[openssl] master update

Matt Caswell matt at openssl.org
Fri Oct 22 07:53:29 UTC 2021


The branch master has been updated
       via  7cce994d3e57345ba729388b9321d9bf8b661b4f (commit)
       via  1b327433e52c8acd6db0a69bc772d4bd1800a109 (commit)
       via  cff7d58eb4c8e0ef43e2fd0b12bc067bd3540e2c (commit)
       via  61adb6cf950b65a7bfce9a8d78a7744dfae9f978 (commit)
       via  dc3f057ce1701d5fd77cc4fcc1d14afe3e3122a3 (commit)
       via  15ff7d7c2569a1aceaf6e85b61aee62422628fc9 (commit)
       via  7be8ba546267787c1b0df8a4fddaf9cb29944cbb (commit)
       via  b97f4dd73b4711eebf731ae0efa6e9b77c7f3304 (commit)
       via  43da9a14f0e73f42f28ae34219929b44df5d1a11 (commit)
      from  251e941283f554f0dc4b315e3a8fb82ef5b71982 (commit)


- Log -----------------------------------------------------------------
commit 7cce994d3e57345ba729388b9321d9bf8b661b4f
Author: Matt Caswell <matt at openssl.org>
Date:   Wed Oct 20 15:47:22 2021 +0100

    Update pyca-cryptography sub-module
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

commit 1b327433e52c8acd6db0a69bc772d4bd1800a109
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Oct 11 13:43:19 2021 +0100

    Fix acvp_test sig_gen
    
    Ensure we set the size of the signature buffer before we call
    EVP_DigestSign()
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

commit cff7d58eb4c8e0ef43e2fd0b12bc067bd3540e2c
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Oct 11 13:12:49 2021 +0100

    Fix test_CMAC_keygen
    
    Make sure we correctly pass through the size of the buffer to
    EVP_DigestSignFinal
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

commit 61adb6cf950b65a7bfce9a8d78a7744dfae9f978
Author: Matt Caswell <matt at openssl.org>
Date:   Mon Oct 11 12:08:29 2021 +0100

    Fix a bug in signature self tests in the FIPS module
    
    When calling EVP_PKEY_sign(), the size of the signature buffer must
    be passed in *siglen.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

commit dc3f057ce1701d5fd77cc4fcc1d14afe3e3122a3
Author: Matt Caswell <matt at openssl.org>
Date:   Fri Oct 8 14:43:17 2021 +0100

    Add an additional note to EVP_DigestSign() documentation
    
    Clarify what happens if it fails. Make it clear that you can pass a NULL
    "sig" buffer to get the "siglen".
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

commit 15ff7d7c2569a1aceaf6e85b61aee62422628fc9
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 7 14:15:47 2021 +0100

    Test short buffers
    
    Test that calling EVP_DigestSign(), EVP_DigestSignFinal(),
    EVP_PKEY_sign(), EVP_PKEY_get_raw_private_key(), or
    EVP_PKEY_get_raw_public_key() with a short output buffer results in a
    failure.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

commit 7be8ba546267787c1b0df8a4fddaf9cb29944cbb
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 7 14:14:52 2021 +0100

    Fix SSKDF to not claim a buffer size that is too small for the MAC
    
    We also check that our buffer is sufficiently sized for the MAC output
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

commit b97f4dd73b4711eebf731ae0efa6e9b77c7f3304
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 7 14:06:32 2021 +0100

    Enforce a size check in EVP_MAC_final()
    
    Make sure that the outsize for the buffer is large enough for the
    output from the MAC.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

commit 43da9a14f0e73f42f28ae34219929b44df5d1a11
Author: Matt Caswell <matt at openssl.org>
Date:   Thu Oct 7 11:33:17 2021 +0100

    Prevent an overflow if an application supplies a buffer that is too small
    
    If an application bug means that a buffer smaller than is necessary is
    passed to various functions then OpenSSL does not spot that the buffer
    is too small and fills it anyway. This PR prevents that.
    
    Since it requires an application bug to hit this problem, no CVE is
    allocated.
    
    Thanks to David Benjamin for reporting this issue.
    
    Reviewed-by: Tomas Mraz <tomas at openssl.org>
    (Merged from https://github.com/openssl/openssl/pull/16789)

-----------------------------------------------------------------------

Summary of changes:
 crypto/evp/m_sigver.c                  |   7 +-
 crypto/evp/mac_lib.c                   |   8 +-
 crypto/evp/p_lib.c                     |   6 +-
 crypto/evp/signature.c                 |   2 +-
 doc/man3/EVP_DigestSignInit.pod        |   6 +-
 providers/fips/self_test_kats.c        |   2 +-
 providers/implementations/kdfs/sskdf.c |   4 +-
 pyca-cryptography                      |   2 +-
 test/acvp_test.c                       |   1 +
 test/evp_extra_test.c                  | 159 +++++++++++++++++++++++++++------
 10 files changed, 160 insertions(+), 37 deletions(-)

diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c
index 806ef3224c..70669c3e6d 100644
--- a/crypto/evp/m_sigver.c
+++ b/crypto/evp/m_sigver.c
@@ -411,14 +411,14 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
     if (sigret == NULL || (ctx->flags & EVP_MD_CTX_FLAG_FINALISE) != 0)
         return pctx->op.sig.signature->digest_sign_final(pctx->op.sig.algctx,
                                                          sigret, siglen,
-                                                         SIZE_MAX);
+                                                         (sigret == NULL) ? 0 : *siglen);
     dctx = EVP_PKEY_CTX_dup(pctx);
     if (dctx == NULL)
         return 0;
 
     r = dctx->op.sig.signature->digest_sign_final(dctx->op.sig.algctx,
                                                   sigret, siglen,
-                                                  SIZE_MAX);
+                                                  (sigret == NULL) ? 0 : *siglen);
     EVP_PKEY_CTX_free(dctx);
     return r;
 
@@ -506,7 +506,8 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
             && pctx->op.sig.signature != NULL) {
         if (pctx->op.sig.signature->digest_sign != NULL)
             return pctx->op.sig.signature->digest_sign(pctx->op.sig.algctx,
-                                                       sigret, siglen, SIZE_MAX,
+                                                       sigret, siglen,
+                                                       sigret == NULL ? 0 : *siglen,
                                                        tbs, tbslen);
     } else {
         /* legacy */
diff --git a/crypto/evp/mac_lib.c b/crypto/evp/mac_lib.c
index 1a68c58919..24fdb35c8e 100644
--- a/crypto/evp/mac_lib.c
+++ b/crypto/evp/mac_lib.c
@@ -132,6 +132,7 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
     size_t l;
     int res;
     OSSL_PARAM params[2];
+    size_t macsize;
 
     if (ctx == NULL || ctx->meth == NULL) {
         ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_NULL_ALGORITHM);
@@ -142,14 +143,19 @@ static int evp_mac_final(EVP_MAC_CTX *ctx, int xof,
         return 0;
     }
 
+    macsize = EVP_MAC_CTX_get_mac_size(ctx);
     if (out == NULL) {
         if (outl == NULL) {
             ERR_raise(ERR_LIB_EVP, ERR_R_PASSED_NULL_PARAMETER);
             return 0;
         }
-        *outl = EVP_MAC_CTX_get_mac_size(ctx);
+        *outl = macsize;
         return 1;
     }
+    if (outsize < macsize) {
+        ERR_raise(ERR_LIB_EVP, EVP_R_BUFFER_TOO_SMALL);
+        return 0;
+    }
     if (xof) {
         params[0] = OSSL_PARAM_construct_int(OSSL_MAC_PARAM_XOF, &xof);
         params[1] = OSSL_PARAM_construct_end();
diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c
index aabd92d555..38e22f3b6c 100644
--- a/crypto/evp/p_lib.c
+++ b/crypto/evp/p_lib.c
@@ -529,12 +529,14 @@ static int get_raw_key_details(const OSSL_PARAM params[], void *arg)
         if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PRIV_KEY))
                 != NULL)
             return OSSL_PARAM_get_octet_string(p, (void **)raw_key->key,
-                                               SIZE_MAX, raw_key->len);
+                                               raw_key->key == NULL ? 0 : *raw_key->len,
+                                               raw_key->len);
     } else if (raw_key->selection == OSSL_KEYMGMT_SELECT_PUBLIC_KEY) {
         if ((p = OSSL_PARAM_locate_const(params, OSSL_PKEY_PARAM_PUB_KEY))
                 != NULL)
             return OSSL_PARAM_get_octet_string(p, (void **)raw_key->key,
-                                               SIZE_MAX, raw_key->len);
+                                               raw_key->key == NULL ? 0 : *raw_key->len,
+                                               raw_key->len);
     }
 
     return 0;
diff --git a/crypto/evp/signature.c b/crypto/evp/signature.c
index e3bfdd56a2..b636889c3b 100644
--- a/crypto/evp/signature.c
+++ b/crypto/evp/signature.c
@@ -582,7 +582,7 @@ int EVP_PKEY_sign(EVP_PKEY_CTX *ctx,
         goto legacy;
 
     ret = ctx->op.sig.signature->sign(ctx->op.sig.algctx, sig, siglen,
-                                      SIZE_MAX, tbs, tbslen);
+                                      (sig == NULL) ? 0 : *siglen, tbs, tbslen);
 
     return ret;
  legacy:
diff --git a/doc/man3/EVP_DigestSignInit.pod b/doc/man3/EVP_DigestSignInit.pod
index 8748014465..c8385949fb 100644
--- a/doc/man3/EVP_DigestSignInit.pod
+++ b/doc/man3/EVP_DigestSignInit.pod
@@ -130,7 +130,11 @@ written to I<siglen>.
 
 EVP_DigestSign() signs I<tbslen> bytes of data at I<tbs> and places the
 signature in I<sig> and its length in I<siglen> in a similar way to
-EVP_DigestSignFinal().
+EVP_DigestSignFinal(). In the event of a failure EVP_DigestSign() cannot be
+called again without reinitialising the EVP_MD_CTX. If I<sig> is NULL before the
+call then I<siglen> will be populated with the required size for the I<sig>
+buffer. If I<sig> is non-NULL before the call then I<siglen> should contain the
+length of the I<sig> buffer.
 
 =head1 RETURN VALUES
 
diff --git a/providers/fips/self_test_kats.c b/providers/fips/self_test_kats.c
index 81f7226ba1..94a0cf842c 100644
--- a/providers/fips/self_test_kats.c
+++ b/providers/fips/self_test_kats.c
@@ -446,7 +446,7 @@ static int self_test_sign(const ST_KAT_SIGN *t,
     EVP_PKEY *pkey = NULL;
     unsigned char sig[256];
     BN_CTX *bnctx = NULL;
-    size_t siglen = 0;
+    size_t siglen = sizeof(sig);
     static const unsigned char dgst[] = {
         0x7f, 0x83, 0xb1, 0x65, 0x7f, 0xf1, 0xfc, 0x53, 0xb9, 0x2d, 0xc1, 0x81,
         0x48, 0xa1, 0xd6, 0x5d, 0xfc, 0x2d, 0x4b, 0x1f, 0xa3, 0xd6, 0x77, 0x28,
diff --git a/providers/implementations/kdfs/sskdf.c b/providers/implementations/kdfs/sskdf.c
index 56ac1e6334..297ddcdc2d 100644
--- a/providers/implementations/kdfs/sskdf.c
+++ b/providers/implementations/kdfs/sskdf.c
@@ -239,7 +239,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
         goto end;
 
     out_len = EVP_MAC_CTX_get_mac_size(ctx_init); /* output size */
-    if (out_len <= 0)
+    if (out_len <= 0 || (mac == mac_buf && out_len > sizeof(mac_buf)))
         goto end;
     len = derived_key_len;
 
@@ -263,7 +263,7 @@ static int SSKDF_mac_kdm(EVP_MAC_CTX *ctx_init,
             if (len == 0)
                 break;
         } else {
-            if (!EVP_MAC_final(ctx, mac, NULL, len))
+            if (!EVP_MAC_final(ctx, mac, NULL, out_len))
                 goto end;
             memcpy(out, mac, len);
             break;
diff --git a/pyca-cryptography b/pyca-cryptography
index 0034926f2c..fa84d185c0 160000
--- a/pyca-cryptography
+++ b/pyca-cryptography
@@ -1 +1 @@
-Subproject commit 0034926f2cca02258f50e9faccb90ec344790159
+Subproject commit fa84d185c0fefa7d612759e02a26def2f948fe34
diff --git a/test/acvp_test.c b/test/acvp_test.c
index 0e2d54dab6..10621c3e48 100644
--- a/test/acvp_test.c
+++ b/test/acvp_test.c
@@ -94,6 +94,7 @@ static int sig_gen(EVP_PKEY *pkey, OSSL_PARAM *params, const char *digest_name,
     size_t sig_len;
     size_t sz = EVP_PKEY_get_size(pkey);
 
+    sig_len = sz;
     if (!TEST_ptr(sig = OPENSSL_malloc(sz))
         || !TEST_ptr(md_ctx = EVP_MD_CTX_new())
         || !TEST_int_eq(EVP_DigestSignInit_ex(md_ctx, NULL, digest_name, libctx,
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index baa93beb11..b241387b5e 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -600,6 +600,14 @@ static EVP_PKEY *load_example_dsa_key(void)
 }
 #endif
 
+#ifndef OPENSSL_NO_EC
+static EVP_PKEY *load_example_ec_key(void)
+{
+    return load_example_key("EC", kExampleECKeyDER,
+                            sizeof(kExampleECKeyDER));
+}
+#endif
+
 #ifndef OPENSSL_NO_DEPRECATED_3_0
 # ifndef OPENSSL_NO_DH
 static EVP_PKEY *load_example_dh_key(void)
@@ -610,12 +618,6 @@ static EVP_PKEY *load_example_dh_key(void)
 # endif
 
 # ifndef OPENSSL_NO_EC
-static EVP_PKEY *load_example_ec_key(void)
-{
-    return load_example_key("EC", kExampleECKeyDER,
-                            sizeof(kExampleECKeyDER));
-}
-
 static EVP_PKEY *load_example_ed25519_key(void)
 {
     return load_example_key("ED25519", kExampleED25519KeyDER,
@@ -979,6 +981,66 @@ static int test_EC_priv_only_legacy(void)
 # endif /* OPENSSL_NO_DEPRECATED_3_0 */
 #endif /* OPENSSL_NO_EC */
 
+static int test_EVP_PKEY_sign(int tst)
+{
+    int ret = 0;
+    EVP_PKEY *pkey = NULL;
+    unsigned char *sig = NULL;
+    size_t sig_len = 0, shortsig_len = 1;
+    EVP_PKEY_CTX *ctx = NULL;
+    unsigned char tbs[] = {
+        0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b,
+        0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13
+    };
+
+    if (tst == 0 ) {
+        if (!TEST_ptr(pkey = load_example_rsa_key()))
+                goto out;
+    } else if (tst == 1) {
+#ifndef OPENSSL_NO_DSA
+        if (!TEST_ptr(pkey = load_example_dsa_key()))
+                goto out;
+#else
+        ret = 1;
+        goto out;
+#endif
+    } else {
+#ifndef OPENSSL_NO_EC
+        if (!TEST_ptr(pkey = load_example_ec_key()))
+                goto out;
+#else
+        ret = 1;
+        goto out;
+#endif
+    }
+
+    ctx = EVP_PKEY_CTX_new_from_pkey(testctx, pkey, NULL);
+    if (!TEST_ptr(ctx)
+            || !TEST_int_gt(EVP_PKEY_sign_init(ctx), 0)
+            || !TEST_int_gt(EVP_PKEY_sign(ctx, NULL, &sig_len, tbs,
+                                          sizeof(tbs)), 0))
+        goto out;
+    sig = OPENSSL_malloc(sig_len);
+    if (!TEST_ptr(sig)
+            /* Test sending a signature buffer that is too short is rejected */
+            || !TEST_int_le(EVP_PKEY_sign(ctx, sig, &shortsig_len, tbs,
+                                          sizeof(tbs)), 0)
+            || !TEST_int_gt(EVP_PKEY_sign(ctx, sig, &sig_len, tbs, sizeof(tbs)),
+                            0)
+            /* Test the signature round-trips */
+            || !TEST_int_gt(EVP_PKEY_verify_init(ctx), 0)
+            || !TEST_int_gt(EVP_PKEY_verify(ctx, sig, sig_len, tbs, sizeof(tbs)),
+                            0))
+        goto out;
+
+    ret = 1;
+ out:
+    EVP_PKEY_CTX_free(ctx);
+    OPENSSL_free(sig);
+    EVP_PKEY_free(pkey);
+    return ret;
+}
+
 /*
  * n = 0 => test using legacy cipher
  * n = 1 => test using fetched cipher
@@ -1047,13 +1109,19 @@ err:
  * Test 6: Use an MD BIO to do the Update calls instead (RSA)
  * Test 7: Use an MD BIO to do the Update calls instead (DSA)
  * Test 8: Use an MD BIO to do the Update calls instead (HMAC)
+ * Test 9: Use EVP_DigestSign (Implicit fetch digest, RSA, short sig)
+ * Test 10: Use EVP_DigestSign (Implicit fetch digest, DSA, short sig)
+ * Test 11: Use EVP_DigestSign (Implicit fetch digest, HMAC, short sig)
+ * Test 12: Use EVP_DigestSign (Implicit fetch digest, RSA)
+ * Test 13: Use EVP_DigestSign (Implicit fetch digest, DSA)
+ * Test 14: Use EVP_DigestSign (Implicit fetch digest, HMAC)
  */
 static int test_EVP_DigestSignInit(int tst)
 {
     int ret = 0;
     EVP_PKEY *pkey = NULL;
     unsigned char *sig = NULL, *sig2 = NULL;
-    size_t sig_len = 0, sig2_len = 0;
+    size_t sig_len = 0, sig2_len = 0, shortsig_len = 1;
     EVP_MD_CTX *md_ctx = NULL, *md_ctx_verify = NULL;
     EVP_MD_CTX *a_md_ctx = NULL, *a_md_ctx_verify = NULL;
     BIO *mdbio = NULL, *membio = NULL;
@@ -1064,7 +1132,7 @@ static int test_EVP_DigestSignInit(int tst)
     if (nullprov != NULL)
         return TEST_skip("Test does not support a non-default library context");
 
-    if (tst >= 6) {
+    if (tst >= 6 && tst <= 8) {
         membio = BIO_new(BIO_s_mem());
         mdbio = BIO_new(BIO_f_md());
         if (!TEST_ptr(membio) || !TEST_ptr(mdbio))
@@ -1078,10 +1146,10 @@ static int test_EVP_DigestSignInit(int tst)
             goto out;
     }
 
-    if (tst == 0 || tst == 3 || tst == 6) {
+    if (tst % 3 == 0) {
         if (!TEST_ptr(pkey = load_example_rsa_key()))
                 goto out;
-    } else if (tst == 1 || tst == 4 || tst == 7) {
+    } else if (tst % 3 == 1) {
 #ifndef OPENSSL_NO_DSA
         if (!TEST_ptr(pkey = load_example_dsa_key()))
                 goto out;
@@ -1102,26 +1170,54 @@ static int test_EVP_DigestSignInit(int tst)
     if (!TEST_true(EVP_DigestSignInit(md_ctx, NULL, md, NULL, pkey)))
         goto out;
 
-    if (tst >= 6) {
+    if (tst >= 6 && tst <= 8) {
         if (!BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written))
             goto out;
-    } else {
+    } else if (tst < 6) {
         if (!TEST_true(EVP_DigestSignUpdate(md_ctx, kMsg, sizeof(kMsg))))
             goto out;
     }
 
-    /* Determine the size of the signature. */
-    if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
-            || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
-            || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
-        goto out;
+    if (tst >= 9) {
+        /* Determine the size of the signature. */
+        if (!TEST_true(EVP_DigestSign(md_ctx, NULL, &sig_len, kMsg,
+                                      sizeof(kMsg)))
+                || !TEST_ptr(sig = OPENSSL_malloc(sig_len)))
+            goto out;
+        if (tst <= 11) {
+            /* Test that supply a short sig buffer fails */
+            if (!TEST_false(EVP_DigestSign(md_ctx, sig, &shortsig_len, kMsg,
+                                           sizeof(kMsg))))
+                goto out;
+            /*
+             * We end here because once EVP_DigestSign() has failed you should
+             * not call it again without re-initing the ctx
+             */
+            ret = 1;
+            goto out;
+        }
+        if (!TEST_true(EVP_DigestSign(md_ctx, sig, &sig_len, kMsg,
+                                      sizeof(kMsg))))
+            goto out;
+    } else {
+        /* Determine the size of the signature. */
+        if (!TEST_true(EVP_DigestSignFinal(md_ctx, NULL, &sig_len))
+                || !TEST_ptr(sig = OPENSSL_malloc(sig_len))
+                /*
+                    * Trying to create a signature with a deliberately short
+                    * buffer should fail.
+                    */
+                || !TEST_false(EVP_DigestSignFinal(md_ctx, sig, &shortsig_len))
+                || !TEST_true(EVP_DigestSignFinal(md_ctx, sig, &sig_len)))
+            goto out;
+    }
 
     /*
      * Ensure that the signature round-trips (Verification isn't supported for
      * HMAC via EVP_DigestVerify*)
      */
-    if (tst != 2 && tst != 5 && tst != 8) {
-        if (tst >= 6) {
+    if (tst % 3 != 2) {
+        if (tst >= 6 && tst <= 8) {
             if (!TEST_int_gt(BIO_reset(mdbio), 0)
                 || !TEST_int_gt(BIO_get_md_ctx(mdbio, &md_ctx_verify), 0))
                 goto out;
@@ -1131,7 +1227,7 @@ static int test_EVP_DigestSignInit(int tst)
                                             NULL, pkey)))
             goto out;
 
-        if (tst >= 6) {
+        if (tst >= 6 && tst <= 8) {
             if (!TEST_true(BIO_write_ex(mdbio, kMsg, sizeof(kMsg), &written)))
                 goto out;
         } else {
@@ -1806,7 +1902,7 @@ static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
     int ret = 0;
     unsigned char buf[80];
     unsigned char *in;
-    size_t inlen, len = 0;
+    size_t inlen, len = 0, shortlen = 1;
     EVP_PKEY *pkey;
 
     /* Check if this algorithm supports public keys */
@@ -1856,8 +1952,20 @@ static int test_set_get_raw_keys_int(int tst, int pub, int uselibctx)
             || !TEST_int_eq(EVP_PKEY_eq(pkey, pkey), 1)
             || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, NULL, &len)))
             || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, NULL, &len)))
-            || !TEST_true(len == inlen)
-            || (!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
+            || !TEST_true(len == inlen))
+        goto done;
+    if (tst != 1) {
+        /*
+         * Test that supplying a buffer that is too small fails. Doesn't apply
+         * to HMAC with a zero length key
+         */
+        if ((!pub && !TEST_false(EVP_PKEY_get_raw_private_key(pkey, buf,
+                                                                 &shortlen)))
+                || (pub && !TEST_false(EVP_PKEY_get_raw_public_key(pkey, buf,
+                                                                   &shortlen))))
+            goto done;
+    }
+    if ((!pub && !TEST_true(EVP_PKEY_get_raw_private_key(pkey, buf, &len)))
             || (pub && !TEST_true(EVP_PKEY_get_raw_public_key(pkey, buf, &len)))
             || !TEST_mem_eq(in, inlen, buf, len))
         goto done;
@@ -1962,7 +2070,7 @@ static int get_cmac_val(EVP_PKEY *pkey, unsigned char *mac)
 {
     EVP_MD_CTX *mdctx = EVP_MD_CTX_new();
     const char msg[] = "Hello World";
-    size_t maclen;
+    size_t maclen = AES_BLOCK_SIZE;
     int ret = 1;
 
     if (!TEST_ptr(mdctx)
@@ -4033,9 +4141,10 @@ int setup_tests(void)
     }
 
     ADD_TEST(test_EVP_set_default_properties);
-    ADD_ALL_TESTS(test_EVP_DigestSignInit, 9);
+    ADD_ALL_TESTS(test_EVP_DigestSignInit, 15);
     ADD_TEST(test_EVP_DigestVerifyInit);
     ADD_TEST(test_EVP_Digest);
+    ADD_ALL_TESTS(test_EVP_PKEY_sign, 3);
     ADD_ALL_TESTS(test_EVP_Enveloped, 2);
     ADD_ALL_TESTS(test_d2i_AutoPrivateKey, OSSL_NELEM(keydata));
     ADD_TEST(test_privatekey_to_pkcs8);


More information about the openssl-commits mailing list