diff options
author | Ben Laurie <ben@openssl.org> | 2008-12-29 16:11:58 +0000 |
---|---|---|
committer | Ben Laurie <ben@openssl.org> | 2008-12-29 16:11:58 +0000 |
commit | 0eab41fb78cf4d7c76e563fd677ab6c32fc28bb0 (patch) | |
tree | da848c7424ced86fc60823f4948b0fc79e52a381 /crypto/evp | |
parent | 8aa02e97a782a4229936d5df6da42db3efe4acd1 (diff) |
If we're going to return errors (no matter how stupid), then we should
test for them!
Diffstat (limited to 'crypto/evp')
-rw-r--r-- | crypto/evp/evp.h | 2 | ||||
-rw-r--r-- | crypto/evp/evp_err.c | 4 | ||||
-rw-r--r-- | crypto/evp/evp_lib.c | 3 | ||||
-rw-r--r-- | crypto/evp/m_sigver.c | 15 | ||||
-rw-r--r-- | crypto/evp/p5_crpt.c | 6 | ||||
-rw-r--r-- | crypto/evp/p5_crpt2.c | 7 |
6 files changed, 27 insertions, 10 deletions
diff --git a/crypto/evp/evp.h b/crypto/evp/evp.h index 985ff2f5a9..df54409f10 100644 --- a/crypto/evp/evp.h +++ b/crypto/evp/evp.h @@ -1183,6 +1183,7 @@ void ERR_load_EVP_strings(void); #define EVP_F_EVP_DIGESTINIT_EX 128 #define EVP_F_EVP_ENCRYPTFINAL_EX 127 #define EVP_F_EVP_MD_CTX_COPY_EX 110 +#define EVP_F_EVP_MD_SIZE 162 #define EVP_F_EVP_OPENINIT 102 #define EVP_F_EVP_PBE_ALG_ADD 115 #define EVP_F_EVP_PBE_ALG_ADD_TYPE 160 @@ -1262,6 +1263,7 @@ void ERR_load_EVP_strings(void); #define EVP_R_INVALID_OPERATION 148 #define EVP_R_IV_TOO_LARGE 102 #define EVP_R_KEYGEN_FAILURE 120 +#define EVP_R_MESSAGE_DIGEST_IS_NULL 159 #define EVP_R_METHOD_NOT_SUPPORTED 144 #define EVP_R_MISSING_PARAMETERS 103 #define EVP_R_NO_CIPHER_SET 131 diff --git a/crypto/evp/evp_err.c b/crypto/evp/evp_err.c index 25a8ad7cdc..04485f0162 100644 --- a/crypto/evp/evp_err.c +++ b/crypto/evp/evp_err.c @@ -1,6 +1,6 @@ /* crypto/evp/evp_err.c */ /* ==================================================================== - * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -85,6 +85,7 @@ static ERR_STRING_DATA EVP_str_functs[]= {ERR_FUNC(EVP_F_EVP_DIGESTINIT_EX), "EVP_DigestInit_ex"}, {ERR_FUNC(EVP_F_EVP_ENCRYPTFINAL_EX), "EVP_EncryptFinal_ex"}, {ERR_FUNC(EVP_F_EVP_MD_CTX_COPY_EX), "EVP_MD_CTX_copy_ex"}, +{ERR_FUNC(EVP_F_EVP_MD_SIZE), "EVP_MD_SIZE"}, {ERR_FUNC(EVP_F_EVP_OPENINIT), "EVP_OpenInit"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD), "EVP_PBE_alg_add"}, {ERR_FUNC(EVP_F_EVP_PBE_ALG_ADD_TYPE), "EVP_PBE_alg_add_type"}, @@ -167,6 +168,7 @@ static ERR_STRING_DATA EVP_str_reasons[]= {ERR_REASON(EVP_R_INVALID_OPERATION) ,"invalid operation"}, {ERR_REASON(EVP_R_IV_TOO_LARGE) ,"iv too large"}, {ERR_REASON(EVP_R_KEYGEN_FAILURE) ,"keygen failure"}, +{ERR_REASON(EVP_R_MESSAGE_DIGEST_IS_NULL),"message digest is null"}, {ERR_REASON(EVP_R_METHOD_NOT_SUPPORTED) ,"method not supported"}, {ERR_REASON(EVP_R_MISSING_PARAMETERS) ,"missing parameters"}, {ERR_REASON(EVP_R_NO_CIPHER_SET) ,"no cipher set"}, diff --git a/crypto/evp/evp_lib.c b/crypto/evp/evp_lib.c index daccb66820..d815bc6d6f 100644 --- a/crypto/evp/evp_lib.c +++ b/crypto/evp/evp_lib.c @@ -256,7 +256,10 @@ int EVP_MD_pkey_type(const EVP_MD *md) int EVP_MD_size(const EVP_MD *md) { if (!md) + { + EVPerr(EVP_F_EVP_MD_SIZE, EVP_R_MESSAGE_DIGEST_IS_NULL); return -1; + } return md->md_size; } diff --git a/crypto/evp/m_sigver.c b/crypto/evp/m_sigver.c index c6d257fc08..d98455eaad 100644 --- a/crypto/evp/m_sigver.c +++ b/crypto/evp/m_sigver.c @@ -128,7 +128,6 @@ int EVP_DigestVerifyInit(EVP_MD_CTX *ctx, EVP_PKEY_CTX **pctx, return do_sigver_init(ctx, pctx, type, e, pkey, 1); } - int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { int sctx, r = 0; @@ -159,13 +158,15 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen) { if (sctx) { - if (ctx->pctx->pmeth->signctx(ctx->pctx, - sigret, siglen, ctx) <= 0) + if (ctx->pctx->pmeth->signctx(ctx->pctx, sigret, siglen, ctx) <= 0) + return 0; + } + else + { + int s = EVP_MD_size(ctx->digest); + if (s < 0 || EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, s) <= 0) return 0; } - else if (EVP_PKEY_sign(ctx->pctx, sigret, siglen, NULL, - EVP_MD_size(ctx->digest)) <= 0) - return 0; } return 1; } @@ -177,6 +178,8 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, unsigned char *sig, size_t siglen) int r; unsigned int mdlen; int vctx; + + /* FIXME: surely this should test verifyctx? (Ben 29/12/08) */ if (ctx->pctx->pmeth->signctx) vctx = 1; else diff --git a/crypto/evp/p5_crpt.c b/crypto/evp/p5_crpt.c index 9c6e07b706..7ecfa8dad9 100644 --- a/crypto/evp/p5_crpt.c +++ b/crypto/evp/p5_crpt.c @@ -81,6 +81,7 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, int saltlen, iter; unsigned char *salt; const unsigned char *pbuf; + int mdsize; /* Extract useful info from parameter */ if (param == NULL || param->type != V_ASN1_SEQUENCE || @@ -109,9 +110,12 @@ int PKCS5_PBE_keyivgen(EVP_CIPHER_CTX *cctx, const char *pass, int passlen, EVP_DigestUpdate(&ctx, salt, saltlen); PBEPARAM_free(pbe); EVP_DigestFinal_ex(&ctx, md_tmp, NULL); + mdsize = EVP_MD_size(md); + if (mdsize < 0) + return 0; for (i = 1; i < iter; i++) { EVP_DigestInit_ex(&ctx, md, NULL); - EVP_DigestUpdate(&ctx, md_tmp, EVP_MD_size(md)); + EVP_DigestUpdate(&ctx, md_tmp, mdsize); EVP_DigestFinal_ex (&ctx, md_tmp, NULL); } EVP_MD_CTX_cleanup(&ctx); diff --git a/crypto/evp/p5_crpt2.c b/crypto/evp/p5_crpt2.c index 70fd48aed0..334379f310 100644 --- a/crypto/evp/p5_crpt2.c +++ b/crypto/evp/p5_crpt2.c @@ -87,6 +87,8 @@ int PKCS5_PBKDF2_HMAC(const char *pass, int passlen, HMAC_CTX hctx; mdlen = EVP_MD_size(digest); + if (mdlen < 0) + return 0; HMAC_CTX_init(&hctx); p = out; @@ -273,8 +275,9 @@ int PKCS5_v2_PBE_keyivgen(EVP_CIPHER_CTX *ctx, const char *pass, int passlen, salt = kdf->salt->value.octet_string->data; saltlen = kdf->salt->value.octet_string->length; iter = ASN1_INTEGER_get(kdf->iter); - PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, - keylen, key); + if(!PKCS5_PBKDF2_HMAC(pass, passlen, salt, saltlen, iter, prfmd, + keylen, key)) + goto err; EVP_CipherInit_ex(ctx, NULL, NULL, key, NULL, en_de); OPENSSL_cleanse(key, keylen); PBKDF2PARAM_free(kdf); |