[openssl-commits] [openssl] OpenSSL_1_1_0-stable update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Mon Apr 2 12:39:50 UTC 2018
The branch OpenSSL_1_1_0-stable has been updated
via 45ae18b38401a027f231f1408e71b13ff3111021 (commit)
from 89b4da476bcd0b97bd71f63b79538b358efec166 (commit)
- Log -----------------------------------------------------------------
commit 45ae18b38401a027f231f1408e71b13ff3111021
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Thu Mar 29 20:59:58 2018 +0200
EVP,KDF: Add more error code along some return 0
in methods :
- EVP_PBE_scrypt
- EVP_PKEY_meth_add0
- EVP_PKEY_meth_new
- EVP_PKEY_CTX_dup
Backport of 3484236d8d7afedd3e5c7771bd49d3385340e3bf
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5803)
-----------------------------------------------------------------------
Summary of changes:
crypto/evp/evp_err.c | 3 +++
crypto/evp/pmeth_lib.c | 16 ++++++++++++----
crypto/evp/scrypt.c | 23 ++++++++++++++++++-----
include/openssl/evp.h | 3 +++
4 files changed, 36 insertions(+), 9 deletions(-)
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index c4b163f..3543d44 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -70,6 +70,8 @@ static ERR_STRING_DATA EVP_str_functs[] = {
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_METH_ADD0), "EVP_PKEY_meth_add0"},
+ {ERR_FUNC(EVP_F_EVP_PKEY_METH_NEW), "EVP_PKEY_meth_new"},
{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
@@ -143,6 +145,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
{ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
+ {ERR_REASON(EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
{ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
"pkey application asn1 method already registered"},
{ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED),
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index 5e650a9..3975e90 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -151,8 +151,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
EVP_PKEY_METHOD *pmeth;
pmeth = OPENSSL_zalloc(sizeof(*pmeth));
- if (pmeth == NULL)
+ if (pmeth == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
pmeth->pkey_id = id;
pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
@@ -238,8 +240,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
}
#endif
rctx = OPENSSL_malloc(sizeof(*rctx));
- if (rctx == NULL)
+ if (rctx == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
rctx->pmeth = pctx->pmeth;
#ifndef OPENSSL_NO_ENGINE
@@ -273,11 +277,15 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
{
if (app_pkey_methods == NULL) {
app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
- if (app_pkey_methods == NULL)
+ if (app_pkey_methods == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
return 0;
+ }
}
- if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
+ if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
+ EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
return 0;
+ }
sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
return 1;
}
diff --git a/crypto/evp/scrypt.c b/crypto/evp/scrypt.c
index 101bb1e..119f7c7 100644
--- a/crypto/evp/scrypt.c
+++ b/crypto/evp/scrypt.c
@@ -171,8 +171,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
return 0;
/* Check p * r < SCRYPT_PR_MAX avoiding overflow */
- if (p > SCRYPT_PR_MAX / r)
+ if (p > SCRYPT_PR_MAX / r) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
+ }
/*
* Need to check N: if 2^(128 * r / 8) overflows limit this is
@@ -180,8 +182,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
*/
if (16 * r <= LOG2_UINT64_MAX) {
- if (N >= (((uint64_t)1) << (16 * r)))
+ if (N >= (((uint64_t)1) << (16 * r))) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
+ }
}
/* Memory checks: check total allocated buffer size fits in uint64_t */
@@ -199,13 +203,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
* This is combined size V, X and T (section 4)
*/
i = UINT64_MAX / (32 * sizeof(uint32_t));
- if (N + 2 > i / r)
+ if (N + 2 > i / r) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
+ }
Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
/* check total allocated size fits in uint64_t */
- if (Blen > UINT64_MAX - Vlen)
+ if (Blen > UINT64_MAX - Vlen) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
+ }
/* check total allocated size fits in size_t */
if (Blen > SIZE_MAX - Vlen)
return 0;
@@ -225,8 +233,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
return 1;
B = OPENSSL_malloc(allocsize);
- if (B == NULL)
+ if (B == NULL) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
return 0;
+ }
X = (uint32_t *)(B + Blen);
T = X + 32 * r;
V = T + 32 * r;
@@ -242,6 +252,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
goto err;
rv = 1;
err:
+ if (rv == 0)
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
+
OPENSSL_clear_free(B, allocsize);
return rv;
}
diff --git a/include/openssl/evp.h b/include/openssl/evp.h
index 43c97a7..57c8231 100644
--- a/include/openssl/evp.h
+++ b/include/openssl/evp.h
@@ -1506,6 +1506,8 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_PKEY_GET0_RSA 121
# define EVP_F_EVP_PKEY_KEYGEN 146
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
+# define EVP_F_EVP_PKEY_METH_ADD0 172
+# define EVP_F_EVP_PKEY_METH_NEW 173
# define EVP_F_EVP_PKEY_NEW 106
# define EVP_F_EVP_PKEY_PARAMGEN 148
# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
@@ -1570,6 +1572,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
# define EVP_R_PARTIALLY_OVERLAPPING 162
+# define EVP_R_PBKDF2_ERROR 176
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175
# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
More information about the openssl-commits
mailing list