Tue Dec 20 18:02:27 UTC 2016 

The branch OpenSSL_1_1_0-stable has been updated
       via  22e9f9211de80d7edcb1bd3b86eef7611718ab5c (commit)
      from  f7a2da1d584bed2e05774f92d69fee39ce3edda2 (commit)


- Log -----------------------------------------------------------------
commit 22e9f9211de80d7edcb1bd3b86eef7611718ab5c
Author: Richard Levitte <levitte at openssl.org>
Date:   Tue Dec 20 12:56:14 2016 +0100

    M_check_autoarg: sanity check the key
    
    For now, checking that the size is non-zero will suffice.
    
    Reviewed-by: Rich Salz <rsalz at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/2120)
    (cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_err.c  | 8 +++++---
 crypto/evp/pmeth_fn.c | 7 ++++++-
 include/openssl/evp.h | 3 ++-
 3 files changed, 13 insertions(+), 5 deletions(-)

diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index d2e43fe..7fcbdcd 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -120,6 +120,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
     {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
     {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
     {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
     {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
     {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
@@ -135,7 +136,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
      "operation not supported for this keytype"},
     {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
-    {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"},
+    {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
+     "partially overlapping buffers"},
     {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
     {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
     {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
@@ -143,14 +145,14 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
     {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
     {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
-     "unsupported number of rounds"},
     {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
     {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
     {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"},
     {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
      "unsupported key derivation function"},
     {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
+     "unsupported number of rounds"},
     {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
     {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
      "unsupported private key algorithm"},
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index 8ff50da..e9b20a6 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -18,7 +18,12 @@
         if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
                 { \
                 size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
-                if (!arg) \
+                if (pksize == 0) \
+                        { \
+                        EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\
+                        return 0; \
+                        } \
+                else if (!arg)                 \
                         { \
                         *arglen = pksize; \
                         return 1; \
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index b9c83b2..8216a8f 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1546,6 +1546,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_INPUT_NOT_INITIALIZED                      111
 # define EVP_R_INVALID_DIGEST                             152
 # define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_KEY                                163
 # define EVP_R_INVALID_KEY_LENGTH                         130
 # define EVP_R_INVALID_OPERATION                          148
 # define EVP_R_KEYGEN_FAILURE                             120
@@ -1568,12 +1569,12 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
-# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
 # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
 # define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
 # define EVP_R_UNSUPPORTED_PRF                            125
 # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
 # define EVP_R_UNSUPPORTED_SALT_TYPE                      126

More information about the openssl-commits mailing list