EVP,KDF: Add more error code along some return 0 (45ae18b3) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/evp/evp_err.c

+3 −0

Original line number	Diff line number	Diff line
		@@ -70,6 +70,8 @@ static ERR_STRING_DATA EVP_str_functs[] = {
		{ERR_FUNC(EVP_F_EVP_PKEY_GET0_RSA), "EVP_PKEY_get0_RSA"},
		{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN), "EVP_PKEY_keygen"},
		{ERR_FUNC(EVP_F_EVP_PKEY_KEYGEN_INIT), "EVP_PKEY_keygen_init"},
		{ERR_FUNC(EVP_F_EVP_PKEY_METH_ADD0), "EVP_PKEY_meth_add0"},
		{ERR_FUNC(EVP_F_EVP_PKEY_METH_NEW), "EVP_PKEY_meth_new"},
		{ERR_FUNC(EVP_F_EVP_PKEY_NEW), "EVP_PKEY_new"},
		{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN), "EVP_PKEY_paramgen"},
		{ERR_FUNC(EVP_F_EVP_PKEY_PARAMGEN_INIT), "EVP_PKEY_paramgen_init"},
		@@ -143,6 +145,7 @@ static ERR_STRING_DATA EVP_str_reasons[] = {
		{ERR_REASON(EVP_R_OPERATON_NOT_INITIALIZED), "operaton not initialized"},
		{ERR_REASON(EVP_R_PARTIALLY_OVERLAPPING),
		"partially overlapping buffers"},
		{ERR_REASON(EVP_R_PBKDF2_ERROR), "pbkdf2 error"},
		{ERR_REASON(EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED),
		"pkey application asn1 method already registered"},
		{ERR_REASON(EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED),

crypto/evp/pmeth_lib.c

+12 −4

Original line number	Diff line number	Diff line
		@@ -151,8 +151,10 @@ EVP_PKEY_METHOD *EVP_PKEY_meth_new(int id, int flags)
		EVP_PKEY_METHOD *pmeth;

		pmeth = OPENSSL_zalloc(sizeof(*pmeth));
		if (pmeth == NULL)
		if (pmeth == NULL) {
		EVPerr(EVP_F_EVP_PKEY_METH_NEW, ERR_R_MALLOC_FAILURE);
		return NULL;
		}

		pmeth->pkey_id = id;
		pmeth->flags = flags \| EVP_PKEY_FLAG_DYNAMIC;
		@@ -238,8 +240,10 @@ EVP_PKEY_CTX EVP_PKEY_CTX_dup(EVP_PKEY_CTX pctx)
		}
		#endif
		rctx = OPENSSL_malloc(sizeof(*rctx));
		if (rctx == NULL)
		if (rctx == NULL) {
		EVPerr(EVP_F_EVP_PKEY_CTX_DUP, ERR_R_MALLOC_FAILURE);
		return NULL;
		}

		rctx->pmeth = pctx->pmeth;
		#ifndef OPENSSL_NO_ENGINE
		@@ -273,11 +277,15 @@ int EVP_PKEY_meth_add0(const EVP_PKEY_METHOD *pmeth)
		{
		if (app_pkey_methods == NULL) {
		app_pkey_methods = sk_EVP_PKEY_METHOD_new(pmeth_cmp);
		if (app_pkey_methods == NULL)
		if (app_pkey_methods == NULL) {
		EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
		return 0;
		}
		if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth))
		}
		if (!sk_EVP_PKEY_METHOD_push(app_pkey_methods, pmeth)) {
		EVPerr(EVP_F_EVP_PKEY_METH_ADD0, ERR_R_MALLOC_FAILURE);
		return 0;
		}
		sk_EVP_PKEY_METHOD_sort(app_pkey_methods);
		return 1;
		}

crypto/evp/scrypt.c

+18 −5

Original line number	Diff line number	Diff line
		@@ -171,8 +171,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
		if (r == 0 \|\| p == 0 \|\| N < 2 \|\| (N & (N - 1)))
		return 0;
		/* Check p * r < SCRYPT_PR_MAX avoiding overflow */
		if (p > SCRYPT_PR_MAX / r)
		if (p > SCRYPT_PR_MAX / r) {
		EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
		return 0;
		}

		/*
		* Need to check N: if 2^(128 * r / 8) overflows limit this is
		@@ -180,9 +182,11 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
		*/

		if (16 * r <= LOG2_UINT64_MAX) {
		if (N >= (((uint64_t)1) << (16 * r)))
		if (N >= (((uint64_t)1) << (16 * r))) {
		EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
		return 0;
		}
		}

		/* Memory checks: check total allocated buffer size fits in uint64_t */

		@@ -199,13 +203,17 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
		* This is combined size V, X and T (section 4)
		*/
		i = UINT64_MAX / (32 * sizeof(uint32_t));
		if (N + 2 > i / r)
		if (N + 2 > i / r) {
		EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
		return 0;
		}
		Vlen = 32 * r * (N + 2) * sizeof(uint32_t);

		/* check total allocated size fits in uint64_t */
		if (Blen > UINT64_MAX - Vlen)
		if (Blen > UINT64_MAX - Vlen) {
		EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_MEMORY_LIMIT_EXCEEDED);
		return 0;
		}
		/* check total allocated size fits in size_t */
		if (Blen > SIZE_MAX - Vlen)
		return 0;
		@@ -225,8 +233,10 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
		return 1;

		B = OPENSSL_malloc(allocsize);
		if (B == NULL)
		if (B == NULL) {
		EVPerr(EVP_F_EVP_PBE_SCRYPT, ERR_R_MALLOC_FAILURE);
		return 0;
		}
		X = (uint32_t *)(B + Blen);
		T = X + 32 * r;
		V = T + 32 * r;
		@@ -242,6 +252,9 @@ int EVP_PBE_scrypt(const char *pass, size_t passlen,
		goto err;
		rv = 1;
		err:
		if (rv == 0)
		EVPerr(EVP_F_EVP_PBE_SCRYPT, EVP_R_PBKDF2_ERROR);

		OPENSSL_clear_free(B, allocsize);
		return rv;
		}

include/openssl/evp.h

+3 −0

Original line number	Diff line number	Diff line
		@@ -1506,6 +1506,8 @@ int ERR_load_EVP_strings(void);
		# define EVP_F_EVP_PKEY_GET0_RSA 121
		# define EVP_F_EVP_PKEY_KEYGEN 146
		# define EVP_F_EVP_PKEY_KEYGEN_INIT 147
		# define EVP_F_EVP_PKEY_METH_ADD0 172
		# define EVP_F_EVP_PKEY_METH_NEW 173
		# define EVP_F_EVP_PKEY_NEW 106
		# define EVP_F_EVP_PKEY_PARAMGEN 148
		# define EVP_F_EVP_PKEY_PARAMGEN_INIT 149
		@@ -1570,6 +1572,7 @@ int ERR_load_EVP_strings(void);
		# define EVP_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 150
		# define EVP_R_OPERATON_NOT_INITIALIZED 151
		# define EVP_R_PARTIALLY_OVERLAPPING 162
		# define EVP_R_PBKDF2_ERROR 176
		# define EVP_R_PKEY_APPLICATION_ASN1_METHOD_ALREADY_REGISTERED 175
		# define EVP_R_PKEY_ASN1_METHOD_ALREADY_REGISTERED 164
		# define EVP_R_PRIVATE_KEY_DECODE_ERROR 145