[openssl-commits] [openssl] OpenSSL_1_0_2-stable update
Richard Levitte
levitte at openssl.org
Tue Dec 20 22:03:55 UTC 2016
The branch OpenSSL_1_0_2-stable has been updated
via 222333cf01e2fec4a20c107ac9e820694611a4db (commit)
from 3fb9f875e7d6295129782837db5d4a21940d2efa (commit)
- Log -----------------------------------------------------------------
commit 222333cf01e2fec4a20c107ac9e820694611a4db
Author: Richard Levitte <levitte at openssl.org>
Date: Tue Dec 20 12:56:14 2016 +0100
M_check_autoarg: sanity check the key
For now, checking that the size is non-zero will suffice.
Reviewed-by: Rich Salz <rsalz at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)
(cherry picked from commit d7c8f142ea5953bf260b70a58739c1c9b0f038eb)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp.h | 6 ++++--
crypto/evp/evp_err.c | 3 ++-
crypto/evp/pmeth_fn.c | 7 ++++++-
3 files changed, 12 insertions(+), 4 deletions(-)
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h
index 39ab793..d258ef8 100644
--- a/crypto/evp/evp.h
+++ b/crypto/evp/evp.h
@@ -1370,6 +1370,7 @@ void EVP_add_alg_module(void);
* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
*/
+
void ERR_load_EVP_strings(void);
/* Error codes for the EVP functions. */
@@ -1489,6 +1490,7 @@ void ERR_load_EVP_strings(void);
# define EVP_R_INPUT_NOT_INITIALIZED 111
# define EVP_R_INVALID_DIGEST 152
# define EVP_R_INVALID_FIPS_MODE 168
+# define EVP_R_INVALID_KEY 171
# define EVP_R_INVALID_KEY_LENGTH 130
# define EVP_R_INVALID_OPERATION 148
# define EVP_R_IV_TOO_LARGE 102
@@ -1528,7 +1530,7 @@ void ERR_load_EVP_strings(void);
# define EVP_R_WRONG_FINAL_BLOCK_LENGTH 109
# define EVP_R_WRONG_PUBLIC_KEY_TYPE 110
-#ifdef __cplusplus
+# ifdef __cplusplus
}
-#endif
+# endif
#endif
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 15cf553..bcd841e 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -1,6 +1,6 @@
/* crypto/evp/evp_err.c */
/* ====================================================================
- * Copyright (c) 1999-2013 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -192,6 +192,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
{ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
{ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+ {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
{ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
{ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
{ERR_REASON(EVP_R_IV_TOO_LARGE), "iv too large"},
diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index a8b7f2f..e11ad3d 100644
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -68,7 +68,12 @@
if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
{ \
size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
- if (!arg) \
+ if (pksize == 0) \
+ { \
+ EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\
+ return 0; \
+ } \
+ else if (!arg) \
{ \
*arglen = pksize; \
return 1; \
More information about the openssl-commits
mailing list