The branch master has been updated via 0f70d6013435308ada5d0eb662b31f370b07ebd7 (commit) from 12e055991e9d755c8a395f60abf97783795be626 (commit)
- Log ----------------------------------------------------------------- commit 0f70d6013435308ada5d0eb662b31f370b07ebd7 Author: Tomas Mraz <to...@openssl.org> Date: Tue Aug 10 14:51:21 2021 +0200 EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable If key length is different from the existing key length and it is not a settable parameter, raise an error. Fixes #16277 Reviewed-by: Dmitry Belyavskiy <beld...@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16279) ----------------------------------------------------------------------- Summary of changes: crypto/evp/evp_enc.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c index e0f411aa06..519cab3f2b 100644 --- a/crypto/evp/evp_enc.c +++ b/crypto/evp/evp_enc.c @@ -986,8 +986,10 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen) /* Check the cipher actually understands this parameter */ if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher), - OSSL_CIPHER_PARAM_KEYLEN) == NULL) + OSSL_CIPHER_PARAM_KEYLEN) == NULL) { + ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH); return 0; + } params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len); ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);