EVP_PKEY_new_raw_private_key: Allow zero length keys

Allocate at least one byte to distinguish a zero length key from an unset key. Fixes #15632 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15643)
2 years ago · 92b835376a
parent 907720f064
commit 92b835376a
2 changed files with 5 additions and 1 deletions
--- a/providers/implementations/keymgmt/mac_legacy_kmgmt.c
+++ b/providers/implementations/keymgmt/mac_legacy_kmgmt.c
@ -190,7 +190,8 @@ static int mac_key_fromdata(MAC_KEY *key, const OSSL_PARAM params[])
            return 0;
        }
        OPENSSL_secure_clear_free(key->priv_key, key->priv_key_len);
-        key->priv_key = OPENSSL_secure_malloc(p->data_size);
+        /* allocate at least one byte to distinguish empty key from no key set */
+        key->priv_key = OPENSSL_secure_malloc(p->data_size > 0 ? p->data_size : 1);
        if (key->priv_key == NULL) {
            ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE);
            return 0;
--- a/test/evp_extra_test.c
+++ b/test/evp_extra_test.c
@ -1681,6 +1681,9 @@ static struct keys_st {
 } keys[] = {
    {
        EVP_PKEY_HMAC, "0123456789", NULL
+    },
+    {
+        EVP_PKEY_HMAC, "", NULL
 #ifndef OPENSSL_NO_POLY1305
    }, {
        EVP_PKEY_POLY1305, "01234567890123456789012345678901", NULL