From 0f70d6013435308ada5d0eb662b31f370b07ebd7 Mon Sep 17 00:00:00 2001
From: Tomas Mraz <tomas@openssl.org>
Date: Tue, 10 Aug 2021 14:51:21 +0200
Subject: EVP_CIPHER_CTX_set_key_length: Raise error when key length is not
 settable

If key length is different from the existing key length and it is not
a settable parameter, raise an error.

Fixes #16277

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/16279)
---
 crypto/evp/evp_enc.c | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'crypto/evp/evp_enc.c')

diff --git a/crypto/evp/evp_enc.c b/crypto/evp/evp_enc.c
index e0f411aa06..519cab3f2b 100644
--- a/crypto/evp/evp_enc.c
+++ b/crypto/evp/evp_enc.c
@@ -986,8 +986,10 @@ int EVP_CIPHER_CTX_set_key_length(EVP_CIPHER_CTX *c, int keylen)
 
         /* Check the cipher actually understands this parameter */
         if (OSSL_PARAM_locate_const(EVP_CIPHER_settable_ctx_params(c->cipher),
-                                    OSSL_CIPHER_PARAM_KEYLEN) == NULL)
+                                    OSSL_CIPHER_PARAM_KEYLEN) == NULL) {
+            ERR_raise(ERR_LIB_EVP, EVP_R_INVALID_KEY_LENGTH);
             return 0;
+        }
 
         params[0] = OSSL_PARAM_construct_size_t(OSSL_CIPHER_PARAM_KEYLEN, &len);
         ok = evp_do_ciph_ctx_setparams(c->cipher, c->algctx, params);
-- 
cgit v1.2.3