[openssl] master update

Matt Caswell matt at openssl.org
Tue Apr 23 09:53:35 UTC 2019 

The branch master has been updated
       via  33b40a1027bfa6c400f24938093e80579c37586c (commit)
       via  361ecb1d1a4d6d113a6a9cedcc272d3b09c485bd (commit)
      from  a5cf198bad4c49c2850e16c34d929c28a37afcc3 (commit)


- Log -----------------------------------------------------------------
commit 33b40a1027bfa6c400f24938093e80579c37586c
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 19 16:48:09 2019 +0100

    If key or iv is NULL set the respective length to 0
    
    [extended tests]
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/8794)

commit 361ecb1d1a4d6d113a6a9cedcc272d3b09c485bd
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Apr 19 16:21:10 2019 +0100

    Fix EVP_CIPHER_CTX_rand_key()
    
    Make sure we use the the correct key length in EVP_CIPHER_CTX_rand_key().
    Now that ciphers may come from providers we need to make sure we ask the
    provider for the value if appropriate.
    
    Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
    (Merged from https://github.com/openssl/openssl/pull/8794)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/evp_enc.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index 4426a81..676eaab 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -243,9 +243,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 
         return ctx->cipher->einit(ctx->provctx,
                                   key,
-                                  EVP_CIPHER_CTX_key_length(ctx),
+                                  key == NULL ? 0
+                                              : EVP_CIPHER_CTX_key_length(ctx),
                                   iv,
-                                  EVP_CIPHER_CTX_iv_length(ctx));
+                                  iv == NULL ? 0
+                                             : EVP_CIPHER_CTX_iv_length(ctx));
     }
 
     if (ctx->cipher->dinit == NULL) {
@@ -255,9 +257,11 @@ int EVP_CipherInit_ex(EVP_CIPHER_CTX *ctx, const EVP_CIPHER *cipher,
 
     return ctx->cipher->dinit(ctx->provctx,
                               key,
-                              EVP_CIPHER_CTX_key_length(ctx),
+                              key == NULL ? 0
+                                          : EVP_CIPHER_CTX_key_length(ctx),
                               iv,
-                              EVP_CIPHER_CTX_iv_length(ctx));
+                              iv == NULL ? 0
+                                         : EVP_CIPHER_CTX_iv_length(ctx));
 
     /* TODO(3.0): Remove legacy code below */
  legacy:
@@ -947,7 +951,7 @@ int EVP_CIPHER_CTX_rand_key(EVP_CIPHER_CTX *ctx, unsigned char *key)
 {
     if (ctx->cipher->flags & EVP_CIPH_RAND_KEY)
         return EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_RAND_KEY, 0, key);
-    if (RAND_priv_bytes(key, ctx->key_len) <= 0)
+    if (RAND_priv_bytes(key, EVP_CIPHER_CTX_key_length(ctx)) <= 0)
         return 0;
     return 1;
 }

More information about the openssl-commits mailing list