diff options
| author | Matt Caswell <matt@openssl.org> | 2019-04-18 17:43:05 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2019-04-19 09:31:54 +0100 |
| commit | 6caf7f3aec5484ee65067e9671299d3411565dc1 (patch) | |
| tree | 44afc9f27566e7044c22fa95c00946b9fb37a9a4 /providers | |
| parent | 64adf9aac765f0872c33d225c57e5c128f5d7c69 (diff) | |
| download | openssl-6caf7f3aec5484ee65067e9671299d3411565dc1.zip openssl-6caf7f3aec5484ee65067e9671299d3411565dc1.tar.gz openssl-6caf7f3aec5484ee65067e9671299d3411565dc1.tar.bz2 | |
Create provider errors and use them
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
Diffstat (limited to 'providers')
| -rw-r--r-- | providers/common/build.info | 3 | ||||
| -rw-r--r-- | providers/common/ciphers/aes.c | 94 | ||||
| -rw-r--r-- | providers/common/ciphers/aes_basic.c | 8 | ||||
| -rw-r--r-- | providers/common/ciphers/block.c | 13 | ||||
| -rw-r--r-- | providers/common/include/internal/providercommon.h | 0 | ||||
| -rw-r--r-- | providers/common/include/internal/providercommonerr.h | 54 | ||||
| -rw-r--r-- | providers/common/provider_err.c | 67 |
7 files changed, 207 insertions, 32 deletions
diff --git a/providers/common/build.info b/providers/common/build.info index 2b6c16e..1617467 100644 --- a/providers/common/build.info +++ b/providers/common/build.info @@ -1 +1,4 @@ SUBDIRS=digests ciphers + +SOURCE[../../libcrypto]=\ + provider_err.c diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c index d98a5c5..5c6e670 100644 --- a/providers/common/ciphers/aes.c +++ b/providers/common/ciphers/aes.c @@ -16,6 +16,7 @@ #include "internal/cryptlib.h" #include "internal/provider_algs.h" #include "ciphers_locl.h" +#include "internal/providercommonerr.h" static OSSL_OP_cipher_encrypt_init_fn aes_einit; static OSSL_OP_cipher_decrypt_init_fn aes_dinit; @@ -42,8 +43,10 @@ static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx, int enc) { if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) { - if (ivlen != AES_BLOCK_SIZE) + if (ivlen != AES_BLOCK_SIZE) { + PROVerr(PROV_F_PROV_AES_KEY_GENERIC_INIT, ERR_R_INTERNAL_ERROR); return 0; + } memcpy(ctx->iv, iv, AES_BLOCK_SIZE); } ctx->enc = enc; @@ -56,11 +59,15 @@ static int aes_einit(void *vctx, const unsigned char *key, size_t keylen, { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) + if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) { + /* PROVerr already called */ return 0; + } if (key != NULL) { - if (keylen != ctx->keylen) + if (keylen != ctx->keylen) { + PROVerr(PROV_F_AES_EINIT, PROV_R_INVALID_KEYLEN); return 0; + } return ctx->ciph->init(ctx, key, ctx->keylen); } @@ -72,11 +79,15 @@ static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen, { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) + if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) { + /* PROVerr already called */ return 0; + } if (key != NULL) { - if (keylen != ctx->keylen) + if (keylen != ctx->keylen) { + PROVerr(PROV_F_AES_DINIT, PROV_R_INVALID_KEYLEN); return 0; + } return ctx->ciph->init(ctx, key, ctx->keylen); } @@ -98,30 +109,42 @@ static int aes_block_update(void *vctx, unsigned char *out, size_t *outl, */ if (ctx->bufsz == AES_BLOCK_SIZE && (ctx->enc || inl > 0 || !ctx->pad)) { - if (outsize < AES_BLOCK_SIZE) + if (outsize < AES_BLOCK_SIZE) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; - if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) + } + if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED); return 0; + } ctx->bufsz = 0; outlint = AES_BLOCK_SIZE; out += AES_BLOCK_SIZE; } if (nextblocks > 0) { if (!ctx->enc && ctx->pad && nextblocks == inl) { - if (!ossl_assert(inl >= AES_BLOCK_SIZE)) + if (!ossl_assert(inl >= AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } nextblocks -= AES_BLOCK_SIZE; } outlint += nextblocks; - if (outsize < outlint) + if (outsize < outlint) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; - if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) + } + if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) { + PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED); return 0; + } in += nextblocks; inl -= nextblocks; } - if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) + if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) { + /* PROVerr already called */ return 0; + } *outl = outlint; return inl == 0; @@ -139,38 +162,47 @@ static int aes_block_final(void *vctx, unsigned char *out, size_t *outl, *outl = 0; return 1; } else if (ctx->bufsz != AES_BLOCK_SIZE) { - /* TODO(3.0): What is the correct error code here? */ + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH); return 0; } - if (outsize < AES_BLOCK_SIZE) + if (outsize < AES_BLOCK_SIZE) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; - if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) + } + if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED); return 0; + } ctx->bufsz = 0; *outl = AES_BLOCK_SIZE; return 1; } /* Decrypting */ - /* TODO(3.0): What's the correct error here */ if (ctx->bufsz != AES_BLOCK_SIZE) { if (ctx->bufsz == 0 && !ctx->pad) { *outl = 0; return 1; } + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH); return 0; } - if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) + if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED); return 0; + } - /* TODO(3.0): What is the correct error here */ - if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) + if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) { + /* PROVerr already called */ return 0; + } - if (outsize < ctx->bufsz) + if (outsize < ctx->bufsz) { + PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } memcpy(out, ctx->buf, ctx->bufsz); *outl = ctx->bufsz; ctx->bufsz = 0; @@ -183,11 +215,15 @@ static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl, { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - if (outsize < inl) + if (outsize < inl) { + PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL); return 0; + } - if (!ctx->ciph->cipher(ctx, out, in, inl)) + if (!ctx->ciph->cipher(ctx, out, in, inl)) { + PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_CIPHER_OPERATION_FAILED); return 0; + } *outl = inl; return 1; @@ -204,8 +240,10 @@ static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in, { PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx; - if (!ctx->ciph->cipher(ctx, out, in, inl)) + if (!ctx->ciph->cipher(ctx, out, in, inl)) { + PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED); return 0; + } return 1; } @@ -286,6 +324,10 @@ static void *aes_dupctx(void *ctx) PROV_AES_KEY *in = (PROV_AES_KEY *)ctx; PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret)); + if (ret == NULL) { + PROVerr(PROV_F_AES_DUPCTX, ERR_R_MALLOC_FAILURE); + return NULL; + } *ret = *in; return ret; @@ -332,8 +374,10 @@ static int aes_ctx_get_params(void *vctx, const OSSL_PARAM params[]) const OSSL_PARAM *p; p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING); - if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad)) + if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) { + PROVerr(PROV_F_AES_CTX_GET_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER); return 0; + } return 1; } @@ -347,8 +391,10 @@ static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[]) if (p != NULL) { int pad; - if (!OSSL_PARAM_get_int(p, &pad)) + if (!OSSL_PARAM_get_int(p, &pad)) { + PROVerr(PROV_F_AES_CTX_SET_PARAMS, PROV_R_FAILED_TO_GET_PARAMETER); return 0; + } ctx->pad = pad ? 1 : 0; } return 1; diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c index e467622..0f64296 100644 --- a/providers/common/ciphers/aes_basic.c +++ b/providers/common/ciphers/aes_basic.c @@ -9,7 +9,6 @@ #include <openssl/opensslconf.h> #include <openssl/crypto.h> -#include <openssl/evp.h> #include <openssl/err.h> #include <string.h> #include <assert.h> @@ -18,6 +17,7 @@ #include <openssl/rand.h> #include <openssl/cmac.h> #include "ciphers_locl.h" +#include "internal/providercommonerr.h" #define MAXBITCHUNK ((size_t)1 << (sizeof(size_t) * 8 - 4)) @@ -133,7 +133,7 @@ static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key, } if (ret < 0) { - EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); + PROVerr(PROV_F_AESNI_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED); return 0; } @@ -316,7 +316,7 @@ static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key, } if (ret < 0) { - EVPerr(EVP_F_AES_T4_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); + PROVerr(PROV_F_AES_T4_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED); return 0; } @@ -746,7 +746,7 @@ static int aes_init_key(PROV_AES_KEY *dat, const unsigned char *key, } if (ret < 0) { - EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED); + PROVerr(PROV_F_AES_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED); return 0; } diff --git a/providers/common/ciphers/block.c b/providers/common/ciphers/block.c index fc15c5e..03aa429 100644 --- a/providers/common/ciphers/block.c +++ b/providers/common/ciphers/block.c @@ -12,6 +12,7 @@ #include <openssl/err.h> #include "ciphers_locl.h" #include <assert.h> +#include "internal/providercommonerr.h" /* * Fills a single block of buffered data from the input, and returns the amount @@ -65,8 +66,10 @@ int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize, if (*inlen == 0) return 1; - if (*buflen + *inlen > blocksize) + if (*buflen + *inlen > blocksize) { + PROVerr(PROV_F_TRAILINGDATA, ERR_R_INTERNAL_ERROR); return 0; + } memcpy(buf + *buflen, *in, *inlen); *buflen += *inlen; @@ -90,8 +93,10 @@ int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize) size_t pad, i; size_t len = *buflen; - if(len != blocksize) + if(len != blocksize) { + PROVerr(PROV_F_UNPADBLOCK, ERR_R_INTERNAL_ERROR); return 0; + } /* * The following assumes that the ciphertext has been authenticated. @@ -99,12 +104,12 @@ int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize) */ pad = buf[blocksize - 1]; if (pad == 0 || pad > blocksize) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); + PROVerr(PROV_F_UNPADBLOCK, PROV_R_BAD_DECRYPT); return 0; } for (i = 0; i < pad; i++) { if (buf[--len] != pad) { - EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT); + PROVerr(PROV_F_UNPADBLOCK, PROV_R_BAD_DECRYPT); return 0; } } diff --git a/providers/common/include/internal/providercommon.h b/providers/common/include/internal/providercommon.h new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/providers/common/include/internal/providercommon.h diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h new file mode 100644 index 0000000..609fd5b --- /dev/null +++ b/providers/common/include/internal/providercommonerr.h @@ -0,0 +1,54 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#ifndef HEADER_PROVERR_H +# define HEADER_PROVERR_H + +# ifndef HEADER_SYMHACKS_H +# include <openssl/symhacks.h> +# endif + +# ifdef __cplusplus +extern "C" +# endif +int ERR_load_PROV_strings(void); + +/* + * PROV function codes. + */ +# define PROV_F_AESNI_INIT_KEY 101 +# define PROV_F_AES_BLOCK_FINAL 102 +# define PROV_F_AES_BLOCK_UPDATE 103 +# define PROV_F_AES_CIPHER 104 +# define PROV_F_AES_CTX_GET_PARAMS 105 +# define PROV_F_AES_CTX_SET_PARAMS 106 +# define PROV_F_AES_DINIT 107 +# define PROV_F_AES_DUPCTX 108 +# define PROV_F_AES_EINIT 109 +# define PROV_F_AES_INIT_KEY 110 +# define PROV_F_AES_STREAM_UPDATE 111 +# define PROV_F_AES_T4_INIT_KEY 112 +# define PROV_F_PROV_AES_KEY_GENERIC_INIT 113 +# define PROV_F_TRAILINGDATA 114 +# define PROV_F_UNPADBLOCK 100 + +/* + * PROV reason codes. + */ +# define PROV_R_AES_KEY_SETUP_FAILED 101 +# define PROV_R_BAD_DECRYPT 100 +# define PROV_R_CIPHER_OPERATION_FAILED 102 +# define PROV_R_FAILED_TO_GET_PARAMETER 103 +# define PROV_R_FAILED_TO_SET_PARAMETER 104 +# define PROV_R_INVALID_KEYLEN 105 +# define PROV_R_OUTPUT_BUFFER_TOO_SMALL 106 +# define PROV_R_WRONG_FINAL_BLOCK_LENGTH 107 + +#endif diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c new file mode 100644 index 0000000..e6b577f --- /dev/null +++ b/providers/common/provider_err.c @@ -0,0 +1,67 @@ +/* + * Generated by util/mkerr.pl DO NOT EDIT + * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved. + * + * Licensed under the Apache License 2.0 (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html + */ + +#include <openssl/err.h> +#include "internal/providercommonerr.h" + +#ifndef OPENSSL_NO_ERR + +static const ERR_STRING_DATA PROV_str_functs[] = { + {ERR_PACK(ERR_LIB_PROV, PROV_F_AESNI_INIT_KEY, 0), "aesni_init_key"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_BLOCK_FINAL, 0), "aes_block_final"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_BLOCK_UPDATE, 0), "aes_block_update"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CIPHER, 0), "aes_cipher"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CTX_GET_PARAMS, 0), + "aes_ctx_get_params"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CTX_SET_PARAMS, 0), + "aes_ctx_set_params"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_DINIT, 0), "aes_dinit"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_DUPCTX, 0), "aes_dupctx"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_EINIT, 0), "aes_einit"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_INIT_KEY, 0), "aes_init_key"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_STREAM_UPDATE, 0), "aes_stream_update"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_PROV_AES_KEY_GENERIC_INIT, 0), + "PROV_AES_KEY_generic_init"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_TRAILINGDATA, 0), "trailingdata"}, + {ERR_PACK(ERR_LIB_PROV, PROV_F_UNPADBLOCK, 0), "unpadblock"}, + {0, NULL} +}; + +static const ERR_STRING_DATA PROV_str_reasons[] = { + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_AES_KEY_SETUP_FAILED), + "aes key setup failed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT), "bad decrypt"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED), + "cipher operation failed"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GET_PARAMETER), + "failed to get parameter"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER), + "failed to set parameter"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEYLEN), "invalid keylen"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL), + "output buffer too small"}, + {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH), + "wrong final block length"}, + {0, NULL} +}; + +#endif + +int ERR_load_PROV_strings(void) +{ +#ifndef OPENSSL_NO_ERR + if (ERR_func_error_string(PROV_str_functs[0].error) == NULL) { + ERR_load_strings_const(PROV_str_functs); + ERR_load_strings_const(PROV_str_reasons); + } +#endif + return 1; +} |