Skip to content

Commit 45ae18b

Browse files
FdaSilvaYYmspncp
FdaSilvaYY
authored and
mspncp
committed
EVP,KDF: Add more error code along some return 0
in methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Backport of 3484236 Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from #5803)
1 parent 89b4da4 commit 45ae18b

4 files changed

Lines changed: 36 additions & 9 deletions

File tree

crypto/evp/evp_err.c

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -70,6 +70,8 @@ static ERR_STRING_DATA EVP_str_functs[] = {
7070
{ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
7171
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
7272
{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
73+
{ERR_FUNC(EVP_F_EVP_PKEY_METH_ADD0), "EVP_PKEY_meth_add0"},
74+
{ERR_FUNC(EVP_F_EVP_PKEY_METH_NEW), "EVP_PKEY_meth_new"},
7375
{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
7476
{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
7577
{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
@@ -143,6 +145,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
143145
{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
144146
{ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
145147
"partially overlapping buffers"},
148+
{ERR_REASON(EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
146149
{ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
147150
"pkey application asn1 method already registered"},
148151
{ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED),

crypto/evp/pmeth_lib.c

Lines changed: 12 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -151,8 +151,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
151151
EVP_PKEY_METHOD *pmeth;
152152

153153
pmeth = OPENSSL_zalloc(sizeof(*pmeth));
154-
if (pmeth == NULL)
154+
if (pmeth == NULL) {
155+
EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE);
155156
return NULL;
157+
}
156158

157159
pmeth->pkey_id = id;
158160
pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC;
@@ -238,8 +240,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx)
238240
}
239241
#endif
240242
rctx = OPENSSL_malloc(sizeof(*rctx));
241-
if (rctx == NULL)
243+
if (rctx == NULL) {
244+
EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
242245
return NULL;
246+
}
243247

244248
rctx->pmeth = pctx->pmeth;
245249
#ifndef OPENSSL_NO_ENGINE
@@ -273,11 +277,15 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
273277
{
274278
if (app_pkey_methods == NULL) {
275279
app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
276-
if (app_pkey_methods == NULL)
280+
if (app_pkey_methods == NULL) {
281+
EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
277282
return 0;
283+
}
278284
}
279-
if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
285+
if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
286+
EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
280287
return 0;
288+
}
281289
sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
282290
return 1;
283291
}

crypto/evp/scrypt.c

Lines changed: 18 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -171,17 +171,21 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
171171
if (r == 0 || p == 0 || N < 2 || (N & (N - 1)))
172172
return 0;
173173
/* Check p * r < SCRYPT_PR_MAX avoiding overflow */
174-
if (p > SCRYPT_PR_MAX / r)
174+
if (p > SCRYPT_PR_MAX / r) {
175+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
175176
return 0;
177+
}
176178

177179
/*
178180
* Need to check N: if 2^(128 * r / 8) overflows limit this is
179181
* automatically satisfied since N <= UINT64_MAX.
180182
*/
181183

182184
if (16 * r <= LOG2_UINT64_MAX) {
183-
if (N >= (((uint64_t)1) << (16 * r)))
185+
if (N >= (((uint64_t)1) << (16 * r))) {
186+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
184187
return 0;
188+
}
185189
}
186190

187191
/* Memory checks: check total allocated buffer size fits in uint64_t */
@@ -199,13 +203,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
199203
* This is combined size V, X and T (section 4)
200204
*/
201205
i = UINT64_MAX / (32 * sizeof(uint32_t));
202-
if (N + 2 > i / r)
206+
if (N + 2 > i / r) {
207+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
203208
return 0;
209+
}
204210
Vlen = 32 * r * (N + 2) * sizeof(uint32_t);
205211

206212
/* check total allocated size fits in uint64_t */
207-
if (Blen > UINT64_MAX - Vlen)
213+
if (Blen > UINT64_MAX - Vlen) {
214+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
208215
return 0;
216+
}
209217
/* check total allocated size fits in size_t */
210218
if (Blen > SIZE_MAX - Vlen)
211219
return 0;
@@ -225,8 +233,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
225233
return 1;
226234

227235
B = OPENSSL_malloc(allocsize);
228-
if (B == NULL)
236+
if (B == NULL) {
237+
EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
229238
return 0;
239+
}
230240
X = (uint32_t *)(B + Blen);
231241
T = X + 32 * r;
232242
V = T + 32 * r;
@@ -242,6 +252,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
242252
goto err;
243253
rv = 1;
244254
err:
255+
if (rv == 0)
256+
EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);
257+
245258
OPENSSL_clear_free(B, allocsize);
246259
return rv;
247260
}

include/openssl/evp.h

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1506,6 +1506,8 @@ int ERR_load_EVP_strings(void);
15061506
# define EVP_F_EVP_PKEY_GET0_RSA 121
15071507
# define EVP_F_EVP_PKEY_KEYGEN 146
15081508
# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
1509+
# define EVP_F_EVP_PKEY_METH_ADD0 172
1510+
# define EVP_F_EVP_PKEY_METH_NEW 173
15091511
# define EVP_F_EVP_PKEY_NEW 106
15101512
# define EVP_F_EVP_PKEY_PARAMGEN 148
15111513
# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
@@ -1570,6 +1572,7 @@ int ERR_load_EVP_strings(void);
15701572
# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
15711573
# define EVP_R_OPERATON_NOT_INITIALIZED 151
15721574
# define EVP_R_PARTIALLY_OVERLAPPING 162
1575+
# define EVP_R_PBKDF2_ERROR 176
15731576
# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175
15741577
# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164
15751578
# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145

0 commit comments

Comments
 (0)