Commit a05bf83c authored by Pauli's avatar Pauli
Browse files

Coverity CID 1444960: Error handling issues 



Reviewed-by: default avatarMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/8888)
parent ea053ec9

crypto/err/openssl.txt

+1 −0
Original line number Diff line number Diff line
@@ -2400,6 +2400,7 @@ EVP_R_INPUT_NOT_INITIALIZED:111:input not initialized 
EVP_R_INVALID_CUSTOM_LENGTH:185:invalid custom length

EVP_R_INVALID_DIGEST:152:invalid digest

EVP_R_INVALID_FIPS_MODE:168:invalid fips mode

EVP_R_INVALID_IV_LENGTH:194:invalid iv length

EVP_R_INVALID_KEY:163:invalid key

EVP_R_INVALID_KEY_LENGTH:130:invalid key length

EVP_R_INVALID_OPERATION:148:invalid operation

crypto/evp/evp_err.c

+1 −0
Original line number Diff line number Diff line
@@ -249,6 +249,7 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { 
    "invalid custom length"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_DIGEST), "invalid digest"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_FIPS_MODE), "invalid fips mode"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_IV_LENGTH), "invalid iv length"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY), "invalid key"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_KEY_LENGTH), "invalid key length"},

    {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_INVALID_OPERATION), "invalid operation"},

crypto/evp/p5_crpt.c

+14 −6
Original line number Diff line number Diff line
@@ -28,7 +28,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, 
    EVP_MD_CTX *ctx;

    unsigned char md_tmp[EVP_MAX_MD_SIZE];

    unsigned char key[EVP_MAX_KEY_LENGTH], iv[EVP_MAX_IV_LENGTH];

    int i;

    int i, ivl, kl;

    PBEPARAM *pbe;

    int saltlen, iter;

    unsigned char *salt;
@@ -48,6 +48,17 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, 
        return 0;

    }



    ivl = EVP_CIPHER_iv_length(cipher);

    if (ivl < 0 || ivl > 16) {

        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_IV_LENGTH);

        return 0;

    }

    kl = EVP_CIPHER_key_length(cipher);

    if (kl < 0 || kl > (int)sizeof(md_tmp)) {

        EVPerr(EVP_F_PKCS5_PBE_KEYIVGEN, EVP_R_INVALID_KEY_LENGTH);

        return 0;

    }



    if (!pbe->iter)

        iter = 1;

    else
@@ -86,11 +97,8 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, 
        if (!EVP_DigestFinal_ex(ctx, md_tmp, NULL))

            goto err;

    }

    OPENSSL_assert(EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp));

    memcpy(key, md_tmp, EVP_CIPHER_key_length(cipher));

    OPENSSL_assert(EVP_CIPHER_iv_length(cipher) <= 16);

    memcpy(iv, md_tmp + (16 - EVP_CIPHER_iv_length(cipher)),

           EVP_CIPHER_iv_length(cipher));

    memcpy(key, md_tmp, kl);

    memcpy(iv, md_tmp + (16 - ivl), ivl);

    if (!EVP_CipherInit_ex(cctx, cipher, NULL, key, iv, en_de))

        goto err;

    OPENSSL_cleanse(md_tmp, EVP_MAX_MD_SIZE);

include/openssl/evperr.h

+1 −0
Original line number Diff line number Diff line
@@ -191,6 +191,7 @@ int ERR_load_EVP_strings(void); 
# define EVP_R_INVALID_CUSTOM_LENGTH                      185

# define EVP_R_INVALID_DIGEST                             152

# define EVP_R_INVALID_FIPS_MODE                          168

# define EVP_R_INVALID_IV_LENGTH                          194

# define EVP_R_INVALID_KEY                                163

# define EVP_R_INVALID_KEY_LENGTH                         130

# define EVP_R_INVALID_OPERATION                          148