Allocate at least one byte to distinguish a zero length key
from an unset key.
Fixes #15632
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15643)
return 0;
}
OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len);
- key->priv_key = OPENSSL_secure_malloc(p->data_size);
+ /* allocate at least one byte to distinguish empty key from no key set */
+ key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1);
if (key->priv_key == NULL) {
ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
return 0;
} keys[] = {
{
EVP_PKEY_HMAC, "0123456789", NULL
+ },
+ {
+ EVP_PKEY_HMAC, "", NULL
#ifndef OPENSSL_NO_POLY1305
}, {
EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL