The branch master has been updated
via 92b835376a81ed310c9b365094ba670bc231f64c (commit)
from 907720f0644bf6b7ad4fa94f03ac29402ae597ab (commit)
- Log -----------------------------------------------------------------
commit 92b835376a81ed310c9b365094ba670bc231f64c
Author: Tomas Mraz <to...@openssl.org>
Date: Mon Jun 7 11:54:04 2021 +0200
EVP_PKEY_new_raw_private_key: Allow zero length keys
Allocate at least one byte to distinguish a zero length key
from an unset key.
Fixes #15632
Reviewed-by: Matt Caswell <m...@openssl.org>
Reviewed-by: Paul Dale <pa...@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15643)
-----------------------------------------------------------------------
Summary of changes:
providers/implementations/keymgmt/mac_legacy_kmgmt.c | 3 ++-
test/evp_extra_test.c | 3 +++
2 files changed, 5 insertions(+), 1 deletion(-)
diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
index 3b378d38ff..e1e2609dfa 100644
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@@ -190,7 +190,8 @@ static int mac_key_fromdata(MAC_KEY *key, const OSSL_PARAM
params[])
return 0;
}
OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len);
- key->priv_key = OPENSSL_secure_malloc(p->data_size);
+ /* allocate at least one byte to distinguish empty key from no key set
*/
+ key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size
: 1);
if (key->priv_key == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
return 0;
diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c
index 61f6b4ce00..33bb698ff3 100644
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@@ -1681,6 +1681,9 @@ static struct keys_st {
} keys[] = {
{
EVP_PKEY_HMAC, "0123456789", NULL
+ },
+ {
+ EVP_PKEY_HMAC, "", NULL
#ifndef OPENSSL_NO_POLY1305
}, {
EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL
