Skip to content

Commit 3484236

Browse files
FdaSilvaYYmspncp
FdaSilvaYY
authored and
mspncp
committed
EVP,KDF: Add more error code along some return 0 in ...
methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Reviewed-by: Rich Salz <[email protected]> Reviewed-by: Bernd Edlinger <[email protected]> Reviewed-by: Matthias St. Pierre <[email protected]> (Merged from #5783)
1 parent 88b8d83 commit 3484236

8 files changed

Lines changed: 53 additions & 13 deletions

File tree

crypto/err/openssl.txt

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -702,6 +702,8 @@ EVP_F_EVP_PKEY_GET0_RSA:121:EVP_PKEY_get0_RSA
702702
EVP_F_EVP_PKEY_GET0_SIPHASH:172:EVP_PKEY_get0_siphash
703703
EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen
704704
EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init
705+
EVP_F_EVP_PKEY_METH_ADD0:194:EVP_PKEY_meth_add0
706+
EVP_F_EVP_PKEY_METH_NEW:195:EVP_PKEY_meth_new
705707
EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new
706708
EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key
707709
EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key
@@ -733,6 +735,8 @@ KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
733735
KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str
734736
KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64
735737
KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive
738+
KDF_F_PKEY_SCRYPT_INIT:106:pkey_scrypt_init
739+
KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf
736740
KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
737741
KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
738742
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
@@ -2109,6 +2113,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
21092113
operation not supported for this keytype
21102114
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
21112115
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
2116+
EVP_R_PBKDF2_ERROR:181:pbkdf2 error
21122117
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
21132118
pkey application asn1 method already registered
21142119
EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error

crypto/evp/evp_err.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -92,6 +92,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
9292
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"},
9393
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0),
9494
"EVP_PKEY_keygen_init"},
95+
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"},
96+
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"},
9597
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"},
9698
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0),
9799
"EVP_PKEY_new_CMAC_key"},
@@ -212,6 +214,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
212214
"operaton not initialized"},
213215
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
214216
"partially overlapping buffers"},
217+
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
215218
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
216219
"pkey application asn1 method already registered"},
217220
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR),

crypto/evp/pbe_scrypt.c

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -170,17 +170,21 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
170170
if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
171171
return 0;
172172
/* Check p * r < SCRYPT_PR_MAX avoiding overflow */
173-
if (p > SCRYPT_PR_MAX / r)
173+
if (p > SCRYPT_PR_MAX / r) {
174+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
174175
return 0;
176+
}
175177

176178
/*
177179
* Need to check N: if 2^(128 * r / 8) overflows limit this is
178180
* automatically satisfied since N <= UINT64_MAX.
179181
*/
180182

181183
if (16 * r <= LOG2_UINT64_MAX) {
182-
if (N >= (((uint64_t)1) << (16 * r)))
184+
if (N >= (((uint64_t)1) << (16 * r))) {
185+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
183186
return 0;
187+
}
184188
}
185189

186190
/* Memory checks: check total allocated buffer size fits in uint64_t */
@@ -205,13 +209,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
205209
* This is combined size V, X and T (section 4)
206210
*/
207211
i = UINT64_MAX / (32 * sizeof(uint32_t));
208-
if (N + 2 > i / r)
212+
if (N + 2 > i / r) {
213+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
209214
return 0;
215+
}
210216
Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
211217

212218
/* check total allocated size fits in uint64_t */
213-
if (Blen > UINT64_MAX - Vlen)
219+
if (Blen > UINT64_MAX - Vlen) {
220+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
214221
return 0;
222+
}
215223

216224
if (maxmem == 0)
217225
maxmem = SCRYPT_MAX_MEM;
@@ -230,8 +238,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
230238
return 1;
231239

232240
B = OPENSSL_malloc((size_t)(Blen + Vlen));
233-
if (B == NULL)
241+
if (B == NULL) {
242+
EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
234243
return 0;
244+
}
235245
X = (uint32_t *)(B + Blen);
236246
T = X + 32 * r;
237247
V = T + 32 * r;
@@ -247,6 +257,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
247257
goto err;
248258
rv = 1;
249259
err:
260+
if (rv == 0)
261+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
262+
250263
OPENSSL_clear_free(B, (size_t)(Blen + Vlen));
251264
return rv;
252265
}

crypto/evp/pmeth_lib.c

Lines changed: 12 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -123,7 +123,6 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
123123
* If an ENGINE handled this method look it up. Otherwise use internal
124124
* tables.
125125
*/
126-
127126
if (e)
128127
pmeth = ENGINE_get_pkey_meth(e, id);
129128
else
@@ -169,8 +168,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
169168
EVP_PKEY_METHOD *pmeth;
170169

171170
pmeth = OPENSSL_zalloc(sizeof(*pmeth));
172-
if (pmeth == NULL)
171+
if (pmeth == NULL) {
172+
EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE);
173173
return NULL;
174+
}
174175

175176
pmeth->pkey_id = id;
176177
pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
@@ -258,8 +259,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
258259
}
259260
#endif
260261
rctx = OPENSSL_malloc(sizeof(*rctx));
261-
if (rctx == NULL)
262+
if (rctx == NULL) {
263+
EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
262264
return NULL;
265+
}
263266

264267
rctx->pmeth = pctx->pmeth;
265268
#ifndef OPENSSL_NO_ENGINE
@@ -293,11 +296,15 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
293296
{
294297
if (app_pkey_methods == NULL) {
295298
app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
296-
if (app_pkey_methods == NULL)
299+
if (app_pkey_methods == NULL){
300+
EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
297301
return 0;
302+
}
298303
}
299-
if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
304+
if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
305+
EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
300306
return 0;
307+
}
301308
sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
302309
return 1;
303310
}

crypto/kdf/kdf_err.c

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
/*
22
* Generated by util/mkerr.pl DO NOT EDIT
3-
* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
3+
* Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
44
*
55
* Licensed under the OpenSSL license (the "License"). You may not use
66
* this file except in compliance with the License. You can obtain a copy
@@ -21,6 +21,9 @@ static const ERR_STRING_DATA KDF_str_functs[] = {
2121
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0),
2222
"pkey_scrypt_ctrl_uint64"},
2323
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"},
24+
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"},
25+
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0),
26+
"pkey_scrypt_set_membuf"},
2427
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),
2528
"pkey_tls1_prf_ctrl_str"},
2629
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),

crypto/kdf/scrypt.c

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -58,8 +58,10 @@ static int pkey_scrypt_init(EVP_PKEY_CTX *ctx)
5858
SCRYPT_PKEY_CTX *kctx;
5959

6060
kctx = OPENSSL_zalloc(sizeof(*kctx));
61-
if (kctx == NULL)
61+
if (kctx == NULL) {
62+
KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE);
6263
return 0;
64+
}
6365

6466
/* Default values are the most conservative recommendation given in the
6567
* original paper of C. Percival. Derivation uses roughly 1 GiB of memory
@@ -102,8 +104,10 @@ static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
102104
} else {
103105
*buffer = OPENSSL_malloc(1);
104106
}
105-
if (*buffer == NULL)
107+
if (*buffer == NULL) {
108+
KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
106109
return 0;
110+
}
107111

108112
*buflen = new_buflen;
109113
return 1;

include/openssl/evperr.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -77,6 +77,8 @@ int ERR_load_EVP_strings(void);
7777
# define EVP_F_EVP_PKEY_GET0_SIPHASH 172
7878
# define EVP_F_EVP_PKEY_KEYGEN 146
7979
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
80+
# define EVP_F_EVP_PKEY_METH_ADD0 194
81+
# define EVP_F_EVP_PKEY_METH_NEW 195
8082
# define EVP_F_EVP_PKEY_NEW 106
8183
# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193
8284
# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191
@@ -155,6 +157,7 @@ int ERR_load_EVP_strings(void);
155157
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
156158
# define EVP_R_OPERATON_NOT_INITIALIZED 151
157159
# define EVP_R_PARTIALLY_OVERLAPPING 162
160+
# define EVP_R_PBKDF2_ERROR 181
158161
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
159162
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
160163
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146

include/openssl/kdferr.h

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ int ERR_load_KDF_strings(void);
2424
# define KDF_F_PKEY_SCRYPT_CTRL_STR 104
2525
# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105
2626
# define KDF_F_PKEY_SCRYPT_DERIVE 109
27+
# define KDF_F_PKEY_SCRYPT_INIT 106
28+
# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107
2729
# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100
2830
# define KDF_F_PKEY_TLS1_PRF_DERIVE 101
2931

0 commit comments

Comments
 (0)