M_check_autoarg: sanity check the key

For now, checking that the size is non-zero will suffice.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2120)

diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index d2e43fefb1baeafb1fecd3a02e4b5bd044898904..7fcbdcded57cf5976af21afafd31e62b063e4d6d 100644 (file)
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -120,6 +120,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_INPUT_NOT_INITIALIZED), "input not initialized"},
     {ERR_REASON(EVP_R_INVALID_DIGEST), "invalid digest"},
     {ERR_REASON(EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},
+    {ERR_REASON(EVP_R_INVALID_KEY), "invalid key"},
     {ERR_REASON(EVP_R_INVALID_KEY_LENGTH), "invalid key length"},
     {ERR_REASON(EVP_R_INVALID_OPERATION), "invalid operation"},
     {ERR_REASON(EVP_R_KEYGEN_FAILURE), "keygen failure"},
@@ -135,7 +136,8 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
      "operation not supported for this keytype"},
     {ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
-    {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"},
+    {ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
+     "partially overlapping buffers"},
     {ERR_REASON(EVP_R_PRIVATE_KEY_DECODE_ERROR), "private key decode error"},
     {ERR_REASON(EVP_R_PRIVATE_KEY_ENCODE_ERROR), "private key encode error"},
     {ERR_REASON(EVP_R_PUBLIC_KEY_NOT_RSA), "public key not rsa"},
@@ -143,14 +145,14 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
     {ERR_REASON(EVP_R_UNKNOWN_DIGEST), "unknown digest"},
     {ERR_REASON(EVP_R_UNKNOWN_OPTION), "unknown option"},
     {ERR_REASON(EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"},
-    {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
-     "unsupported number of rounds"},
     {ERR_REASON(EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"},
     {ERR_REASON(EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"},
     {ERR_REASON(EVP_R_UNSUPPORTED_KEYLENGTH), "unsupported keylength"},
     {ERR_REASON(EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION),
      "unsupported key derivation function"},
     {ERR_REASON(EVP_R_UNSUPPORTED_KEY_SIZE), "unsupported key size"},
+    {ERR_REASON(EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS),
+     "unsupported number of rounds"},
     {ERR_REASON(EVP_R_UNSUPPORTED_PRF), "unsupported prf"},
     {ERR_REASON(EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM),
      "unsupported private key algorithm"},

diff --git a/crypto/evp/pmeth_fn.c b/crypto/evp/pmeth_fn.c
index 8ff50da33a23ecfe56db934d3b4a758fba7b39bb..e9b20a60888c260c5eed35a24045380eb38bcb0d 100644 (file)
--- a/crypto/evp/pmeth_fn.c
+++ b/crypto/evp/pmeth_fn.c
@@ -18,7 +18,12 @@
         if (ctx->pmeth->flags & EVP_PKEY_FLAG_AUTOARGLEN) \
                 { \
                 size_t pksize = (size_t)EVP_PKEY_size(ctx->pkey); \
-                if (!arg) \
+                if (pksize == 0) \
+                        { \
+                        EVPerr(err, EVP_R_INVALID_KEY); /*ckerr_ignore*/\
+                        return 0; \
+                        } \
+                else if (!arg)                 \
                         { \
                         *arglen = pksize; \
                         return 1; \

diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index b9c83b2b524ade791aa3bd2b3a0cbdb7e32645c1..8216a8f2c44ecc031293ac9127da67aacea7c328 100644 (file)
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1546,6 +1546,7 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_INPUT_NOT_INITIALIZED                      111
 # define EVP_R_INVALID_DIGEST                             152
 # define EVP_R_INVALID_FIPS_MODE                          168
+# define EVP_R_INVALID_KEY                                163
 # define EVP_R_INVALID_KEY_LENGTH                         130
 # define EVP_R_INVALID_OPERATION                          148
 # define EVP_R_KEYGEN_FAILURE                             120
@@ -1568,12 +1569,12 @@ int ERR_load_EVP_strings(void);
 # define EVP_R_UNKNOWN_DIGEST                             161
 # define EVP_R_UNKNOWN_OPTION                             169
 # define EVP_R_UNKNOWN_PBE_ALGORITHM                      121
-# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
 # define EVP_R_UNSUPPORTED_ALGORITHM                      156
 # define EVP_R_UNSUPPORTED_CIPHER                         107
 # define EVP_R_UNSUPPORTED_KEYLENGTH                      123
 # define EVP_R_UNSUPPORTED_KEY_DERIVATION_FUNCTION        124
 # define EVP_R_UNSUPPORTED_KEY_SIZE                       108
+# define EVP_R_UNSUPPORTED_NUMBER_OF_ROUNDS               135
 # define EVP_R_UNSUPPORTED_PRF                            125
 # define EVP_R_UNSUPPORTED_PRIVATE_KEY_ALGORITHM          118
 # define EVP_R_UNSUPPORTED_SALT_TYPE                      126