[openssl-commits] [openssl] master update
matthias.st.pierre at ncp-e.com
matthias.st.pierre at ncp-e.com
Thu Mar 29 20:47:17 UTC 2018
The branch master has been updated
via 3484236d8d7afedd3e5c7771bd49d3385340e3bf (commit)
from 88b8d83e9e8869c60c556a86bee09f92c56c5a64 (commit)
- Log -----------------------------------------------------------------
commit 3484236d8d7afedd3e5c7771bd49d3385340e3bf
Author: FdaSilvaYY <fdasilvayy at gmail.com>
Date: Thu Mar 29 20:59:58 2018 +0200
EVP,KDF: Add more error code along some return 0 in ...
methods :
- EVP_PBE_scrypt
- EVP_PKEY_meth_add0
- EVP_PKEY_meth_new
- EVP_PKEY_CTX_dup
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger at hotmail.de>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre at ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/5783)
-----------------------------------------------------------------------
Summary of changes:
crypto/err/openssl.txt | 5 +++++
crypto/evp/evp_err.c | 3 +++
crypto/evp/pbe_scrypt.c | 23 ++++++++++++++++++-----
crypto/evp/pmeth_lib.c | 17 ++++++++++++-----
crypto/kdf/kdf_err.c | 5 ++++-
crypto/kdf/scrypt.c | 8 ++++++--
include/openssl/evperr.h | 3 +++
include/openssl/kdferr.h | 2 ++
8 files changed, 53 insertions(+), 13 deletions(-)
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 4fa56fd..f160438 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -702,6 +702,8 @@ EVP_F_EVP_PKEY_GET0_RSA:121:EVP_PKEY_get0_RSA
EVP_F_EVP_PKEY_GET0_SIPHASH:172:EVP_PKEY_get0_siphash
EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen
EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init
+EVP_F_EVP_PKEY_METH_ADD0:194:EVP_PKEY_meth_add0
+EVP_F_EVP_PKEY_METH_NEW:195:EVP_PKEY_meth_new
EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new
EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key
EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key
@@ -733,6 +735,8 @@ KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive
KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str
KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64
KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive
+KDF_F_PKEY_SCRYPT_INIT:106:pkey_scrypt_init
+KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf
KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str
KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive
OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object
@@ -2109,6 +2113,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\
operation not supported for this keytype
EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized
EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers
+EVP_R_PBKDF2_ERROR:181:pbkdf2 error
EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\
pkey application asn1 method already registered
EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error
diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c
index 8678abd..5809783 100644
--- a/crypto/evp/evp_err.c
+++ b/crypto/evp/evp_err.c
@@ -92,6 +92,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = {
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0),
"EVP_PKEY_keygen_init"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"},
+ {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"},
{ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0),
"EVP_PKEY_new_CMAC_key"},
@@ -212,6 +214,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = {
"operaton not initialized"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING),
"partially overlapping buffers"},
+ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
"pkey application asn1 method already registered"},
{ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR),
diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c
index fddabc9..02f5895 100644
--- a/crypto/evp/pbe_scrypt.c
+++ b/crypto/evp/pbe_scrypt.c
@@ -170,8 +170,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
return 0;
/* Check p * r < SCRYPT_PR_MAX avoiding overflow */
- if (p > SCRYPT_PR_MAX / r)
+ if (p > SCRYPT_PR_MAX / r) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
+ }
/*
* Need to check N: if 2^(128 * r / 8) overflows limit this is
@@ -179,8 +181,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
*/
if (16 * r <= LOG2_UINT64_MAX) {
- if (N >= (((uint64_t)1) << (16 * r)))
+ if (N >= (((uint64_t)1) << (16 * r))) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
+ }
}
/* Memory checks: check total allocated buffer size fits in uint64_t */
@@ -205,13 +209,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
* This is combined size V, X and T (section 4)
*/
i = UINT64_MAX / (32 * sizeof(uint32_t));
- if (N + 2 > i / r)
+ if (N + 2 > i / r) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
+ }
Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
/* check total allocated size fits in uint64_t */
- if (Blen > UINT64_MAX - Vlen)
+ if (Blen > UINT64_MAX - Vlen) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
return 0;
+ }
if (maxmem == 0)
maxmem = SCRYPT_MAX_MEM;
@@ -230,8 +238,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
return 1;
B = OPENSSL_malloc((size_t)(Blen + Vlen));
- if (B == NULL)
+ if (B == NULL) {
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
return 0;
+ }
X = (uint32_t *)(B + Blen);
T = X + 32 * r;
V = T + 32 * r;
@@ -247,6 +257,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
goto err;
rv = 1;
err:
+ if (rv == 0)
+ EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
+
OPENSSL_clear_free(B, (size_t)(Blen + Vlen));
return rv;
}
diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c
index f854cf4..cf4dd43 100644
--- a/crypto/evp/pmeth_lib.c
+++ b/crypto/evp/pmeth_lib.c
@@ -123,7 +123,6 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id)
* If an ENGINE handled this method look it up. Otherwise use internal
* tables.
*/
-
if (e)
pmeth = ENGINE_get_pkey_meth(e, id);
else
@@ -169,8 +168,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
EVP_PKEY_METHOD *pmeth;
pmeth = OPENSSL_zalloc(sizeof(*pmeth));
- if (pmeth == NULL)
+ if (pmeth == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
pmeth->pkey_id = id;
pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
@@ -258,8 +259,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
}
#endif
rctx = OPENSSL_malloc(sizeof(*rctx));
- if (rctx == NULL)
+ if (rctx == NULL) {
+ EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
return NULL;
+ }
rctx->pmeth = pctx->pmeth;
#ifndef OPENSSL_NO_ENGINE
@@ -293,11 +296,15 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
{
if (app_pkey_methods == NULL) {
app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
- if (app_pkey_methods == NULL)
+ if (app_pkey_methods == NULL){
+ EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
return 0;
+ }
}
- if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
+ if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
+ EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
return 0;
+ }
sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
return 1;
}
diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c
index c7b84b0..52ebd03 100644
--- a/crypto/kdf/kdf_err.c
+++ b/crypto/kdf/kdf_err.c
@@ -1,6 +1,6 @@
/*
* Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL license (the "License"). You may not use
* this file except in compliance with the License. You can obtain a copy
@@ -21,6 +21,9 @@ static const ERR_STRING_DATA KDF_str_functs[] = {
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0),
"pkey_scrypt_ctrl_uint64"},
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"},
+ {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"},
+ {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0),
+ "pkey_scrypt_set_membuf"},
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0),
"pkey_tls1_prf_ctrl_str"},
{ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0),
diff --git a/crypto/kdf/scrypt.c b/crypto/kdf/scrypt.c
index 3f4cf38..0a5e3c5 100644
--- a/crypto/kdf/scrypt.c
+++ b/crypto/kdf/scrypt.c
@@ -58,8 +58,10 @@ static int pkey_scrypt_init(EVP_PKEY_CTX *ctx)
SCRYPT_PKEY_CTX *kctx;
kctx = OPENSSL_zalloc(sizeof(*kctx));
- if (kctx == NULL)
+ if (kctx == NULL) {
+ KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE);
return 0;
+ }
/* Default values are the most conservative recommendation given in the
* original paper of C. Percival. Derivation uses roughly 1 GiB of memory
@@ -102,8 +104,10 @@ static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen,
} else {
*buffer = OPENSSL_malloc(1);
}
- if (*buffer == NULL)
+ if (*buffer == NULL) {
+ KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE);
return 0;
+ }
*buflen = new_buflen;
return 1;
diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h
index b269a8e..09b7d7b 100644
--- a/include/openssl/evperr.h
+++ b/include/openssl/evperr.h
@@ -77,6 +77,8 @@ int ERR_load_EVP_strings(void);
# define EVP_F_EVP_PKEY_GET0_SIPHASH 172
# define EVP_F_EVP_PKEY_KEYGEN 146
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
+# define EVP_F_EVP_PKEY_METH_ADD0 194
+# define EVP_F_EVP_PKEY_METH_NEW 195
# define EVP_F_EVP_PKEY_NEW 106
# define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193
# define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191
@@ -155,6 +157,7 @@ int ERR_load_EVP_strings(void);
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
# define EVP_R_OPERATON_NOT_INITIALIZED 151
# define EVP_R_PARTIALLY_OVERLAPPING 162
+# define EVP_R_PBKDF2_ERROR 181
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145
# define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146
diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h
index ea30fb9..5a03b5c 100644
--- a/include/openssl/kdferr.h
+++ b/include/openssl/kdferr.h
@@ -24,6 +24,8 @@ int ERR_load_KDF_strings(void);
# define KDF_F_PKEY_SCRYPT_CTRL_STR 104
# define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105
# define KDF_F_PKEY_SCRYPT_DERIVE 109
+# define KDF_F_PKEY_SCRYPT_INIT 106
+# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107
# define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100
# define KDF_F_PKEY_TLS1_PRF_DERIVE 101
More information about the openssl-commits
mailing list