From 3484236d8d7afedd3e5c7771bd49d3385340e3bf Mon Sep 17 00:00:00 2001 From: FdaSilvaYY Date: Thu, 29 Mar 2018 20:59:58 +0200 Subject: [PATCH] EVP,KDF: Add more error code along some return 0 in ... methods : - EVP_PBE_scrypt - EVP_PKEY_meth_add0 - EVP_PKEY_meth_new - EVP_PKEY_CTX_dup Reviewed-by: Rich Salz Reviewed-by: Bernd Edlinger Reviewed-by: Matthias St. Pierre (Merged from https://github.com/openssl/openssl/pull/5783) --- crypto/err/openssl.txt | 5 +++++ crypto/evp/evp_err.c | 3 +++ crypto/evp/pbe_scrypt.c | 23 ++++++++++++++++++----- crypto/evp/pmeth_lib.c | 17 ++++++++++++----- crypto/kdf/kdf_err.c | 5 ++++- crypto/kdf/scrypt.c | 8 ++++++-- include/openssl/evperr.h | 3 +++ include/openssl/kdferr.h | 2 ++ 8 files changed, 53 insertions(+), 13 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 4fa56fd977..f160438649 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -702,6 +702,8 @@ EVP_F_EVP_PKEY_GET0_RSA:121:EVP_PKEY_get0_RSA EVP_F_EVP_PKEY_GET0_SIPHASH:172:EVP_PKEY_get0_siphash EVP_F_EVP_PKEY_KEYGEN:146:EVP_PKEY_keygen EVP_F_EVP_PKEY_KEYGEN_INIT:147:EVP_PKEY_keygen_init +EVP_F_EVP_PKEY_METH_ADD0:194:EVP_PKEY_meth_add0 +EVP_F_EVP_PKEY_METH_NEW:195:EVP_PKEY_meth_new EVP_F_EVP_PKEY_NEW:106:EVP_PKEY_new EVP_F_EVP_PKEY_NEW_CMAC_KEY:193:EVP_PKEY_new_CMAC_key EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY:191:EVP_PKEY_new_raw_private_key @@ -733,6 +735,8 @@ KDF_F_PKEY_HKDF_DERIVE:102:pkey_hkdf_derive KDF_F_PKEY_SCRYPT_CTRL_STR:104:pkey_scrypt_ctrl_str KDF_F_PKEY_SCRYPT_CTRL_UINT64:105:pkey_scrypt_ctrl_uint64 KDF_F_PKEY_SCRYPT_DERIVE:109:pkey_scrypt_derive +KDF_F_PKEY_SCRYPT_INIT:106:pkey_scrypt_init +KDF_F_PKEY_SCRYPT_SET_MEMBUF:107:pkey_scrypt_set_membuf KDF_F_PKEY_TLS1_PRF_CTRL_STR:100:pkey_tls1_prf_ctrl_str KDF_F_PKEY_TLS1_PRF_DERIVE:101:pkey_tls1_prf_derive OBJ_F_OBJ_ADD_OBJECT:105:OBJ_add_object @@ -2109,6 +2113,7 @@ EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE:150:\ operation not supported for this keytype EVP_R_OPERATON_NOT_INITIALIZED:151:operaton not initialized EVP_R_PARTIALLY_OVERLAPPING:162:partially overlapping buffers +EVP_R_PBKDF2_ERROR:181:pbkdf2 error EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED:179:\ pkey application asn1 method already registered EVP_R_PRIVATE_KEY_DECODE_ERROR:145:private key decode error diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 8678abd5b4..58097837f6 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -92,6 +92,8 @@ static const ERR_STRING_DATA EVP_str_functs[] = { {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN, 0), "EVP_PKEY_keygen"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_KEYGEN_INIT, 0), "EVP_PKEY_keygen_init"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_ADD0, 0), "EVP_PKEY_meth_add0"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_METH_NEW, 0), "EVP_PKEY_meth_new"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW, 0), "EVP_PKEY_new"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_NEW_CMAC_KEY, 0), "EVP_PKEY_new_CMAC_key"}, @@ -212,6 +214,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "operaton not initialized"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PARTIALLY_OVERLAPPING), "partially overlapping buffers"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PBKDF2_ERROR), "pbkdf2 error"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED), "pkey application asn1 method already registered"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_PRIVATE_KEY_DECODE_ERROR), diff --git a/crypto/evp/pbe_scrypt.c b/crypto/evp/pbe_scrypt.c index fddabc9a32..02f5895eac 100644 --- a/crypto/evp/pbe_scrypt.c +++ b/crypto/evp/pbe_scrypt.c @@ -170,8 +170,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, if (r == 0 || p == 0 || N < 2 || (N & (N - 1))) return 0; /* Check p * r < SCRYPT_PR_MAX avoiding overflow */ - if (p > SCRYPT_PR_MAX / r) + if (p > SCRYPT_PR_MAX / r) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } /* * Need to check N: if 2^(128 * r / 8) overflows limit this is @@ -179,8 +181,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, */ if (16 * r <= LOG2_UINT64_MAX) { - if (N >= (((uint64_t)1) << (16 * r))) + if (N >= (((uint64_t)1) << (16 * r))) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } } /* Memory checks: check total allocated buffer size fits in uint64_t */ @@ -205,13 +209,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, * This is combined size V, X and T (section 4) */ i = UINT64_MAX / (32 * sizeof(uint32_t)); - if (N + 2 > i / r) + if (N + 2 > i / r) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } Vlen = 32 * r * (N + 2) * sizeof(uint32_t); /* check total allocated size fits in uint64_t */ - if (Blen > UINT64_MAX - Vlen) + if (Blen > UINT64_MAX - Vlen) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED); return 0; + } if (maxmem == 0) maxmem = SCRYPT_MAX_MEM; @@ -230,8 +238,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, return 1; B = OPENSSL_malloc((size_t)(Blen + Vlen)); - if (B == NULL) + if (B == NULL) { + EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE); return 0; + } X = (uint32_t *)(B + Blen); T = X + 32 * r; V = T + 32 * r; @@ -247,6 +257,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen, goto err; rv = 1; err: + if (rv == 0) + EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR); + OPENSSL_clear_free(B, (size_t)(Blen + Vlen)); return rv; } diff --git a/crypto/evp/pmeth_lib.c b/crypto/evp/pmeth_lib.c index f854cf4a92..cf4dd43914 100644 --- a/crypto/evp/pmeth_lib.c +++ b/crypto/evp/pmeth_lib.c @@ -123,7 +123,6 @@ static EVP_PKEY_CTX *int_ctx_new(EVP_PKEY *pkey, ENGINE *e, int id) * If an ENGINE handled this method look it up. Otherwise use internal * tables. */ - if (e) pmeth = ENGINE_get_pkey_meth(e, id); else @@ -169,8 +168,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags) EVP_PKEY_METHOD *pmeth; pmeth = OPENSSL_zalloc(sizeof(*pmeth)); - if (pmeth == NULL) + if (pmeth == NULL) { + EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE); return NULL; + } pmeth->pkey_id = id; pmeth->flags = flags | EVP_PKEY_FLAG_DYNAMIC; @@ -258,8 +259,10 @@ EVP_PKEY_CTX *EVP_PKEY_CTX_dup(EVP_PKEY_CTX *pctx) } #endif rctx = OPENSSL_malloc(sizeof(*rctx)); - if (rctx == NULL) + if (rctx == NULL) { + EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE); return NULL; + } rctx->pmeth = pctx->pmeth; #ifndef OPENSSL_NO_ENGINE @@ -293,11 +296,15 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth) { if (app_pkey_methods == NULL) { app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp); - if (app_pkey_methods == NULL) + if (app_pkey_methods == NULL){ + EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); return 0; + } } - if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) + if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) { + EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE); return 0; + } sk_EVP_PKEY_METHOD_sort(app_pkey_methods); return 1; } diff --git a/crypto/kdf/kdf_err.c b/crypto/kdf/kdf_err.c index c7b84b0f51..52ebd036e0 100644 --- a/crypto/kdf/kdf_err.c +++ b/crypto/kdf/kdf_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2018 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the OpenSSL license (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -21,6 +21,9 @@ static const ERR_STRING_DATA KDF_str_functs[] = { {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_CTRL_UINT64, 0), "pkey_scrypt_ctrl_uint64"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_DERIVE, 0), "pkey_scrypt_derive"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_INIT, 0), "pkey_scrypt_init"}, + {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_SCRYPT_SET_MEMBUF, 0), + "pkey_scrypt_set_membuf"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_CTRL_STR, 0), "pkey_tls1_prf_ctrl_str"}, {ERR_PACK(ERR_LIB_KDF, KDF_F_PKEY_TLS1_PRF_DERIVE, 0), diff --git a/crypto/kdf/scrypt.c b/crypto/kdf/scrypt.c index 3f4cf385db..0a5e3c5f39 100644 --- a/crypto/kdf/scrypt.c +++ b/crypto/kdf/scrypt.c @@ -58,8 +58,10 @@ static int pkey_scrypt_init(EVP_PKEY_CTX *ctx) SCRYPT_PKEY_CTX *kctx; kctx = OPENSSL_zalloc(sizeof(*kctx)); - if (kctx == NULL) + if (kctx == NULL) { + KDFerr(KDF_F_PKEY_SCRYPT_INIT, ERR_R_MALLOC_FAILURE); return 0; + } /* Default values are the most conservative recommendation given in the * original paper of C. Percival. Derivation uses roughly 1 GiB of memory @@ -102,8 +104,10 @@ static int pkey_scrypt_set_membuf(unsigned char **buffer, size_t *buflen, } else { *buffer = OPENSSL_malloc(1); } - if (*buffer == NULL) + if (*buffer == NULL) { + KDFerr(KDF_F_PKEY_SCRYPT_SET_MEMBUF, ERR_R_MALLOC_FAILURE); return 0; + } *buflen = new_buflen; return 1; diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index b269a8e0de..09b7d7bc4f 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -77,6 +77,8 @@ int ERR_load_EVP_strings(void); # define EVP_F_EVP_PKEY_GET0_SIPHASH 172 # define EVP_F_EVP_PKEY_KEYGEN 146 # define EVP_F_EVP_PKEY_KEYGEN_INIT 147 +# define EVP_F_EVP_PKEY_METH_ADD0 194 +# define EVP_F_EVP_PKEY_METH_NEW 195 # define EVP_F_EVP_PKEY_NEW 106 # define EVP_F_EVP_PKEY_NEW_CMAC_KEY 193 # define EVP_F_EVP_PKEY_NEW_RAW_PRIVATE_KEY 191 @@ -155,6 +157,7 @@ int ERR_load_EVP_strings(void); # define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150 # define EVP_R_OPERATON_NOT_INITIALIZED 151 # define EVP_R_PARTIALLY_OVERLAPPING 162 +# define EVP_R_PBKDF2_ERROR 181 # define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 179 # define EVP_R_PRIVATE_KEY_DECODE_ERROR 145 # define EVP_R_PRIVATE_KEY_ENCODE_ERROR 146 diff --git a/include/openssl/kdferr.h b/include/openssl/kdferr.h index ea30fb9c9f..5a03b5cc09 100644 --- a/include/openssl/kdferr.h +++ b/include/openssl/kdferr.h @@ -24,6 +24,8 @@ int ERR_load_KDF_strings(void); # define KDF_F_PKEY_SCRYPT_CTRL_STR 104 # define KDF_F_PKEY_SCRYPT_CTRL_UINT64 105 # define KDF_F_PKEY_SCRYPT_DERIVE 109 +# define KDF_F_PKEY_SCRYPT_INIT 106 +# define KDF_F_PKEY_SCRYPT_SET_MEMBUF 107 # define KDF_F_PKEY_TLS1_PRF_CTRL_STR 100 # define KDF_F_PKEY_TLS1_PRF_DERIVE 101 -- GitLab