EVP_CIPHER_CTX_set_key_length: Raise error when key length is not settable

If key length is different from the existing key length and it is not a settable parameter, raise an error. Fixes #16277 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/16279)
2 years ago · 0f70d60134
parent 12e055991e
commit 0f70d60134
1 changed files with 3 additions and 1 deletions
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@ -986,8 +986,10 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)

        /* Check the cipher actually understands this parameter */
        if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher),
-                                    OSSL_CIPHER_PARAM_KEYLEN) == NULL)
+                                    OSSL_CIPHER_PARAM_KEYLEN) == NULL) {
+            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
            return 0;
+        }

        params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
        ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);