From 6caf7f3aec5484ee65067e9671299d3411565dc1 Mon Sep 17 00:00:00 2001
From: Matt Caswell <matt@openssl.org>
Date: Thu, 18 Apr 2019 17:43:05 +0100
Subject: [PATCH] Create provider errors and use them

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/8700)
---
 crypto/err/err.c                              |  1 +
 crypto/err/err_all.c                          |  4 +-
 crypto/err/openssl.ec                         |  1 +
 crypto/err/openssl.txt                        | 23 +++++
 include/openssl/err.h                         |  2 +
 providers/common/build.info                   |  3 +
 providers/common/ciphers/aes.c                | 94 ++++++++++++++-----
 providers/common/ciphers/aes_basic.c          |  8 +-
 providers/common/ciphers/block.c              | 13 ++-
 .../common/include/internal/providercommon.h  |  0
 .../include/internal/providercommonerr.h      | 54 +++++++++++
 providers/common/provider_err.c               | 67 +++++++++++++
 util/ck_errf.pl                               |  3 +-
 util/mkerr.pl                                 |  3 +-
 14 files changed, 241 insertions(+), 35 deletions(-)
 create mode 100644 providers/common/include/internal/providercommon.h
 create mode 100644 providers/common/include/internal/providercommonerr.h
 create mode 100644 providers/common/provider_err.c

diff --git a/crypto/err/err.c b/crypto/err/err.c
index 454885451a..345d230206 100644
--- a/crypto/err/err.c
+++ b/crypto/err/err.c
@@ -66,6 +66,7 @@ static ERR_STRING_DATA ERR_str_libraries[] = {
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, 0), "STORE routines"},
     {ERR_PACK(ERR_LIB_SM2, 0, 0), "SM2 routines"},
     {ERR_PACK(ERR_LIB_ESS, 0, 0), "ESS routines"},
+    {ERR_PACK(ERR_LIB_PROV, 0, 0), "Provider routines"},
     {0, NULL},
 };
 
diff --git a/crypto/err/err_all.c b/crypto/err/err_all.c
index 1166b01cb5..af44467ee9 100644
--- a/crypto/err/err_all.c
+++ b/crypto/err/err_all.c
@@ -41,6 +41,7 @@
 #include <openssl/storeerr.h>
 #include <openssl/esserr.h>
 #include "internal/propertyerr.h"
+#include "internal/providercommonerr.h"
 
 int err_load_crypto_strings_int(void)
 {
@@ -102,7 +103,8 @@ int err_load_crypto_strings_int(void)
 #endif
         ERR_load_KDF_strings() == 0 ||
         ERR_load_OSSL_STORE_strings() == 0 ||
-        ERR_load_PROP_strings() == 0)
+        ERR_load_PROP_strings() == 0 ||
+        ERR_load_PROV_strings() == 0)
         return 0;
 
     return 1;
diff --git a/crypto/err/openssl.ec b/crypto/err/openssl.ec
index a204434f8d..b28aa491da 100644
--- a/crypto/err/openssl.ec
+++ b/crypto/err/openssl.ec
@@ -37,6 +37,7 @@ L SM2           crypto/include/internal/sm2.h   crypto/sm2/sm2_err.c
 L OSSL_STORE    include/openssl/store.h         crypto/store/store_err.c
 L ESS           include/openssl/ess.h           crypto/ess/ess_err.c
 L PROP          include/internal/property.h     crypto/property/property_err.c
+L PROV          providers/common/include/internal/providercommon.h providers/common/provider_err.c
 
 # additional header files to be scanned for function names
 L NONE          include/openssl/x509_vfy.h      NONE
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index d914c5b4cb..5c444f5ba7 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -1105,6 +1105,21 @@ PROP_F_PARSE_NUMBER:104:parse_number
 PROP_F_PARSE_OCT:105:parse_oct
 PROP_F_PARSE_STRING:106:parse_string
 PROP_F_PARSE_UNQUOTED:107:parse_unquoted
+PROV_F_AESNI_INIT_KEY:101:aesni_init_key
+PROV_F_AES_BLOCK_FINAL:102:aes_block_final
+PROV_F_AES_BLOCK_UPDATE:103:aes_block_update
+PROV_F_AES_CIPHER:104:aes_cipher
+PROV_F_AES_CTX_GET_PARAMS:105:aes_ctx_get_params
+PROV_F_AES_CTX_SET_PARAMS:106:aes_ctx_set_params
+PROV_F_AES_DINIT:107:aes_dinit
+PROV_F_AES_DUPCTX:108:aes_dupctx
+PROV_F_AES_EINIT:109:aes_einit
+PROV_F_AES_INIT_KEY:110:aes_init_key
+PROV_F_AES_STREAM_UPDATE:111:aes_stream_update
+PROV_F_AES_T4_INIT_KEY:112:aes_t4_init_key
+PROV_F_PROV_AES_KEY_GENERIC_INIT:113:PROV_AES_KEY_generic_init
+PROV_F_TRAILINGDATA:114:trailingdata
+PROV_F_UNPADBLOCK:100:unpadblock
 RAND_F_DRBG_BYTES:101:drbg_bytes
 RAND_F_DRBG_CTR_INIT:125:drbg_ctr_init
 RAND_F_DRBG_GET_ENTROPY:105:drbg_get_entropy
@@ -2608,6 +2623,14 @@ PROP_R_NO_VALUE:107:no value
 PROP_R_PARSE_FAILED:108:parse failed
 PROP_R_STRING_TOO_LONG:109:string too long
 PROP_R_TRAILING_CHARACTERS:110:trailing characters
+PROV_R_AES_KEY_SETUP_FAILED:101:aes key setup failed
+PROV_R_BAD_DECRYPT:100:bad decrypt
+PROV_R_CIPHER_OPERATION_FAILED:102:cipher operation failed
+PROV_R_FAILED_TO_GET_PARAMETER:103:failed to get parameter
+PROV_R_FAILED_TO_SET_PARAMETER:104:failed to set parameter
+PROV_R_INVALID_KEYLEN:105:invalid keylen
+PROV_R_OUTPUT_BUFFER_TOO_SMALL:106:output buffer too small
+PROV_R_WRONG_FINAL_BLOCK_LENGTH:107:wrong final block length
 RAND_R_ADDITIONAL_INPUT_TOO_LONG:102:additional input too long
 RAND_R_ALREADY_INSTANTIATED:103:already instantiated
 RAND_R_ARGUMENT_OUT_OF_RANGE:105:argument out of range
diff --git a/include/openssl/err.h b/include/openssl/err.h
index 136b000924..8fcdfb4b7a 100644
--- a/include/openssl/err.h
+++ b/include/openssl/err.h
@@ -98,6 +98,7 @@ typedef struct err_state_st {
 # define ERR_LIB_ESS             54
 # define ERR_LIB_PROP            55
 # define ERR_LIB_CRMF            56
+# define ERR_LIB_PROV            57
 
 # define ERR_LIB_USER            128
 
@@ -140,6 +141,7 @@ typedef struct err_state_st {
 # define SM2err(f,r) ERR_PUT_error(ERR_LIB_SM2,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define ESSerr(f,r) ERR_PUT_error(ERR_LIB_ESS,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 # define PROPerr(f,r) ERR_PUT_error(ERR_LIB_PROP,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
+# define PROVerr(f,r) ERR_PUT_error(ERR_LIB_PROV,(f),(r),OPENSSL_FILE,OPENSSL_LINE)
 
 # define ERR_PACK(l,f,r) ( \
         (((unsigned int)(l) & 0x0FF) << 24L) | \
diff --git a/providers/common/build.info b/providers/common/build.info
index 2b6c16e103..1617467d51 100644
--- a/providers/common/build.info
+++ b/providers/common/build.info
@@ -1 +1,4 @@
 SUBDIRS=digests ciphers
+
+SOURCE[../../libcrypto]=\
+        provider_err.c
diff --git a/providers/common/ciphers/aes.c b/providers/common/ciphers/aes.c
index d98a5c520b..5c6e6703f8 100644
--- a/providers/common/ciphers/aes.c
+++ b/providers/common/ciphers/aes.c
@@ -16,6 +16,7 @@
 #include "internal/cryptlib.h"
 #include "internal/provider_algs.h"
 #include "ciphers_locl.h"
+#include "internal/providercommonerr.h"
 
 static OSSL_OP_cipher_encrypt_init_fn aes_einit;
 static OSSL_OP_cipher_decrypt_init_fn aes_dinit;
@@ -42,8 +43,10 @@ static int PROV_AES_KEY_generic_init(PROV_AES_KEY *ctx,
                                       int enc)
 {
     if (iv != NULL && ctx->mode != EVP_CIPH_ECB_MODE) {
-        if (ivlen != AES_BLOCK_SIZE)
+        if (ivlen != AES_BLOCK_SIZE) {
+            PROVerr(PROV_F_PROV_AES_KEY_GENERIC_INIT, ERR_R_INTERNAL_ERROR);
             return 0;
+        }
         memcpy(ctx->iv, iv, AES_BLOCK_SIZE);
     }
     ctx->enc = enc;
@@ -56,11 +59,15 @@ static int aes_einit(void *vctx, const unsigned char *key, size_t keylen,
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
-    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1))
+    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 1)) {
+        /* PROVerr already called */
         return 0;
+    }
     if (key != NULL) {
-        if (keylen != ctx->keylen)
+        if (keylen != ctx->keylen) {
+            PROVerr(PROV_F_AES_EINIT, PROV_R_INVALID_KEYLEN);
             return 0;
+        }
         return ctx->ciph->init(ctx, key, ctx->keylen);
     }
 
@@ -72,11 +79,15 @@ static int aes_dinit(void *vctx, const unsigned char *key, size_t keylen,
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
-    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0))
+    if (!PROV_AES_KEY_generic_init(ctx, iv, ivlen, 0)) {
+        /* PROVerr already called */
         return 0;
+    }
     if (key != NULL) {
-        if (keylen != ctx->keylen)
+        if (keylen != ctx->keylen) {
+            PROVerr(PROV_F_AES_DINIT, PROV_R_INVALID_KEYLEN);
             return 0;
+        }
         return ctx->ciph->init(ctx, key, ctx->keylen);
     }
 
@@ -98,30 +109,42 @@ static int aes_block_update(void *vctx, unsigned char *out, size_t *outl,
      */
     if (ctx->bufsz == AES_BLOCK_SIZE
             && (ctx->enc || inl > 0 || !ctx->pad)) {
-        if (outsize < AES_BLOCK_SIZE)
+        if (outsize < AES_BLOCK_SIZE) {
+            PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
             return 0;
-        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE))
+        }
+        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
+            PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
             return 0;
+        }
         ctx->bufsz = 0;
         outlint = AES_BLOCK_SIZE;
         out += AES_BLOCK_SIZE;
     }
     if (nextblocks > 0) {
         if (!ctx->enc && ctx->pad && nextblocks == inl) {
-            if (!ossl_assert(inl >= AES_BLOCK_SIZE))
+            if (!ossl_assert(inl >= AES_BLOCK_SIZE)) {
+                PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
                 return 0;
+            }
             nextblocks -= AES_BLOCK_SIZE;
         }
         outlint += nextblocks;
-        if (outsize < outlint)
+        if (outsize < outlint) {
+            PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
             return 0;
-        if (!ctx->ciph->cipher(ctx, out, in, nextblocks))
+        }
+        if (!ctx->ciph->cipher(ctx, out, in, nextblocks)) {
+            PROVerr(PROV_F_AES_BLOCK_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
             return 0;
+        }
         in += nextblocks;
         inl -= nextblocks;
     }
-    if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl))
+    if (!trailingdata(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE, &in, &inl)) {
+        /* PROVerr already called */
         return 0;
+    }
 
     *outl = outlint;
     return inl == 0;
@@ -139,38 +162,47 @@ static int aes_block_final(void *vctx, unsigned char *out, size_t *outl,
             *outl = 0;
             return 1;
         } else if (ctx->bufsz != AES_BLOCK_SIZE) {
-            /* TODO(3.0): What is the correct error code here? */
+            PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
             return 0;
         }
 
-        if (outsize < AES_BLOCK_SIZE)
+        if (outsize < AES_BLOCK_SIZE) {
+            PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
             return 0;
-        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE))
+        }
+        if (!ctx->ciph->cipher(ctx, out, ctx->buf, AES_BLOCK_SIZE)) {
+            PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
             return 0;
+        }
         ctx->bufsz = 0;
         *outl = AES_BLOCK_SIZE;
         return 1;
     }
 
     /* Decrypting */
-    /* TODO(3.0): What's the correct error here */
     if (ctx->bufsz != AES_BLOCK_SIZE) {
         if (ctx->bufsz == 0 && !ctx->pad) {
             *outl = 0;
             return 1;
         }
+        PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_WRONG_FINAL_BLOCK_LENGTH);
         return 0;
     }
 
-    if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE))
+    if (!ctx->ciph->cipher(ctx, ctx->buf, ctx->buf, AES_BLOCK_SIZE)) {
+        PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_CIPHER_OPERATION_FAILED);
         return 0;
+    }
 
-    /* TODO(3.0): What is the correct error here */
-    if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE))
+    if (ctx->pad && !unpadblock(ctx->buf, &ctx->bufsz, AES_BLOCK_SIZE)) {
+        /* PROVerr already called */
         return 0;
+    }
 
-    if (outsize < ctx->bufsz)
+    if (outsize < ctx->bufsz) {
+        PROVerr(PROV_F_AES_BLOCK_FINAL, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
         return 0;
+    }
     memcpy(out, ctx->buf, ctx->bufsz);
     *outl = ctx->bufsz;
     ctx->bufsz = 0;
@@ -183,11 +215,15 @@ static int aes_stream_update(void *vctx, unsigned char *out, size_t *outl,
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
-    if (outsize < inl)
+    if (outsize < inl) {
+        PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_OUTPUT_BUFFER_TOO_SMALL);
         return 0;
+    }
 
-    if (!ctx->ciph->cipher(ctx, out, in, inl))
+    if (!ctx->ciph->cipher(ctx, out, in, inl)) {
+        PROVerr(PROV_F_AES_STREAM_UPDATE, PROV_R_CIPHER_OPERATION_FAILED);
         return 0;
+    }
 
     *outl = inl;
     return 1;
@@ -204,8 +240,10 @@ static int aes_cipher(void *vctx, unsigned char *out, const unsigned char *in,
 {
     PROV_AES_KEY *ctx = (PROV_AES_KEY *)vctx;
 
-    if (!ctx->ciph->cipher(ctx, out, in, inl))
+    if (!ctx->ciph->cipher(ctx, out, in, inl)) {
+        PROVerr(PROV_F_AES_CIPHER, PROV_R_CIPHER_OPERATION_FAILED);
         return 0;
+    }
 
     return 1;
 }
@@ -286,6 +324,10 @@ static void *aes_dupctx(void *ctx)
     PROV_AES_KEY *in = (PROV_AES_KEY *)ctx;
     PROV_AES_KEY *ret = OPENSSL_malloc(sizeof(*ret));
 
+    if (ret == NULL) {
+        PROVerr(PROV_F_AES_DUPCTX, ERR_R_MALLOC_FAILURE);
+        return NULL;
+    }
     *ret = *in;
 
     return ret;
@@ -332,8 +374,10 @@ static int aes_ctx_get_params(void *vctx, const OSSL_PARAM params[])
     const OSSL_PARAM *p;
 
     p = OSSL_PARAM_locate(params, OSSL_CIPHER_PARAM_PADDING);
-    if (p != NULL && !OSSL_PARAM_set_uint(p, ctx->pad))
+    if (p != NULL && !OSSL_PARAM_set_int(p, ctx->pad)) {
+        PROVerr(PROV_F_AES_CTX_GET_PARAMS, PROV_R_FAILED_TO_SET_PARAMETER);
         return 0;
+    }
 
     return 1;
 }
@@ -347,8 +391,10 @@ static int aes_ctx_set_params(void *vctx, const OSSL_PARAM params[])
     if (p != NULL) {
         int pad;
 
-        if (!OSSL_PARAM_get_int(p, &pad))
+        if (!OSSL_PARAM_get_int(p, &pad)) {
+        PROVerr(PROV_F_AES_CTX_SET_PARAMS, PROV_R_FAILED_TO_GET_PARAMETER);
             return 0;
+        }
         ctx->pad = pad ? 1 : 0;
     }
     return 1;
diff --git a/providers/common/ciphers/aes_basic.c b/providers/common/ciphers/aes_basic.c
index e46762212c..0f642966eb 100644
--- a/providers/common/ciphers/aes_basic.c
+++ b/providers/common/ciphers/aes_basic.c
@@ -9,7 +9,6 @@
 
 #include <openssl/opensslconf.h>
 #include <openssl/crypto.h>
-#include <openssl/evp.h>
 #include <openssl/err.h>
 #include <string.h>
 #include <assert.h>
@@ -18,6 +17,7 @@
 #include <openssl/rand.h>
 #include <openssl/cmac.h>
 #include "ciphers_locl.h"
+#include "internal/providercommonerr.h"
 
 #define MAXBITCHUNK     ((size_t)1 << (sizeof(size_t) * 8 - 4))
 
@@ -133,7 +133,7 @@ static int aesni_init_key(PROV_AES_KEY *dat, const unsigned char *key,
     }
 
     if (ret < 0) {
-        EVPerr(EVP_F_AESNI_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        PROVerr(PROV_F_AESNI_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED);
         return 0;
     }
 
@@ -316,7 +316,7 @@ static int aes_t4_init_key(PROV_AES_KEY *dat, const unsigned char *key,
     }
 
     if (ret < 0) {
-        EVPerr(EVP_F_AES_T4_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        PROVerr(PROV_F_AES_T4_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED);
         return 0;
     }
 
@@ -746,7 +746,7 @@ static int aes_init_key(PROV_AES_KEY *dat, const unsigned char *key,
     }
 
     if (ret < 0) {
-        EVPerr(EVP_F_AES_INIT_KEY, EVP_R_AES_KEY_SETUP_FAILED);
+        PROVerr(PROV_F_AES_INIT_KEY, PROV_R_AES_KEY_SETUP_FAILED);
         return 0;
     }
 
diff --git a/providers/common/ciphers/block.c b/providers/common/ciphers/block.c
index fc15c5e55a..03aa429b30 100644
--- a/providers/common/ciphers/block.c
+++ b/providers/common/ciphers/block.c
@@ -12,6 +12,7 @@
 #include <openssl/err.h>
 #include "ciphers_locl.h"
 #include <assert.h>
+#include "internal/providercommonerr.h"
 
 /*
  * Fills a single block of buffered data from the input, and returns the amount
@@ -65,8 +66,10 @@ int trailingdata(unsigned char *buf, size_t *buflen, size_t blocksize,
     if (*inlen == 0)
         return 1;
 
-    if (*buflen + *inlen > blocksize)
+    if (*buflen + *inlen > blocksize) {
+        PROVerr(PROV_F_TRAILINGDATA, ERR_R_INTERNAL_ERROR);
         return 0;
+    }
 
     memcpy(buf + *buflen, *in, *inlen);
     *buflen += *inlen;
@@ -90,8 +93,10 @@ int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize)
     size_t pad, i;
     size_t len = *buflen;
 
-    if(len != blocksize)
+    if(len != blocksize) {
+        PROVerr(PROV_F_UNPADBLOCK, ERR_R_INTERNAL_ERROR);
         return 0;
+    }
 
     /*
      * The following assumes that the ciphertext has been authenticated.
@@ -99,12 +104,12 @@ int unpadblock(unsigned char *buf, size_t *buflen, size_t blocksize)
      */
     pad = buf[blocksize - 1];
     if (pad == 0 || pad > blocksize) {
-        EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+        PROVerr(PROV_F_UNPADBLOCK, PROV_R_BAD_DECRYPT);
         return 0;
     }
     for (i = 0; i < pad; i++) {
         if (buf[--len] != pad) {
-            EVPerr(EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT);
+            PROVerr(PROV_F_UNPADBLOCK, PROV_R_BAD_DECRYPT);
             return 0;
         }
     }
diff --git a/providers/common/include/internal/providercommon.h b/providers/common/include/internal/providercommon.h
new file mode 100644
index 0000000000..e69de29bb2
diff --git a/providers/common/include/internal/providercommonerr.h b/providers/common/include/internal/providercommonerr.h
new file mode 100644
index 0000000000..609fd5bfd0
--- /dev/null
+++ b/providers/common/include/internal/providercommonerr.h
@@ -0,0 +1,54 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_PROVERR_H
+# define HEADER_PROVERR_H
+
+# ifndef HEADER_SYMHACKS_H
+#  include <openssl/symhacks.h>
+# endif
+
+# ifdef  __cplusplus
+extern "C"
+# endif
+int ERR_load_PROV_strings(void);
+
+/*
+ * PROV function codes.
+ */
+# define PROV_F_AESNI_INIT_KEY                            101
+# define PROV_F_AES_BLOCK_FINAL                           102
+# define PROV_F_AES_BLOCK_UPDATE                          103
+# define PROV_F_AES_CIPHER                                104
+# define PROV_F_AES_CTX_GET_PARAMS                        105
+# define PROV_F_AES_CTX_SET_PARAMS                        106
+# define PROV_F_AES_DINIT                                 107
+# define PROV_F_AES_DUPCTX                                108
+# define PROV_F_AES_EINIT                                 109
+# define PROV_F_AES_INIT_KEY                              110
+# define PROV_F_AES_STREAM_UPDATE                         111
+# define PROV_F_AES_T4_INIT_KEY                           112
+# define PROV_F_PROV_AES_KEY_GENERIC_INIT                 113
+# define PROV_F_TRAILINGDATA                              114
+# define PROV_F_UNPADBLOCK                                100
+
+/*
+ * PROV reason codes.
+ */
+# define PROV_R_AES_KEY_SETUP_FAILED                      101
+# define PROV_R_BAD_DECRYPT                               100
+# define PROV_R_CIPHER_OPERATION_FAILED                   102
+# define PROV_R_FAILED_TO_GET_PARAMETER                   103
+# define PROV_R_FAILED_TO_SET_PARAMETER                   104
+# define PROV_R_INVALID_KEYLEN                            105
+# define PROV_R_OUTPUT_BUFFER_TOO_SMALL                   106
+# define PROV_R_WRONG_FINAL_BLOCK_LENGTH                  107
+
+#endif
diff --git a/providers/common/provider_err.c b/providers/common/provider_err.c
new file mode 100644
index 0000000000..e6b577fee5
--- /dev/null
+++ b/providers/common/provider_err.c
@@ -0,0 +1,67 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2019 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the Apache License 2.0 (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <openssl/err.h>
+#include "internal/providercommonerr.h"
+
+#ifndef OPENSSL_NO_ERR
+
+static const ERR_STRING_DATA PROV_str_functs[] = {
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AESNI_INIT_KEY, 0), "aesni_init_key"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_BLOCK_FINAL, 0), "aes_block_final"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_BLOCK_UPDATE, 0), "aes_block_update"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CIPHER, 0), "aes_cipher"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CTX_GET_PARAMS, 0),
+     "aes_ctx_get_params"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_CTX_SET_PARAMS, 0),
+     "aes_ctx_set_params"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_DINIT, 0), "aes_dinit"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_DUPCTX, 0), "aes_dupctx"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_EINIT, 0), "aes_einit"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_INIT_KEY, 0), "aes_init_key"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_STREAM_UPDATE, 0), "aes_stream_update"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_AES_T4_INIT_KEY, 0), "aes_t4_init_key"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_PROV_AES_KEY_GENERIC_INIT, 0),
+     "PROV_AES_KEY_generic_init"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_TRAILINGDATA, 0), "trailingdata"},
+    {ERR_PACK(ERR_LIB_PROV, PROV_F_UNPADBLOCK, 0), "unpadblock"},
+    {0, NULL}
+};
+
+static const ERR_STRING_DATA PROV_str_reasons[] = {
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_AES_KEY_SETUP_FAILED),
+    "aes key setup failed"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_BAD_DECRYPT), "bad decrypt"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_CIPHER_OPERATION_FAILED),
+    "cipher operation failed"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_GET_PARAMETER),
+    "failed to get parameter"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_FAILED_TO_SET_PARAMETER),
+    "failed to set parameter"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_INVALID_KEYLEN), "invalid keylen"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_OUTPUT_BUFFER_TOO_SMALL),
+    "output buffer too small"},
+    {ERR_PACK(ERR_LIB_PROV, 0, PROV_R_WRONG_FINAL_BLOCK_LENGTH),
+    "wrong final block length"},
+    {0, NULL}
+};
+
+#endif
+
+int ERR_load_PROV_strings(void)
+{
+#ifndef OPENSSL_NO_ERR
+    if (ERR_func_error_string(PROV_str_functs[0].error) == NULL) {
+        ERR_load_strings_const(PROV_str_functs);
+        ERR_load_strings_const(PROV_str_reasons);
+    }
+#endif
+    return 1;
+}
diff --git a/util/ck_errf.pl b/util/ck_errf.pl
index cc7224ad9d..681535e720 100755
--- a/util/ck_errf.pl
+++ b/util/ck_errf.pl
@@ -72,7 +72,8 @@ if ( $internal ) {
     die "Extra parameters given.\n" if @ARGV;
     $config = "crypto/err/openssl.ec" unless defined $config;
     @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'),
-                glob('ssl/*.c'), glob('ssl/*/*.c') );
+                glob('ssl/*.c'), glob('ssl/*/*.c'), glob('providers/*.c'),
+                glob('providers/*/*.c'), glob('providers/*/*/*.c') );
 } else {
     die "Configuration file not given.\nSee '$0 -help' for information\n"
         unless defined $config;
diff --git a/util/mkerr.pl b/util/mkerr.pl
index 7139ee3bea..f1d9b39b95 100755
--- a/util/mkerr.pl
+++ b/util/mkerr.pl
@@ -114,7 +114,8 @@ if ( $internal ) {
     die "Cannot mix -internal and -static\n" if $static;
     die "Extra parameters given.\n" if @ARGV;
     @source = ( glob('crypto/*.c'), glob('crypto/*/*.c'),
-                glob('ssl/*.c'), glob('ssl/*/*.c') );
+                glob('ssl/*.c'), glob('ssl/*/*.c'), glob('providers/*.c'),
+                glob('providers/*/*.c'), glob('providers/*/*/*.c') );
 } else {
     die "-module isn't useful without -internal\n" if scalar keys %modules > 0;
     @source = @ARGV;