From 92b835376a81ed310c9b365094ba670bc231f64c Mon Sep 17 00:00:00 2001 From: Tomas Mraz Date: Mon, 7 Jun 2021 11:54:04 +0200 Subject: [PATCH] EVP_PKEY_new_raw_private_key: Allow zero length keys Allocate at least one byte to distinguish a zero length key from an unset key. Fixes #15632 Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/15643) --- providers/implementations/keymgmt/mac_legacy_kmgmt.c | 3 ++- test/evp_extra_test.c | 3 +++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/providers/implementations/keymgmt/mac_legacy_kmgmt.c b/providers/implementations/keymgmt/mac_legacy_kmgmt.c index 3b378d38ff6..e1e2609dfa3 100644 --- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c +++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c @@ -190,7 +190,8 @@ static int mac_key_fromdata(MAC_KEY *key, const OSSL_PARAM params[]) return 0; } OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len); - key->priv_key = OPENSSL_secure_malloc(p->data_size); + /* allocate at least one byte to distinguish empty key from no key set */ + key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1); if (key->priv_key == NULL) { ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); return 0; diff --git a/test/evp_extra_test.c b/test/evp_extra_test.c index 61f6b4ce003..33bb698ff37 100644 --- a/test/evp_extra_test.c +++ b/test/evp_extra_test.c @@ -1681,6 +1681,9 @@ static struct keys_st { } keys[] = { { EVP_PKEY_HMAC, "0123456789", NULL + }, + { + EVP_PKEY_HMAC, "", NULL #ifndef OPENSSL_NO_POLY1305 }, { EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL -- 2.47.3