Create provider errors and use them

Reviewed-by: Paul Dale <[email protected]> (Merged from openssl#8700)
a-mair · Apr 19, 2019 · 6caf7f3 · 6caf7f3
1 parent 64adf9a
commit 6caf7f3
Show file tree

Hide file tree

Showing 14 changed files with 241 additions and 35 deletions.
diff --git a/crypto/err/err.c b/crypto/err/err.c
@@ -66,6 +66,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
     {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
     {ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines"},
+    {ERR_PACK(ERR_LIB_PROV, 0, 0), "Provider routines"},
     {0, NULL},
 };
 

diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
@@ -41,6 +41,7 @@
 #include <openssl/storeerr.h>
 #include <openssl/esserr.h>
 #include "internal/propertyerr.h"
+#include "internal/providercommonerr.h"
 
 int err_load_crypto_strings_int(void)
 {
@@ -102,7 +103,8 @@ int err_load_crypto_strings_int(void)
 #endif
         ERR_load_KDF_strings() == 0 ||
         ERR_load_OSSL_STORE_strings() == 0 ||
-        ERR_load_PROP_strings() == 0)
+        ERR_load_PROP_strings() == 0 ||
+        ERR_load_PROV_strings() == 0)
         return 0;
 
     return 1;

diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
@@ -37,6 +37,7 @@ L SM2           crypto/include/internal/sm2.h   crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 L ESS           include/openssl/ess.h           crypto/ess/ess_err.c
 L PROP          include/internal/property.h     crypto/property/property_err.c
+L PROV          providers/common/include/internal/providercommon.h providers/common/provider_err.c
 
 # additional header files to be scanned for function names
 L NONE          include/openssl/x509_vfy.h      NONE

diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
@@ -1105,6 +1105,21 @@ PROP_F_PARSE_NUMBER:104:parse_number
 PROP_F_PARSE_OCT:105:parse_oct
 PROP_F_PARSE_STRING:106:parse_string
 PROP_F_PARSE_UNQUOTED:107:parse_unquoted
+PROV_F_AESNI_INIT_KEY:101:aesni_init_key
+PROV_F_AES_BLOCK_FINAL:102:aes_block_final
+PROV_F_AES_BLOCK_UPDATE:103:aes_block_update
+PROV_F_AES_CIPHER:104:aes_cipher
+PROV_F_AES_CTX_GET_PARAMS:105:aes_ctx_get_params
+PROV_F_AES_CTX_SET_PARAMS:106:aes_ctx_set_params
+PROV_F_AES_DINIT:107:aes_dinit
+PROV_F_AES_DUPCTX:108:aes_dupctx
+PROV_F_AES_EINIT:109:aes_einit
+PROV_F_AES_INIT_KEY:110:aes_init_key
+PROV_F_AES_STREAM_UPDATE:111:aes_stream_update
+PROV_F_AES_T4_INIT_KEY:112:aes_t4_init_key
+PROV_F_PROV_AES_KEY_GENERIC_INIT:113:PROV_AES_KEY_generic_init
+PROV_F_TRAILINGDATA:114:trailingdata
+PROV_F_UNPADBLOCK:100:unpadblock
 RAND_F_DRBG_BYTES:101:drbg_bytes
 RAND_F_DRBG_CTR_INIT:125:drbg_ctr_init
 RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy
@@ -2608,6 +2623,14 @@ PROP_R_NO_VALUE:107:no value
 PROP_R_PARSE_FAILED:108:parse failed
 PROP_R_STRING_TOO_LONG:109:string too long
 PROP_R_TRAILING_CHARACTERS:110:trailing characters
+PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed
+PROV_R_BAD_DECRYPT:100:bad decrypt
+PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed
+PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter
+PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter
+PROV_R_INVALID_KEYLEN:105:invalid keylen
+PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
+PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length
 RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long
 RAND_R_ALREADY_INSTANTIATED:103:already instantiated
 RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range

diff --git a/include/openssl/err.h b/include/openssl/err.h
@@ -98,6 +98,7 @@ typedef struct err_state_st {
 # define ERR_LIB_ESS             54
 # define ERR_LIB_PROP            55
 # define ERR_LIB_CRMF            56
+# define ERR_LIB_PROV            57
 
 # define ERR_LIB_USER            128
 
@@ -140,6 +141,7 @@ typedef struct err_state_st {
 # define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define ESSerr(f,r) ERR_PUT_error(ERR_LIB_ESS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define PROPerr(f,r) ERR_PUT_error(ERR_LIB_PROP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PROVerr(f,r) ERR_PUT_error(ERR_LIB_PROV,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 # define ERR_PACK(l,f,r) ( \
         (((unsigned int)(l) & 0x0FF) << 24L) | \

diff --git a/providers/common/build.info b/providers/common/build.info
@@ -1 +1,4 @@
 SUBDIRS=digests ciphers
+
+SOURCE[../../libcrypto]=\
+        provider_err.c
diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c
@@ -16,6 +16,7 @@
 #include "internal/cryptlib.h"
 #include "internal/provider_algs.h"
 #include "ciphers_locl.h"
+#include "internal/providercommonerr.h"
 
 static OSSL_OP_cipher_encrypt_init_fn aes_einit;
 static OSSL_OP_cipher_decrypt_init_fn aes_dinit;
@@ -42,8 +43,10 @@ static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,
                                       int enc)
 {
     if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
-        if (ivlen != AES_BLOCK_SIZE)
+        if (ivlen != AES_BLOCK_SIZE) {
+            PROVerr(PROV_F_PROV_AES_KEY_GENERIC_INIT, ERR_R_INTERNAL_ERROR);
             return 0;
+        }
         memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
     }
     ctx->enc = enc;
@@ -56,11 +59,15 @@ static int aes_einit(void *vctx, const unsigned char *key, size_t keylen,
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
-    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1))
+    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) {
+        /* PROVerr already called */
         return 0;
+    }
     if (key != NULL) {
-        if (keylen != ctx->keylen)
+        if (keylen != ctx->keylen) {
+            PROVerr(PROV_F_AES_EINIT, PROV_R_INVALID_KEYLEN);
             return 0;
+        }
         return ctx->ciph->init(ctx, key, ctx->keylen);
     }
 
@@ -72,11 +79,15 @@ static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen,
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
-    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0))
+    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) {
+        /* PROVerr already called */
         return 0;
+    }
     if (key != NULL) {
-        if (keylen != ctx->keylen)
+        if (keylen != ctx->keylen) {
+            PROVerr(PROV_F_AES_DINIT, PROV_R_INVALID_KEYLEN);
             return 0;
+        }
         return ctx->ciph->init(ctx, key, ctx->keylen);
     }
 
@@ -98,30 +109,42 @@ static int aes_block_update(void *vctx, unsigned char *out, size_t *outl,
      */
     if (ctx->bufsz == AES_BLOCK_SIZE
             && (ctx->enc || inl > 0 || !ctx->pad)) {
-        if (outsize < AES_BLOCK_SIZE)
+        if (outsize < AES_BLOCK_SIZE) {
+            PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
             return 0;
-        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE))
+        }
+        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
+            PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
             return 0;
+        }
         ctx->bufsz = 0;
         outlint = AES_BLOCK_SIZE;
         out += AES_BLOCK_SIZE;
     }
     if (nextblocks > 0) {
         if (!ctx->enc && ctx->pad && nextblocks == inl) {
-            if (!ossl_assert(inl >= AES_BLOCK_SIZE))
+            if (!ossl_assert(inl >= AES_BLOCK_SIZE)) {
+                PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
                 return 0;
+            }
             nextblocks -= AES_BLOCK_SIZE;
         }
         outlint += nextblocks;
-        if (outsize < outlint)
+        if (outsize < outlint) {
+            PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
             return 0;
-        if (!ctx->ciph->cipher(ctx, out, in, nextblocks))
+        }
+        if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) {
+            PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
             return 0;
+        }
         in += nextblocks;
         inl -= nextblocks;
     }
-    if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl))
+    if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) {
+        /* PROVerr already called */
         return 0;
+    }
 
     *outl = outlint;
     return inl == 0;
@@ -139,38 +162,47 @@ static int aes_block_final(void *vctx, unsigned char *out, size_t *outl,
             *outl = 0;
             return 1;
         } else if (ctx->bufsz != AES_BLOCK_SIZE) {
-            /* TODO(3.0): What is the correct error code here? */
+            PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
             return 0;
         }
 
-        if (outsize < AES_BLOCK_SIZE)
+        if (outsize < AES_BLOCK_SIZE) {
+            PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
             return 0;
-        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE))
+        }
+        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
+            PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
             return 0;
+        }
         ctx->bufsz = 0;
         *outl = AES_BLOCK_SIZE;
         return 1;
     }
 
     /* Decrypting */
-    /* TODO(3.0): What's the correct error here */
     if (ctx->bufsz != AES_BLOCK_SIZE) {
         if (ctx->bufsz == 0 && !ctx->pad) {
             *outl = 0;
             return 1;
         }
+        PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
         return 0;
     }
 
-    if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE))
+    if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) {
+        PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
         return 0;
+    }
 
-    /* TODO(3.0): What is the correct error here */
-    if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE))
+    if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) {
+        /* PROVerr already called */
         return 0;
+    }
 
-    if (outsize < ctx->bufsz)
+    if (outsize < ctx->bufsz) {
+        PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
         return 0;
+    }
     memcpy(out, ctx->buf, ctx->bufsz);
     *outl = ctx->bufsz;
     ctx->bufsz = 0;
@@ -183,11 +215,15 @@ static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl,
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
-    if (outsize < inl)
+    if (outsize < inl) {
+        PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
         return 0;
+    }
 
-    if (!ctx->ciph->cipher(ctx, out, in, inl))
+    if (!ctx->ciph->cipher(ctx, out, in, inl)) {
+        PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
         return 0;
+    }
 
     *outl = inl;
     return 1;
@@ -204,8 +240,10 @@ static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in,
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
-    if (!ctx->ciph->cipher(ctx, out, in, inl))
+    if (!ctx->ciph->cipher(ctx, out, in, inl)) {
+        PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED);
         return 0;
+    }
 
     return 1;
 }
@@ -286,6 +324,10 @@ static void *aes_dupctx(void *ctx)
     PROV_AES_KEY *in = (PROV_AES_KEY *)ctx;
     PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret));
 
+    if (ret == NULL) {
+        PROVerr(PROV_F_AES_DUPCTX, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
     *ret = *in;
 
     return ret;
@@ -332,8 +374,10 @@ static int aes_ctx_get_params(void *vctx, const OSSL_PARAM params[])
     const OSSL_PARAM *p;
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
-    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad))
+    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
+        PROVerr(PROV_F_AES_CTX_GET_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
+    }
 
     return 1;
 }
@@ -347,8 +391,10 @@ static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[])
     if (p != NULL) {
         int pad;
 
-        if (!OSSL_PARAM_get_int(p, &pad))
+        if (!OSSL_PARAM_get_int(p, &pad)) {
+        PROVerr(PROV_F_AES_CTX_SET_PARAMS, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
+        }
         ctx->pad = pad ? 1 : 0;
     }
     return 1;

diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c
@@ -9,7 +9,6 @@
 
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
-#include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
 #include <assert.h>
@@ -18,6 +17,7 @@
 #include <openssl/rand.h>
 #include <openssl/cmac.h>
 #include "ciphers_locl.h"
+#include "internal/providercommonerr.h"
 
 #define MAXBITCHUNK     ((size_t)1 << (sizeof(size_t) * 8 - 4))
 
@@ -133,7 +133,7 @@ static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key,
     }
 
     if (ret < 0) {
-        EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        PROVerr(PROV_F_AESNI_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED);
         return 0;
     }
 
@@ -316,7 +316,7 @@ static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key,
     }
 
     if (ret < 0) {
-        EVPerr(EVP_F_AES_T4_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        PROVerr(PROV_F_AES_T4_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED);
         return 0;
     }
 
@@ -746,7 +746,7 @@ static int aes_init_key(PROV_AES_KEY *dat, const unsigned char *key,
     }
 
     if (ret < 0) {
-        EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        PROVerr(PROV_F_AES_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED);
         return 0;
     }