From 4ca586ce8a9b4534304742ca76e579e7187d1181 Mon Sep 17 00:00:00 2001 From: "Dr. David von Oheimb" Date: Fri, 20 Oct 2023 20:51:17 +0200 Subject: [PATCH] EVP_PKEY_get_{bits,security_bits,size}(): add missing error queue entry on failure --- crypto/err/openssl.txt | 3 +++ crypto/evp/evp_err.c | 6 +++++- crypto/evp/p_lib.c | 18 +++++++++++++++--- include/crypto/evperr.h | 2 +- include/openssl/evperr.h | 5 ++++- 5 files changed, 28 insertions(+), 6 deletions(-) diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt index 1211b500c3bef..fc30a2205aaa2 100644 --- a/crypto/err/openssl.txt +++ b/crypto/err/openssl.txt @@ -781,11 +781,14 @@ EVP_R_UNABLE_TO_GET_MAXIMUM_REQUEST_SIZE:215:unable to get maximum request size EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH:216:unable to get random strength EVP_R_UNABLE_TO_LOCK_CONTEXT:211:unable to lock context EVP_R_UNABLE_TO_SET_CALLBACKS:217:unable to set callbacks +EVP_R_UNKNOWN_BITS:166:unknown bits EVP_R_UNKNOWN_CIPHER:160:unknown cipher EVP_R_UNKNOWN_DIGEST:161:unknown digest EVP_R_UNKNOWN_KEY_TYPE:207:unknown key type +EVP_R_UNKNOWN_MAX_SIZE:167:unknown max size EVP_R_UNKNOWN_OPTION:169:unknown option EVP_R_UNKNOWN_PBE_ALGORITHM:121:unknown pbe algorithm +EVP_R_UNKNOWN_SECURITY_BITS:168:unknown security bits EVP_R_UNSUPPORTED_ALGORITHM:156:unsupported algorithm EVP_R_UNSUPPORTED_CIPHER:107:unsupported cipher EVP_R_UNSUPPORTED_KEYLENGTH:123:unsupported keylength diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index c0d92321032fa..42dd7e400972e 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -160,12 +160,16 @@ static const ERR_STRING_DATA EVP_str_reasons[] = { "unable to lock context"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNABLE_TO_SET_CALLBACKS), "unable to set callbacks"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_BITS), "unknown bits"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_CIPHER), "unknown cipher"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "unknown digest"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_KEY_TYPE), "unknown key type"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_MAX_SIZE), "unknown max size"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_OPTION), "unknown option"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PBE_ALGORITHM), "unknown pbe algorithm"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_SECURITY_BITS), + "unknown security bits"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM), "unsupported algorithm"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_CIPHER), "unsupported cipher"}, diff --git a/crypto/evp/p_lib.c b/crypto/evp/p_lib.c index eb937d52ca5f6..06a127a82068b 100644 --- a/crypto/evp/p_lib.c +++ b/crypto/evp/p_lib.c @@ -68,7 +68,11 @@ int EVP_PKEY_get_bits(const EVP_PKEY *pkey) if (pkey->ameth != NULL && pkey->ameth->pkey_bits != NULL) size = pkey->ameth->pkey_bits(pkey); } - return size < 0 ? 0 : size; + if (size <= 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_BITS); + return 0; + } + return size; } int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey) @@ -80,7 +84,11 @@ int EVP_PKEY_get_security_bits(const EVP_PKEY *pkey) if (pkey->ameth != NULL && pkey->ameth->pkey_security_bits != NULL) size = pkey->ameth->pkey_security_bits(pkey); } - return size < 0 ? 0 : size; + if (size <= 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_SECURITY_BITS); + return 0; + } + return size; } int EVP_PKEY_save_parameters(EVP_PKEY *pkey, int mode) @@ -1812,7 +1820,11 @@ int EVP_PKEY_get_size(const EVP_PKEY *pkey) size = pkey->ameth->pkey_size(pkey); #endif } - return size < 0 ? 0 : size; + if (size <= 0) { + ERR_raise(ERR_LIB_EVP, EVP_R_UNKNOWN_MAX_SIZE); + return 0; + } + return size; } const char *EVP_PKEY_get0_description(const EVP_PKEY *pkey) diff --git a/include/crypto/evperr.h b/include/crypto/evperr.h index d90ba83f8b9f3..4a00110791ee7 100644 --- a/include/crypto/evperr.h +++ b/include/crypto/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 2020-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy diff --git a/include/openssl/evperr.h b/include/openssl/evperr.h index a5053f6cd23aa..11f3faa459ed0 100644 --- a/include/openssl/evperr.h +++ b/include/openssl/evperr.h @@ -1,6 +1,6 @@ /* * Generated by util/mkerr.pl DO NOT EDIT - * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2023 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -110,11 +110,14 @@ # define EVP_R_UNABLE_TO_GET_RANDOM_STRENGTH 216 # define EVP_R_UNABLE_TO_LOCK_CONTEXT 211 # define EVP_R_UNABLE_TO_SET_CALLBACKS 217 +# define EVP_R_UNKNOWN_BITS 166 # define EVP_R_UNKNOWN_CIPHER 160 # define EVP_R_UNKNOWN_DIGEST 161 # define EVP_R_UNKNOWN_KEY_TYPE 207 +# define EVP_R_UNKNOWN_MAX_SIZE 167 # define EVP_R_UNKNOWN_OPTION 169 # define EVP_R_UNKNOWN_PBE_ALGORITHM 121 +# define EVP_R_UNKNOWN_SECURITY_BITS 168 # define EVP_R_UNSUPPORTED_ALGORITHM 156 # define EVP_R_UNSUPPORTED_CIPHER 107 # define EVP_R_UNSUPPORTED_KEYLENGTH 123