diff options
author | Konrad Lipinski <k.lipinski2@partner.samsung.com> | 2019-06-11 16:25:51 +0200 |
---|---|---|
committer | Konrad Lipinski <k.lipinski2@samsung.com> | 2019-08-01 14:37:53 +0200 |
commit | cc6febdd37186eeea33bcbce89d79f661ee0009f (patch) | |
tree | 100542f7f8fd3b3c9548150362efe35adde47551 /src | |
parent | c40fbfa8503e7763ef630496852f4d6b5e63b58c (diff) | |
download | xmlsec1-cc6febdd37186eeea33bcbce89d79f661ee0009f.tar.gz xmlsec1-cc6febdd37186eeea33bcbce89d79f661ee0009f.tar.bz2 xmlsec1-cc6febdd37186eeea33bcbce89d79f661ee0009f.zip |
Import upstream commit c4d0493d545b99194eea1b2b058930d5a9bb91b1 (1.2.28)
Change-Id: I10f71567cb140be223923e1cd0b5895e366ac23e
Diffstat (limited to 'src')
140 files changed, 24357 insertions, 17740 deletions
diff --git a/src/Makefile.am b/src/Makefile.am index 44cfabea..c6d02443 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -14,6 +14,7 @@ AM_CFLAGS = \ $(NULL) EXTRA_DIST = \ + errors_helpers.h \ globals.h \ kw_aes_des.h \ skeleton \ @@ -46,7 +47,6 @@ libxmlsec1_la_SOURCES = \ nodeset.c \ parser.c \ relationship.c \ - soap.c \ strings.c \ templates.c \ transforms.c \ @@ -59,6 +59,10 @@ libxmlsec1_la_SOURCES = \ xslt.c \ $(NULL) +if XMLSEC_ENABLE_SOAP +libxmlsec1_la_SOURCES += soap.c +endif + libxmlsec1_la_LIBADD = \ $(LIBXSLT_LIBS) \ $(LIBXML_LIBS) \ @@ -1,4 +1,4 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * * @@ -7,6 +7,13 @@ * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:app + * @Short_description: Crypto-engine independent application support functions. + * @Stability: Stable + * + */ + #include "globals.h" #ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING @@ -29,7 +36,6 @@ #include <xmlsec/private.h> #include <xmlsec/errors.h> - /****************************************************************************** * * Crypto Init/shutdown @@ -45,11 +51,7 @@ int xmlSecCryptoInit(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoInit == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoInit", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoInit"); return(-1); } @@ -66,11 +68,7 @@ xmlSecCryptoInit(void) { int xmlSecCryptoShutdown(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoShutdown == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoShutdown", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoShutdown"); return(-1); } @@ -88,11 +86,7 @@ xmlSecCryptoShutdown(void) { int xmlSecCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoKeysMngrInit == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoKeysMngrInit", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoKeysMngrInit"); return(-1); } @@ -116,11 +110,7 @@ xmlSecCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) { xmlSecKeyDataId xmlSecKeyDataAesGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataAesGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataAesId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataAesGetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -139,11 +129,7 @@ xmlSecKeyDataAesGetKlass(void) { xmlSecKeyDataId xmlSecKeyDataDesGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataDesGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataDesId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataDesId"); return(xmlSecKeyDataIdUnknown); } @@ -162,11 +148,7 @@ xmlSecKeyDataDesGetKlass(void) { xmlSecKeyDataId xmlSecKeyDataDsaGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataDsaGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataDsaId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataDsaGetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -185,11 +167,7 @@ xmlSecKeyDataDsaGetKlass(void) { xmlSecKeyDataId xmlSecKeyDataEcdsaGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataEcdsaGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataEcdsaId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataEcdsaGetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -208,11 +186,7 @@ xmlSecKeyDataEcdsaGetKlass(void) { xmlSecKeyDataId xmlSecKeyDataGost2001GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataGost2001GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataGost2001Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataGost2001GetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -231,11 +205,7 @@ xmlSecKeyDataGost2001GetKlass(void) { xmlSecKeyDataId xmlSecKeyDataGostR3410_2012_256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataGostR3410_2012_256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataGostR3410_2012_256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataGostR3410_2012_256GetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -254,11 +224,7 @@ xmlSecKeyDataGostR3410_2012_256GetKlass(void) { xmlSecKeyDataId xmlSecKeyDataGostR3410_2012_512GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataGostR3410_2012_512GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataGostR3410_2012_512Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataGostR3410_2012_512GetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -277,11 +243,7 @@ xmlSecKeyDataGostR3410_2012_512GetKlass(void) { xmlSecKeyDataId xmlSecKeyDataHmacGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataHmacGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataHmacId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataHmacGetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -300,11 +262,7 @@ xmlSecKeyDataHmacGetKlass(void) { xmlSecKeyDataId xmlSecKeyDataRsaGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataRsaGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataRsaId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataRsaGetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -323,11 +281,7 @@ xmlSecKeyDataRsaGetKlass(void) { xmlSecKeyDataId xmlSecKeyDataX509GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataX509GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataX509Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataX509GetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -346,11 +300,7 @@ xmlSecKeyDataX509GetKlass(void) { xmlSecKeyDataId xmlSecKeyDataRawX509CertGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->keyDataRawX509CertGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "keyDataRawX509CertId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("keyDataRawX509CertGetKlass"); return(xmlSecKeyDataIdUnknown); } @@ -374,11 +324,7 @@ xmlSecKeyDataRawX509CertGetKlass(void) { xmlSecKeyDataStoreId xmlSecX509StoreGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->x509StoreGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "x509StoreId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("x509StoreGetKlass"); return(xmlSecKeyStoreIdUnknown); } @@ -402,11 +348,7 @@ xmlSecX509StoreGetKlass(void) { xmlSecTransformId xmlSecTransformAes128CbcGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes128CbcGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformAes128CbcId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformAes128CbcGetKlass"); return(xmlSecTransformIdUnknown); } @@ -425,11 +367,7 @@ xmlSecTransformAes128CbcGetKlass(void) { xmlSecTransformId xmlSecTransformAes192CbcGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes192CbcGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformAes192CbcId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformAes192CbcGetKlass"); return(xmlSecTransformIdUnknown); } @@ -448,11 +386,7 @@ xmlSecTransformAes192CbcGetKlass(void) { xmlSecTransformId xmlSecTransformAes256CbcGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes256CbcGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformAes256CbcId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformAes256CbcGetKlass"); return(xmlSecTransformIdUnknown); } @@ -460,6 +394,66 @@ xmlSecTransformAes256CbcGetKlass(void) { } /** +* xmlSecTransformAes128GcmGetKlass: +* +* AES 128 GCM encryption transform klass. +* +* Returns: pointer to AES 128 GCM encryption transform or NULL if an error +* occurs (the xmlsec-crypto library is not loaded or this transform is not +* implemented). +*/ +xmlSecTransformId +xmlSecTransformAes128GcmGetKlass(void) +{ + if ((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes128GcmGetKlass == NULL)) { + xmlSecNotImplementedError("transformAes128GcmGetKlass"); + return(xmlSecTransformIdUnknown); + } + + return(xmlSecCryptoDLGetFunctions()->transformAes128GcmGetKlass()); +} + +/** +* xmlSecTransformAes192GcmGetKlass: +* +* AES 192 GCM encryption transform klass. +* +* Returns: pointer to AES 192 GCM encryption transform or NULL if an error +* occurs (the xmlsec-crypto library is not loaded or this transform is not +* implemented). +*/ +xmlSecTransformId +xmlSecTransformAes192GcmGetKlass(void) +{ + if ((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes192GcmGetKlass == NULL)) { + xmlSecNotImplementedError("transformAes192GcmGetKlass"); + return(xmlSecTransformIdUnknown); + } + + return(xmlSecCryptoDLGetFunctions()->transformAes192GcmGetKlass()); +} + +/** +* xmlSecTransformAes256GcmGetKlass: +* +* AES 256 GCM encryption transform klass. +* +* Returns: pointer to AES 256 GCM encryption transform or NULL if an error +* occurs (the xmlsec-crypto library is not loaded or this transform is not +* implemented). +*/ +xmlSecTransformId +xmlSecTransformAes256GcmGetKlass(void) +{ + if ((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformAes256GcmGetKlass == NULL)) { + xmlSecNotImplementedError("transformAes256GcmGetKlass"); + return(xmlSecTransformIdUnknown); + } + + return(xmlSecCryptoDLGetFunctions()->transformAes256GcmGetKlass()); +} + +/** * xmlSecTransformKWAes128GetKlass: * * The AES-128 kew wrapper transform klass. @@ -471,11 +465,7 @@ xmlSecTransformAes256CbcGetKlass(void) { xmlSecTransformId xmlSecTransformKWAes128GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes128GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformKWAes128Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformKWAes128GetKlass"); return(xmlSecTransformIdUnknown); } @@ -494,11 +484,7 @@ xmlSecTransformKWAes128GetKlass(void) { xmlSecTransformId xmlSecTransformKWAes192GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes192GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformKWAes192Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformKWAes192GetKlass"); return(xmlSecTransformIdUnknown); } @@ -517,11 +503,7 @@ xmlSecTransformKWAes192GetKlass(void) { xmlSecTransformId xmlSecTransformKWAes256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWAes256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformKWAes256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformKWAes256GetKlass"); return(xmlSecTransformIdUnknown); } @@ -540,11 +522,7 @@ xmlSecTransformKWAes256GetKlass(void) { xmlSecTransformId xmlSecTransformDes3CbcGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDes3CbcGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformDes3CbcId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformDes3CbcGetKlass"); return(xmlSecTransformIdUnknown); } @@ -563,11 +541,7 @@ xmlSecTransformDes3CbcGetKlass(void) { xmlSecTransformId xmlSecTransformKWDes3GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformKWDes3GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformKWDes3Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformKWDes3GetKlass"); return(xmlSecTransformIdUnknown); } @@ -586,11 +560,7 @@ xmlSecTransformKWDes3GetKlass(void) { xmlSecTransformId xmlSecTransformDsaSha1GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDsaSha1GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformDsaSha1Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformDsaSha1GetKlass"); return(xmlSecTransformIdUnknown); } @@ -609,11 +579,7 @@ xmlSecTransformDsaSha1GetKlass(void) { xmlSecTransformId xmlSecTransformDsaSha256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformDsaSha256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformDsaSha256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformDsaSha256GetKlass"); return(xmlSecTransformIdUnknown); } @@ -632,11 +598,7 @@ xmlSecTransformDsaSha256GetKlass(void) { xmlSecTransformId xmlSecTransformEcdsaSha1GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha1GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformEcdsaSha1Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformEcdsaSha1GetKlass"); return(xmlSecTransformIdUnknown); } @@ -655,11 +617,7 @@ xmlSecTransformEcdsaSha1GetKlass(void) { xmlSecTransformId xmlSecTransformEcdsaSha224GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha224GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformEcdsaSha224Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformEcdsaSha224GetKlass"); return(xmlSecTransformIdUnknown); } @@ -678,11 +636,7 @@ xmlSecTransformEcdsaSha224GetKlass(void) { xmlSecTransformId xmlSecTransformEcdsaSha256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformEcdsaSha256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformEcdsaSha256GetKlass"); return(xmlSecTransformIdUnknown); } @@ -701,11 +655,7 @@ xmlSecTransformEcdsaSha256GetKlass(void) { xmlSecTransformId xmlSecTransformEcdsaSha384GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha384GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformEcdsaSha384Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformEcdsaSha384GetKlass"); return(xmlSecTransformIdUnknown); } @@ -724,11 +674,7 @@ xmlSecTransformEcdsaSha384GetKlass(void) { xmlSecTransformId xmlSecTransformEcdsaSha512GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformEcdsaSha512GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformEcdsaSha512Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformEcdsaSha512GetKlass"); return(xmlSecTransformIdUnknown); } @@ -747,11 +693,7 @@ xmlSecTransformEcdsaSha512GetKlass(void) { xmlSecTransformId xmlSecTransformGost2001GostR3411_94GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGost2001GostR3411_94GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformGost2001GostR3411_94Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformGost2001GostR3411_94GetKlass"); return(xmlSecTransformIdUnknown); } @@ -770,11 +712,7 @@ xmlSecTransformGost2001GostR3411_94GetKlass(void) { xmlSecTransformId xmlSecTransformGostR3410_2012GostR3411_2012_256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3410_2012GostR3411_2012_256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformGostR3410_2012GostR3411_2012_256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformGostR3410_2012GostR3411_2012_256GetKlass"); return(xmlSecTransformIdUnknown); } @@ -793,11 +731,7 @@ xmlSecTransformGostR3410_2012GostR3411_2012_256GetKlass(void) { xmlSecTransformId xmlSecTransformGostR3410_2012GostR3411_2012_512GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3410_2012GostR3411_2012_512GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformGostR3410_2012GostR3411_2012_512Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformGostR3410_2012GostR3411_2012_512GetKlass"); return(xmlSecTransformIdUnknown); } @@ -816,11 +750,7 @@ xmlSecTransformGostR3410_2012GostR3411_2012_512GetKlass(void) { xmlSecTransformId xmlSecTransformHmacMd5GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacMd5GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformHmacMd5Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformHmacMd5GetKlass"); return(xmlSecTransformIdUnknown); } @@ -839,11 +769,7 @@ xmlSecTransformHmacMd5GetKlass(void) { xmlSecTransformId xmlSecTransformHmacRipemd160GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacRipemd160GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformHmacRipemd160Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformHmacRipemd160GetKlass"); return(xmlSecTransformIdUnknown); } @@ -862,11 +788,7 @@ xmlSecTransformHmacRipemd160GetKlass(void) { xmlSecTransformId xmlSecTransformHmacSha1GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha1GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformHmacSha1Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformHmacSha1GetKlass"); return(xmlSecTransformIdUnknown); } @@ -885,11 +807,7 @@ xmlSecTransformHmacSha1GetKlass(void) { xmlSecTransformId xmlSecTransformHmacSha224GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha224GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformHmacSha224Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformHmacSha224GetKlass"); return(xmlSecTransformIdUnknown); } @@ -908,11 +826,7 @@ xmlSecTransformHmacSha224GetKlass(void) { xmlSecTransformId xmlSecTransformHmacSha256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformHmacSha256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformHmacSha256GetKlass"); return(xmlSecTransformIdUnknown); } @@ -931,11 +845,7 @@ xmlSecTransformHmacSha256GetKlass(void) { xmlSecTransformId xmlSecTransformHmacSha384GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha384GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformHmacSha384Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformHmacSha384GetKlass"); return(xmlSecTransformIdUnknown); } @@ -954,11 +864,7 @@ xmlSecTransformHmacSha384GetKlass(void) { xmlSecTransformId xmlSecTransformHmacSha512GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformHmacSha512GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformHmacSha512Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformHmacSha512GetKlass"); return(xmlSecTransformIdUnknown); } @@ -977,11 +883,7 @@ xmlSecTransformHmacSha512GetKlass(void) { xmlSecTransformId xmlSecTransformMd5GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformMd5GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformMd5Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformMd5GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1000,11 +902,7 @@ xmlSecTransformMd5GetKlass(void) { xmlSecTransformId xmlSecTransformRipemd160GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRipemd160GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRipemd160Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRipemd160GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1023,11 +921,7 @@ xmlSecTransformRipemd160GetKlass(void) { xmlSecTransformId xmlSecTransformRsaMd5GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaMd5GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaMd5Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaMd5GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1046,11 +940,7 @@ xmlSecTransformRsaMd5GetKlass(void) { xmlSecTransformId xmlSecTransformRsaRipemd160GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaRipemd160GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaRipemd160Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaRipemd160GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1069,11 +959,7 @@ xmlSecTransformRsaRipemd160GetKlass(void) { xmlSecTransformId xmlSecTransformRsaSha1GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha1GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaSha1Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaSha1GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1092,11 +978,7 @@ xmlSecTransformRsaSha1GetKlass(void) { xmlSecTransformId xmlSecTransformRsaSha224GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha224GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaSha224Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaSha224GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1115,11 +997,7 @@ xmlSecTransformRsaSha224GetKlass(void) { xmlSecTransformId xmlSecTransformRsaSha256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaSha256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaSha256GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1138,11 +1016,7 @@ xmlSecTransformRsaSha256GetKlass(void) { xmlSecTransformId xmlSecTransformRsaSha384GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha384GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaSha384Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaSha384GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1161,11 +1035,7 @@ xmlSecTransformRsaSha384GetKlass(void) { xmlSecTransformId xmlSecTransformRsaSha512GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaSha512GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaSha512Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaSha512GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1184,11 +1054,7 @@ xmlSecTransformRsaSha512GetKlass(void) { xmlSecTransformId xmlSecTransformRsaPkcs1GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaPkcs1GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaPkcs1Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaPkcs1GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1207,11 +1073,7 @@ xmlSecTransformRsaPkcs1GetKlass(void) { xmlSecTransformId xmlSecTransformRsaOaepGetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformRsaOaepGetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformRsaOaepId", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformRsaOaepGetKlass"); return(xmlSecTransformIdUnknown); } @@ -1230,11 +1092,7 @@ xmlSecTransformRsaOaepGetKlass(void) { xmlSecTransformId xmlSecTransformGostR3411_94GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3411_94GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformGostR3411_94Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformGostR3411_94GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1254,11 +1112,7 @@ xmlSecTransformGostR3411_94GetKlass(void) { xmlSecTransformId xmlSecTransformGostR3411_2012_256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3411_2012_256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformGostR3411_2012_256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformGostR3411_2012_256GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1277,11 +1131,7 @@ xmlSecTransformGostR3411_2012_256GetKlass(void) { xmlSecTransformId xmlSecTransformGostR3411_2012_512GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformGostR3411_2012_512GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformGostR3411_2012_512Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformGostR3411_2012_512GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1299,11 +1149,7 @@ xmlSecTransformGostR3411_2012_512GetKlass(void) { xmlSecTransformId xmlSecTransformSha1GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha1GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformSha1Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformSha1GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1322,11 +1168,7 @@ xmlSecTransformSha1GetKlass(void) { xmlSecTransformId xmlSecTransformSha224GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha224GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformSha224Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformSha224GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1345,11 +1187,7 @@ xmlSecTransformSha224GetKlass(void) { xmlSecTransformId xmlSecTransformSha256GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha256GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformSha256Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformSha256GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1368,11 +1206,7 @@ xmlSecTransformSha256GetKlass(void) { xmlSecTransformId xmlSecTransformSha384GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha384GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformSha384Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformSha384GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1391,11 +1225,7 @@ xmlSecTransformSha384GetKlass(void) { xmlSecTransformId xmlSecTransformSha512GetKlass(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->transformSha512GetKlass == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "transformSha512Id", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("transformSha512GetKlass"); return(xmlSecTransformIdUnknown); } @@ -1420,11 +1250,7 @@ xmlSecTransformSha512GetKlass(void) { int xmlSecCryptoAppInit(const char* config) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppInit == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppInit", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppInit"); return(-1); } @@ -1444,11 +1270,7 @@ xmlSecCryptoAppInit(const char* config) { int xmlSecCryptoAppShutdown(void) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppShutdown == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppShutdown", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppShutdown"); return(-1); } @@ -1467,11 +1289,7 @@ xmlSecCryptoAppShutdown(void) { int xmlSecCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrInit == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppDefaultKeysMngrInit", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppDefaultKeysMngrInit"); return(-1); } @@ -1491,11 +1309,7 @@ xmlSecCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { int xmlSecCryptoAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrAdoptKey == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppDefaultKeysMngrAdoptKey", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppDefaultKeysMngrAdoptKey"); return(-1); } @@ -1515,11 +1329,7 @@ xmlSecCryptoAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) int xmlSecCryptoAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrLoad == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppDefaultKeysMngrLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppDefaultKeysMngrLoad"); return(-1); } @@ -1540,11 +1350,7 @@ int xmlSecCryptoAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppDefaultKeysMngrSave == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppDefaultKeysMngrSave", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppDefaultKeysMngrSave"); return(-1); } @@ -1568,11 +1374,7 @@ int xmlSecCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, xmlSecKeyDataFormat format, xmlSecKeyDataType type) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoad == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppKeysMngrCertLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppKeysMngrCertLoad"); return(-1); } @@ -1597,11 +1399,7 @@ xmlSecCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* xmlSecSize dataSize, xmlSecKeyDataFormat format, xmlSecKeyDataType type) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeysMngrCertLoadMemory == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppKeysMngrCertLoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppKeysMngrCertLoadMemory"); return(-1); } @@ -1624,11 +1422,7 @@ xmlSecKeyPtr xmlSecCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoad == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppKeyLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppKeyLoad"); return(NULL); } @@ -1652,11 +1446,7 @@ xmlSecKeyPtr xmlSecCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyLoadMemory == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppKeyLoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppKeyLoadMemory"); return(NULL); } @@ -1680,11 +1470,7 @@ xmlSecKeyPtr xmlSecCryptoAppPkcs12Load(const char* filename, const char* pwd, void* pwdCallback, void* pwdCallbackCtx) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12Load == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppPkcs12Load", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppPkcs12Load"); return(NULL); } @@ -1710,11 +1496,7 @@ xmlSecCryptoAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppPkcs12LoadMemory == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppPkcs12LoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppPkcs12LoadMemory"); return(NULL); } @@ -1734,11 +1516,7 @@ xmlSecCryptoAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, int xmlSecCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFormat format) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoad == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppKeyCertLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppKeyCertLoad"); return(-1); } @@ -1760,11 +1538,7 @@ int xmlSecCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format) { if((xmlSecCryptoDLGetFunctions() == NULL) || (xmlSecCryptoDLGetFunctions()->cryptoAppKeyCertLoadMemory == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cryptoAppKeyCertLoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppKeyCertLoadMemory"); return(-1); } @@ -1781,11 +1555,7 @@ xmlSecCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSe void* xmlSecCryptoAppGetDefaultPwdCallback(void) { if(xmlSecCryptoDLGetFunctions() == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("cryptoAppDefaultPwdCallback"); return(NULL); } diff --git a/src/base64.c b/src/base64.c index a78f8164..cc4bbd5f 100644 --- a/src/base64.c +++ b/src/base64.c @@ -1,13 +1,19 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Base64 encode/decode transform and utility functions. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:base64 + * @Short_description: Base64 encoding/decoding functions and base64 transform implementation. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -156,22 +162,13 @@ xmlSecBase64CtxCreate(int encode, int columns) { */ ctx = (xmlSecBase64CtxPtr) xmlMalloc(sizeof(xmlSecBase64Ctx)); if (ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecBase64Ctx)=%d", - (int)sizeof(xmlSecBase64Ctx)); + xmlSecMallocError(sizeof(xmlSecBase64Ctx), NULL); return(NULL); } ret = xmlSecBase64CtxInitialize(ctx, encode, columns); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxInitialize", NULL); xmlSecBase64CtxDestroy(ctx); return(NULL); } @@ -254,22 +251,14 @@ xmlSecBase64CtxUpdate(xmlSecBase64CtxPtr ctx, ret = xmlSecBase64CtxEncode(ctx, in, inSize, &inResSize, out, outSize, &outResSize); if((ret < 0) || (inResSize != inSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxEncode", NULL); return(-1); } } else { ret = xmlSecBase64CtxDecode(ctx, in, inSize, &inResSize, out, outSize, &outResSize); if((ret < 0) || (inResSize != inSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxDecode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxDecode", NULL); return(-1); } } @@ -302,20 +291,12 @@ xmlSecBase64CtxFinal(xmlSecBase64CtxPtr ctx, if(ctx->encode != 0) { ret = xmlSecBase64CtxEncodeFinal(ctx, out, outSize, &outResSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxEncodeFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBase64CtxEncodeFinal", NULL, "outSize=%d", outSize); return(-1); } } else { if(!xmlSecBase64CtxDecodeIsFinished(ctx)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxIsFinished", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxDecodeIsFinished", NULL); return(-1); } } @@ -363,11 +344,7 @@ xmlSecBase64CtxEncodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte* return(xmlSecBase64StatusConsumeAndNext); } - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "ctx->inPos=%d", ctx->inPos); + xmlSecInvalidIntegerDataError("ctx->inPos", ctx->inPos, "0,1,2,3", NULL); return(xmlSecBase64StatusFailed); } @@ -397,11 +374,7 @@ xmlSecBase64CtxEncodeByteFinal(xmlSecBase64CtxPtr ctx, xmlSecByte* outByte) { return(xmlSecBase64StatusConsumeAndRepeat); } - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "ctx->inPos=%d", ctx->inPos); + xmlSecInvalidIntegerDataError("ctx->inPos", ctx->inPos, "0,1,2,3", NULL); return(xmlSecBase64StatusFailed); } @@ -414,35 +387,20 @@ xmlSecBase64CtxDecodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte* return(xmlSecBase64StatusDone); } if(inByte == '=') { ctx->finished = 1; - if(ctx->inPos < 2) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "ctx->inPos=%d", ctx->inPos); - return(xmlSecBase64StatusFailed); - } else if(ctx->inPos == 2) { + if(ctx->inPos == 2) { ++ctx->inPos; return(xmlSecBase64StatusNext); } else if(ctx->inPos == 3) { ctx->inPos = 0; return(xmlSecBase64StatusNext); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "ctx->inPos=%d", ctx->inPos); + xmlSecInvalidIntegerDataError("ctx->inPos", ctx->inPos, "2,3", NULL); return(xmlSecBase64StatusFailed); } } else if(xmlSecIsBase64Space(inByte)) { return(xmlSecBase64StatusNext); } else if(!xmlSecIsBase64Char(inByte) || (ctx->finished != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "inByte=0x%02x", inByte); + xmlSecInvalidIntegerDataError("inByte", inByte, "base64 character", NULL); return(xmlSecBase64StatusFailed); } @@ -464,27 +422,23 @@ xmlSecBase64CtxDecodeByte(xmlSecBase64CtxPtr ctx, xmlSecByte inByte, xmlSecByte* ++ctx->inPos; return(xmlSecBase64StatusNext); } else if(ctx->inPos == 1) { - (*outByte) = xmlSecBase64Decode1(ctx->inByte, inByte); + (*outByte) = (xmlSecByte)xmlSecBase64Decode1(ctx->inByte, inByte); ctx->inByte = inByte; ++ctx->inPos; return(xmlSecBase64StatusConsumeAndNext); } else if(ctx->inPos == 2) { - (*outByte) = xmlSecBase64Decode2(ctx->inByte, inByte); + (*outByte) = (xmlSecByte)xmlSecBase64Decode2(ctx->inByte, inByte); ctx->inByte = inByte; ++ctx->inPos; return(xmlSecBase64StatusConsumeAndNext); } else if(ctx->inPos == 3) { - (*outByte) = xmlSecBase64Decode3(ctx->inByte, inByte); + (*outByte) = (xmlSecByte)xmlSecBase64Decode3(ctx->inByte, inByte); ctx->inByte = 0; ctx->inPos = 0; return(xmlSecBase64StatusConsumeAndNext); } - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "ctx->inPos=%d", ctx->inPos); + xmlSecInvalidIntegerDataError("ctx->inPos", ctx->inPos, "0,1,2,3", NULL); return(xmlSecBase64StatusFailed); } @@ -516,11 +470,7 @@ xmlSecBase64CtxEncode(xmlSecBase64CtxPtr ctx, case xmlSecBase64StatusNext: case xmlSecBase64StatusDone: case xmlSecBase64StatusFailed: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxEncodeByte", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "status=%d", status); + xmlSecInternalError2("xmlSecBase64CtxEncodeByte", NULL, "status=%d", status); return(-1); } } @@ -553,21 +503,13 @@ xmlSecBase64CtxEncodeFinal(xmlSecBase64CtxPtr ctx, break; case xmlSecBase64StatusNext: case xmlSecBase64StatusFailed: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxEncodeByteFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "status=%d", status); + xmlSecInternalError2("xmlSecBase64CtxEncodeByteFinal", NULL, "status=%d", status); return(-1); } } if(status != xmlSecBase64StatusDone) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "outBufSize=%d", outBufSize); + xmlSecInvalidSizeOtherError("invalid base64 buffer size", NULL); return(-1); } if(outPos < outBufSize) { @@ -609,11 +551,7 @@ xmlSecBase64CtxDecode(xmlSecBase64CtxPtr ctx, case xmlSecBase64StatusDone: break; case xmlSecBase64StatusFailed: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxDecodeByte", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "status=%d", status); + xmlSecInternalError2("xmlSecBase64CtxDecodeByte", NULL, "status=%d", status); return(-1); } } @@ -662,11 +600,7 @@ xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) { ret = xmlSecBase64CtxInitialize(&ctx, 1, columns); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxInitialize", NULL); return(NULL); } @@ -677,22 +611,16 @@ xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) { } ptr = (xmlChar*) xmlMalloc(size); if(ptr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", size); + xmlSecMallocError(size, NULL); xmlSecBase64CtxFinalize(&ctx); return(NULL); } ret = xmlSecBase64CtxUpdate(&ctx, buf, len, (xmlSecByte*)ptr, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "len=%d", len); + xmlSecInternalError3("xmlSecBase64CtxUpdate", NULL, + "len=%lu;size=%lu", + (unsigned long)len, (unsigned long)size); xmlFree(ptr); xmlSecBase64CtxFinalize(&ctx); return(NULL); @@ -701,11 +629,7 @@ xmlSecBase64Encode(const xmlSecByte *buf, xmlSecSize len, int columns) { ret = xmlSecBase64CtxFinal(&ctx, ((xmlSecByte*)ptr) + size_update, size - size_update); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxFinal", NULL); xmlFree(ptr); xmlSecBase64CtxFinalize(&ctx); return(NULL); @@ -741,21 +665,13 @@ xmlSecBase64Decode(const xmlChar* str, xmlSecByte *buf, xmlSecSize len) { ret = xmlSecBase64CtxInitialize(&ctx, 0, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxInitialize", NULL); return(-1); } ret = xmlSecBase64CtxUpdate(&ctx, (const xmlSecByte*)str, xmlStrlen(str), buf, len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxUpdate", NULL); xmlSecBase64CtxFinalize(&ctx); return(-1); } @@ -763,11 +679,7 @@ xmlSecBase64Decode(const xmlChar* str, xmlSecByte *buf, xmlSecSize len) { size_update = ret; ret = xmlSecBase64CtxFinal(&ctx, buf + size_update, len - size_update); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64CtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxFinal", NULL); xmlSecBase64CtxFinalize(&ctx); return(-1); } @@ -873,11 +785,8 @@ xmlSecBase64Initialize(xmlSecTransformPtr transform) { transform->operation = xmlSecTransformOperationDecode; ret = xmlSecBase64CtxInitialize(ctx, 0, xmlSecBase64GetDefaultLineSize()); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBase64CtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxInitialize", + xmlSecTransformGetName(transform)); return(-1); } @@ -933,11 +842,9 @@ xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPt } ret = xmlSecBufferSetMaxSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize + outLen); return(-1); } @@ -946,11 +853,8 @@ xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPt xmlSecBufferGetData(out) + outSize, outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBase64CtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxUpdate", + xmlSecTransformGetName(transform)); return(-1); } outLen = ret; @@ -958,22 +862,18 @@ xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPt /* set correct size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize + outLen); return(-1); } /* remove chunk from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -983,22 +883,17 @@ xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPt ret = xmlSecBufferSetMaxSize(out, outSize + 16); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 16); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize + 16); return(-1); } /* add from ctx buffer */ ret = xmlSecBase64CtxFinal(ctx, xmlSecBufferGetData(out) + outSize, 16); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBase64CtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64CtxFinal", + xmlSecTransformGetName(transform)); return(-1); } outLen = ret; @@ -1006,11 +901,9 @@ xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPt /* set correct size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize + outLen); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -1021,11 +914,7 @@ xmlSecBase64Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPt xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -1,7 +1,6 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Big Numbers. * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -9,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (C) 2003 Cordys R&D BV, All rights reserved. */ +/** + * SECTION:bn + * @Short_description: Big numbers support functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -197,23 +203,19 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { */ ret = xmlSecBufferSetMaxSize(bn, xmlSecBufferGetSize(bn) + len / 2 + 1 + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnRevLookupTable", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", len / 2 + 1); + xmlSecInternalError2("xmlSecBufferSetMaxSize", NULL, "size=%d", len / 2 + 1); return (-1); } /* figure out if it is positive or negative number */ - positive = 1; + positive = 1; /* no sign, positive by default */ i = 0; while(i < len) { ch = str[i++]; /* skip spaces */ if(isspace(ch)) { - continue; + continue; } /* check if it is + or - */ @@ -225,64 +227,37 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { break; } - /* otherwise, it must be start of the number */ - nn = xmlSecBnLookupTable[ch]; - if((nn >= 0) && ((xmlSecSize)nn < base)) { - xmlSecAssert2(i > 0, -1); - - /* no sign, positive by default */ - positive = 1; - --i; /* make sure that we will look at this character in next loop */ - break; - } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "char=%c;base=%d", - ch, base); - return (-1); - } + /* otherwise, it must be start of the number, make sure that we will look + * at this character in next loop */ + xmlSecAssert2(i > 0, -1); + --i; + break; } /* now parse the number itself */ while(i < len) { ch = str[i++]; if(isspace(ch)) { - continue; + continue; } - xmlSecAssert2(ch < sizeof(xmlSecBnLookupTable) / sizeof(xmlSecBnLookupTable[0]), -1); nn = xmlSecBnLookupTable[ch]; - if((nn < 0) || ((xmlSecSize)nn > base)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "char=%c;base=%d", - ch, base); - return (-1); + if((nn < 0) || ((xmlSecSize)nn >= base)) { + xmlSecInvalidIntegerDataError2("char", nn, "base", base, "0 <= char < base", NULL); + return (-1); } ret = xmlSecBnMul(bn, base); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnMul", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "base=%d", base); - return (-1); + xmlSecInternalError2("xmlSecBnMul", NULL, "base=%d", base); + return (-1); } ret = xmlSecBnAdd(bn, nn); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "base=%d", base); - return (-1); -} + xmlSecInternalError2("xmlSecBnAdd", NULL, "base=%d", base); + return (-1); + } } /* check if we need to add 00 prefix, do this for empty bn too */ @@ -292,11 +267,7 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { ch = 0; ret = xmlSecBufferPrepend(bn, &ch, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "base=%d", base); + xmlSecInternalError2("xmlSecBufferPrepend", NULL, "base=%d", base); return (-1); } } @@ -311,11 +282,7 @@ xmlSecBnFromString(xmlSecBnPtr bn, const xmlChar* str, xmlSecSize base) { ret = xmlSecBnAdd(bn, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "base=%d", base); + xmlSecInternalError2("xmlSecBnAdd", NULL, "base=%d", base); return (-1); } } @@ -354,21 +321,13 @@ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { size = xmlSecBufferGetSize(bn); ret = xmlSecBnInitialize(&bn2, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBnInitialize", NULL, "size=%d", size); return (NULL); } ret = xmlSecBnSetData(&bn2, data, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBnSetData", NULL, "size=%d", size); xmlSecBnFinalize(&bn2); return (NULL); } @@ -380,11 +339,7 @@ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { /* subtract 1 and do 2's compliment */ ret = xmlSecBnAdd(&bn2, -1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBnAdd", NULL, "size=%d", size); xmlSecBnFinalize(&bn2); return (NULL); } @@ -405,11 +360,7 @@ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { len = 8 * size + 1 + 1; res = (xmlChar*)xmlMalloc(len + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "len=%d", len); + xmlSecMallocError(len + 1, NULL); xmlSecBnFinalize(&bn2); return (NULL); } @@ -417,11 +368,7 @@ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { for(i = 0; (xmlSecBufferGetSize(&bn2) > 0) && (i < len); i++) { if(xmlSecBnDiv(&bn2, base, &nn) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnDiv", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "base=%d", base); + xmlSecInternalError2("xmlSecBnDiv", NULL, "base=%d", base); xmlFree(res); xmlSecBnFinalize(&bn2); return (NULL); @@ -432,7 +379,8 @@ xmlSecBnToString(xmlSecBnPtr bn, xmlSecSize base) { xmlSecAssert2(i < len, NULL); /* we might have '0' at the beggining, remove it but keep one zero */ - for(len = i; (len > 1) && (res[len - 1] == '0'); len--); + for(len = i; (len > 1) && (res[len - 1] == '0'); len--) { + } res[len] = '\0'; /* add "-" for negative numbers */ @@ -549,11 +497,7 @@ xmlSecBnMul(xmlSecBnPtr bn, int multiplier) { ret = xmlSecBufferPrepend(bn, &ch, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=1"); + xmlSecInternalError2("xmlSecBufferPrepend", NULL, "size=%d", 1); return (-1); } } @@ -592,7 +536,7 @@ xmlSecBnDiv(xmlSecBnPtr bn, int divider, int* mod) { xmlSecAssert2(data != NULL, -1); over = over * 256 + data[i]; - data[i] = over / divider; + data[i] = (xmlSecByte)(over / divider); over = over % divider; } (*mod) = over; @@ -608,11 +552,7 @@ xmlSecBnDiv(xmlSecBnPtr bn, int divider, int* mod) { if(i > 0) { ret = xmlSecBufferRemoveHead(bn, i); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", i); + xmlSecInternalError2("xmlSecBufferRemoveHead", NULL, "size=%d", i); return (-1); } } @@ -659,11 +599,7 @@ xmlSecBnAdd(xmlSecBnPtr bn, int delta) { ret = xmlSecBufferPrepend(bn, &ch, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=1"); + xmlSecInternalError2("xmlSecBufferPrepend", NULL, "size=%d", 1); return (-1); } } @@ -676,7 +612,7 @@ xmlSecBnAdd(xmlSecBnPtr bn, int delta) { data[i] = 0; over = (over - tmp) / 256; } else { - data[i] = tmp - over; + data[i] = (xmlSecByte)(tmp - over); over = 0; } } @@ -823,7 +759,7 @@ xmlSecBnCompareReverse(xmlSecBnPtr bn, const xmlSecByte* data, xmlSecSize dataSi /** * xmlSecBnGetNodeValue: * @bn: the pointer to BN. - * @cur: the poitner to an XML node. + * @cur: the pointer to an XML node. * @format: the BN format. * @reverse: if set then reverse read buffer after reading. * @@ -843,31 +779,19 @@ xmlSecBnGetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int case xmlSecBnBase64: ret = xmlSecBufferBase64NodeContentRead(bn, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", NULL); return(-1); } break; case xmlSecBnHex: content = xmlNodeGetContent(cur); if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNodeGetContent", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNodeGetContent", NULL); return(-1); } ret = xmlSecBnFromHexString(bn, content); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnFromHexString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnFromHexString", NULL); xmlFree(content); return(-1); } @@ -876,20 +800,12 @@ xmlSecBnGetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int case xmlSecBnDec: content = xmlNodeGetContent(cur); if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNodeGetContent", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNodeGetContent", NULL); return(-1); } ret = xmlSecBnFromDecString(bn, content); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnFromDecString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnFromDecString", NULL); xmlFree(content); return(-1); } @@ -900,11 +816,7 @@ xmlSecBnGetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int if(reverse != 0) { ret = xmlSecBnReverse(bn); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnReverse", NULL); return(-1); } } @@ -914,7 +826,7 @@ xmlSecBnGetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int /** * xmlSecBnSetNodeValue: * @bn: the pointer to BN. - * @cur: the poitner to an XML node. + * @cur: the pointer to an XML node. * @format: the BN format. * @reverse: the flag that indicates whether to reverse the buffer before writing. * @addLineBreaks: the flag; it is equal to 1 then linebreaks will be added before and after new buffer content. @@ -934,39 +846,27 @@ xmlSecBnSetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int if(reverse != 0) { ret = xmlSecBnReverse(bn); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnReverse", NULL); return(-1); } } if(addLineBreaks) { - xmlNodeAddContent(cur, xmlSecStringCR); + xmlNodeAddContent(cur, xmlSecGetDefaultLineFeed()); } switch(format) { case xmlSecBnBase64: ret = xmlSecBufferBase64NodeContentWrite(bn, cur, xmlSecBase64GetDefaultLineSize()); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentWrite", NULL); return(-1); } break; case xmlSecBnHex: content = xmlSecBnToHexString(bn); if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnToHexString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnToHexString", NULL); xmlFree(content); return(-1); } @@ -976,11 +876,7 @@ xmlSecBnSetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int case xmlSecBnDec: content = xmlSecBnToDecString(bn); if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnToDecString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnToDecString", NULL); xmlFree(content); return(-1); } @@ -990,7 +886,7 @@ xmlSecBnSetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int } if(addLineBreaks) { - xmlNodeAddContent(cur, xmlSecStringCR); + xmlNodeAddContent(cur, xmlSecGetDefaultLineFeed()); } return(0); @@ -1000,7 +896,7 @@ xmlSecBnSetNodeValue(xmlSecBnPtr bn, xmlNodePtr cur, xmlSecBnFormat format, int * xmlSecBnBlobSetNodeValue: * @data: the pointer to BN blob. * @dataSize: the size of BN blob. - * @cur: the poitner to an XML node. + * @cur: the pointer to an XML node. * @format: the BN format. * @reverse: the flag that indicates whether to reverse the buffer before writing. * @addLineBreaks: if the flag is equal to 1 then @@ -1023,32 +919,20 @@ xmlSecBnBlobSetNodeValue(const xmlSecByte* data, xmlSecSize dataSize, ret = xmlSecBnInitialize(&bn, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnInitialize", NULL); return(-1); } ret = xmlSecBnSetData(&bn, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnSetData", NULL); xmlSecBnFinalize(&bn); return(-1); } ret = xmlSecBnSetNodeValue(&bn, cur, format, reverse, addLineBreaks); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnSetNodeValue", NULL); xmlSecBnFinalize(&bn); return(-1); } diff --git a/src/buffer.c b/src/buffer.c index 55a95dda..cc0da65f 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -1,19 +1,24 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Memory buffer. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:buffer + * @Short_description:Binary memory buffer functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> #include <string.h> #include <ctype.h> -#include <errno.h> #include <libxml/tree.h> @@ -50,7 +55,7 @@ xmlSecBufferSetDefaultAllocMode(xmlSecAllocMode defAllocMode, xmlSecSize defInit * xmlSecBufferCreate: * @size: the intial size. * - * Allocates and initalizes new memory buffer with given size. + * Allocates and initializes new memory buffer with given size. * Caller is responsible for calling #xmlSecBufferDestroy function * to free the buffer. * @@ -63,21 +68,13 @@ xmlSecBufferCreate(xmlSecSize size) { buf = (xmlSecBufferPtr)xmlMalloc(sizeof(xmlSecBuffer)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecBuffer)=%d", (int)sizeof(xmlSecBuffer)); + xmlSecMallocError(sizeof(xmlSecBuffer), NULL); return(NULL); } ret = xmlSecBufferInitialize(buf, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferInitialize", NULL, "size=%d", size); xmlSecBufferDestroy(buf); return(NULL); } @@ -88,7 +85,7 @@ xmlSecBufferCreate(xmlSecSize size) { * xmlSecBufferDestroy: * @buf: the pointer to buffer object. * - * Desrtoys buffer object created with #xmlSecBufferCreate function. + * Destroys buffer object created with #xmlSecBufferCreate function. */ void xmlSecBufferDestroy(xmlSecBufferPtr buf) { @@ -123,7 +120,7 @@ xmlSecBufferInitialize(xmlSecBufferPtr buf, xmlSecSize size) { * xmlSecBufferFinalize: * @buf: the pointer to buffer object. * - * Frees allocated resource for a buffer intialized with #xmlSecBufferInitialize + * Frees allocated resource for a buffer initialized with #xmlSecBufferInitialize * function. */ void @@ -193,11 +190,7 @@ xmlSecBufferSetData(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size ret = xmlSecBufferSetMaxSize(buf, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetMaxSize", NULL, "size=%d", size); return(-1); } @@ -241,11 +234,7 @@ xmlSecBufferSetSize(xmlSecBufferPtr buf, xmlSecSize size) { ret = xmlSecBufferSetMaxSize(buf, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetMaxSize", NULL, "size=%d", size); return(-1); } @@ -309,11 +298,7 @@ xmlSecBufferSetMaxSize(xmlSecBufferPtr buf, xmlSecSize size) { newData = (xmlSecByte*)xmlMalloc(newSize); } if(newData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", newSize); + xmlSecMallocError(newSize, NULL); return(-1); } @@ -349,11 +334,7 @@ xmlSecBufferAppend(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size) ret = xmlSecBufferSetMaxSize(buf, buf->size + size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", buf->size + size); + xmlSecInternalError2("xmlSecBufferSetMaxSize", NULL, "size=%d", buf->size + size); return(-1); } @@ -385,11 +366,7 @@ xmlSecBufferPrepend(xmlSecBufferPtr buf, const xmlSecByte* data, xmlSecSize size ret = xmlSecBufferSetMaxSize(buf, buf->size + size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", buf->size + size); + xmlSecInternalError2("xmlSecBufferSetMaxSize", NULL, "size=%d", buf->size + size); return(-1); } @@ -466,48 +443,34 @@ xmlSecBufferRemoveTail(xmlSecBufferPtr buf, xmlSecSize size) { int xmlSecBufferReadFile(xmlSecBufferPtr buf, const char* filename) { xmlSecByte buffer[1024]; - FILE* f; - int ret, len; + FILE* f = NULL; + size_t len; + int ret; xmlSecAssert2(buf != NULL, -1); xmlSecAssert2(filename != NULL, -1); +#ifndef _MSC_VER f = fopen(filename, "rb"); +#else + fopen_s(&f, filename, "rb"); +#endif /* _MSC_VER */ if(f == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "fopen", - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecIOError("fopen", filename, NULL); return(-1); } - while(1) { + while(!feof(f)) { len = fread(buffer, 1, sizeof(buffer), f); - if(len == 0) { - break; - }else if(len < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "fread", - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + if(ferror(f)) { + xmlSecIOError("fread", filename, NULL); fclose(f); return(-1); } - ret = xmlSecBufferAppend(buf, buffer, len); + ret = xmlSecBufferAppend(buf, buffer, XMLSEC_SIZE_BAD_CAST(len)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - len); + xmlSecInternalError2("xmlSecBufferAppend", NULL, "size=%d", XMLSEC_SIZE_BAD_CAST(len)); fclose(f); return(-1); } @@ -538,33 +501,21 @@ xmlSecBufferBase64NodeContentRead(xmlSecBufferPtr buf, xmlNodePtr node) { content = xmlNodeGetContent(node); if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, NULL, "empty"); return(-1); } /* base64 decode size is less than input size */ ret = xmlSecBufferSetMaxSize(buf, xmlStrlen(content)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferSetMaxSize", NULL); xmlFree(content); return(-1); } ret = xmlSecBase64Decode(content, xmlSecBufferGetData(buf), xmlSecBufferGetMaxSize(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); xmlFree(content); return(-1); } @@ -572,11 +523,7 @@ xmlSecBufferBase64NodeContentRead(xmlSecBufferPtr buf, xmlNodePtr node) { ret = xmlSecBufferSetSize(buf, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", size); xmlFree(content); return(-1); } @@ -589,7 +536,7 @@ xmlSecBufferBase64NodeContentRead(xmlSecBufferPtr buf, xmlNodePtr node) { * xmlSecBufferBase64NodeContentWrite: * @buf: the pointer to buffer object. * @node: the pointer to a node. - * @columns: the max line size fro base64 encoded data. + * @columns: the max line size for base64 encoded data. * * Sets the content of the @node to the base64 encoded buffer data. * @@ -604,11 +551,7 @@ xmlSecBufferBase64NodeContentWrite(xmlSecBufferPtr buf, xmlNodePtr node, int col content = xmlSecBase64Encode(xmlSecBufferGetData(buf), xmlSecBufferGetSize(buf), columns); if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(-1); } xmlNodeAddContent(node, content); @@ -654,11 +597,7 @@ xmlSecBufferIOWrite(xmlSecBufferPtr buf, const xmlSecByte *data, xmlSecSize size ret = xmlSecBufferAppend(buf, data, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferAppend", NULL, "size=%d", size); return(-1); } @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Canonicalization transforms. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:c14n + * @Short_description: C14N transform implementation. + * @Stability: Private + * + */ #include "globals.h" #include <stdlib.h> @@ -84,11 +89,8 @@ xmlSecTransformC14NInitialize(xmlSecTransformPtr transform) { ret = xmlSecPtrListInitialize(nsList, xmlSecStringListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize", + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -127,22 +129,16 @@ xmlSecTransformC14NNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSe cur = xmlSecGetNextElementNode(node->children); if(cur != NULL) { if(!xmlSecCheckNodeName(cur, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(cur, xmlSecNodeInclusiveNamespaces, + xmlSecTransformGetName(transform)); return(-1); } list = xmlGetProp(cur, xmlSecAttrPrefixList); if(list == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecAttrPrefixList), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeAttributeError(cur, xmlSecAttrPrefixList, + xmlSecTransformGetName(transform), + "empty"); return(-1); } @@ -155,22 +151,15 @@ xmlSecTransformC14NNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSe tmp = xmlStrdup(p); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_STRDUP_FAILED, - "len=%d", xmlStrlen(p)); + xmlSecStrdupError(p, xmlSecTransformGetName(transform)); xmlFree(list); return(-1); } ret = xmlSecPtrListAdd(nsList, tmp); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecTransformGetName(transform)); xmlFree(tmp); xmlFree(list); return(-1); @@ -181,11 +170,8 @@ xmlSecTransformC14NNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSe /* add NULL at the end */ ret = xmlSecPtrListAdd(nsList, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecTransformGetName(transform)); return(-1); } @@ -194,11 +180,7 @@ xmlSecTransformC14NNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSe /* check that we have nothing else */ if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } @@ -226,11 +208,7 @@ xmlSecTransformC14NPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes, case xmlSecTransformStatusFinished: return(0); default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1); @@ -239,21 +217,15 @@ xmlSecTransformC14NPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes, if(transform->next != NULL) { buf = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCreateOutputBuffer", + xmlSecTransformGetName(transform)); return(-1); } } else { buf = xmlSecBufferCreateOutputBuffer(&(transform->outBuf)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferCreateOutputBuffer", + xmlSecTransformGetName(transform)); return(-1); } } @@ -265,22 +237,15 @@ xmlSecTransformC14NPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nodes, ret = xmlSecTransformC14NExecute(transform->id, nodes, (xmlChar**)(nsList->data), buf); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformC14NExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformC14NExecute", + xmlSecTransformGetName(transform)); xmlOutputBufferClose(buf); return(-1); } ret = xmlOutputBufferClose(buf); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferClose", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferClose", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -316,22 +281,16 @@ xmlSecTransformC14NPopBin(xmlSecTransformPtr transform, xmlSecByte* data, /* get xml data from previous transform */ ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformPopXml", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPopXml", + xmlSecTransformGetName(transform)); return(-1); } /* dump everything to internal buffer */ buf = xmlSecBufferCreateOutputBuffer(out); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferCreateOutputBuffer", + xmlSecTransformGetName(transform)); return(-1); } @@ -342,21 +301,14 @@ xmlSecTransformC14NPopBin(xmlSecTransformPtr transform, xmlSecByte* data, ret = xmlSecTransformC14NExecute(transform->id, transform->inNodes, (xmlChar**)(nsList->data), buf); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformC14NExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformC14NExecute", + xmlSecTransformGetName(transform)); xmlOutputBufferClose(buf); return(-1); } ret = xmlOutputBufferClose(buf); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferClose", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferClose", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -379,11 +331,9 @@ xmlSecTransformC14NPopBin(xmlSecTransformPtr transform, xmlSecByte* data, memcpy(data, xmlSecBufferGetData(&(transform->outBuf)), outSize); ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } } else if(xmlSecBufferGetSize(out) == 0) { @@ -395,11 +345,7 @@ xmlSecTransformC14NPopBin(xmlSecTransformPtr transform, xmlSecByte* data, xmlSecAssert2(xmlSecBufferGetSize(out) == 0, -1); (*dataSize) = 0; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -445,20 +391,13 @@ xmlSecTransformC14NExecute(xmlSecTransformId id, xmlSecNodeSetPtr nodes, xmlChar ret = xmlSecNodeSetDumpTextNodes(nodes, buf); } else { /* shoudn't be possible to come here, actually */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_TRANSFORM, + xmlSecTransformKlassGetName(id), NULL); return(-1); } if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)), - "xmlC14NExecute", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlC14NExecute", xmlSecTransformKlassGetName(id)); return(-1); } @@ -688,7 +627,7 @@ static xmlSecTransformKlass xmlSecTransformExclC14NKlass = { /** * xmlSecTransformExclC14NGetKlass: * - * Exclusive canoncicalization that ommits comments transform klass + * Exclusive canoncicalization that omits comments transform klass * (http://www.w3.org/TR/xml-exc-c14n/). * * Returns: exclusive c14n transform id. @@ -1,4 +1,4 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * * @@ -7,6 +7,12 @@ * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:dl + * @Short_description: Dynamic crypto-engine library loading functions. + * @Stability: Stable + * + */ #include "globals.h" #include <stdlib.h> @@ -31,7 +37,6 @@ #ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING - #ifdef XMLSEC_DL_LIBLTDL #include <ltdl.h> #endif /* XMLSEC_DL_LIBLTDL */ @@ -98,44 +103,28 @@ xmlSecCryptoDLLibraryCreate(const xmlChar* name) { /* Allocate a new xmlSecCryptoDLLibrary and fill the fields. */ lib = (xmlSecCryptoDLLibraryPtr)xmlMalloc(sizeof(xmlSecCryptoDLLibrary)); if(lib == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)sizeof(lib)); + xmlSecMallocError(sizeof(xmlSecCryptoDLLibrary), NULL); return(NULL); } memset(lib, 0, sizeof(xmlSecCryptoDLLibrary)); lib->name = xmlStrdup(name); if(lib->name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlStrdup", - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(name, NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } lib->filename = xmlSecCryptoDLLibraryConstructFilename(name); if(lib->filename == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecCryptoDLLibraryConstructFilename", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLLibraryConstructFilename", NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } lib->getFunctionsName = xmlSecCryptoDLLibraryConstructGetFunctionsName(name); if(lib->getFunctionsName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecCryptoDLLibraryConstructGetFunctionsName", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLLibraryConstructGetFunctionsName", NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } @@ -143,12 +132,7 @@ xmlSecCryptoDLLibraryCreate(const xmlChar* name) { #ifdef XMLSEC_DL_LIBLTDL lib->handle = lt_dlopenext((char*)lib->filename); if(lib->handle == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "lt_dlopenext", - NULL, - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s", - xmlSecErrorsSafeString(lib->filename)); + xmlSecIOError("lt_dlopenext", lib->filename, NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } @@ -157,12 +141,7 @@ xmlSecCryptoDLLibraryCreate(const xmlChar* name) { lt_dlsym(lib->handle, (char*)lib->getFunctionsName) ); if(getFunctions == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "lt_dlsym", - NULL, - XMLSEC_ERRORS_R_IO_FAILED, - "function=%s", - xmlSecErrorsSafeString(lib->getFunctionsName)); + xmlSecIOError("lt_dlsym", lib->getFunctionsName, NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } @@ -171,12 +150,7 @@ xmlSecCryptoDLLibraryCreate(const xmlChar* name) { #ifdef XMLSEC_DL_WIN32 lib->handle = LoadLibraryA((char*)lib->filename); if(lib->handle == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "LoadLibraryA", - NULL, - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s", - xmlSecErrorsSafeString(lib->filename)); + xmlSecIOError("LoadLibraryA", lib->filename, NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } @@ -188,34 +162,21 @@ xmlSecCryptoDLLibraryCreate(const xmlChar* name) { ) ); if(getFunctions == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "GetProcAddressA", - NULL, - XMLSEC_ERRORS_R_IO_FAILED, - "function=%s", - xmlSecErrorsSafeString(lib->getFunctionsName)); + xmlSecIOError("GetProcAddressA", lib->getFunctionsName, NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } #endif /* XMLSEC_DL_WIN32 */ if(getFunctions == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "invalid configuration: no way to load library"); + xmlSecInternalError("invalid configuration: no way to load library", NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } lib->functions = getFunctions(); if(lib->functions == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "getFunctions", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("getFunctions", NULL); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } @@ -247,11 +208,7 @@ xmlSecCryptoDLLibraryDestroy(xmlSecCryptoDLLibraryPtr lib) { ret = lt_dlclose(lib->handle); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - "lt_dlclose", - NULL, - XMLSEC_ERRORS_R_IO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecIOError("lt_dlclose", NULL, NULL); } } #endif /* XMLSEC_DL_LIBLTDL */ @@ -262,11 +219,7 @@ xmlSecCryptoDLLibraryDestroy(xmlSecCryptoDLLibraryPtr lib) { res = FreeLibrary(lib->handle); if(!res) { - xmlSecError(XMLSEC_ERRORS_HERE, - "FreeLibrary", - NULL, - XMLSEC_ERRORS_R_IO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecIOError("FreeLibrary", NULL, NULL); } } #endif /* XMLSEC_DL_WIN32*/ @@ -285,47 +238,53 @@ xmlSecCryptoDLLibraryDuplicate(xmlSecCryptoDLLibraryPtr lib) { static xmlChar* xmlSecCryptoDLLibraryConstructFilename(const xmlChar* name) { - static xmlChar tmpl[] = "lib%s-%s"; + static char tmpl[] = "lib%s-%s"; xmlChar* res; int len; + int ret; xmlSecAssert2(name != NULL, NULL); /* TODO */ - len = xmlStrlen(BAD_CAST PACKAGE) + xmlStrlen(name) + xmlStrlen(tmpl) + 1; + len = xmlStrlen(BAD_CAST PACKAGE) + xmlStrlen(name) + xmlStrlen(BAD_CAST tmpl) + 1; res = (xmlChar*)xmlMalloc(len + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", len + 1); + xmlSecMallocError(len + 1, NULL); + return(NULL); + } + + ret = xmlStrPrintf(res, len, tmpl, PACKAGE, name); + if(ret < 0) { + xmlSecXmlError("xmlStrPrintf", NULL); + xmlFree(res); return(NULL); } - xmlSecStrPrintf(res, len, tmpl, PACKAGE, name); return(res); } static xmlChar* xmlSecCryptoDLLibraryConstructGetFunctionsName(const xmlChar* name) { - static xmlChar tmpl[] = "xmlSecCryptoGetFunctions_%s"; + static char tmpl[] = "xmlSecCryptoGetFunctions_%s"; xmlChar* res; int len; + int ret; xmlSecAssert2(name != NULL, NULL); - len = xmlStrlen(name) + xmlStrlen(tmpl) + 1; + len = xmlStrlen(name) + xmlStrlen(BAD_CAST tmpl) + 1; res = (xmlChar*)xmlMalloc(len + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", len + 1); + xmlSecMallocError(len + 1, NULL); + return(NULL); + } + + ret = xmlStrPrintf(res, len, tmpl, name); + if(ret < 0) { + xmlSecXmlError("xmlStrPrintf", NULL); + xmlFree(res); return(NULL); } - xmlSecStrPrintf(res, len, tmpl, name); return(res); } @@ -373,24 +332,18 @@ int xmlSecCryptoDLInit(void) { int ret; - ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, xmlSecCryptoDLLibrariesListGetKlass()); + ret = xmlSecPtrListInitialize(&gXmlSecCryptoDLLibraries, + xmlSecCryptoDLLibrariesListGetKlass()); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListPtrInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecCryptoDLLibrariesListGetKlass"); + xmlSecInternalError("xmlSecPtrListInitialize", + "xmlSecCryptoDLLibrariesListGetKlass"); return(-1); } #ifdef XMLSEC_DL_LIBLTDL ret = lt_dlinit (); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "lt_dlinit", - XMLSEC_ERRORS_R_IO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecIOError("lt_dlinit", NULL, NULL); return(-1); } #endif /* XMLSEC_DL_LIBLTDL */ @@ -416,12 +369,10 @@ xmlSecCryptoDLShutdown(void) { #ifdef XMLSEC_DL_LIBLTDL ret = lt_dlexit (); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "lt_dlexit", - XMLSEC_ERRORS_R_IO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecIOError("lt_dlexit", NULL, NULL); } +#else /* XMLSEC_DL_LIBLTDL */ + UNREFERENCED_PARAMETER(ret); #endif /* XMLSEC_DL_LIBLTDL */ return(0); @@ -446,21 +397,13 @@ xmlSecCryptoDLLoadLibrary(const xmlChar* crypto) { /* if crypto is not specified, then used default */ functions = xmlSecCryptoDLGetLibraryFunctions((crypto != NULL ) ? crypto : xmlSecGetDefaultCrypto()); if(functions == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLGetLibraryFunctions", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLGetLibraryFunctions", NULL); return(-1); } ret = xmlSecCryptoDLSetFunctions(functions); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLSetFunctions", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLSetFunctions", NULL); return(-1); } @@ -496,23 +439,15 @@ xmlSecCryptoDLGetLibraryFunctions(const xmlChar* crypto) { lib = xmlSecCryptoDLLibraryCreate(crypto); if(lib == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLLibraryCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "crypto=%s", - xmlSecErrorsSafeString(crypto)); + xmlSecInternalError2("xmlSecCryptoDLLibraryCreate", NULL, + "crypto=%s", xmlSecErrorsSafeString(crypto)); return(NULL); } ret = xmlSecPtrListAdd(&gXmlSecCryptoDLLibraries, lib); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "crypto=%s", - xmlSecErrorsSafeString(crypto)); + xmlSecInternalError2("xmlSecPtrListAdd", NULL, + "crypto=%s", xmlSecErrorsSafeString(crypto)); xmlSecCryptoDLLibraryDestroy(lib); return(NULL); } @@ -552,11 +487,7 @@ xmlSecCryptoDLUnloadLibrary(const xmlChar* crypto) { ret = xmlSecPtrListRemove(&gXmlSecCryptoDLLibraries, pos); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListRemove", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListRemove", NULL); return(-1); } @@ -612,90 +543,57 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti * ****************************************************************************/ if((functions->keyDataAesGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataAesGetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataAesGetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataAesGetKlass())); return(-1); } if((functions->keyDataDesGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataDesGetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataDesGetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataDesGetKlass())); return(-1); } if((functions->keyDataDsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataDsaGetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataDsaGetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataDsaGetKlass())); return(-1); } if((functions->keyDataEcdsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataEcdsaGetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataEcdsaGetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataEcdsaGetKlass())); return(-1); } if((functions->keyDataGost2001GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGost2001GetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGost2001GetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataGost2001GetKlass())); return(-1); } if((functions->keyDataGostR3410_2012_256GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGostR3410_2012_256GetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGostR3410_2012_256GetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataGostR3410_2012_256GetKlass())); return(-1); } if((functions->keyDataGostR3410_2012_512GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataGostR3410_2012_512GetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataGostR3410_2012_512GetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataGostR3410_2012_512GetKlass())); return(-1); } if((functions->keyDataHmacGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataHmacGetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataHmacGetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataHmacGetKlass())); return(-1); } if((functions->keyDataRsaGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataRsaGetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataRsaGetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataRsaGetKlass())); return(-1); } if((functions->keyDataX509GetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataX509GetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataX509GetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataX509GetKlass())); return(-1); } if((functions->keyDataRawX509CertGetKlass != NULL) && (xmlSecKeyDataIdsRegister(functions->keyDataRawX509CertGetKlass()) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(functions->keyDataRawX509CertGetKlass())), - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegister", + xmlSecKeyDataKlassGetName(functions->keyDataRawX509CertGetKlass())); return(-1); } @@ -706,397 +604,283 @@ xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(struct _xmlSecCryptoDLFuncti * ****************************************************************************/ if((functions->transformAes128CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes128CbcGetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes128CbcGetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformAes128CbcGetKlass())); return(-1); } if((functions->transformAes192CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes192CbcGetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes192CbcGetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformAes192CbcGetKlass())); return(-1); } if((functions->transformAes256CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes256CbcGetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformAes256CbcGetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformAes256CbcGetKlass())); + return(-1); + } + + if ((functions->transformAes128GcmGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes128GcmGetKlass()) < 0) { + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformAes128GcmGetKlass())); + return(-1); + } + + if ((functions->transformAes192GcmGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes192GcmGetKlass()) < 0) { + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformAes192GcmGetKlass())); + return(-1); + } + + if ((functions->transformAes256GcmGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformAes256GcmGetKlass()) < 0) { + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformAes256GcmGetKlass())); return(-1); } if((functions->transformKWAes128GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes128GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes128GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformKWAes128GetKlass())); return(-1); } if((functions->transformKWAes192GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes192GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes192GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformKWAes192GetKlass())); return(-1); } if((functions->transformKWAes256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWAes256GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWAes256GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformKWAes256GetKlass())); return(-1); } if((functions->transformDes3CbcGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDes3CbcGetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDes3CbcGetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformDes3CbcGetKlass())); return(-1); } if((functions->transformKWDes3GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformKWDes3GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformKWDes3GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformKWDes3GetKlass())); return(-1); } if((functions->transformGost2001GostR3411_94GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGost2001GostR3411_94GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGost2001GostR3411_94GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformGost2001GostR3411_94GetKlass())); return(-1); } if((functions->transformGostR3410_2012GostR3411_2012_256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3410_2012GostR3411_2012_256GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3410_2012GostR3411_2012_256GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformGostR3410_2012GostR3411_2012_256GetKlass())); return(-1); } if((functions->transformGostR3410_2012GostR3411_2012_512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3410_2012GostR3411_2012_512GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3410_2012GostR3411_2012_512GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformGostR3410_2012GostR3411_2012_512GetKlass())); return(-1); } if((functions->transformDsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha1GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha1GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformDsaSha1GetKlass())); return(-1); } if((functions->transformDsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformDsaSha256GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformDsaSha256GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformDsaSha256GetKlass())); return(-1); } if((functions->transformEcdsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha1GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha1GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformEcdsaSha1GetKlass())); return(-1); } if((functions->transformEcdsaSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha224GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha224GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformEcdsaSha224GetKlass())); return(-1); } if((functions->transformEcdsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha256GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha256GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformEcdsaSha256GetKlass())); return(-1); } if((functions->transformEcdsaSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha384GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha384GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformEcdsaSha384GetKlass())); return(-1); } if((functions->transformEcdsaSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformEcdsaSha512GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformEcdsaSha512GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformEcdsaSha512GetKlass())); return(-1); } if((functions->transformHmacMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacMd5GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacMd5GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformHmacMd5GetKlass())); return(-1); } if((functions->transformHmacRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacRipemd160GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacRipemd160GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformHmacRipemd160GetKlass())); return(-1); } if((functions->transformHmacSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha1GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha1GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformHmacSha1GetKlass())); return(-1); } if((functions->transformHmacSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha224GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha224GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformHmacSha224GetKlass())); return(-1); } if((functions->transformHmacSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha256GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha256GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformHmacSha256GetKlass())); return(-1); } if((functions->transformHmacSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha384GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha384GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformHmacSha384GetKlass())); return(-1); } if((functions->transformHmacSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformHmacSha512GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformHmacSha512GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformHmacSha512GetKlass())); return(-1); } if((functions->transformMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformMd5GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformMd5GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformMd5GetKlass())); return(-1); } if((functions->transformRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRipemd160GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRipemd160GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRipemd160GetKlass())); return(-1); } if((functions->transformRsaMd5GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaMd5GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaMd5GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaMd5GetKlass())); return(-1); } if((functions->transformRsaRipemd160GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaRipemd160GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaRipemd160GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaRipemd160GetKlass())); return(-1); } if((functions->transformRsaSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha1GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha1GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaSha1GetKlass())); return(-1); } if((functions->transformRsaSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha224GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha224GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaSha224GetKlass())); return(-1); } if((functions->transformRsaSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha256GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha256GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaSha256GetKlass())); return(-1); } if((functions->transformRsaSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha384GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha384GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaSha384GetKlass())); return(-1); } if((functions->transformRsaSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaSha512GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaSha512GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaSha512GetKlass())); return(-1); } if((functions->transformRsaPkcs1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaPkcs1GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaPkcs1GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaPkcs1GetKlass())); return(-1); } if((functions->transformRsaOaepGetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformRsaOaepGetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformRsaOaepGetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformRsaOaepGetKlass())); return(-1); } if((functions->transformGostR3411_94GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3411_94GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_94GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformGostR3411_94GetKlass())); return(-1); } if((functions->transformGostR3411_2012_256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3411_2012_256GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_2012_256GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformGostR3411_2012_256GetKlass())); return(-1); } if((functions->transformGostR3411_2012_512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformGostR3411_2012_512GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformGostR3411_2012_512GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformGostR3411_2012_512GetKlass())); return(-1); } if((functions->transformSha1GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha1GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha1GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformSha1GetKlass())); return(-1); } if((functions->transformSha224GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha224GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha224GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformSha224GetKlass())); return(-1); } if((functions->transformSha256GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha256GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha256GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformSha256GetKlass())); return(-1); } if((functions->transformSha384GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha384GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha384GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformSha384GetKlass())); return(-1); } if((functions->transformSha512GetKlass != NULL) && xmlSecTransformIdsRegister(functions->transformSha512GetKlass()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(functions->transformSha512GetKlass())), - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegister", + xmlSecTransformKlassGetName(functions->transformSha512GetKlass())); return(-1); } diff --git a/src/enveloped.c b/src/enveloped.c index ae11c16e..6f227e93 100644 --- a/src/enveloped.c +++ b/src/enveloped.c @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Enveloped transform. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:enveloped + * @Short_description: Enveloped transform implementation. + * @Stability: Private + * + */ #include "globals.h" #include <stdlib.h> @@ -106,44 +111,35 @@ xmlSecTransformEnvelopedExecute(xmlSecTransformPtr transform, int last, xmlSecAssert2(transformCtx != NULL, -1); if((transform->inNodes != NULL) && (transform->inNodes->doc != transform->hereNode->doc)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_TRANSFORM_SAME_DOCUMENT_REQUIRED, + xmlSecTransformGetName(transform), + NULL); return(-1); } /* find signature node and get all its children in the nodes set */ node = xmlSecFindParent(transform->hereNode, xmlSecNodeSignature, xmlSecDSigNs); if(node == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeSignature), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeNotFoundError("xmlSecFindParent", transform->hereNode, + xmlSecNodeSignature, + xmlSecTransformGetName(transform)); return(-1); } children = xmlSecNodeSetGetChildren(node->doc, node, 1, 1); if(children == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNodeSetGetChildren", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError2("xmlSecNodeSetGetChildren", + xmlSecTransformGetName(transform), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } /* intersect <dsig:Signature/> node children with input nodes (if exist) */ transform->outNodes = xmlSecNodeSetAdd(transform->inNodes, children, xmlSecNodeSetIntersection); if(transform->outNodes == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNodeSetAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNodeSetAdd", + xmlSecTransformGetName(transform)); xmlSecNodeSetDestroy(children); return(-1); } diff --git a/src/errors.c b/src/errors.c index a4519270..179caa73 100644 --- a/src/errors.c +++ b/src/errors.c @@ -1,19 +1,26 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Error codes and error reporting functions. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:errors + * @Short_description: Error reporting and logging functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> #include <stdio.h> #include <stdarg.h> #include <time.h> +#include <string.h> #include <libxml/tree.h> @@ -22,8 +29,12 @@ #include <xmlsec/private.h> #include <xmlsec/errors.h> +/* Must be bigger than fatal_error */ #define XMLSEC_ERRORS_BUFFER_SIZE 1024 +/* Must fit into xmlChar[XMLSEC_ERRORS_BUFFER_SIZE] */ +static const xmlChar fatal_error[] = "Can not format error message"; + typedef struct _xmlSecErrorDescription xmlSecErrorDescription, *xmlSecErrorDescriptionPtr; struct _xmlSecErrorDescription { int errorCode; @@ -40,6 +51,7 @@ static xmlSecErrorDescription xmlSecErrorsTable[XMLSEC_ERRORS_MAX_NUMBER + 1] = { XMLSEC_ERRORS_R_IO_FAILED, "io function failed" }, { XMLSEC_ERRORS_R_DISABLED, "feature is disabled" }, { XMLSEC_ERRORS_R_NOT_IMPLEMENTED, "feature is not implemented" }, + { XMLSEC_ERRORS_R_INVALID_CONFIG, "invalid configuration" }, { XMLSEC_ERRORS_R_INVALID_SIZE, "invalid size" }, { XMLSEC_ERRORS_R_INVALID_DATA, "invalid data" }, { XMLSEC_ERRORS_R_INVALID_RESULT, "invalid result" }, @@ -48,6 +60,7 @@ static xmlSecErrorDescription xmlSecErrorsTable[XMLSEC_ERRORS_MAX_NUMBER + 1] = { XMLSEC_ERRORS_R_INVALID_STATUS, "invalid status" }, { XMLSEC_ERRORS_R_INVALID_FORMAT, "invalid format" }, { XMLSEC_ERRORS_R_DATA_NOT_MATCH, "data do not match" }, + { XMLSEC_ERRORS_R_INVALID_VERSION, "invalid version" }, { XMLSEC_ERRORS_R_INVALID_NODE, "invalid node" }, { XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, "invalid node content" }, { XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, "invalid node attribute" }, @@ -74,7 +87,7 @@ static xmlSecErrorDescription xmlSecErrorsTable[XMLSEC_ERRORS_MAX_NUMBER + 1] = { XMLSEC_ERRORS_R_CERT_REVOKED, "certificate is revoked" }, { XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, "certificate issuer check failed" }, { XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, "certificate is not yet valid" }, - { XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, "certificate has expirred" }, + { XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, "certificate has expired" }, { XMLSEC_ERRORS_R_DSIG_NO_REFERENCES, "Reference nodes are not found" }, { XMLSEC_ERRORS_R_DSIG_INVALID_REFERENCE, "Reference verification failed" }, { XMLSEC_ERRORS_R_ASSERTION, "assertion" }, @@ -82,7 +95,7 @@ static xmlSecErrorDescription xmlSecErrorsTable[XMLSEC_ERRORS_MAX_NUMBER + 1] = }; static xmlSecErrorsCallback xmlSecErrorsClbk = xmlSecErrorsDefaultCallback; -static int xmlSecPrintErrorMessages = 1; /* whether the error messages will be printed immidiatelly */ +static int xmlSecPrintErrorMessages = 1; /* whether the error messages will be printed immediately */ /** * xmlSecErrorsInit: @@ -208,9 +221,9 @@ xmlSecErrorsGetMsg(xmlSecSize pos) { * xmlSecError: * @file: the error location filename (__FILE__). * @line: the error location line number (__LINE__). - * @func: the error location function (__FUNCTIION__). - * @errorObject: the error specific error object - * @errorSubject: the error specific error subject. + * @func: the error location function (__FUNCTION__). + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @errorSubject: the error specific error subject (e.g. failed function name). * @reason: the error code. * @msg: the error message in printf format. * @...: the parameters for the @msg. @@ -223,15 +236,20 @@ void xmlSecError(const char* file, int line, const char* func, const char* errorObject, const char* errorSubject, int reason, const char* msg, ...) { - if(xmlSecErrorsClbk != NULL) { xmlChar error_msg[XMLSEC_ERRORS_BUFFER_SIZE]; + int ret; if(msg != NULL) { va_list va; + va_start(va, msg); - xmlSecStrVPrintf(error_msg, sizeof(error_msg), msg, va); - error_msg[sizeof(error_msg) - 1] = '\0'; + ret = xmlStrVPrintf(error_msg, sizeof(error_msg), msg, va); + if(ret < 0) { + /* Can't really report an error from an error callback */ + memcpy(error_msg, fatal_error, sizeof(fatal_error)); + } + error_msg[sizeof(error_msg) - 1] = '\0'; /* just in case */ va_end(va); } else { error_msg[0] = '\0'; diff --git a/src/errors_helpers.h b/src/errors_helpers.h new file mode 100644 index 00000000..3752fa69 --- /dev/null +++ b/src/errors_helpers.h @@ -0,0 +1,872 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * Internal header only used during the compilation, + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ + +#ifndef __XMLSEC_ERROR_HELPERS_H__ +#define __XMLSEC_ERROR_HELPERS_H__ + +#ifndef XMLSEC_PRIVATE +#error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-$crypto libraries" +#endif /* XMLSEC_PRIVATE */ + +#include <errno.h> + +#ifdef __cplusplus +extern "C" { +#endif /* __cplusplus */ + +/********************************************************************** + * + * Error handling macros. + * + **********************************************************************/ + +/** + * xmlSecInternalError: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting internal XMLSec errors. + */ +#define xmlSecInternalError(errorFunction, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XMLSEC_FAILED, \ + XMLSEC_ERRORS_NO_MESSAGE \ + ) + +/** + * xmlSecInternalError2: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting internal XMLSec errors. + */ +#define xmlSecInternalError2(errorFunction, errorObject, msg, param) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XMLSEC_FAILED, \ + (msg), (param) \ + ) + +/** + * xmlSecInternalError3: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param1: the extra message param1. + * @param2: the extra message param2. + * + * Macro. The XMLSec library macro for reporting internal XMLSec errors. + */ +#define xmlSecInternalError3(errorFunction, errorObject, msg, param1, param2) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XMLSEC_FAILED, \ + (msg), (param1), (param2) \ + ) + +/** + * xmlSecInternalError4: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param1: the extra message param1. + * @param2: the extra message param2. + * @param3: the extra message param3. + * + * Macro. The XMLSec library macro for reporting internal XMLSec errors. + */ +#define xmlSecInternalError4(errorFunction, errorObject, msg, param1, param2, param3) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XMLSEC_FAILED, \ + (msg), (param1), (param2), (param3) \ + ) + +/** + * xmlSecMallocError: + * @allocSize: the failed allocation size. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting xmlMalloc() errors. + */ +#define xmlSecMallocError(allocSize, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + "xmlMalloc", \ + XMLSEC_ERRORS_R_MALLOC_FAILED, \ + "size=%lu", (unsigned long)(allocSize) \ + ) + +/** + * xmlSecStrdupError: + * @str: the failed string. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting xmlStrdup() errors. + */ +#define xmlSecStrdupError(str, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + "xmlStrdup", \ + XMLSEC_ERRORS_R_STRDUP_FAILED, \ + "size=%lu", (unsigned long)xmlStrlen(str) \ + ) + +/** + * xmlSecXmlError: + * @errorFunction: the failed function. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting generic XML errors. + */ +#define xmlSecXmlError(errorFunction, errorObject) \ + { \ + xmlErrorPtr error = xmlGetLastError(); \ + int code = (error != NULL) ? error->code : 0; \ + const char* message = (error != NULL) ? error->message : NULL; \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XML_FAILED, \ + "xml error: %lu: %s", \ + (unsigned long)code, \ + xmlSecErrorsSafeString(message) \ + ); \ + } + +/** + * xmlSecXmlError2: + * @errorFunction: the failed function. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting generic XML errors. + */ +#define xmlSecXmlError2(errorFunction, errorObject, msg, param) \ + { \ + xmlErrorPtr error = xmlGetLastError(); \ + int code = (error != NULL) ? error->code : 0; \ + const char* message = (error != NULL) ? error->message : NULL; \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XML_FAILED, \ + msg "; xml error: %lu: %s", \ + (param), \ + (unsigned long)code, \ + xmlSecErrorsSafeString(message) \ + ); \ + } + +/** + * xmlSecXmlParserError: + * @errorFunction: the failed function. + * @ctxt: the parser context. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting XML parser errors. + */ +#define xmlSecXmlParserError(errorFunction, ctxt, errorObject) \ + { \ + xmlErrorPtr error = xmlCtxtGetLastError(ctxt);\ + int code = (error != NULL) ? error->code : 0; \ + const char* message = (error != NULL) ? error->message : NULL; \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XML_FAILED, \ + "xml error: %lu: %s", \ + (unsigned long)code, \ + xmlSecErrorsSafeString(message) \ + ); \ + } + +/** + * xmlSecXmlParserError2: + * @errorFunction: the failed function. + * @ctxt: the parser context. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting XML parser errors. + */ +#define xmlSecXmlParserError2(errorFunction, ctxt, errorObject, msg, param) \ + { \ + xmlErrorPtr error = xmlCtxtGetLastError(ctxt);\ + int code = (error != NULL) ? error->code : 0; \ + const char* message = (error != NULL) ? error->message : NULL; \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XML_FAILED, \ + msg "; xml error: %lu: %s", \ + (param), \ + (unsigned long)code, \ + xmlSecErrorsSafeString(message) \ + ); \ + } + +/** + * xmlSecXsltError: + * @errorFunction: the failed function. + * @ctxt: the parser context. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting XSLT errors. + */ +#define xmlSecXsltError(errorFunction, ctxt, errorObject) \ + { \ + xmlErrorPtr error = xmlGetLastError(); \ + int code = (error != NULL) ? error->code : 0; \ + const char* message = (error != NULL) ? error->message : NULL; \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_XSLT_FAILED, \ + "xslt error: %lu: %s", \ + (unsigned long)code, \ + xmlSecErrorsSafeString(message) \ + ); \ + } + +/** + * xmlSecIOError: + * @errorFunction: the failed function. + * @name: the filename, function name, uri, etc. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting IO errors. + */ +#define xmlSecIOError(errorFunction, name, errorObject) \ + { \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_IO_FAILED, \ + "name=\"%s\"; errno=%d", \ + xmlSecErrorsSafeString(name), \ + errno \ + ); \ + } + +/** + * xmlSecNotImplementedError: + * @details: the additional details. + * + * Macro. The XMLSec library macro for reporting "not implemented" errors. + */ +#define xmlSecNotImplementedError(details) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + NULL, \ + NULL, \ + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, \ + "details=%s", \ + xmlSecErrorsSafeString(details) \ + ) +/** + * xmlSecInvalidSizeError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value. + * @expected: the expected value. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid size" errors when + * we expect exact match. + */ +#define xmlSecInvalidSizeError(name, actual, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_SIZE, \ + "invalid size for '%s': actual=%lu is not equal to expected=%lu", \ + xmlSecErrorsSafeString(name), \ + (unsigned long)(actual), \ + (unsigned long)(expected) \ + ) + +/** + * xmlSecInvalidSizeLessThanError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value. + * @expected: the expected value. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid size" errors when + * we expect at least the expected size. + */ +#define xmlSecInvalidSizeLessThanError(name, actual, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_SIZE, \ + "invalid size for '%s': actual=%lu is less than expected=%lu", \ + xmlSecErrorsSafeString(name), \ + (unsigned long)(actual), \ + (unsigned long)(expected) \ + ) + +/** + * xmlSecInvalidSizeMoreThanError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value. + * @expected: the expected value. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid size" errors when + * we expect at most the expected size. + */ +#define xmlSecInvalidSizeMoreThanError(name, actual, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, \ + "invalid size for '%s': actual=%lu is more than expected=%lu", \ + xmlSecErrorsSafeString(name), \ + (unsigned long)(actual), \ + (unsigned long)(expected) \ + ) + +/** + * xmlSecInvalidSizeNotMultipleOfError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value. + * @divider: the expected divider. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid size" errors when + * we expect the size to be a multiple of the divider. + */ +#define xmlSecInvalidSizeNotMultipleOfError(name, actual, divider, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_NOT_IMPLEMENTED, \ + "invalid size for '%s': actual=%lu is not a multiple of %lu", \ + xmlSecErrorsSafeString(name), \ + (unsigned long)(actual), \ + (unsigned long)(divider) \ + ) + +/** + * xmlSecInvalidSizeOtherError: + * @msg: the message about the error. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid size" errors when + * we expect exact match. + */ +#define xmlSecInvalidSizeOtherError(msg, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_SIZE, \ + "invalid size: %s", \ + xmlSecErrorsSafeString(msg) \ + ) + +/** + * xmlSecInvalidDataError: + * @msg: the msg with explanation. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid data" errors. + */ +#define xmlSecInvalidDataError(msg, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_DATA, \ + "%s", \ + xmlSecErrorsSafeString(msg) \ + ) + +/** + * xmlSecInvalidStringDataError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value as a string. + * @expected: the expected value(s) as a string. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid data" errors for string. + */ +#define xmlSecInvalidStringDataError(name, actual, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_DATA, \ + "invalid data for '%s': actual='%s' and expected %s", \ + xmlSecErrorsSafeString(name), \ + xmlSecErrorsSafeString(actual), \ + (expected) \ + ) + +/** + * xmlSecInvalidIntegerDataError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value as an integer. + * @expected: the expected value(s) as a string. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid data" errors for integers. + */ +#define xmlSecInvalidIntegerDataError(name, actual, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_DATA, \ + "invalid data for '%s': actual=%ld and expected %s", \ + xmlSecErrorsSafeString(name), \ + (unsigned long)(actual), \ + (expected) \ + ) + +/** + * xmlSecInvalidIntegerDataError2: + * @name1: the name of the first variable, parameter, etc. + * @actual1: the actual first value as an integer. + * @name2: the name of the second variable, parameter, etc. + * @actual2: the actual second value as an integer. + * @expected: the expected value(s) as a string. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid data" errors for integers. + */ +#define xmlSecInvalidIntegerDataError2(name1, actual1, name2, actual2, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_DATA, \ + "invalid data: actual value '%s'=%ld, actual value '%s'=%ld and expected %s", \ + xmlSecErrorsSafeString(name1), \ + (unsigned long)(actual1), \ + xmlSecErrorsSafeString(name2), \ + (unsigned long)(actual2), \ + (expected) \ + ) + +/** + * xmlSecInvalidTypeError: + * @msg: the msg with explanation. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid type" errors. + */ +#define xmlSecInvalidTypeError(msg, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_TYPE, \ + "%s", \ + xmlSecErrorsSafeString(msg) \ + ) + +/** + * xmlSecInvalidStringTypeError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value as a string. + * @expected: the expected value(s) as a string. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid type" errors for string. + */ +#define xmlSecInvalidStringTypeError(name, actual, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_TYPE, \ + "invalid type for '%s': actual='%s' and expected %s", \ + xmlSecErrorsSafeString(name), \ + xmlSecErrorsSafeString(actual), \ + (expected) \ + ) + +/** + * xmlSecInvalidIntegerTypeError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value as an integer. + * @expected: the expected value(s) as a string. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid type" errors for integers. + */ +#define xmlSecInvalidIntegerTypeError(name, actual, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_TYPE, \ + "invalid type for '%s': actual=%ld and expected %s", \ + xmlSecErrorsSafeString(name), \ + (unsigned long)(actual), \ + (expected) \ + ) + +/** + * xmlSecInvalidIntegerTypeError2: + * @name1: the name of the first variable, parameter, etc. + * @actual1: the actual first value as an integer. + * @name2: the name of the second variable, parameter, etc. + * @actual2: the actual second value as an integer. + * @expected: the expected value(s) as a string. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid type" errors for integers. + */ +#define xmlSecInvalidIntegerTypeError2(name1, actual1, name2, actual2, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_TYPE, \ + "invalid type: actual value '%s'=%ld, actual value '%s'=%ld and expected %s", \ + xmlSecErrorsSafeString(name1), \ + (unsigned long)(actual1), \ + xmlSecErrorsSafeString(name2), \ + (unsigned long)(actual2), \ + (expected) \ + ) + +/** + * xmlSecInvalidNodeError: + * @actualNode: the actual node. + * @expectedNodeName: the expected node name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting an invalid node errors. + */ +#define xmlSecInvalidNodeError(actualNode, expectedNodeName, errorObject) \ + { \ + const char* actualNodeName = xmlSecNodeGetName(actualNode); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_NODE, \ + "actual=%s; expected=%s", \ + xmlSecErrorsSafeString(actualNodeName), \ + xmlSecErrorsSafeString(expectedNodeName) \ + ); \ + } + +/** + * xmlSecInvalidNodeContentError: + * @node: the node. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @reason: the reason why node content is invalid. + * + * Macro. The XMLSec library macro for reporting an invalid node content errors. + */ +#define xmlSecInvalidNodeContentError(node, errorObject, reason) \ + { \ + const char* nName = xmlSecNodeGetName(node); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, \ + "node=%s; reason=%s", \ + xmlSecErrorsSafeString(nName), \ + xmlSecErrorsSafeString(reason) \ + ); \ + } + +/** + * xmlSecInvalidNodeAttributeError: + * @node: the node. + * @attrName: the attribute name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @reason: the reason why node content is invalid. + * + * Macro. The XMLSec library macro for reporting an invalid node attribute errors. + */ +#define xmlSecInvalidNodeAttributeError(node, attrName, errorObject, reason) \ + { \ + const char* nName = xmlSecNodeGetName(node); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, \ + "node=%s; attribute=%s; reason=%s",\ + xmlSecErrorsSafeString(nName), \ + xmlSecErrorsSafeString(attrName), \ + xmlSecErrorsSafeString(reason) \ + ); \ + } + +/** + * xmlSecNodeAlreadyPresentError: + * @parent: the parent node. + * @nodeName: the node name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting node already present errors. + */ +#define xmlSecNodeAlreadyPresentError(parent, nodeName, errorObject) \ + { \ + const char* pName = xmlSecNodeGetName(parent);\ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, \ + "parent=%s; node=%s", \ + xmlSecErrorsSafeString(pName), \ + xmlSecErrorsSafeString(nodeName) \ + ); \ + } + +/** + * xmlSecUnexpectedNodeError: + * @node: the node. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting an invalid node errors. + */ +#define xmlSecUnexpectedNodeError(node, errorObject) \ + { \ + const char* nName = xmlSecNodeGetName(node); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_UNEXPECTED_NODE, \ + "node=%s", \ + xmlSecErrorsSafeString(nName) \ + ); \ + } + +/** + * xmlSecNodeNotFoundError: + * @errorFunction: the failed function. + * @startNode: the search start node. + * @targetNodeName: the expected child node name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting node not found errors. + */ +#define xmlSecNodeNotFoundError(errorFunction, startNode, targetNodeName, errorObject) \ + { \ + const char* startNodeName = xmlSecNodeGetName(startNode); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_NODE_NOT_FOUND, \ + "startNode=%s; target=%s", \ + xmlSecErrorsSafeString(startNodeName), \ + xmlSecErrorsSafeString(targetNodeName) \ + ); \ + } + +/** + * xmlSecInvalidTransfromError: + * @transform: the transform. + * + * Macro. The XMLSec library macro for reporting an invalid transform errors. + */ +#define xmlSecInvalidTransfromError(transform) \ + { \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)xmlSecTransformGetName(transform), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_TRANSFORM, \ + XMLSEC_ERRORS_NO_MESSAGE \ + ); \ + } + +/** + * xmlSecInvalidTransfromError2: + * @transform: the transform. + * @msg: the extra message. + * @param: the extra message param. + * + * + * Macro. The XMLSec library macro for reporting an invalid transform errors. + */ +#define xmlSecInvalidTransfromError2(transform, msg, param) \ + { \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)xmlSecTransformGetName(transform), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_TRANSFORM, \ + (msg), (param) \ + ); \ + } + +/** + * xmlSecInvalidTransfromStatusError: + * @transform: the transform. + * + * Macro. The XMLSec library macro for reporting an invalid transform status errors. + */ +#define xmlSecInvalidTransfromStatusError(transform) \ + { \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)xmlSecTransformGetName(transform), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_STATUS, \ + "transformStatus=%d", \ + (int)((transform)->status) \ + ); \ + } + +/** + * xmlSecInvalidTransfromStatusError2: + * @transform: the transform. + * @msg: the extra message. + * + * Macro. The XMLSec library macro for reporting an invalid transform status errors. + */ +#define xmlSecInvalidTransfromStatusError2(transform, msg) \ + { \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)xmlSecTransformGetName(transform), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_STATUS, \ + "transformStatus=%ld, msg=%s", \ + (long int)((transform)->status), \ + msg \ + ); \ + } + +/** + * xmlSecInvalidKeyDataSizeError: + * @name: the name of the variable, parameter, etc. + * @actual: the actual value. + * @expected: the expected value(s). + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid keydata size" errors. + */ +#define xmlSecInvalidKeyDataSizeError(actual, expected, errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, \ + "invalid key data size: actual=%ld and expected=%ld", \ + (unsigned long)(actual), \ + (unsigned long)(expected) \ + ) + +/** + * xmlSecInvalidZeroKeyDataSizeError: + * @name: the name of the variable, parameter, etc. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting "invalid keydata size" errors. + */ +#define xmlSecInvalidZeroKeyDataSizeError(errorObject) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, \ + "invalid zero key data size" \ + ) + + +/** + * xmlSecOtherError: + * @code: the error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @details: the error message. + * + * Macro. The XMLSec library macro for reporting other XMLSec errors. + */ +#define xmlSecOtherError(code, errorObject, details) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + (code), \ + "details=%s", \ + xmlSecErrorsSafeString(details) \ + ) + +/** + * xmlSecOtherError2: + * @code: the error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting other XMLSec errors. + */ +#define xmlSecOtherError2(code, errorObject, msg, param) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + (code), \ + (msg), (param) \ + ) + +/** + * xmlSecOtherError3: + * @code: the error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param1: the extra message param. + * @param2: the extra message param. + * + * Macro. The XMLSec library macro for reporting other XMLSec errors. + */ +#define xmlSecOtherError3(code, errorObject, msg, param1, param2) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + (code), \ + (msg), (param1), (param2) \ + ) + +/** + * xmlSecOtherError4: + * @code: the error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param1: the extra message param. + * @param2: the extra message param. + * @param3: the extra message param. + * + * Macro. The XMLSec library macro for reporting other XMLSec errors. + */ +#define xmlSecOtherError4(code, errorObject, msg, param1, param2, param3) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + (code), \ + (msg), (param1), (param2), (param3) \ + ) + +/** + * xmlSecOtherError5: + * @code: the error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param1: the extra message param. + * @param2: the extra message param. + * @param3: the extra message param. + * @param4: the extra message param. + * + * Macro. The XMLSec library macro for reporting other XMLSec errors. + */ +#define xmlSecOtherError5(code, errorObject, msg, param1, param2, param3, param4) \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + NULL, \ + (code), \ + (msg), (param1), (param2), (param3), (param4) \ + ) + +#ifdef __cplusplus +} +#endif /* __cplusplus */ + +#endif /* __XMLSEC_ERROR_HELPERS_H__ */ diff --git a/src/gcrypt/Makefile.am b/src/gcrypt/Makefile.am index 734c429f..9645c40d 100644 --- a/src/gcrypt/Makefile.am +++ b/src/gcrypt/Makefile.am @@ -35,10 +35,6 @@ libxmlsec1_gcrypt_la_SOURCES =\ globals.h \ $(NULL) -if SHAREDLIB_HACK -libxmlsec1_gcrypt_la_SOURCES += ../strings.c -endif - libxmlsec1_gcrypt_la_LIBADD = \ $(GCRYPT_LIBS) \ $(LIBXSLT_LIBS) \ diff --git a/src/gcrypt/app.c b/src/gcrypt/app.c index dd5d7706..19412271 100644 --- a/src/gcrypt/app.c +++ b/src/gcrypt/app.c @@ -1,11 +1,18 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:app + * @Short_description: Application support functions for GCrypt. + * @Stability: Stable + * + */ #include "globals.h" #include <string.h> @@ -34,6 +41,7 @@ */ int xmlSecGCryptAppInit(const char* config ATTRIBUTE_UNUSED) { + gcry_error_t err; /* Secure memory initialisation based on documentation from: http://www.gnupg.org/documentation/manuals/gcrypt/Initializing-the-library.html NOTE sample code don't check gcry_control(...) return code @@ -61,40 +69,54 @@ Noteworthy changes in version 1.4.3 (2008-09-18) */ /* Version check should be the very first call because it - makes sure that important subsystems are intialized. */ + makes sure that important subsystems are initialized. */ /* NOTE configure.in defines GCRYPT_MIN_VERSION */ if (!gcry_check_version (GCRYPT_MIN_VERSION)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_check_version", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError2("gcry_check_version", GPG_ERR_NO_ERROR, NULL, + "min_version=%s", GCRYPT_MIN_VERSION); return(-1); } /* We don't want to see any warnings, e.g. because we have not yet parsed program options which might be used to suppress such warnings. */ - gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN); + err = gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN); + if(err != GPG_ERR_NO_ERROR) { + xmlSecGCryptError("gcry_control(GCRYCTL_SUSPEND_SECMEM_WARN)", err, NULL); + return(-1); + } /* ... If required, other initialization goes here. Note that the process might still be running with increased privileges and that - the secure memory has not been intialized. */ + the secure memory has not been initialized. */ /* Allocate a pool of 32k secure memory. This make the secure memory available and also drops privileges where needed. */ - gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0); + err = gcry_control(GCRYCTL_INIT_SECMEM, 32768, 0); + if(err != GPG_ERR_NO_ERROR) { + xmlSecGCryptError("gcry_control(GCRYCTL_INIT_SECMEM)", err, NULL); + return(-1); + } /* It is now okay to let Libgcrypt complain when there was/is a problem with the secure memory. */ - gcry_control(GCRYCTL_RESUME_SECMEM_WARN); + err = gcry_control(GCRYCTL_RESUME_SECMEM_WARN); + if(err != GPG_ERR_NO_ERROR) { + xmlSecGCryptError("gcry_control(GCRYCTL_RESUME_SECMEM_WARN)", err, NULL); + return(-1); + } /* ... If required, other initialization goes here. */ /* Tell Libgcrypt that initialization has completed. */ - gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + err = gcry_control(GCRYCTL_INITIALIZATION_FINISHED, 0); + if(err != GPG_ERR_NO_ERROR) { + xmlSecGCryptError("gcry_control(GCRYCTL_INITIALIZATION_FINISHED)", err, NULL); + return(-1); + } + /* done */ return(0); } @@ -112,14 +134,12 @@ xmlSecGCryptAppShutdown(void) { gcry_error_t err; err = gcry_control(GCRYCTL_TERM_SECMEM); - if (gcry_err_code(err)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_control(GCRYCTL_TERM_SECMEM)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + if(err != GPG_ERR_NO_ERROR) { + xmlSecGCryptError("gcry_control(GCRYCTL_TERM_SECMEM)", err, NULL); return(-1); } + + /* done */ return(0); } @@ -149,22 +169,14 @@ xmlSecGCryptAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, ret = xmlSecBufferInitialize(&buffer, 4*1024); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferReadFile(&buffer, filename); if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -173,12 +185,8 @@ xmlSecGCryptAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, xmlSecBufferGetSize(&buffer), format, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppKeyLoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecGCryptAppKeyLoadMemory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -220,36 +228,21 @@ xmlSecGCryptAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, case xmlSecKeyDataFormatDer: key_data = xmlSecGCryptParseDer(data, dataSize, xmlSecGCryptDerKeyTypeAuto); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptParseDer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptParseDer", NULL); return(NULL); } break; case xmlSecKeyDataFormatPem: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppKeyLoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("xmlSecKeyDataFormatPem"); return (NULL); #ifndef XMLSEC_NO_X509 case xmlSecKeyDataFormatPkcs12: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppKeyLoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("xmlSecKeyDataFormatPkcs12"); return (NULL); #endif /* XMLSEC_NO_X509 */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(NULL); } @@ -257,23 +250,15 @@ xmlSecGCryptAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecAssert2(key_data != NULL, NULL); key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); xmlSecKeyDataDestroy(key_data); return(NULL); } ret = xmlSecKeySetValue(key, key_data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(key_data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(key_data)); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(key_data); return(NULL); @@ -304,11 +289,7 @@ xmlSecGCryptAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppKeyCertLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(-1); } @@ -334,11 +315,7 @@ xmlSecGCryptAppKeyCertLoadMemory(xmlSecKeyPtr key, xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppKeyCertLoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(-1); } @@ -364,11 +341,7 @@ xmlSecGCryptAppPkcs12Load(const char *filename, xmlSecAssert2(filename != NULL, NULL); /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppPkcs12Load", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(NULL); } @@ -395,11 +368,7 @@ xmlSecGCryptAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecAssert2(dataSize > 0, NULL); /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppPkcs12LoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(NULL); } @@ -426,11 +395,7 @@ xmlSecGCryptAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppKeysMngrCertLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(-1); } @@ -459,11 +424,7 @@ xmlSecGCryptAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppKeysMngrCertLoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(-1); } @@ -490,21 +451,13 @@ xmlSecGCryptAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(keysStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptKeysStore", NULL); xmlSecKeyStoreDestroy(keysStore); return(-1); } @@ -512,11 +465,7 @@ xmlSecGCryptAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { ret = xmlSecGCryptKeysMngrInit(mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeysMngrInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeysMngrInit", NULL); return(-1); } @@ -545,21 +494,13 @@ xmlSecGCryptAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSimpleKeysStoreAdoptKey", NULL); return(-1); } @@ -586,21 +527,14 @@ xmlSecGCryptAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreLoad", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecSimpleKeysStoreLoad", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -627,22 +561,14 @@ xmlSecGCryptAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreSave(store, filename, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreSave", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecSimpleKeysStoreSave", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(-1); } diff --git a/src/gcrypt/asn1.c b/src/gcrypt/asn1.c index cec6364d..c9d0e525 100644 --- a/src/gcrypt/asn1.c +++ b/src/gcrypt/asn1.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:asn1 + * @Short_description: ASN1 support functions for GCrypt. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -202,12 +210,8 @@ xmlSecGCryptAsn1ParseIntegerSequence(xmlSecByte const **buffer, xmlSecSize *bufl memset(&ti, 0, sizeof(ti)); ret = xmlSecGCryptAsn1ParseTag (&buf, &length, &ti); if((ret != 0) || (ti.tag != TAG_SEQUENCE) || ti.class || !ti.cons || ti.ndef) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseTag", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "TAG_SEQUENCE is expected: tag=%d", - (int)ti.tag); + xmlSecInternalError2("xmlSecGCryptAsn1ParseTag", NULL, + "TAG_SEQUENCE is expected: tag=%d", (int)ti.tag); return(-1); } @@ -217,22 +221,15 @@ xmlSecGCryptAsn1ParseIntegerSequence(xmlSecByte const **buffer, xmlSecSize *bufl ret = xmlSecGCryptAsn1ParseTag (&buf, &length, &ti); if((ret != 0) || (ti.tag != TAG_INTEGER) || ti.class || ti.cons || ti.ndef) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseTag", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "TAG_INTEGER is expected - index=%d, tag=%d", - (int)idx, (int)ti.tag); + xmlSecInternalError3("xmlSecGCryptAsn1ParseTag", NULL, + "TAG_INTEGER is expected - index=%d, tag=%d", + (int)idx, (int)ti.tag); return(-1); } err = gcry_mpi_scan(&(params[idx]), GCRYMPI_FMT_USG, buf, ti.length, NULL); if((err != GPG_ERR_NO_ERROR) || (params[idx] == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_scan", err, NULL); return(-1); } buf += ti.length; @@ -241,12 +238,9 @@ xmlSecGCryptAsn1ParseIntegerSequence(xmlSecByte const **buffer, xmlSecSize *bufl /* did we parse everything? */ if(length > 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseTag", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "too many params - cur=%d, expected=%d", - (int)(idx - 1), (int)params_size); + xmlSecInternalError3("xmlSecGCryptAsn1ParseTag", NULL, + "too many params - cur=%d, expected=%d", + (int)(idx - 1), (int)params_size); return(-1); } @@ -278,23 +272,15 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms, sizeof(keyparms) / sizeof(keyparms[0]) ); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseIntegerSequence", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptAsn1ParseIntegerSequence", NULL); goto done; } keyparms_num = ret; /* The value of the first integer should be 0. */ if ((keyparms_num < 1) || (gcry_mpi_cmp_ui(keyparms[0], 0) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsn1ParseTag", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "num=%d", - (int)keyparms_num); + xmlSecInternalError2("xmlSecGCryptAsn1ParseTag", NULL, + "num=%d", (int)keyparms_num); goto done; } @@ -319,11 +305,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, break; default: /* unknown */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Unexpected number of parameters, unknown key type", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "keyparms_num=%d", (int)keyparms_num); + xmlSecInvalidIntegerDataError("keyparms_num", keyparms_num, + "the number of parameters matching key type", NULL); goto done; } } @@ -334,11 +317,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case xmlSecGCryptDerKeyTypePrivateDsa: /* check we have enough params */ if(keyparms_num != 6) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Private DSA key: 6 parameters exepcted", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "parms_num=%d", (int)keyparms_num); + xmlSecInvalidSizeError("Private DSA key params", + keyparms_num, 6, NULL); goto done; } @@ -354,11 +334,7 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[1], keyparms[2], keyparms[3], keyparms[4], keyparms[5] ); if((err != GPG_ERR_NO_ERROR) || (s_priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private-key/dsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(private-key/dsa)", err, NULL); goto done; } @@ -367,32 +343,20 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[1], keyparms[2], keyparms[3], keyparms[5] ); if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(public-key/dsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public-key/dsa)", err, NULL); goto done; } /* construct key and key data */ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId)", NULL); goto done; } ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(key_data, s_pub_key, s_priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataDsaAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataDsaId"); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKey(xmlSecGCryptKeyDataDsaId)", NULL); xmlSecKeyDataDestroy(key_data); key_data = NULL; goto done; @@ -404,11 +368,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case xmlSecGCryptDerKeyTypePublicDsa: /* check we have enough params */ if(keyparms_num != 5) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Public DSA key: 5 parameters exepcted", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "parms_num=%d", (int)keyparms_num); + xmlSecInvalidSizeError("Public DSA key params", + keyparms_num, 5, NULL); goto done; } @@ -418,32 +379,20 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[2], keyparms[3], keyparms[4], keyparms[1] ); if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(public-key/dsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public-key/dsa)", err, NULL); goto done; } /* construct key and key data */ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGCryptKeyDataDsaId)", NULL); goto done; } ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(key_data, s_pub_key, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataDsaAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataDsaId"); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKey(xmlSecGCryptKeyDataDsaId)", NULL); xmlSecKeyDataDestroy(key_data); key_data = NULL; goto done; @@ -456,15 +405,13 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case xmlSecGCryptDerKeyTypePrivateRsa: /* check we have enough params */ if(keyparms_num != 9) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Private RSA key: 9 parameters exepcted", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "parms_num=%d", (int)keyparms_num); + xmlSecInvalidSizeError("Private RSA key params", + keyparms_num, 9, NULL); goto done; } /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* (http://gnupg.10057.n7.nabble.com/RSA-PKCS-1-signing-differs-from-OpenSSL-s-td27920.html) */ /* First check that p < q; if not swap p and q and recompute u. */ if (gcry_mpi_cmp (keyparms[4], keyparms[5]) > 0) { gcry_mpi_swap (keyparms[4], keyparms[5]); @@ -474,16 +421,11 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, /* Build the S-expression. */ err = gcry_sexp_build (&s_priv_key, NULL, "(private-key(rsa(n%m)(e%m)(d%m)(p%m)(q%m)(u%m)))", - keyparms[1], keyparms[2], - keyparms[3], keyparms[4], - keyparms[5], keyparms[8] + keyparms[1], keyparms[2], keyparms[3], + keyparms[4], keyparms[5], keyparms[8] ); if((err != GPG_ERR_NO_ERROR) || (s_priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private-key/rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(private-key/rsa)", err, NULL); goto done; } @@ -492,32 +434,20 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[1], keyparms[2] ); if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(public-key/rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public-key/rsa)", err, NULL); goto done; } /* construct key and key data */ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId)", NULL); goto done; } ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(key_data, s_pub_key, s_priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataRsaAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataRsaId"); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKey(xmlSecGCryptKeyDataRsaId)", NULL); xmlSecKeyDataDestroy(key_data); key_data = NULL; goto done; @@ -529,11 +459,8 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, case xmlSecGCryptDerKeyTypePublicRsa: /* check we have enough params */ if(keyparms_num != 3) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Public RSA key: 3 parameters exepcted", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "parms_num=%d", (int)keyparms_num); + xmlSecInvalidSizeError("Public RSA key params", + keyparms_num, 3, NULL); goto done; } @@ -543,32 +470,20 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, keyparms[1], keyparms[2] ); if((err != GPG_ERR_NO_ERROR) || (s_pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(public-key/rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public-key/rsa)", err, NULL); goto done; } /* construct key and key data */ key_data = xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId); if(key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGCryptKeyDataRsaId)", NULL); goto done; } ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(key_data, s_pub_key, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataRsaAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGCryptKeyDataRsaId"); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKey(xmlSecGCryptKeyDataRsaId)", NULL); xmlSecKeyDataDestroy(key_data); key_data = NULL; goto done; @@ -578,11 +493,7 @@ xmlSecGCryptParseDer(const xmlSecByte * der, xmlSecSize derlen, #endif /* XMLSEC_NO_RSA */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Unsupported key type", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "type=%d", (int)type); + xmlSecInvalidIntegerTypeError("key_type", type, "supported key type", NULL); goto done; break; } diff --git a/src/gcrypt/asymkeys.c b/src/gcrypt/asymkeys.c index b2256145..76932aa8 100644 --- a/src/gcrypt/asymkeys.c +++ b/src/gcrypt/asymkeys.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:asymkeys + * @Short_description: Asymmetric keys implementation for GCrypt. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -109,11 +117,8 @@ xmlSecGCryptAsymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(ctxSrc->pub_key != NULL) { ctxDst->pub_key = xmlSecGCryptAsymSExpDup(ctxSrc->pub_key); if(ctxDst->pub_key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecGCryptAsymSExpDup(pub_key)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptAsymSExpDup(pub_key)", + xmlSecKeyDataGetName(dst)); return(-1); } } @@ -121,11 +126,8 @@ xmlSecGCryptAsymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(ctxSrc->priv_key != NULL) { ctxDst->priv_key = xmlSecGCryptAsymSExpDup(ctxSrc->priv_key); if(ctxDst->priv_key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecGCryptAsymSExpDup(priv_key)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptAsymSExpDup(priv_key)", + xmlSecKeyDataGetName(dst)); return(-1); } } @@ -170,22 +172,15 @@ xmlSecGCryptAsymKeyDataAdoptKey(xmlSecKeyDataPtr data, gcry_sexp_t key_pair) { not be present */ pub_key = gcry_sexp_find_token(key_pair, "public-key", 0); if(pub_key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(public-key)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(public-key)", + GPG_ERR_NO_ERROR, NULL); goto done; } priv_key = gcry_sexp_find_token(key_pair, "private-key", 0); /* assign */ if(xmlSecGCryptAsymKeyDataAdoptKeyPair(data, pub_key, priv_key) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsymKeyDataAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptAsymKeyDataAdoptKeyPair", NULL); goto done; } pub_key = NULL; /* data owns it now */ @@ -286,31 +281,19 @@ xmlSecGCryptAsymKeyDataGenerate(xmlSecKeyDataPtr data, const char * alg, xmlSecS "(genkey (%s (nbits %d)(transient-key)))", alg, (int)key_size); if((err != GPG_ERR_NO_ERROR) || (key_spec == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(genkey)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(genkey)", err, NULL); goto done; } err = gcry_pk_genkey(&key_pair, key_spec); if((err != GPG_ERR_NO_ERROR) || (key_pair == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_genkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_pk_genkey", err, NULL); goto done; } ret = xmlSecGCryptAsymKeyDataAdoptKey(data, key_pair); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAsymKeyDataAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", (int)ret); + xmlSecInternalError("xmlSecGCryptAsymKeyDataAdopt", NULL); goto done; } key_pair = NULL; /* now owned by data */ @@ -378,41 +361,26 @@ xmlSecGCryptAsymSExpDup(gcry_sexp_t pKey) { size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, NULL, 0); if(size == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_sprint", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_sprint", GPG_ERR_NO_ERROR, NULL); goto done; } buf = (xmlSecByte *)xmlMalloc(size); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)size); + xmlSecMallocError(size, NULL); goto done; } size = gcry_sexp_sprint(pKey, GCRYSEXP_FMT_ADVANCED, buf, size); if(size == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_sprint", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", (int)size); + xmlSecGCryptError2("gcry_sexp_sprint", GPG_ERR_NO_ERROR, NULL, + "size=%lu", (unsigned long)size); goto done; } err = gcry_sexp_new(&res, buf, size, 1); if((err != GPG_ERR_NO_ERROR) || (res == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_new", err, NULL); goto done; } @@ -425,7 +393,7 @@ done: /** * xmlSecGCryptNodeGetMpiValue: - * @cur: the poitner to an XML node. + * @cur: the pointer to an XML node. * * Converts the node content from CryptoBinary format * (http://www.w3.org/TR/xmldsig-core/#sec-CryptoBinary) @@ -446,21 +414,13 @@ xmlSecGCryptNodeGetMpiValue(const xmlNodePtr cur) { ret = xmlSecBufferInitialize(&buf, 128); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferBase64NodeContentRead(&buf, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", NULL); xmlSecBufferFinalize(&buf); return(NULL); } @@ -470,11 +430,7 @@ xmlSecGCryptNodeGetMpiValue(const xmlNodePtr cur) { xmlSecBufferGetSize(&buf), NULL); if((err != GPG_ERR_NO_ERROR) || (res == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_scan", err, NULL); xmlSecBufferFinalize(&buf); return(NULL); } @@ -513,21 +469,14 @@ xmlSecGCryptNodeSetMpiValue(xmlNodePtr cur, const gcry_mpi_t a, int addLineBreak written = 0; err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a); if((err != GPG_ERR_NO_ERROR) || (written == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_print", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_print", err, NULL); return(-1); } ret = xmlSecBufferInitialize(&buf, written + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)written + 1); + xmlSecInternalError2("xmlSecBufferInitialize", NULL, + "size=%d", (int)written + 1); return(-1); } @@ -537,45 +486,34 @@ xmlSecGCryptNodeSetMpiValue(xmlNodePtr cur, const gcry_mpi_t a, int addLineBreak xmlSecBufferGetMaxSize(&buf), &written, a); if((err != GPG_ERR_NO_ERROR) || (written == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_print", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_print", err, NULL); xmlSecBufferFinalize(&buf); return(-1); } ret = xmlSecBufferSetSize(&buf, written); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "written=%d", (int)written); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%d", (int)written); xmlSecBufferFinalize(&buf); return(-1); } if(addLineBreaks) { - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); } else { xmlNodeSetContent(cur, xmlSecStringEmpty); } ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize()); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentWrite", NULL); xmlSecBufferFinalize(&buf); return(-1); } if(addLineBreaks) { - xmlNodeAddContent(cur, xmlSecStringCR); + xmlNodeAddContent(cur, xmlSecGetDefaultLineFeed()); } xmlSecBufferFinalize(&buf); @@ -613,23 +551,14 @@ xmlSecGCryptNodeSetSExpTokValue(xmlNodePtr cur, const gcry_sexp_t sexp, val = gcry_sexp_find_token(sexp, tok, 0); if(val == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "tok=%s", - xmlSecErrorsSafeString(tok)); + xmlSecGCryptError2("gcry_sexp_find_token", GPG_ERR_NO_ERROR, NULL, + "tok=%s", xmlSecErrorsSafeString(tok)); goto done; } mpi = gcry_sexp_nth_mpi(val, 1, GCRYMPI_FMT_USG); if(mpi == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_nth_mpi", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "tok=%s", - xmlSecErrorsSafeString(tok)); + xmlSecGCryptError("gcry_sexp_nth_mpi", GPG_ERR_NO_ERROR, NULL); goto done; } @@ -945,11 +874,9 @@ xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); goto done; } @@ -957,66 +884,39 @@ xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id, /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAP, xmlSecKeyDataKlassGetName(id)); goto done; } p = xmlSecGCryptNodeGetMpiValue(cur); if(p == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeGetMpiValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecGCryptNodeGetMpiValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAQ, xmlSecKeyDataKlassGetName(id)); goto done; } q = xmlSecGCryptNodeGetMpiValue(cur); if(q == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeGetMpiValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecGCryptNodeGetMpiValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAG, xmlSecKeyDataKlassGetName(id)); goto done; } g = xmlSecGCryptNodeGetMpiValue(cur); if(g == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeGetMpiValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecGCryptNodeGetMpiValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); @@ -1026,12 +926,8 @@ xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id, * we are not sure exactly what do we read */ x = xmlSecGCryptNodeGetMpiValue(cur); if(x == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeGetMpiValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAX)); + xmlSecInternalError("xmlSecGCryptNodeGetMpiValue(NodeDSAX)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); @@ -1039,21 +935,13 @@ xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id, /* next is Y node. */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAY, xmlSecKeyDataKlassGetName(id)); goto done; } y = xmlSecGCryptNodeGetMpiValue(cur); if(y == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeGetMpiValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecGCryptNodeGetMpiValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); @@ -1074,25 +962,23 @@ xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); goto done; } + /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* First check that x < y; if not swap x and y */ + if((x != NULL) && (gcry_mpi_cmp (x, y) > 0)) { + gcry_mpi_swap (x, y); + } /* construct pub/priv key pairs */ err = gcry_sexp_build(&pub_key, NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", p, q, g, y); if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "gcry_sexp_build(public)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public)", err, + xmlSecKeyDataGetName(data)); goto done; } if(x != NULL) { @@ -1100,11 +986,8 @@ xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id, "(private-key(dsa(p%m)(q%m)(g%m)(x%m)(y%m)))", p, q, g, x, y); if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "gcry_sexp_build(private)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(private)", err, + xmlSecKeyDataGetName(data)); goto done; } } @@ -1112,21 +995,15 @@ xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id, /* create key data */ data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGCryptKeyDataDsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKeyPair", + xmlSecKeyDataGetName(data)); goto done; } pub_key = NULL; /* pub_key is owned by data now */ @@ -1135,11 +1012,8 @@ xmlSecGCryptKeyDataDsaXmlRead(xmlSecKeyDataId id, /* set key */ ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; /* data is owned by key now */ @@ -1209,11 +1083,8 @@ xmlSecGCryptKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if(pub_priv_key == NULL) { pub_priv_key = xmlSecGCryptKeyDataDsaGetPublicKey(xmlSecKeyGetValue(key)); if(pub_priv_key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptKeyDataDsaGetPublicKey()", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataDsaGetPublicKey()", + xmlSecKeyDataKlassGetName(id)); goto done; } } else { @@ -1222,77 +1093,50 @@ xmlSecGCryptKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, dsa = gcry_sexp_find_token(pub_priv_key, "dsa", 0); if(dsa == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "gcry_sexp_find_token(dsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(dsa)", GPG_ERR_NO_ERROR, + xmlSecKeyDataKlassGetName(id)); goto done; } /* first is P node */ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecAddChild(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "p", 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeSetSExpTokValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecGCryptNodeSetSExpTokValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); goto done; } /* next is Q node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecAddChild(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "q", 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeSetSExpTokValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecGCryptNodeSetSExpTokValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); goto done; } /* next is G node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecAddChild(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "g", 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeSetSExpTokValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecGCryptNodeSetSExpTokValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); goto done; } @@ -1300,22 +1144,14 @@ xmlSecGCryptKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) { cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAX)); + xmlSecInternalError("xmlSecAddChild(NodeDSAX)", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "x", 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeSetSExpTokValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAX)); + xmlSecInternalError("xmlSecGCryptNodeSetSExpTokValue(NodeDSAX)", + xmlSecKeyDataKlassGetName(id)); goto done; } } @@ -1323,22 +1159,14 @@ xmlSecGCryptKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecAddChild(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptNodeSetSExpTokValue(cur, dsa, "y", 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeSetSExpTokValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecGCryptNodeSetSExpTokValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); goto done; } @@ -1618,11 +1446,9 @@ xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); goto done; } @@ -1630,44 +1456,26 @@ xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node. It is REQUIRED */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAModulus, xmlSecKeyDataKlassGetName(id)); goto done; } n = xmlSecGCryptNodeGetMpiValue(cur); if(n == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeGetMpiValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecGCryptNodeGetMpiValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); /* next is Exponent node. It is REQUIRED */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAExponent, xmlSecKeyDataKlassGetName(id)); goto done; } e = xmlSecGCryptNodeGetMpiValue(cur); if(e == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeGetMpiValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecGCryptNodeGetMpiValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); @@ -1676,23 +1484,15 @@ xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is PrivateExponent node. It is REQUIRED for private key */ d = xmlSecGCryptNodeGetMpiValue(cur); if(d == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeGetMpiValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); + xmlSecInternalError("xmlSecGCryptNodeGetMpiValue(NodeRSAPrivateExponent)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); goto done; } @@ -1701,11 +1501,8 @@ xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, "(public-key(rsa(n%m)(e%m)))", n, e); if((err != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "gcry_sexp_build(public)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(public)", err, + xmlSecKeyDataGetName(data)); goto done; } if(d != NULL) { @@ -1713,11 +1510,8 @@ xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, "(private-key(rsa(n%m)(e%m)(d%m)))", n, e, d); if((err != GPG_ERR_NO_ERROR) || (priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "gcry_sexp_build(private)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(private)", err, + xmlSecKeyDataGetName(data)); goto done; } } @@ -1726,21 +1520,15 @@ xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* create key data */ data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGCryptKeyDataRsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKeyPair", + xmlSecKeyDataGetName(data)); goto done; } pub_key = NULL; /* pub_key is owned by data now */ @@ -1749,11 +1537,8 @@ xmlSecGCryptKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* set key */ ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; /* data is owned by key now */ @@ -1817,11 +1602,8 @@ xmlSecGCryptKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if(pub_priv_key == NULL) { pub_priv_key = xmlSecGCryptKeyDataRsaGetPublicKey(xmlSecKeyGetValue(key)); if(pub_priv_key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptKeyDataRsaGetPublicKey()", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataRsaGetPublicKey()", + xmlSecKeyDataKlassGetName(id)); goto done; } } else { @@ -1830,55 +1612,37 @@ xmlSecGCryptKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, rsa = gcry_sexp_find_token(pub_priv_key, "rsa", 0); if(rsa == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "gcry_sexp_find_token(rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(rsa)", + GPG_ERR_NO_ERROR, + xmlSecKeyDataKlassGetName(id)); goto done; } /* first is Modulus node */ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecAddChild(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "n", 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeSetSExpTokValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecGCryptNodeSetSExpTokValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); goto done; } /* next is Exponent node. */ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecAddChild(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "e", 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeSetSExpTokValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecGCryptNodeSetSExpTokValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); goto done; } @@ -1886,22 +1650,14 @@ xmlSecGCryptKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (private != 0)) { cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); + xmlSecInternalError("xmlSecAddChild(NodeRSAPrivateExponent)", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecGCryptNodeSetSExpTokValue(cur, rsa, "d", 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGCryptNodeSetSExpTokValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); + xmlSecInternalError("xmlSecGCryptNodeSetSExpTokValue(NodeRSAPrivateExponent)", + xmlSecKeyDataKlassGetName(id)); goto done; } } diff --git a/src/gcrypt/ciphers.c b/src/gcrypt/ciphers.c index 76c1d5a9..d88ccd92 100644 --- a/src/gcrypt/ciphers.c +++ b/src/gcrypt/ciphers.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:ciphers + * @Short_description: Ciphers transforms implementation for GCrypt. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -84,11 +92,8 @@ xmlSecGCryptBlockCipherCtxInit(xmlSecGCryptBlockCipherCtxPtr ctx, outSize = xmlSecBufferGetSize(out); ret = xmlSecBufferSetSize(out, outSize + blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + blockLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + blockLen); return(-1); } iv = xmlSecBufferGetData(out) + outSize; @@ -97,11 +102,8 @@ xmlSecGCryptBlockCipherCtxInit(xmlSecGCryptBlockCipherCtxPtr ctx, gcry_randomize(iv, blockLen, GCRY_STRONG_RANDOM); err = gcry_cipher_setiv(ctx->cipherCtx, iv, blockLen); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "gcry_cipher_setiv", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setiv", err, + cipherName); return(-1); } } else { @@ -115,22 +117,16 @@ xmlSecGCryptBlockCipherCtxInit(xmlSecGCryptBlockCipherCtxPtr ctx, /* set iv */ err = gcry_cipher_setiv(ctx->cipherCtx, xmlSecBufferGetData(in), blockLen); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "gcry_cipher_setiv", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setiv", err, + cipherName); return(-1); } /* and remove from input */ ret = xmlSecBufferRemoveHead(in, blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blockLen); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", blockLen); return(-1); } } @@ -181,11 +177,8 @@ xmlSecGCryptBlockCipherCtxUpdate(xmlSecGCryptBlockCipherCtxPtr ctx, /* we write out the input size plus may be one block */ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + inSize + blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + inSize + blockLen); return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; @@ -194,22 +187,16 @@ xmlSecGCryptBlockCipherCtxUpdate(xmlSecGCryptBlockCipherCtxPtr ctx, err = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen, xmlSecBufferGetData(in), inSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "gcry_cipher_encrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_encrypt", err, + cipherName); return(-1); } } else { err = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen, xmlSecBufferGetData(in), inSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "gcry_cipher_decrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_decrypt", err, + cipherName); return(-1); } } @@ -217,22 +204,16 @@ xmlSecGCryptBlockCipherCtxUpdate(xmlSecGCryptBlockCipherCtxPtr ctx, /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + inSize); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + inSize); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } return(0); @@ -272,11 +253,8 @@ xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx, /* create padding */ ret = xmlSecBufferSetMaxSize(in, blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", blockLen); return(-1); } inBuf = xmlSecBufferGetData(in); @@ -290,11 +268,7 @@ xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx, inSize = blockLen; } else { if(inSize != (xmlSecSize)blockLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data=%d;block=%d", inSize, blockLen); + xmlSecInvalidSizeError("Input data", inSize, blockLen, cipherName); return(-1); } } @@ -302,11 +276,8 @@ xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx, /* process last block */ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 2 * blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + 2 * blockLen); return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; @@ -315,22 +286,16 @@ xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx, err = gcry_cipher_encrypt(ctx->cipherCtx, outBuf, inSize + blockLen, xmlSecBufferGetData(in), inSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "gcry_cipher_encrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_encrypt", err, + cipherName); return(-1); } } else { err = gcry_cipher_decrypt(ctx->cipherCtx, outBuf, inSize + blockLen, xmlSecBufferGetData(in), inSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "gcry_cipher_decrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_decrypt", err, + cipherName); return(-1); } } @@ -338,12 +303,8 @@ xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx, if(encrypt == 0) { /* check padding */ if(inSize < outBuf[blockLen - 1]) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "padding=%d;buffer=%d", - outBuf[blockLen - 1], inSize); + xmlSecInvalidSizeLessThanError("Input data padding", + inSize, outBuf[blockLen - 1], cipherName); return(-1); } outLen = inSize - outBuf[blockLen - 1]; @@ -354,22 +315,16 @@ xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx, /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + outLen); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } @@ -377,22 +332,16 @@ xmlSecGCryptBlockCipherCtxFinal(xmlSecGCryptBlockCipherCtxPtr ctx, /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + outLen); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } @@ -483,21 +432,14 @@ xmlSecGCryptBlockCipherInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_AES */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } err = gcry_cipher_open(&ctx->cipherCtx, ctx->cipher, ctx->mode, GCRY_CIPHER_SECURE); /* we are paranoid */ if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_cipher_open", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_open", err, + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -573,23 +515,16 @@ xmlSecGCryptBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) < keySize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "keySize=%d;expected=%d", - xmlSecBufferGetSize(buffer), keySize); + xmlSecInvalidKeyDataSizeError(xmlSecBufferGetSize(buffer), keySize, + xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); err = gcry_cipher_setkey(ctx->cipherCtx, xmlSecBufferGetData(buffer), keySize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_cipher_setkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setkey", err, + xmlSecTransformGetName(transform)); return(-1); } @@ -624,20 +559,14 @@ xmlSecGCryptBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTra (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecGCryptBlockCipherCtxInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptBlockCipherCtxInit", + xmlSecTransformGetName(transform)); return(-1); } } if((ctx->ctxInitialized == 0) && (last != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "not enough data to initialize transform"); + xmlSecInvalidDataError("not enough data to initialize transform", + xmlSecTransformGetName(transform)); return(-1); } if(ctx->ctxInitialized != 0) { @@ -645,11 +574,8 @@ xmlSecGCryptBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTra (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecGCryptBlockCipherCtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptBlockCipherCtxUpdate", + xmlSecTransformGetName(transform)); return(-1); } } @@ -659,11 +585,8 @@ xmlSecGCryptBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTra (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecGCryptBlockCipherCtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptBlockCipherCtxFinal", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -675,11 +598,7 @@ xmlSecGCryptBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTra /* the only way we can get here is if there is no enough data in the input */ xmlSecAssert2(last == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/gcrypt/crypto.c b/src/gcrypt/crypto.c index d02eb597..7ccf4062 100644 --- a/src/gcrypt/crypto.c +++ b/src/gcrypt/crypto.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:crypto + * @Short_description: Crypto transforms implementation for GCrypt. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -234,21 +242,13 @@ int xmlSecGCryptInit (void) { /* Check loaded xmlsec library version */ if(xmlSecCheckVersionExact() != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCheckVersionExact", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCheckVersionExact", NULL); return(-1); } /* register our klasses */ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gcrypt()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL); return(-1); } @@ -301,11 +301,8 @@ xmlSecGCryptGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { ret = xmlSecBufferSetSize(buffer, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%d", size); return(-1); } diff --git a/src/gcrypt/digests.c b/src/gcrypt/digests.c index d947446f..2d20c22b 100644 --- a/src/gcrypt/digests.c +++ b/src/gcrypt/digests.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:digests + * @Short_description: Digests transforms implementation for GCrypt. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -155,22 +163,15 @@ xmlSecGCryptDigestInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_RIPEMD160 */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* create digest ctx */ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */ if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_open", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_md_open", err, + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -210,22 +211,15 @@ xmlSecGCryptDigestVerify(xmlSecTransformPtr transform, xmlSecAssert2(ctx->dgstSize > 0, -1); if(dataSize != ctx->dgstSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data and digest sizes are different (data=%d, dgst=%d)", - dataSize, ctx->dgstSize); + xmlSecInvalidSizeError("Input data", + dataSize, ctx->dgstSize, xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } if(memcmp(ctx->dgst, data, dataSize) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data and digest do not match"); + xmlSecInvalidDataError("data and digest do not match", + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } @@ -266,11 +260,9 @@ xmlSecGCryptDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -281,11 +273,8 @@ xmlSecGCryptDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor gcry_md_final(ctx->digestCtx); buf = gcry_md_read(ctx->digestCtx, ctx->digest); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_read", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_md_read", GPG_ERR_NO_ERROR, + xmlSecTransformGetName(transform)); return(-1); } @@ -299,11 +288,9 @@ xmlSecGCryptDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ctx->dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", ctx->dgstSize); return(-1); } } @@ -313,11 +300,7 @@ xmlSecGCryptDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/gcrypt/globals.h b/src/gcrypt/globals.h index 3da464d2..37198c25 100644 --- a/src/gcrypt/globals.h +++ b/src/gcrypt/globals.h @@ -21,10 +21,60 @@ #define IN_XMLSEC_CRYPTO #define XMLSEC_PRIVATE +/* Include common error helper macros. */ +#include "../errors_helpers.h" #define XMLSEC_GCRYPT_MAX_DIGEST_SIZE 256 -#define XMLSEC_GCRYPT_REPORT_ERROR(err) \ - "error code=%d; error message='%s'", \ - (int)err, xmlSecErrorsSafeString(gcry_strerror((err))) + + +/** + * xmlSecGCryptError: + * @errorFunction: the failed function name. + * @errCode: the GCrypt error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting GCrypt crypro errors. + */ +#define xmlSecGCryptError(errorFunction, errCode, errorObject) \ + { \ + const char* source = gcry_strsource((errCode)); \ + const char* message = gcry_strerror((errCode)); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "gcrypt error: %ld: %s: %s", \ + (long)(errCode), \ + xmlSecErrorsSafeString(source), \ + xmlSecErrorsSafeString(message) \ + ); \ + } + +/** + * xmlSecGCryptError2: + * @errorFunction: the failed function name. + * @errCode: the GCrypt error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting GCrypt crypro errors. + */ +#define xmlSecGCryptError2(errorFunction, errCode, errorObject, msg, param) \ + { \ + const char* source = gcry_strsource((errCode)); \ + const char* message = gcry_strerror((errCode)); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + msg "; gcrypt error: %ld: %s: %s", \ + (param), \ + (long)(errCode), \ + xmlSecErrorsSafeString(source), \ + xmlSecErrorsSafeString(message) \ + ); \ + } + #endif /* ! __XMLSEC_GLOBALS_H__ */ diff --git a/src/gcrypt/hmac.c b/src/gcrypt/hmac.c index 631b4704..4f5d2762 100644 --- a/src/gcrypt/hmac.c +++ b/src/gcrypt/hmac.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for GCrypt. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -199,22 +207,15 @@ xmlSecGCryptHmacInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* open context */ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_HMAC | GCRY_MD_FLAG_SECURE); /* we are paranoid */ if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_open", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_md_open", err, + xmlSecTransformGetName(transform)); return(-1); } @@ -287,11 +288,8 @@ xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTr small value */ if((int)ctx->dgstSize < xmlSecGCryptHmacGetMinOutputLength()) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "HMAC output length is too small"); + xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), + "HMAC output length is too small"); return(-1); } @@ -299,11 +297,7 @@ xmlSecGCryptHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTr } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -356,22 +350,15 @@ xmlSecGCryptHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key is empty"); + xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform)); return(-1); } err = gcry_md_setkey(ctx->digestCtx, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_setkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_md_setkey", err, + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -400,37 +387,30 @@ xmlSecGCryptHmacVerify(xmlSecTransformPtr transform, xmlSecAssert2(ctx->dgstSize > 0, -1); /* compare the digest size in bytes */ - if(dataSize != ((ctx->dgstSize + 7) / 8)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data=%d;dgst=%d", - dataSize, ((ctx->dgstSize + 7) / 8)); + if(dataSize != ((ctx->dgstSize + 7) / 8)) { + xmlSecInvalidSizeError("HMAC digest size", + dataSize, ((ctx->dgstSize + 7) / 8), + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } - /* we check the last byte separatelly */ + /* we check the last byte separately */ xmlSecAssert2(dataSize > 0, -1); mask = last_byte_masks[ctx->dgstSize % 8]; if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match (last byte)"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match (last byte)"); transform->status = xmlSecTransformStatusFail; return(0); } /* now check the rest of the digest */ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -472,11 +452,9 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -485,11 +463,8 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC gcry_md_final(ctx->digestCtx); dgst = gcry_md_read(ctx->digestCtx, ctx->digest); if(dgst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_read", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_md_read", GPG_ERR_NO_ERROR, + xmlSecTransformGetName(transform)); return(-1); } @@ -505,23 +480,18 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC } else if(ctx->dgstSize <= 8 * dgstSize) { dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "result-bits=%d;required-bits=%d", - 8 * dgstSize, ctx->dgstSize); + xmlSecInvalidSizeLessThanError("HMAC digest (bits)", + 8 * dgstSize, ctx->dgstSize, + xmlSecTransformGetName(transform)); return(-1); } if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", dgstSize); return(-1); } } @@ -531,11 +501,7 @@ xmlSecGCryptHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformC /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "size=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/gcrypt/kw_aes.c b/src/gcrypt/kw_aes.c index 16977ff5..b9f746c5 100644 --- a/src/gcrypt/kw_aes.c +++ b/src/gcrypt/kw_aes.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * AES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_aes + * @Short_description: AES Key Transport transforms implementation for GCrypt. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_AES #include "globals.h" @@ -111,11 +116,7 @@ xmlSecGCryptKWAesInitialize(xmlSecTransformPtr transform) { ctx->cipher = GCRY_CIPHER_AES256; ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ctx->mode = GCRY_CIPHER_MODE_CBC; @@ -125,11 +126,8 @@ xmlSecGCryptKWAesInitialize(xmlSecTransformPtr transform) { ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecGCryptKWAesGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKWAesGetKey", + xmlSecTransformGetName(transform)); return(-1); } @@ -194,12 +192,8 @@ xmlSecGCryptKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < ctx->keyExpectedSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key=%d;expected=%d", - keySize, ctx->keyExpectedSize); + xmlSecInvalidKeyDataSizeError(keySize, ctx->keyExpectedSize, + xmlSecTransformGetName(transform)); return(-1); } @@ -207,12 +201,9 @@ xmlSecGCryptKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecBufferGetData(buffer), ctx->keyExpectedSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "expected-size=%d", - ctx->keyExpectedSize); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", ctx->keyExpectedSize); return(-1); } @@ -251,11 +242,8 @@ xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransform /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % 8) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d(not 8 bytes aligned)", inSize); + xmlSecInvalidSizeNotMultipleOfError("Input data", inSize, 8, + xmlSecTransformGetName(transform)); return(-1); } @@ -269,11 +257,9 @@ xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransform ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "outSize=%d", outSize); return(-1); } @@ -282,11 +268,8 @@ xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransform xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKWAesEncode", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; @@ -295,11 +278,8 @@ xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransform xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKWAesEncode", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; @@ -307,21 +287,17 @@ xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransform ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "outSize=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "inSize%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "inSize%d", inSize); return(-1); } @@ -330,11 +306,7 @@ xmlSecGCryptKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransform /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -482,11 +454,7 @@ xmlSecGCryptKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize, err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_open", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_open", err, NULL); return(-1); } @@ -494,11 +462,7 @@ xmlSecGCryptKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize, xmlSecBufferGetData(&ctx->keyBuffer), xmlSecBufferGetSize(&ctx->keyBuffer)); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_setkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setkey", err, NULL); gcry_cipher_close(cipherCtx); return(-1); } @@ -506,22 +470,14 @@ xmlSecGCryptKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize, /* use zero IV and CBC mode to ensure we get result as-is */ err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv)); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_setiv", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setiv", err, NULL); gcry_cipher_close(cipherCtx); return(-1); } err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_encrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_encrypt", err, NULL); gcry_cipher_close(cipherCtx); return(-1); } @@ -546,11 +502,7 @@ xmlSecGCryptKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, err = gcry_cipher_open(&cipherCtx, ctx->cipher, ctx->mode, ctx->flags); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_open", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_open", err, NULL); return(-1); } @@ -558,11 +510,7 @@ xmlSecGCryptKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, xmlSecBufferGetData(&ctx->keyBuffer), xmlSecBufferGetSize(&ctx->keyBuffer)); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_setkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setkey", err, NULL); gcry_cipher_close(cipherCtx); return(-1); } @@ -570,22 +518,14 @@ xmlSecGCryptKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, /* use zero IV and CBC mode to ensure we get result as-is */ err = gcry_cipher_setiv(cipherCtx, g_zero_iv, sizeof(g_zero_iv)); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_setiv", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setiv", err, NULL); gcry_cipher_close(cipherCtx); return(-1); } err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_decrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_decrypt", err, NULL); gcry_cipher_close(cipherCtx); return(-1); } diff --git a/src/gcrypt/kw_des.c b/src/gcrypt/kw_des.c index 67e76c56..3c3b792c 100644 --- a/src/gcrypt/kw_des.c +++ b/src/gcrypt/kw_des.c @@ -1,14 +1,20 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_des + * @Short_description: DES Key Transport transforms implementation for GCrypt. + * @Stability: Private + * + */ + + #ifndef XMLSEC_NO_DES #include "globals.h" @@ -158,11 +164,8 @@ xmlSecGCryptKWDes3Initialize(xmlSecTransformPtr transform) { ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } @@ -226,22 +229,16 @@ xmlSecGCryptKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key length %d is not enough (%d expected)", - keySize, XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInvalidKeyDataSizeError(keySize, XMLSEC_KW_DES3_KEY_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); return(-1); } @@ -280,12 +277,9 @@ xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d bytes - not %d bytes aligned", - inSize, XMLSEC_KW_DES3_BLOCK_LENGTH); + xmlSecInvalidSizeNotMultipleOfError("Input data", + inSize, XMLSEC_KW_DES3_BLOCK_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } @@ -301,11 +295,9 @@ xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfor ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } @@ -314,12 +306,8 @@ xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfor xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Encode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", keySize, inSize, outSize); return(-1); } outSize = ret; @@ -328,12 +316,8 @@ xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfor xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Decode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", keySize, inSize, outSize); return(-1); } outSize = ret; @@ -341,21 +325,17 @@ xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfor ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -364,11 +344,7 @@ xmlSecGCryptKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -400,11 +376,7 @@ xmlSecGCryptKWDes3Sha1(void * context, err = gcry_md_open(&digestCtx, GCRY_MD_SHA1, GCRY_MD_FLAG_SECURE); /* we are paranoid */ if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_md_open(GCRY_MD_SHA1)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_md_open(GCRY_MD_SHA1)", err, NULL); return(-1); } @@ -412,22 +384,14 @@ xmlSecGCryptKWDes3Sha1(void * context, err = gcry_md_final(digestCtx); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_md_final", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_md_final", err, NULL); gcry_md_close(digestCtx); return(-1); } res = gcry_md_read(digestCtx, GCRY_MD_SHA1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_md_read(GCRY_MD_SHA1)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_md_read", GPG_ERR_NO_ERROR, NULL); gcry_md_close(digestCtx); return(-1); } @@ -477,11 +441,7 @@ xmlSecGCryptKWDes3BlockEncrypt(void * context, out, outSize, 1); /* encrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKWDes3Encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKWDes3Encrypt", NULL); return(-1); } @@ -513,11 +473,7 @@ xmlSecGCryptKWDes3BlockDecrypt(void * context, out, outSize, 0); /* decrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKWDes3Encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKWDes3Encrypt", NULL); return(-1); } return(ret); @@ -545,53 +501,35 @@ xmlSecGCryptKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, err = gcry_cipher_open(&cipherCtx, GCRY_CIPHER_3DES, GCRY_CIPHER_MODE_CBC, GCRY_CIPHER_SECURE); /* we are paranoid */ if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_open(GCRY_CIPHER_3DES)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_open(GCRY_CIPHER_3DES)", err, NULL); return(-1); } err = gcry_cipher_setkey(cipherCtx, key, keySize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_setkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setkey", err, NULL); + gcry_cipher_close(cipherCtx); return(-1); } err = gcry_cipher_setiv(cipherCtx, iv, ivSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_setiv", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_setiv", err, NULL); + gcry_cipher_close(cipherCtx); return(-1); } if(enc) { err = gcry_cipher_encrypt(cipherCtx, out, outSize, in, inSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_encrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_encrypt", err, NULL); gcry_cipher_close(cipherCtx); return(-1); } } else { err = gcry_cipher_decrypt(cipherCtx, out, outSize, in, inSize); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_cipher_decrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_cipher_decrypt", err, NULL); gcry_cipher_close(cipherCtx); return(-1); } diff --git a/src/gcrypt/signatures.c b/src/gcrypt/signatures.c index 1d3f77a4..4dc65eec 100644 --- a/src/gcrypt/signatures.c +++ b/src/gcrypt/signatures.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:signatures + * @Short_description: Signatures implementation for GCrypt. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -260,22 +268,15 @@ xmlSecGCryptPkSignatureInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_RSA */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* create digest ctx */ err = gcry_md_open(&ctx->digestCtx, ctx->digest, GCRY_MD_FLAG_SECURE); /* we are paranoid */ if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_open", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_md_open", err, + xmlSecTransformGetName(transform)); return(-1); } @@ -327,11 +328,8 @@ xmlSecGCryptPkSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ctx->key_data = xmlSecKeyDataDuplicate(key_data); if(ctx->key_data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKeyDataDuplicate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataDuplicate", + xmlSecTransformGetName(transform)); return(-1); } @@ -386,11 +384,7 @@ xmlSecGCryptPkSignatureVerify(xmlSecTransformPtr transform, ret = ctx->verify(ctx->digest, ctx->key_data, ctx->dgst, ctx->dgstSize, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "ctx->verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("ctx->verify", xmlSecTransformGetName(transform)); return(-1); } @@ -398,11 +392,9 @@ xmlSecGCryptPkSignatureVerify(xmlSecTransformPtr transform, if(ret == 1) { transform->status = xmlSecTransformStatusOk; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "ctx->verify", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "ctx->verify: signature does not verify"); transform->status = xmlSecTransformStatusFail; } @@ -451,11 +443,9 @@ xmlSecGCryptPkSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -468,11 +458,8 @@ xmlSecGCryptPkSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra gcry_md_final(ctx->digestCtx); buf = gcry_md_read(ctx->digestCtx, ctx->digest); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "gcry_md_read", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_md_read", GPG_ERR_NO_ERROR, + xmlSecTransformGetName(transform)); return(-1); } @@ -486,11 +473,8 @@ xmlSecGCryptPkSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra if(transform->operation == xmlSecTransformOperationSign) { ret = ctx->sign(ctx->digest, ctx->key_data, ctx->dgst, ctx->dgstSize, out); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "ctx->sign", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("ctx->sign", + xmlSecTransformGetName(transform)); return(-1); } } @@ -504,11 +488,7 @@ xmlSecGCryptPkSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -537,11 +517,7 @@ xmlSecGCryptAppendMpi(gcry_mpi_t a, xmlSecBufferPtr out, xmlSecSize min_size) { written = 0; err = gcry_mpi_print(GCRYMPI_FMT_USG, NULL, 0, &written, a); if((err != GPG_ERR_NO_ERROR) || (written == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_print", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_print", err, NULL); return(-1); } @@ -553,11 +529,8 @@ xmlSecGCryptAppendMpi(gcry_mpi_t a, xmlSecBufferPtr out, xmlSecSize min_size) { /* allocate space */ ret = xmlSecBufferSetMaxSize(out, outSize + written + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)(outSize + written + 1)); + xmlSecInternalError2("xmlSecBufferSetMaxSize", NULL, + "size=%d", (int)(outSize + written + 1)); return(-1); } xmlSecAssert2(xmlSecBufferGetMaxSize(out) > outSize, -1); @@ -579,23 +552,15 @@ xmlSecGCryptAppendMpi(gcry_mpi_t a, xmlSecBufferPtr out, xmlSecSize min_size) { xmlSecBufferGetMaxSize(out) - outSize, &written, a); if((err != GPG_ERR_NO_ERROR) || (written == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_print", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_print", err, NULL); return(-1); } /* reset size */ ret = xmlSecBufferSetSize(out, outSize + written); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - (int)(outSize + written)); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%d", (int)(outSize + written)); return(-1); } @@ -654,11 +619,7 @@ xmlSecGCryptDsaPkSign(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, /* get the current digest, can't use "hash" :( */ err = gcry_mpi_scan(&m_hash, GCRYMPI_FMT_USG, dgst, dgstSize, NULL); if((err != GPG_ERR_NO_ERROR) || (m_hash == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan(hash)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_scan(hash)", err, NULL); goto done; } @@ -666,33 +627,22 @@ xmlSecGCryptDsaPkSign(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, "(data (flags raw)(value %m))", m_hash); if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(data)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(data)", err, NULL); goto done; } /* create signature */ err = gcry_pk_sign(&s_sig, s_data, xmlSecGCryptKeyDataDsaGetPrivateKey(key_data)); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_sign", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_pk_sign", err, NULL); goto done; } /* find signature value */ s_tmp = gcry_sexp_find_token(s_sig, "sig-val", 0); if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(sig-val)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(sig-val)", + GPG_ERR_NO_ERROR, NULL); goto done; } gcry_sexp_release(s_sig); @@ -700,11 +650,8 @@ xmlSecGCryptDsaPkSign(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, s_tmp = gcry_sexp_find_token(s_sig, "dsa", 0); if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(dsa)", + GPG_ERR_NO_ERROR, NULL); goto done; } gcry_sexp_release(s_sig); @@ -713,63 +660,43 @@ xmlSecGCryptDsaPkSign(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, /* r */ s_r = gcry_sexp_find_token(s_sig, "r", 0); if(s_r == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(r)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(r)", + GPG_ERR_NO_ERROR, NULL); goto done; } m_r = gcry_sexp_nth_mpi(s_r, 1, GCRYMPI_FMT_USG); if(m_r == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_nth_mpi(r)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_nth_mpi(r)", + GPG_ERR_NO_ERROR, NULL); goto done; } /* s */ s_s = gcry_sexp_find_token(s_sig, "s", 0); if(s_s == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(s)", + GPG_ERR_NO_ERROR, NULL); goto done; } m_s = gcry_sexp_nth_mpi(s_s, 1, GCRYMPI_FMT_USG); if(m_s == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_nth_mpi(s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_nth_mpi(s)", + GPG_ERR_NO_ERROR, NULL); goto done; } /* write out: r + s */ ret = xmlSecGCryptAppendMpi(m_r, out, 20); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppendMpi", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptAppendMpi", NULL); goto done; } xmlSecAssert2(xmlSecBufferGetSize(out) == 20, -1); ret = xmlSecGCryptAppendMpi(m_s, out, 20); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppendMpi", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptAppendMpi", NULL); goto done; } xmlSecAssert2(xmlSecBufferGetSize(out) == (20 + 20), -1); @@ -826,11 +753,7 @@ xmlSecGCryptDsaPkVerify(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, /* get the current digest, can't use "hash" :( */ err = gcry_mpi_scan(&m_hash, GCRYMPI_FMT_USG, dgst, dgstSize, NULL); if((err != GPG_ERR_NO_ERROR) || (m_hash == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan(hash)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_scan(hash)", err, NULL); goto done; } @@ -838,31 +761,19 @@ xmlSecGCryptDsaPkVerify(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, "(data (flags raw)(value %m))", m_hash); if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(data)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(data)", err, NULL); goto done; } /* get the existing signature */ err = gcry_mpi_scan(&m_sig_r, GCRYMPI_FMT_USG, data, 20, NULL); if((err != GPG_ERR_NO_ERROR) || (m_sig_r == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan(r)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_scan(r)", err, NULL); goto done; } err = gcry_mpi_scan(&m_sig_s, GCRYMPI_FMT_USG, data + 20, 20, NULL); if((err != GPG_ERR_NO_ERROR) || (m_sig_s == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan(s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_scan(s)", err, NULL); goto done; } @@ -870,11 +781,7 @@ xmlSecGCryptDsaPkVerify(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, "(sig-val(dsa(r %m)(s %m)))", m_sig_r, m_sig_s); if((err != GPG_ERR_NO_ERROR) || (s_sig == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(sig-val)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(sig-val)", err, NULL); goto done; } @@ -885,11 +792,7 @@ xmlSecGCryptDsaPkVerify(int digest ATTRIBUTE_UNUSED, xmlSecKeyDataPtr key_data, } else if(err == GPG_ERR_BAD_SIGNATURE) { res = 0; /* bad signature */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_pk_verify", err, NULL); goto done; } @@ -1020,33 +923,22 @@ xmlSecGCryptRsaPkcs1PkSign(int digest, xmlSecKeyDataPtr key_data, gcry_md_algo_name(digest), (int)dgstSize, dgst); if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(data)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(data)", err, NULL); goto done; } /* create signature */ err = gcry_pk_sign(&s_sig, s_data, xmlSecGCryptKeyDataRsaGetPrivateKey(key_data)); if(err != GPG_ERR_NO_ERROR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_sign", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_pk_sign", err, NULL); goto done; } /* find signature value */ s_tmp = gcry_sexp_find_token(s_sig, "sig-val", 0); if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(sig-val)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(sig-val)", + GPG_ERR_NO_ERROR, NULL); goto done; } gcry_sexp_release(s_sig); @@ -1054,11 +946,8 @@ xmlSecGCryptRsaPkcs1PkSign(int digest, xmlSecKeyDataPtr key_data, s_tmp = gcry_sexp_find_token(s_sig, "rsa", 0); if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(rsa)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(rsa)", + GPG_ERR_NO_ERROR, NULL); goto done; } gcry_sexp_release(s_sig); @@ -1066,11 +955,8 @@ xmlSecGCryptRsaPkcs1PkSign(int digest, xmlSecKeyDataPtr key_data, s_tmp = gcry_sexp_find_token(s_sig, "s", 0); if(s_tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_find_token(s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_find_token(s)", + GPG_ERR_NO_ERROR, NULL); goto done; } gcry_sexp_release(s_sig); @@ -1078,22 +964,15 @@ xmlSecGCryptRsaPkcs1PkSign(int digest, xmlSecKeyDataPtr key_data, m_sig = gcry_sexp_nth_mpi(s_sig, 1, GCRYMPI_FMT_USG); if(m_sig == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_nth_mpi(1)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGCryptError("gcry_sexp_nth_mpi(1)", + GPG_ERR_NO_ERROR, NULL); goto done; } /* write out */ ret = xmlSecGCryptAppendMpi(m_sig, out, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptAppendMpi", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptAppendMpi", NULL); goto done; } @@ -1138,22 +1017,14 @@ xmlSecGCryptRsaPkcs1PkVerify(int digest, xmlSecKeyDataPtr key_data, gcry_md_algo_name(digest), (int)dgstSize, dgst); if((err != GPG_ERR_NO_ERROR) || (s_data == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(data)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(data)", err, NULL); goto done; } /* get the existing signature */ err = gcry_mpi_scan(&m_sig, GCRYMPI_FMT_USG, data, dataSize, NULL); if((err != GPG_ERR_NO_ERROR) || (m_sig == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_mpi_scan", err, NULL); goto done; } @@ -1161,11 +1032,7 @@ xmlSecGCryptRsaPkcs1PkVerify(int digest, xmlSecKeyDataPtr key_data, "(sig-val(rsa(s %m)))", m_sig); if((err != GPG_ERR_NO_ERROR) || (s_sig == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(sig-val)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_sexp_build(sig-val)", err, NULL); goto done; } @@ -1176,11 +1043,7 @@ xmlSecGCryptRsaPkcs1PkVerify(int digest, xmlSecKeyDataPtr key_data, } else if(err == GPG_ERR_BAD_SIGNATURE) { res = 0; /* bad signature */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_pk_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GCRYPT_REPORT_ERROR(err)); + xmlSecGCryptError("gcry_pk_verify", err, NULL); goto done; } diff --git a/src/gcrypt/symkeys.c b/src/gcrypt/symkeys.c index ecd8368b..8a83233a 100644 --- a/src/gcrypt/symkeys.c +++ b/src/gcrypt/symkeys.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:symkeys + * @Short_description: Symmetric keys implementation for GCrypt. + * @Stability: Private + * + */ + #include "globals.h" #include <stdlib.h> diff --git a/src/globals.h b/src/globals.h index 5cc7070f..b55443a3 100644 --- a/src/globals.h +++ b/src/globals.h @@ -22,4 +22,7 @@ #define IN_XMLSEC #define XMLSEC_PRIVATE +/* Include common error helper macros. */ +#include "errors_helpers.h" + #endif /* __XMLSEC_GLOBALS_H__ */ diff --git a/src/gnutls/Makefile.am b/src/gnutls/Makefile.am index 84ce637a..370b7a0f 100644 --- a/src/gnutls/Makefile.am +++ b/src/gnutls/Makefile.am @@ -36,10 +36,6 @@ libxmlsec1_gnutls_la_SOURCES =\ globals.h \ $(NULL) -if SHAREDLIB_HACK -libxmlsec1_gnutls_la_SOURCES += ../strings.c -endif - # xmlsec-gnutls library requires xmlsec-gcrypt libxmlsec1_gnutls_la_LIBADD = \ $(GNUTLS_LIBS) \ diff --git a/src/gnutls/app.c b/src/gnutls/app.c index 042f311c..a275a18b 100644 --- a/src/gnutls/app.c +++ b/src/gnutls/app.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:app + * @Short_description: Application support functions for GnuTLS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -51,11 +59,7 @@ xmlSecGnuTLSAppInit(const char* config) { err = gnutls_global_init(); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_global_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_global_init", err, NULL); return(-1); } @@ -180,22 +184,14 @@ xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, ret = xmlSecBufferInitialize(&buffer, 4*1024); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(-1); } ret = xmlSecBufferReadFile(&buffer, filename); if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(-1); } @@ -205,12 +201,8 @@ xmlSecGnuTLSAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecBufferGetSize(&buffer), format); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSAppKeyCertLoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecGnuTLSAppKeyCertLoadMemory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(-1); } @@ -247,31 +239,19 @@ xmlSecGnuTLSAppKeyCertLoadMemory(xmlSecKeyPtr key, keyData = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id); if(keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", NULL); return(-1); } cert = xmlSecGnuTLSX509CertRead(data, dataSize, format); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertRead", NULL); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(keyData, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", NULL); gnutls_x509_crt_deinit(cert); return(-1); } @@ -305,22 +285,14 @@ xmlSecGnuTLSAppPkcs12Load(const char *filename, ret = xmlSecBufferInitialize(&buffer, 4*1024); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferReadFile(&buffer, filename); if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -329,12 +301,8 @@ xmlSecGnuTLSAppPkcs12Load(const char *filename, xmlSecBufferGetSize(&buffer), pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSAppPkcs12LoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecGnuTLSAppPkcs12LoadMemory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -380,56 +348,36 @@ xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* prepare */ ret = xmlSecPtrListInitialize(&(certsList), xmlSecGnuTLSX509CrtListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "certsList"); + xmlSecInternalError("xmlSecPtrListInitialize(certsListId)", NULL); return(NULL); } /* load pkcs12 */ ret = xmlSecGnuTLSPkcs12LoadMemory(data, dataSize, pwd, &priv_key, &key_cert, &certsList); if((ret < 0) || (priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSPkcs12LoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSPkcs12LoadMemory", NULL); goto done; } /* create key */ key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } /* create key value data */ keyData = xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(priv_key); if(keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey", NULL); goto done; } priv_key = NULL; /* owned by keyData now */ ret = xmlSecKeySetValue(key, keyData); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(x509Data)); goto done; } keyData = NULL; /* owned by key now */ @@ -442,11 +390,7 @@ xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, x509Data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataX509Id)", NULL); goto done; } @@ -454,11 +398,7 @@ xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, if(key_cert != NULL) { ret = xmlSecGnuTLSKeyDataX509AdoptKeyCert(x509Data, key_cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptKeyCert", NULL); goto done; } key_cert = NULL; /* owned by x509Data now */ @@ -473,11 +413,7 @@ xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, ret = xmlSecGnuTLSKeyDataX509AdoptCert(x509Data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", NULL); gnutls_x509_crt_deinit(cert); goto done; } @@ -486,12 +422,8 @@ xmlSecGnuTLSAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* set in the key */ ret = xmlSecKeyAdoptData(key, x509Data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); goto done; } x509Data = NULL; /* owned by key now */ @@ -533,22 +465,14 @@ xmlSecGnuTLSAppKeyFromCertLoad(const char *filename, ret = xmlSecBufferInitialize(&buffer, 4*1024); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferReadFile(&buffer, filename); if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -558,12 +482,8 @@ xmlSecGnuTLSAppKeyFromCertLoad(const char *filename, xmlSecBufferGetSize(&buffer), format); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSAppKeyFromCertLoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecGnuTLSAppKeyFromCertLoadMemory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -592,44 +512,28 @@ xmlSecGnuTLSAppKeyFromCertLoadMemory(const xmlSecByte* data, /* read cert */ cert = xmlSecGnuTLSX509CertRead(data, dataSize, format); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertRead", NULL); goto done; } /* create key */ key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } /* create key value data */ keyData = xmlSecGnuTLSX509CertGetKey(cert); if(keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetKey", NULL); goto done; } ret = xmlSecKeySetValue(key, keyData); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(x509Data)); goto done; } keyData = NULL; /* owned by key now */ @@ -637,20 +541,12 @@ xmlSecGnuTLSAppKeyFromCertLoadMemory(const xmlSecByte* data, /* create x509 data */ x509Data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", NULL); goto done; } ret = xmlSecGnuTLSKeyDataX509AdoptKeyCert(x509Data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptKeyCert", NULL); goto done; } cert = NULL; /* owned by x509Data now */ @@ -699,22 +595,14 @@ xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, ret = xmlSecBufferInitialize(&buffer, 4*1024); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(-1); } ret = xmlSecBufferReadFile(&buffer, filename); if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL) || (xmlSecBufferGetSize(&buffer) <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(-1); } @@ -725,12 +613,8 @@ xmlSecGnuTLSAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, format, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSAppKeysMngrCertLoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecGnuTLSAppKeysMngrCertLoadMemory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(-1); } @@ -770,31 +654,19 @@ xmlSecGnuTLSAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSX509StoreId"); + xmlSecInternalError("xmlSecKeysMngrGetDataStore(StoreId)", NULL); return(-1); } cert = xmlSecGnuTLSX509CertRead(data, dataSize, format); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertRead", NULL); return(-1); } ret = xmlSecGnuTLSX509StoreAdoptCert(x509Store, cert, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509StoreAdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509StoreAdoptCert", NULL); gnutls_x509_crt_deinit(cert); return(-1); } @@ -825,21 +697,13 @@ xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(keysStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptKeysStore", NULL); xmlSecKeyStoreDestroy(keysStore); return(-1); } @@ -847,11 +711,7 @@ xmlSecGnuTLSAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { ret = xmlSecGnuTLSKeysMngrInit(mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeysMngrInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeysMngrInit", NULL); return(-1); } @@ -880,21 +740,13 @@ xmlSecGnuTLSAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSimpleKeysStoreAdoptKey", NULL); return(-1); } @@ -921,21 +773,14 @@ xmlSecGnuTLSAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreLoad", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecSimpleKeysStoreLoad", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -962,22 +807,14 @@ xmlSecGnuTLSAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreSave(store, filename, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreSave", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecSimpleKeysStoreSave", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(-1); } diff --git a/src/gnutls/asymkeys.c b/src/gnutls/asymkeys.c index de9d3fe6..220b98e2 100644 --- a/src/gnutls/asymkeys.c +++ b/src/gnutls/asymkeys.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:asymkeys + * @Short_description: Asymmetric keys implementation for GnuTLS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -60,13 +68,10 @@ static int xmlSecGnuTLSConvertParamsToMpis(gnutls_datum_t * params, xmlSecSize p xmlSecAssert2(paramsNum == mpisNum, -1); for(ii = 0; ii < paramsNum; ++ii) { + mpis[ii] = NULL; rc = gcry_mpi_scan(&(mpis[ii]), GCRYMPI_FMT_USG, params[ii].data, params[ii].size, NULL); if((rc != GPG_ERR_NO_ERROR) || (mpis[ii] == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_mpi_scan", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_mpi_scan", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, ii); /* destroy up to now */ return(-1); } @@ -118,11 +123,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey &(params[0]), &(params[1]), &(params[2]), &(params[3]), &(params[4])); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_export_dsa_raw", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_privkey_export_dsa_raw", err, NULL); return(-1); } @@ -131,36 +132,30 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey params, sizeof(params)/sizeof(params[0]), mpis, sizeof(mpis)/sizeof(mpis[0])); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSConvertParamsToMpis", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL); xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0])); return(-1); } xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0])); + /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* First check that x < y; if not swap x and y */ + if (gcry_mpi_cmp (mpis[4], mpis[3]) > 0) { + gcry_mpi_swap (mpis[3], mpis[4]); + } + /* build expressions */ rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(dsa(p%m)(q%m)(g%m)(y%m)(x%m)))", mpis[0], mpis[1], mpis[2], mpis[3], mpis[4]); if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/dsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(private/dsa)", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); } rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", mpis[0], mpis[1], mpis[2], mpis[3]); if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(public/dsa)", rc, NULL); gcry_sexp_release(priv_key); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); @@ -169,11 +164,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataDsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKeyPair", NULL); gcry_sexp_release(pub_key); gcry_sexp_release(priv_key); return(-1); @@ -224,11 +215,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data, params, sizeof(params)/sizeof(params[0]), mpis, sizeof(mpis)/sizeof(mpis[0])); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSConvertParamsToMpis", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL); /* don't destroy params - we got them from outside !!! */ return(-1); } @@ -238,11 +225,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data, rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(dsa(p%m)(q%m)(g%m)(y%m)))", mpis[0], mpis[1], mpis[2], mpis[3]); if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(public/dsa)", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); } @@ -250,11 +233,7 @@ xmlSecGnuTLSKeyDataDsaAdoptPublicKey(xmlSecKeyDataPtr data, ret = xmlSecGCryptKeyDataDsaAdoptKeyPair(data, pub_key, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataDsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataDsaAdoptKeyPair", NULL); gcry_sexp_release(pub_key); return(-1); } @@ -312,11 +291,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey &(params[0]), &(params[1]), &(params[2]), &(params[3]), &(params[4]), &(params[5])); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_export_rsa_raw", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_privkey_export_rsa_raw", err, NULL); return(-1); } @@ -325,37 +300,33 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey params, sizeof(params)/sizeof(params[0]), mpis, sizeof(mpis)/sizeof(mpis[0])); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSConvertParamsToMpis", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL); xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0])); return(-1); } xmlSecGnuTLSDestroyParams(params, sizeof(params)/sizeof(params[0])); + /* Convert from OpenSSL parameter ordering to the OpenPGP order. */ + /* (http://gnupg.10057.n7.nabble.com/RSA-PKCS-1-signing-differs-from-OpenSSL-s-td27920.html) */ + /* First check that p < q; if not swap p and q and recompute u. */ + if (gcry_mpi_cmp(mpis[3], mpis[4]) > 0) { + gcry_mpi_swap(mpis[3], mpis[4]); + gcry_mpi_invm(mpis[5], mpis[3], mpis[4]); + } + /* build expressions */ rc = gcry_sexp_build(&(priv_key), NULL, "(private-key(rsa((n%m)(e%m)(d%m)(p%m)(q%m)(u%m))))", mpis[0], mpis[1], mpis[2], mpis[3], mpis[4], mpis[5]); if((rc != GPG_ERR_NO_ERROR) || (priv_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(private/rsa)", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); } rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))", mpis[0], mpis[1]); if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(public/rsa)", rc, NULL); gcry_sexp_release(priv_key); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); @@ -364,11 +335,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(xmlSecKeyDataPtr data, gnutls_x509_privkey ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataRsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKeyPair", NULL); gcry_sexp_release(pub_key); gcry_sexp_release(priv_key); return(-1); @@ -412,11 +379,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data, params, sizeof(params)/sizeof(params[0]), mpis, sizeof(mpis)/sizeof(mpis[0])); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSConvertParamsToMpis", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSConvertParamsToMpis", NULL); /* don't destroy params - we got them from outside !!! */ return(-1); } @@ -426,11 +389,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data, rc = gcry_sexp_build(&(pub_key), NULL, "(public-key(rsa((n%m)(e%m))))", mpis[0], mpis[1]); if((rc != GPG_ERR_NO_ERROR) || (pub_key == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gcry_sexp_build(private/rsa)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(rc)); + xmlSecGnuTLSGCryptError("gcry_sexp_build(public/rsa)", rc, NULL); xmlSecGnuTLSDestroyMpis(mpis, sizeof(mpis)/sizeof(mpis[0])); return(-1); } @@ -438,11 +397,7 @@ xmlSecGnuTLSKeyDataRsaAdoptPublicKey(xmlSecKeyDataPtr data, ret = xmlSecGCryptKeyDataRsaAdoptKeyPair(data, pub_key, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGCryptKeyDataRsaAdoptKeyPair", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGCryptKeyDataRsaAdoptKeyPair", NULL); gcry_sexp_release(pub_key); return(-1); } diff --git a/src/gnutls/ciphers.c b/src/gnutls/ciphers.c index e38fa7db..abec7fa6 100644 --- a/src/gnutls/ciphers.c +++ b/src/gnutls/ciphers.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:ciphers + * @Short_description: Ciphers transforms implementation for GnuTLS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> diff --git a/src/gnutls/crypto.c b/src/gnutls/crypto.c index 0921f2c5..c8a0cb41 100644 --- a/src/gnutls/crypto.c +++ b/src/gnutls/crypto.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:crypto + * @Short_description: Crypto transforms implementation for GnuTLS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -242,21 +250,13 @@ int xmlSecGnuTLSInit (void) { /* Check loaded xmlsec library version */ if(xmlSecCheckVersionExact() != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCheckVersionExact", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCheckVersionExact", NULL); return(-1); } /* register our klasses */ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_gnutls()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL); return(-1); } @@ -296,21 +296,13 @@ xmlSecGnuTLSKeysMngrInit(xmlSecKeysMngrPtr mngr) { x509Store = xmlSecKeyDataStoreCreate(xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSX509StoreId"); + xmlSecInternalError("xmlSecKeyDataStoreCreate(StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptDataStore", NULL); xmlSecKeyDataStoreDestroy(x509Store); return(-1); } @@ -337,11 +329,8 @@ xmlSecGnuTLSGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { ret = xmlSecBufferSetSize(buffer, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%d", size); return(-1); } diff --git a/src/gnutls/digests.c b/src/gnutls/digests.c index 94f3aa6a..9ad18436 100644 --- a/src/gnutls/digests.c +++ b/src/gnutls/digests.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:digests + * @Short_description: Digests transforms implementation for GnuTLS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> diff --git a/src/gnutls/globals.h b/src/gnutls/globals.h index 1f9f35c0..09cb251f 100644 --- a/src/gnutls/globals.h +++ b/src/gnutls/globals.h @@ -21,11 +21,74 @@ #define IN_XMLSEC_CRYPTO #define XMLSEC_PRIVATE -#define XMLSEC_GNUTLS_GCRYPT_REPORT_ERROR(err) \ - "error code=%d; error message='%s'", \ - (int)err, xmlSecErrorsSafeString(gcry_strerror((err))) -#define XMLSEC_GNUTLS_REPORT_ERROR(err) \ - "error code=%d; error message='%s'", \ - (int)err, xmlSecErrorsSafeString(gnutls_strerror((err))) +/* Include common error helper macros. */ +#include "../errors_helpers.h" +/** + * xmlSecGnuTLSGCryptError: + * @errorFunction: the failed function name. + * @errCode: the GCrypt error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting GnuTLS-GCrypt errors. + */ +#define xmlSecGnuTLSGCryptError(errorFunction, errCode, errorObject) \ + { \ + const char* source = gcry_strsource((errCode)); \ + const char* message = gcry_strerror((errCode)); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "gcrypt error: %ld: %s: %s", \ + (long)(errCode), \ + xmlSecErrorsSafeString(source), \ + xmlSecErrorsSafeString(message) \ + ); \ + } + +/** + * xmlSecGnuTLSError: + * @errorFunction: the failed function name. + * @errCode: the GnuTLS error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting GnuTLS errors. + */ +#define xmlSecGnuTLSError(errorFunction, errCode, errorObject) \ + { \ + const char* message = gnutls_strerror((errCode)); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "gnutls error: %ld: %s", \ + (long)(errCode), \ + xmlSecErrorsSafeString(message) \ + ); \ + } + +/** + * xmlSecGnuTLSError2: + * @errorFunction: the failed function name. + * @errCode: the GnuTLS error code. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting GnuTLS errors. + */ +#define xmlSecGnuTLSError2(errorFunction, errCode, errorObject, msg, param) \ + { \ + const char* message = gnutls_strerror((errCode)); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + msg "gnutls error: %ld: %s", \ + (param), \ + (long)(errCode), \ + xmlSecErrorsSafeString(message) \ + ); \ + } #endif /* ! __XMLSEC_GLOBALS_H__ */ diff --git a/src/gnutls/hmac.c b/src/gnutls/hmac.c index 76568052..510745b4 100644 --- a/src/gnutls/hmac.c +++ b/src/gnutls/hmac.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for GnuTLS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_HMAC #include "globals.h" diff --git a/src/gnutls/kw_aes.c b/src/gnutls/kw_aes.c index 4186374e..81646032 100644 --- a/src/gnutls/kw_aes.c +++ b/src/gnutls/kw_aes.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * AES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_aes + * @Short_description: AES Key Transport transforms implementation for GnuTLS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_AES #include "globals.h" diff --git a/src/gnutls/kw_des.c b/src/gnutls/kw_des.c index 79660bd5..0819943e 100644 --- a/src/gnutls/kw_des.c +++ b/src/gnutls/kw_des.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_des + * @Short_description: DES Key Transport transforms implementation for GnuTLS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_DES #include "globals.h" diff --git a/src/gnutls/signatures.c b/src/gnutls/signatures.c index 136644c1..6e632cd4 100644 --- a/src/gnutls/signatures.c +++ b/src/gnutls/signatures.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:signatures + * @Short_description: Signatures implementation for GnuTLS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> diff --git a/src/gnutls/symkeys.c b/src/gnutls/symkeys.c index 74727eeb..8775c090 100644 --- a/src/gnutls/symkeys.c +++ b/src/gnutls/symkeys.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:symkeys + * @Short_description: Symmetric keys implementation for GnuTLS. + * @Stability: Private + * + */ + #include "globals.h" #include <stdlib.h> diff --git a/src/gnutls/x509.c b/src/gnutls/x509.c index d043bc72..d9503d34 100644 --- a/src/gnutls/x509.c +++ b/src/gnutls/x509.c @@ -1,7 +1,6 @@ -/** - * XMLSec library - * - * X509 support + +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +8,13 @@ * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509 + * @Short_description: X509 certificates implementation for GnuTLS. + * @Stability: Stable + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -328,11 +334,8 @@ xmlSecGnuTLSKeyDataX509AdoptCert(xmlSecKeyDataPtr data, gnutls_x509_crt_t cert) ret = xmlSecPtrListAdd(&(ctx->certsList), cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecKeyDataGetName(data)); return(-1); } @@ -403,11 +406,8 @@ xmlSecGnuTLSKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, gnutls_x509_crl_t crl) { ret = xmlSecPtrListAdd(&(ctx->crlsList), crl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecKeyDataGetName(data)); return(-1); } @@ -471,21 +471,15 @@ xmlSecGnuTLSKeyDataX509Initialize(xmlSecKeyDataPtr data) { ret = xmlSecPtrListInitialize(&(ctx->certsList), xmlSecGnuTLSX509CrtListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "certsList"); + xmlSecInternalError("xmlSecPtrListInitialize(certsList)", + xmlSecKeyDataGetName(data)); return(-1); } ret = xmlSecPtrListInitialize(&(ctx->crlsList), xmlSecGnuTLSX509CrlListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "crlsList"); + xmlSecInternalError("xmlSecPtrListInitialize(crlsList)", + xmlSecKeyDataGetName(data)); return(-1); } @@ -514,11 +508,8 @@ xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(ctxSrc->keyCert != NULL) { ctxDst->keyCert = xmlSecGnuTLSX509CertDup(ctxSrc->keyCert); if(ctxDst->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(src)); return(-1); } } @@ -527,11 +518,8 @@ xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecPtrListEmpty(&(ctxDst->certsList)); ret = xmlSecPtrListCopy(&(ctxDst->certsList), &(ctxSrc->certsList)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "certsList"); + xmlSecInternalError("xmlSecPtrListCopy(certsList)", + xmlSecKeyDataGetName(src)); return(-1); } @@ -539,13 +527,11 @@ xmlSecGnuTLSKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecPtrListEmpty(&(ctxDst->crlsList)); ret = xmlSecPtrListCopy(&(ctxDst->crlsList), &(ctxSrc->crlsList)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "crlsList"); + xmlSecInternalError("xmlSecPtrListCopy(crlsList)", + xmlSecKeyDataGetName(src)); return(-1); } + /* done */ return(0); } @@ -580,34 +566,23 @@ xmlSecGnuTLSKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyEnsureData(key, id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecGnuTLSX509DataNodeRead(data, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509DataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509DataNodeRead", + xmlSecKeyDataKlassGetName(id)); return(-1); } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { - ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); } return(0); } @@ -627,13 +602,11 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); + content = xmlSecX509DataGetNodeContent (node, keyInfoCtx); if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); + xmlSecInternalError2("xmlSecX509DataGetNodeContent", + xmlSecKeyDataKlassGetName(id), + "content=%d", content); return(-1); } else if(content == 0) { /* by default we are writing certificates and crls */ @@ -652,22 +625,18 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCert", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ret = xmlSecGnuTLSX509CertificateNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509CertificateNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -675,11 +644,9 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ret = xmlSecGnuTLSX509SubjectNameNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509SubjectNameNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -687,11 +654,9 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ret = xmlSecGnuTLSX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509IssuerSerialNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -699,11 +664,9 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ret = xmlSecGnuTLSX509SKINodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509SKINodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -715,21 +678,17 @@ xmlSecGnuTLSKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCrl", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } ret = xmlSecGnuTLSX509CRLNodeWrite(crl, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSX509CRLNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -783,11 +742,9 @@ xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Certificate:\n"); @@ -801,11 +758,9 @@ xmlSecGnuTLSKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCrl", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Crl:\n"); @@ -841,11 +796,9 @@ xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { cert = xmlSecGnuTLSKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<Certificate>\n"); @@ -860,11 +813,9 @@ xmlSecGnuTLSKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { crl = xmlSecGnuTLSKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecGnuTLSKeyDataX509GetCrl", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<CRL>\n"); @@ -892,29 +843,42 @@ xmlSecGnuTLSX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn ret = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509CertificateNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509CertificateNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509SubjectNameNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509IssuerSerialNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509SKINodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509SKINodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { ret = xmlSecGnuTLSX509CRLNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecGnuTLSX509CRLNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation: ignore unknown nodes */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "read node failed"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); return(-1); } } @@ -937,11 +901,7 @@ xmlSecGnuTLSX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -949,22 +909,16 @@ xmlSecGnuTLSX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS cert = xmlSecGnuTLSX509CertBase64DerRead(content); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); gnutls_x509_crt_deinit(cert); xmlFree(content); return(-1); @@ -986,29 +940,20 @@ xmlSecGnuTLSX509CertificateNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xm /* set base64 lines size from context */ buf = xmlSecGnuTLSX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); return(0); @@ -1027,7 +972,9 @@ xmlSecGnuTLSX509Trim(xmlChar * str) { /* skip spaces from the beggining */ p = str; - while(XMLSEC_GNUTLS_IS_SPACE(*p) && ((*p) != '\0')) ++p; + while(XMLSEC_GNUTLS_IS_SPACE(*p) && ((*p) != '\0')) { + ++p; + } if(p != str) { for(q = str; ; ++q, ++p) { (*q) = (*p); @@ -1038,8 +985,12 @@ xmlSecGnuTLSX509Trim(xmlChar * str) { } /* skip spaces from the end */ - for(p = str; (*p) != '\0'; ++p); - while((p > str) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) *(--p) = '\0'; + for(p = str; (*p) != '\0'; ++p) { + ; + } + while((p > str) && (XMLSEC_GNUTLS_IS_SPACE(*(p - 1)))) { + *(--p) = '\0'; + } } static int @@ -1057,11 +1008,8 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1071,11 +1019,7 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS xmlFree(subject); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1086,12 +1030,8 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "subject=%s", - xmlSecErrorsSafeString(subject)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "subject=%s", xmlSecErrorsSafeString(subject)); xmlFree(subject); return(-1); } @@ -1102,23 +1042,16 @@ xmlSecGnuTLSX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlS cert2 = xmlSecGnuTLSX509CertDup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(data)); xmlFree(subject); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); gnutls_x509_crt_deinit(cert2); xmlFree(subject); return(-1); @@ -1132,35 +1065,32 @@ static int xmlSecGnuTLSX509SubjectNameNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar* buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* add node */ - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL); return(-1); } /* get subject */ buf = xmlSecGnuTLSX509CertGetSubjectDN(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetSubjectDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetSubjectDN", NULL); return(-1); } /* set value */ - xmlSecNodeEncodeAndSetContent(cur, buf); + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } /* done */ xmlFree(buf); @@ -1184,23 +1114,16 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } cur = xmlSecGetNextElementNode(node->children); if(cur == NULL) { if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); return(-1); } return(0); @@ -1208,56 +1131,32 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml /* the first is required node X509IssuerName */ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data)); return(-1); } issuerName = xmlNodeGetContent(cur); if(issuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is required node X509SerialNumber */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, xmlSecKeyDataGetName(data)); xmlFree(issuerName); return(-1); } issuerSerial = xmlNodeGetContent(cur); if(issuerSerial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); xmlFree(issuerName); return(-1); } cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1269,13 +1168,10 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "issuerName=%s;issuerSerial=%s", - xmlSecErrorsSafeString(issuerName), - xmlSecErrorsSafeString(issuerSerial)); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1287,11 +1183,8 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml cert2 = xmlSecGnuTLSX509CertDup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1299,11 +1192,8 @@ xmlSecGnuTLSX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); gnutls_x509_crt_deinit(cert2); xmlFree(issuerSerial); xmlFree(issuerName); @@ -1321,69 +1211,60 @@ xmlSecGnuTLSX509IssuerSerialNodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, x xmlNodePtr issuerNameNode; xmlNodePtr issuerNumberNode; xmlChar* buf; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL); return(-1); } - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); + issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL); return(-1); } - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL); return(-1); } /* write data */ buf = xmlSecGnuTLSX509CertGetIssuerDN(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetIssuerDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetIssuerDN", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL); + xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); xmlFree(buf); buf = xmlSecGnuTLSX509CertGetIssuerSerial(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetIssuerSerial", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetIssuerSerial", NULL); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNumberNode)", NULL); + xmlFree(buf); + return(-1); + } + + /* done */ + xmlFree(buf); return(0); } @@ -1403,11 +1284,8 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1417,12 +1295,7 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf xmlFree(ski); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1434,12 +1307,9 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf xmlFree(ski); if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "ski=%s", + xmlSecErrorsSafeString(ski)); return(-1); } return(0); @@ -1447,22 +1317,16 @@ xmlSecGnuTLSX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf cert2 = xmlSecGnuTLSX509CertDup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(data)); xmlFree(ski); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); gnutls_x509_crt_deinit(cert2); xmlFree(ski); return(-1); @@ -1476,36 +1340,34 @@ static int xmlSecGnuTLSX509SKINodeWrite(gnutls_x509_crt_t cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar *buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* add node */ - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL); return(-1); } /* write value */ buf = xmlSecGnuTLSX509CertGetSKI(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetSKI", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetSKI", NULL); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + /* done */ + xmlFree(buf); return(0); } @@ -1525,11 +1387,7 @@ xmlSecGnuTLSX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1537,22 +1395,16 @@ xmlSecGnuTLSX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInf crl = xmlSecGnuTLSX509CrlBase64DerRead(content); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CrlBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCrl(data, crl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(data)); gnutls_x509_crl_deinit(crl); xmlFree(content); return(-1); @@ -1574,28 +1426,19 @@ xmlSecGnuTLSX509CRLNodeWrite(gnutls_x509_crl_t crl, xmlNodePtr node, xmlSecKeyIn /* set base64 lines size from context */ buf = xmlSecGnuTLSX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CrlBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); @@ -1620,11 +1463,8 @@ xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr k x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecGnuTLSX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1637,42 +1477,30 @@ xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr k ctx->keyCert = xmlSecGnuTLSX509CertDup(cert); if(ctx->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", + xmlSecKeyDataGetName(data)); return(-1); } keyValue = xmlSecGnuTLSX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecGnuTLSX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetKey", + xmlSecKeyDataGetName(data)); return(-1); } /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } ret = xmlSecKeySetValue(key, keyValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } @@ -1680,28 +1508,22 @@ xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr k /* get expiration time */ key->notValidBefore = gnutls_x509_crt_get_activation_time(ctx->keyCert); if(key->notValidBefore == (time_t)-1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "gnutls_x509_crt_get_activation_time", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGnuTLSError2("gnutls_x509_crt_get_activation_time", GNUTLS_E_SUCCESS, + xmlSecKeyDataGetName(data), + "cert activation time is invalid: %ld", + (unsigned long)key->notValidBefore); return(-1); } key->notValidAfter = gnutls_x509_crt_get_expiration_time(ctx->keyCert); if(key->notValidAfter == (time_t)-1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "gnutls_x509_crt_get_expiration_time", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGnuTLSError2("gnutls_x509_crt_get_expiration_time", GNUTLS_E_SUCCESS, + xmlSecKeyDataGetName(data), + "cert expiration time is invalid: %ld", + (unsigned long)key->notValidAfter); return(-1); } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), NULL); return(-1); } } @@ -1728,11 +1550,7 @@ xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) { alg = gnutls_x509_crt_get_pk_algorithm(cert, &bits); if(alg < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_pk_algorithm", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(alg)); + xmlSecGnuTLSError("gnutls_x509_crt_get_pk_algorithm", alg, NULL); return(NULL); } @@ -1744,31 +1562,19 @@ xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) { data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataRsaId)", NULL); return(NULL); } err = gnutls_x509_crt_get_pk_rsa_raw(cert, &m, &e); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_pk_rsa_raw", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_pk_rsa_raw", err, NULL); return(NULL); } ret = xmlSecGnuTLSKeyDataRsaAdoptPublicKey(data, &m, &e); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataRsaAdoptPublicKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataRsaAdoptPublicKey", NULL); gnutls_free(m.data); gnutls_free(e.data); return(NULL); @@ -1785,31 +1591,19 @@ xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) { data = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataDsaId)", NULL); return(NULL); } err = gnutls_x509_crt_get_pk_dsa_raw(cert, &p, &q, &g, &y); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_pk_dsa_raw", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_pk_dsa_raw", err, NULL); return(NULL); } ret = xmlSecGnuTLSKeyDataDsaAdoptPublicKey(data, &p, &q, &g, &y); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataDsaAdoptPublicKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataDsaAdoptPublicKey", NULL); gnutls_free(p.data); gnutls_free(q.data); gnutls_free(g.data); @@ -1823,11 +1617,7 @@ xmlSecGnuTLSX509CertGetKey(gnutls_x509_crt_t cert) { default: { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_pk_algorithm", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "Unsupported algorithm %d", (int)alg); + xmlSecInvalidIntegerTypeError("key_alg", alg, "supported algorithm", NULL); return(NULL); } } @@ -1915,43 +1705,30 @@ xmlSecGnuTLSKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, cert = xmlSecGnuTLSX509CertRead(buf, bufSize, xmlSecKeyDataFormatCertDer); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertRead", NULL); return(-1); } data = xmlSecKeyEnsureData(key, xmlSecGnuTLSKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); gnutls_x509_crt_deinit(cert); return(-1); } ret = xmlSecGnuTLSKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509AdoptCert", + xmlSecKeyDataKlassGetName(id)); gnutls_x509_crt_deinit(cert); return(-1); } ret = xmlSecGnuTLSKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecGnuTLSKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } return(0); diff --git a/src/gnutls/x509utils.c b/src/gnutls/x509utils.c index 2ab4df23..7fb61a43 100644 --- a/src/gnutls/x509utils.c +++ b/src/gnutls/x509utils.c @@ -1,7 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * X509 support * * * This is free software; see Copyright file in the source @@ -9,6 +8,13 @@ * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509utils + * @Short_description: X509 certificates support functions for GnuTLS. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -173,21 +179,13 @@ xmlSecGnuTLSX509CertDup(gnutls_x509_crt_t src) { buf = xmlSecGnuTLSX509CertBase64DerWrite(src, 0); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertBase64DerWrite", NULL); return (NULL); } res = xmlSecGnuTLSX509CertBase64DerRead(buf); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertBase64DerRead", NULL); xmlFree(buf); return (NULL); } @@ -208,33 +206,21 @@ xmlSecGnuTLSX509CertGetSubjectDN(gnutls_x509_crt_t cert) { /* get subject size */ err = gnutls_x509_crt_get_dn(cert, NULL, &bufSize); if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_dn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_dn", err, NULL); return(NULL); } /* allocate buffer */ buf = (char *)xmlMalloc(bufSize + 1); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)bufSize); + xmlSecMallocError(bufSize + 1, NULL); return(NULL); } /* finally write it out */ err = gnutls_x509_crt_get_dn(cert, buf, &bufSize); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_dn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_dn", err, NULL); xmlFree(buf); return(NULL); } @@ -254,33 +240,21 @@ xmlSecGnuTLSX509CertGetIssuerDN(gnutls_x509_crt_t cert) { /* get issuer size */ err = gnutls_x509_crt_get_issuer_dn(cert, NULL, &bufSize); if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_issuer_dn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_issuer_dn", err, NULL); return(NULL); } /* allocate buffer */ buf = (char *)xmlMalloc(bufSize + 1); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)bufSize); + xmlSecMallocError(bufSize + 1, NULL); return(NULL); } /* finally write it out */ err = gnutls_x509_crt_get_issuer_dn(cert, buf, &bufSize); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_issuer_dn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_issuer_dn", err, NULL); xmlFree(buf); return(NULL); } @@ -301,33 +275,21 @@ xmlSecGnuTLSX509CertGetIssuerSerial(gnutls_x509_crt_t cert) { /* get issuer serial size */ err = gnutls_x509_crt_get_serial(cert, NULL, &bufSize); if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_serial", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_serial", err, NULL); return(NULL); } /* allocate buffer */ buf = (unsigned char *)xmlMalloc(bufSize + 1); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)bufSize); + xmlSecMallocError(bufSize + 1, NULL); return(NULL); } /* write it out */ err = gnutls_x509_crt_get_serial(cert, buf, &bufSize); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_serial", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_serial", err, NULL); xmlFree(buf); return(NULL); } @@ -335,11 +297,7 @@ xmlSecGnuTLSX509CertGetIssuerSerial(gnutls_x509_crt_t cert) { /* convert to string */ res = xmlSecGnuTLSASN1IntegerWrite(buf, bufSize); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSASN1IntegerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSASN1IntegerWrite", NULL); xmlFree(buf); return(NULL); } @@ -362,33 +320,21 @@ xmlSecGnuTLSX509CertGetSKI(gnutls_x509_crt_t cert) { /* get ski size */ err = gnutls_x509_crt_get_subject_key_id(cert, NULL, &bufSize, &critical); if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_subject_key_id", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_subject_key_id", err, NULL); return(NULL); } /* allocate buffer */ buf = (xmlSecByte *)xmlMalloc(bufSize + 1); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)bufSize); + xmlSecMallocError(bufSize + 1, NULL); return(NULL); } /* write it out */ err = gnutls_x509_crt_get_subject_key_id(cert, buf, &bufSize, &critical); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_subject_key_id", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_subject_key_id", err, NULL); xmlFree(buf); return(NULL); } @@ -396,11 +342,7 @@ xmlSecGnuTLSX509CertGetSKI(gnutls_x509_crt_t cert) { /* convert to string */ res = xmlSecBase64Encode(buf, bufSize, 0); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); xmlFree(buf); return(NULL); } @@ -420,11 +362,7 @@ xmlSecGnuTLSX509CertBase64DerRead(xmlChar* buf) { /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -452,22 +390,15 @@ xmlSecGnuTLSX509CertRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFo fmt = GNUTLS_X509_FMT_DER; break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(NULL); } /* read cert */ err = gnutls_x509_crt_init(&cert); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_init", err, NULL); return(NULL); } @@ -475,11 +406,7 @@ xmlSecGnuTLSX509CertRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFo data.size = size; err = gnutls_x509_crt_import(cert, &data, fmt); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_import", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_import", err, NULL); gnutls_x509_crt_deinit(cert); return(NULL); } @@ -499,33 +426,21 @@ xmlSecGnuTLSX509CertBase64DerWrite(gnutls_x509_crt_t cert, int base64LineWrap) { /* get size */ err = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, NULL, &bufSize); if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)", err, NULL); return(NULL); } /* allocate buffer */ buf = (xmlSecByte *)xmlMalloc(bufSize + 1); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)bufSize); + xmlSecMallocError(bufSize + 1, NULL); return(NULL); } /* write it out */ err = gnutls_x509_crt_export(cert, GNUTLS_X509_FMT_DER, buf, &bufSize); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_export(GNUTLS_X509_FMT_DER)", err, NULL); xmlFree(buf); return(NULL); } @@ -533,11 +448,7 @@ xmlSecGnuTLSX509CertBase64DerWrite(gnutls_x509_crt_t cert, int base64LineWrap) { /* convert to string */ res = xmlSecBase64Encode(buf, bufSize, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); xmlFree(buf); return(NULL); } @@ -628,21 +539,13 @@ xmlSecGnuTLSX509CrlDup(gnutls_x509_crl_t src) { buf = xmlSecGnuTLSX509CrlBase64DerWrite(src, 0); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CrlBase64DerWrite", NULL); return (NULL); } res = xmlSecGnuTLSX509CrlBase64DerRead(buf); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CrlBase64DerRead", NULL); xmlFree(buf); return (NULL); } @@ -663,33 +566,21 @@ xmlSecGnuTLSX509CrlGetIssuerDN(gnutls_x509_crl_t crl) { /* get issuer size */ err = gnutls_x509_crl_get_issuer_dn(crl, NULL, &bufSize); if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crl_get_issuer_dn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crl_get_issuer_dn", err, NULL); return(NULL); } /* allocate buffer */ buf = (char *)xmlMalloc(bufSize + 1); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)bufSize); + xmlSecMallocError(bufSize + 1, NULL); return(NULL); } /* finally write it out */ err = gnutls_x509_crl_get_issuer_dn(crl, buf, &bufSize); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crl_get_issuer_dn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crl_get_issuer_dn", err, NULL); xmlFree(buf); return(NULL); } @@ -707,11 +598,7 @@ xmlSecGnuTLSX509CrlBase64DerRead(xmlChar* buf) { /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -739,22 +626,15 @@ xmlSecGnuTLSX509CrlRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFor fmt = GNUTLS_X509_FMT_DER; break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(NULL); } /* read crl */ err = gnutls_x509_crl_init(&crl); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crl_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crl_init", err, NULL); return(NULL); } @@ -762,11 +642,7 @@ xmlSecGnuTLSX509CrlRead(const xmlSecByte* buf, xmlSecSize size, xmlSecKeyDataFor data.size = size; err = gnutls_x509_crl_import(crl, &data, fmt); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crl_import", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crl_import", err, NULL); gnutls_x509_crl_deinit(crl); return(NULL); } @@ -786,33 +662,21 @@ xmlSecGnuTLSX509CrlBase64DerWrite(gnutls_x509_crl_t crl, int base64LineWrap) { /* get size */ err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, NULL, &bufSize); if((err != GNUTLS_E_SHORT_MEMORY_BUFFER) || (bufSize <= 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)", err, NULL); return(NULL); } /* allocate buffer */ buf = (xmlSecByte *)xmlMalloc(bufSize + 1); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)bufSize); + xmlSecMallocError(bufSize + 1, NULL); return(NULL); } /* write it out */ err = gnutls_x509_crl_export(crl, GNUTLS_X509_FMT_DER, buf, &bufSize); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crl_export(GNUTLS_X509_FMT_DER)", err, NULL); xmlFree(buf); return(NULL); } @@ -820,11 +684,7 @@ xmlSecGnuTLSX509CrlBase64DerWrite(gnutls_x509_crl_t crl, int base64LineWrap) { /* convert to string */ res = xmlSecBase64Encode(buf, bufSize, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); xmlFree(buf); return(NULL); } @@ -878,6 +738,7 @@ xmlSecGnuTLSASN1IntegerWrite(const unsigned char * data, size_t len) { unsigned long long int val = 0; size_t ii = 0; int shift = 0; + int ret; xmlSecAssert2(data != NULL, NULL); xmlSecAssert2(len <= 9, NULL); @@ -889,15 +750,17 @@ xmlSecGnuTLSASN1IntegerWrite(const unsigned char * data, size_t len) { res = (xmlChar*)xmlMalloc(resLen + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)resLen); - return (NULL); + xmlSecMallocError(resLen + 1, NULL); + return(NULL); + } + + ret = xmlStrPrintf(res, resLen, "%llu", val); + if(ret < 0) { + xmlSecXmlError("xmlStrPrintf", NULL); + xmlFree(res); + return(NULL); } - xmlSecStrPrintf(res, resLen, BAD_CAST "%llu", val); return(res); } @@ -934,11 +797,7 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* read pkcs12 in internal structure */ err = gnutls_pkcs12_init(&pkcs12); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_pkcs12_init", err, NULL); goto done; } @@ -946,22 +805,14 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, datum.size = dataSize; err = gnutls_pkcs12_import(pkcs12, &datum, GNUTLS_X509_FMT_DER, 0); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_import", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_pkcs12_import", err, NULL); goto done; } /* verify */ err = gnutls_pkcs12_verify_mac(pkcs12, pwd); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_verify_mac", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_pkcs12_verify_mac", err, NULL); goto done; } @@ -973,11 +824,7 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, err = gnutls_pkcs12_bag_init(&bag); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_bag_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_pkcs12_bag_init", err, NULL); goto done; } @@ -986,32 +833,20 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* scanned the whole pkcs12, stop */ break; } else if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_get_bag", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_pkcs12_get_bag", err, NULL); goto done; } /* check if we need to decrypt the bag */ bag_type = gnutls_pkcs12_bag_get_type(bag, 0); if(bag_type < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_bag_get_type", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(bag_type)); + xmlSecGnuTLSError("gnutls_pkcs12_bag_get_type", bag_type, NULL); goto done; } if(bag_type == GNUTLS_BAG_ENCRYPTED) { err = gnutls_pkcs12_bag_decrypt(bag, pwd); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_bag_decrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_pkcs12_bag_decrypt", err, NULL); goto done; } } @@ -1019,31 +854,19 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* scan elements in bag */ elements_in_bag = gnutls_pkcs12_bag_get_count(bag); if(elements_in_bag < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_bag_get_count", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(bag_type)); + xmlSecGnuTLSError("gnutls_pkcs12_bag_get_count", elements_in_bag, NULL); goto done; } for(ii = 0; ii < elements_in_bag; ++ii) { bag_type = gnutls_pkcs12_bag_get_type(bag, ii); if(bag_type < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_bag_get_type", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(bag_type)); + xmlSecGnuTLSError("gnutls_pkcs12_bag_get_type", bag_type, NULL); goto done; } err = gnutls_pkcs12_bag_get_data(bag, ii, &datum); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_pkcs12_bag_get_data", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_pkcs12_bag_get_data", err, NULL); goto done; } @@ -1054,11 +877,7 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, if((*priv_key) == NULL) { err = gnutls_x509_privkey_init(priv_key); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_privkey_init", err, NULL); goto done; } @@ -1067,11 +886,7 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, pwd, (bag_type == GNUTLS_BAG_PKCS8_KEY) ? GNUTLS_PKCS_PLAIN : 0); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_import_pkcs8", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_privkey_import_pkcs8", err, NULL); goto done; } } @@ -1079,31 +894,19 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, case GNUTLS_BAG_CERTIFICATE: err = gnutls_x509_crt_init(&cert); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_init", err, NULL); goto done; } err = gnutls_x509_crt_import(cert, &datum, GNUTLS_X509_FMT_DER); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_import", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_import", err, NULL); goto done; } ret = xmlSecPtrListAdd(certsList, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd(certsList)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd(certsList)", NULL); goto done; } cert = NULL; /* owned by certsList now */ @@ -1121,11 +924,8 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* check we have private key */ if((*priv_key) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Private key was not found in pkcs12 object"); + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_NOT_FOUND, NULL, + "Private key was not found in pkcs12 object"); goto done; } @@ -1141,11 +941,7 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, key_id_size = sizeof(key_id); err = gnutls_x509_privkey_get_key_id((*priv_key), 0, key_id, &key_id_size); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_get_key_id", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_privkey_get_key_id", err, NULL); goto done; } for(ii = 0; ii < certsSize; ++ii) { @@ -1159,11 +955,7 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, cert_id_size = sizeof(cert_id); err = gnutls_x509_crt_get_key_id(tmp, 0, cert_id, &cert_id_size); if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_key_id", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_get_key_id", err, NULL); goto done; } @@ -1171,11 +963,7 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, if((key_id_size == cert_id_size) && (memcmp(key_id, cert_id, key_id_size) == 0)) { (*key_cert) = xmlSecGnuTLSX509CertDup(tmp); if((*key_cert) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertDup", NULL); goto done; } @@ -1185,11 +973,8 @@ xmlSecGnuTLSPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* check we have key cert */ if((*key_cert) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Certificate for the private key was not found in pkcs12 object"); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, NULL, + "Certificate for the private key was not found in pkcs12 object"); goto done; } } @@ -1222,11 +1007,7 @@ xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key) { /* create key value data */ key_alg = gnutls_x509_privkey_get_pk_algorithm(priv_key); if(key_alg < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_get_pk_algorithm", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(key_alg)); + xmlSecGnuTLSError("gnutls_x509_privkey_get_pk_algorithm", key_alg < 0, NULL); return (NULL); } switch(key_alg) { @@ -1234,21 +1015,13 @@ xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key) { case GNUTLS_PK_RSA: res = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataRsaId); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataRsaId)", NULL); return(NULL); } ret = xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(res, priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataRsaAdoptPrivateKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSKeyDataRsaId"); + xmlSecInternalError("xmlSecGnuTLSKeyDataRsaAdoptPrivateKey(KeyDataRsaId)", NULL); xmlSecKeyDataDestroy(res); return(NULL); } @@ -1259,32 +1032,20 @@ xmlSecGnuTLSCreateKeyDataAndAdoptPrivKey(gnutls_x509_privkey_t priv_key) { case GNUTLS_PK_DSA: res = xmlSecKeyDataCreate(xmlSecGnuTLSKeyDataDsaId); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataDsaId)", NULL); return(NULL); } ret = xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(res, priv_key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSKeyDataDsaAdoptPrivateKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecGnuTLSKeyDataDsaId"); + xmlSecInternalError("xmlSecGnuTLSKeyDataDsaAdoptPrivateKey(KeyDataDsaId)", NULL); xmlSecKeyDataDestroy(res); return(NULL); } break; #endif /* XMLSEC_NO_DSA */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_privkey_get_pk_algorithm", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "Unsupported algorithm %d", (int)key_alg); + xmlSecInvalidIntegerTypeError("key_alg", key_alg, "supported algorithm", NULL); return(NULL); } @@ -1493,11 +1254,7 @@ xmlSecGnuTLSDnAttrsParse(const xmlChar * dn, /* allocate buffer, we don't need more than string */ tmp = (xmlChar *)xmlMalloc(xmlStrlen(dn) + 1); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)(xmlStrlen(dn) + 1)); + xmlSecMallocError(xmlStrlen(dn) + 1, NULL); goto done; } @@ -1532,20 +1289,13 @@ xmlSecGnuTLSDnAttrsParse(const xmlChar * dn, /* insert into the attrs */ if(pos >= attrsSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Not enough space: size=%d", (int)attrsSize); + xmlSecInvalidSizeLessThanError("Attributes", + attrsSize, pos, NULL); goto done; } attrs[pos].key = xmlStrdup(tmp); if(attrs[pos].key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)(xmlStrlen(tmp) + 1)); + xmlSecStrdupError(tmp, NULL); goto done; } @@ -1583,11 +1333,7 @@ xmlSecGnuTLSDnAttrsParse(const xmlChar * dn, attrs[pos].value = xmlStrdup(tmp); if(attrs[pos].value == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)(xmlStrlen(tmp) + 1)); + xmlSecStrdupError(tmp, NULL); goto done; } state = xmlSecGnuTLSDnParseState_BeforeNameComponent; @@ -1609,11 +1355,7 @@ xmlSecGnuTLSDnAttrsParse(const xmlChar * dn, attrs[pos].value = xmlStrdup(tmp); if(attrs[pos].value == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)(xmlStrlen(tmp) + 1)); + xmlSecStrdupError(tmp, NULL); goto done; } state = xmlSecGnuTLSDnParseState_AfterQuotedString; @@ -1628,12 +1370,7 @@ xmlSecGnuTLSDnAttrsParse(const xmlChar * dn, if((ch == ',') || (ch == ';') || (ch == '\0')) { state = xmlSecGnuTLSDnParseState_BeforeNameComponent; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Unexpected character %c (expected space or ',' or ';')", - ch); + xmlSecInvalidIntegerDataError("ch", ch, "space,',',';','\\0'", NULL); goto done; } } else { @@ -1650,12 +1387,7 @@ xmlSecGnuTLSDnAttrsParse(const xmlChar * dn, /* check end state */ if(state != xmlSecGnuTLSDnParseState_BeforeNameComponent) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Unexpected state %d at the end of parsing", - (int)state); + xmlSecInvalidIntegerDataError("state", state, "xmlSecGnuTLSDnParseState_BeforeNameComponent", NULL); goto done; } diff --git a/src/gnutls/x509vfy.c b/src/gnutls/x509vfy.c index f302d8fc..4c753344 100644 --- a/src/gnutls/x509vfy.c +++ b/src/gnutls/x509vfy.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +7,13 @@ * * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509vfy + * @Short_description: X509 certificates verification support functions for GnuTLS. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -159,38 +164,28 @@ xmlSecGnuTLSX509CheckTime(const gnutls_x509_crt_t * cert_list, /* get expiration times */ notValidBefore = gnutls_x509_crt_get_activation_time(cert); if(notValidBefore == (time_t)-1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_activation_time", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGnuTLSError2("gnutls_x509_crt_get_activation_time", GNUTLS_E_SUCCESS, + NULL, + "cert activation time is invalid: %ld", + (unsigned long)notValidBefore); return(-1); } notValidAfter = gnutls_x509_crt_get_expiration_time(cert); if(notValidAfter == (time_t)-1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_get_expiration_time", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecGnuTLSError2("gnutls_x509_crt_get_expiration_time", GNUTLS_E_SUCCESS, + NULL, + "cert expiration time is invalid: %ld", + (unsigned long)notValidAfter); return(-1); } /* check */ if(ts < notValidBefore) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, NULL, NULL); return(0); } if(ts > notValidAfter) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, NULL, NULL); return(0); } } @@ -249,11 +244,8 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store, if(cert_list_length > 0) { cert_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * cert_list_length); if(cert_list == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)(sizeof(gnutls_x509_crt_t) * cert_list_length)); + xmlSecMallocError(sizeof(gnutls_x509_crt_t) * cert_list_length, + xmlSecKeyDataStoreGetName(store)); goto done; } } @@ -261,21 +253,15 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store, if(crl_list_length > 0) { crl_list = (gnutls_x509_crl_t *)xmlMalloc(sizeof(gnutls_x509_crl_t) * crl_list_length); if(crl_list == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)(sizeof(gnutls_x509_crl_t) * crl_list_length)); + xmlSecMallocError(sizeof(gnutls_x509_crl_t) * crl_list_length, + xmlSecKeyDataStoreGetName(store)); goto done; } for(ii = 0; ii < crl_list_length; ++ii) { crl_list[ii] = xmlSecPtrListGetItem(crls, ii); if(crl_list[ii] == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecPtrListGetItem(crls)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListGetItem(crls)", + xmlSecKeyDataStoreGetName(store)); goto done; } } @@ -285,21 +271,15 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store, if(ca_list_length > 0) { ca_list = (gnutls_x509_crt_t *)xmlMalloc(sizeof(gnutls_x509_crt_t) * ca_list_length); if(ca_list == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)(sizeof(gnutls_x509_crt_t) * ca_list_length)); + xmlSecMallocError(sizeof(gnutls_x509_crt_t) * ca_list_length, + xmlSecKeyDataStoreGetName(store)); goto done; } for(ii = 0; ii < ca_list_length; ++ii) { ca_list[ii] = xmlSecPtrListGetItem(&(ctx->certsTrusted), ii); if(ca_list[ii] == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecPtrListGetItem(certsTrusted)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListGetItem(certsTrusted)", + xmlSecKeyDataStoreGetName(store)); goto done; } } @@ -315,6 +295,9 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store, if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) { flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD2; flags |= GNUTLS_VERIFY_ALLOW_SIGN_RSA_MD5; +#if GNUTLS_VERSION_NUMBER >= 0x030600 + flags |= GNUTLS_VERIFY_ALLOW_SIGN_WITH_SHA1; +#endif } /* We are going to build all possible cert chains and try to verify them */ @@ -325,11 +308,8 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store, cert = xmlSecPtrListGetItem(certs, ii); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecPtrListGetItem(certs)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListGetItem(certs)", + xmlSecKeyDataStoreGetName(store)); goto done; } @@ -357,26 +337,24 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store, } /* try to verify */ - err = gnutls_x509_crt_list_verify( - cert_list, (int)cert_list_cur_length, /* certs chain */ - ca_list, (int)ca_list_length, /* trusted cas */ - crl_list, (int)crl_list_length, /* crls */ - flags, /* flags */ - &verify); + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { + err = gnutls_x509_crt_list_verify( + cert_list, (int)cert_list_cur_length, /* certs chain */ + ca_list, (int)ca_list_length, /* trusted cas */ + crl_list, (int)crl_list_length, /* crls */ + flags, /* flags */ + &verify); + } else { + err = GNUTLS_E_SUCCESS; + } if(err != GNUTLS_E_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_list_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_GNUTLS_REPORT_ERROR(err)); + xmlSecGnuTLSError("gnutls_x509_crt_list_verify", err, NULL); /* don't stop, continue! */ continue; - } else if(verify != 0){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "gnutls_x509_crt_list_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "Verification failed: verify=%u", verify); + } else if(verify != 0) { + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, NULL, + "gnutls_x509_crt_list_verify: verification failed: status=%du", + verify); /* don't stop, continue! */ continue; } @@ -385,11 +363,7 @@ xmlSecGnuTLSX509StoreVerify(xmlSecKeyDataStorePtr store, we have to do it ourselves */ ret = xmlSecGnuTLSX509CheckTime(cert_list, cert_list_cur_length, verification_time); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "Time verification failed"); + xmlSecInternalError("xmlSecGnuTLSX509CheckTime", NULL); /* don't stop, continue! */ continue; } @@ -437,21 +411,15 @@ xmlSecGnuTLSX509StoreAdoptCert(xmlSecKeyDataStorePtr store, gnutls_x509_crt_t ce if((type & xmlSecKeyDataTypeTrusted) != 0) { ret = xmlSecPtrListAdd(&(ctx->certsTrusted), cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecPtrListAdd(trusted)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd(trusted)", + xmlSecKeyDataStoreGetName(store)); return(-1); } } else { ret = xmlSecPtrListAdd(&(ctx->certsUntrusted), cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecPtrListAdd(untrusted)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd(untrusted)", + xmlSecKeyDataStoreGetName(store)); return(-1); } } @@ -474,21 +442,15 @@ xmlSecGnuTLSX509StoreInitialize(xmlSecKeyDataStorePtr store) { ret = xmlSecPtrListInitialize(&(ctx->certsTrusted), xmlSecGnuTLSX509CrtListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecPtrListInitialize(trusted)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize(trusted)", + xmlSecKeyDataStoreGetName(store)); return(-1); } ret = xmlSecPtrListInitialize(&(ctx->certsUntrusted), xmlSecGnuTLSX509CrtListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecPtrListInitialize(untrusted)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize(untrusted)", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -516,6 +478,7 @@ xmlSecGnuTLSX509StoreFinalize(xmlSecKeyDataStorePtr store) { * *****************************************************************************/ #define XMLSEC_GNUTLS_DN_ATTRS_SIZE 1024 + static int xmlSecGnuTLSX509DnsEqual(const xmlChar * ll, const xmlChar * rr) { xmlSecGnuTLSDnAttr ll_attrs[XMLSEC_GNUTLS_DN_ATTRS_SIZE]; @@ -538,21 +501,13 @@ xmlSecGnuTLSX509DnsEqual(const xmlChar * ll, const xmlChar * rr) { /* parse */ ret = xmlSecGnuTLSDnAttrsParse(ll, ll_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSDnAttrsParse(ll)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSDnAttrsParse(ll)", NULL); goto done; } ret = xmlSecGnuTLSDnAttrsParse(rr, rr_attrs, XMLSEC_GNUTLS_DN_ATTRS_SIZE); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSDnAttrsParse(rr)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSDnAttrsParse(rr)", NULL); goto done; } @@ -564,11 +519,7 @@ xmlSecGnuTLSX509DnsEqual(const xmlChar * ll, const xmlChar * rr) { } else if(ret == 0) { res = 0; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSDnAttrsEqual", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSDnAttrsEqual", NULL); goto done; } @@ -593,11 +544,8 @@ xmlSecGnuTLSX509FindCert(xmlSecPtrListPtr certs, for(ii = 0; (ii < sz); ++ii) { gnutls_x509_crt_t cert = xmlSecPtrListGetItem(certs, ii); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListGetItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecPtrListGetItem", NULL, + "pos=%i", (int)ii); return(NULL); } @@ -606,11 +554,8 @@ xmlSecGnuTLSX509FindCert(xmlSecPtrListPtr certs, tmp = xmlSecGnuTLSX509CertGetSubjectDN(cert); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetSubjectDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecGnuTLSX509CertGetSubjectDN", NULL, + "pos=%i", (int)ii); return(NULL); } @@ -625,21 +570,15 @@ xmlSecGnuTLSX509FindCert(xmlSecPtrListPtr certs, tmp1 = xmlSecGnuTLSX509CertGetIssuerDN(cert); if(tmp1 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetIssuerDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecGnuTLSX509CertGetIssuerDN", NULL, + "pos=%i", (int)ii); return(NULL); } tmp2 = xmlSecGnuTLSX509CertGetIssuerSerial(cert); if(tmp2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetIssuerSerial", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecGnuTLSX509CertGetIssuerSerial", NULL, + "pos=%i", (int)ii); xmlFree(tmp1); return(NULL); } @@ -656,11 +595,8 @@ xmlSecGnuTLSX509FindCert(xmlSecPtrListPtr certs, tmp = xmlSecGnuTLSX509CertGetSKI(cert); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetSKI", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecGnuTLSX509CertGetSKI", NULL, + "pos=%i", (int)ii); return(NULL); } @@ -688,11 +624,7 @@ xmlSecGnuTLSX509FindSignedCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) { /* get subject */ subject = xmlSecGnuTLSX509CertGetSubjectDN(cert); if(subject == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetSubjectDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetSubjectDN", NULL); goto done; } @@ -704,21 +636,15 @@ xmlSecGnuTLSX509FindSignedCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) { tmp = xmlSecPtrListGetItem(certs, ii); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListGetItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecPtrListGetItem", NULL, + "pos=%i", (int)ii); goto done; } issuer = xmlSecGnuTLSX509CertGetIssuerDN(tmp); if(issuer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetIssuerDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecGnuTLSX509CertGetIssuerDN", NULL, + "pos=%i", (int)ii); goto done; } @@ -749,11 +675,7 @@ xmlSecGnuTLSX509FindSignerCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) { /* get issuer */ issuer = xmlSecGnuTLSX509CertGetIssuerDN(cert); if(issuer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetIssuerDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecGnuTLSX509CertGetIssuerDN", NULL); goto done; } @@ -765,21 +687,15 @@ xmlSecGnuTLSX509FindSignerCert(xmlSecPtrListPtr certs, gnutls_x509_crt_t cert) { tmp = xmlSecPtrListGetItem(certs, ii); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListGetItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecPtrListGetItem", NULL, + "pos=%i", (int)ii); goto done; } subject = xmlSecGnuTLSX509CertGetSubjectDN(tmp); if(subject == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGnuTLSX509CertGetSubjectDN", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%i", (int)ii); + xmlSecInternalError2("xmlSecGnuTLSX509CertGetSubjectDN", NULL, + "pos=%i", (int)ii); goto done; } @@ -1,4 +1,4 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * * Input uri transform and utility functions. @@ -8,11 +8,17 @@ * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:io + * @Short_description: Input/output functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> #include <string.h> -#include <errno.h> #include <libxml/uri.h> #include <libxml/tree.h> @@ -33,7 +39,6 @@ #include <xmlsec/io.h> #include <xmlsec/errors.h> -#define ERR_BUF_SIZE 1024 /******************************************************************* * @@ -63,12 +68,7 @@ xmlSecIOCallbackCreate(xmlInputMatchCallback matchFunc, xmlInputOpenCallback ope /* Allocate a new xmlSecIOCallback and fill the fields. */ callbacks = (xmlSecIOCallbackPtr)xmlMalloc(sizeof(xmlSecIOCallback)); if(callbacks == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecIOCallback)=%d", - (int)sizeof(xmlSecIOCallback)); + xmlSecMallocError(sizeof(xmlSecIOCallback), NULL); return(NULL); } memset(callbacks, 0, sizeof(xmlSecIOCallback)); @@ -127,9 +127,10 @@ xmlSecIOCallbackPtrListFind(xmlSecPtrListPtr list, const char* uri) { xmlSecAssert2(xmlSecPtrListCheckId(list, xmlSecIOCallbackPtrListId), NULL); xmlSecAssert2(uri != NULL, NULL); + /* Search from the end of the list to ensure the newly added entries are picked up first */ size = xmlSecPtrListGetSize(list); - for(i = 0; i < size; ++i) { - callbacks = (xmlSecIOCallbackPtr)xmlSecPtrListGetItem(list, i); + for(i = size; i > 0; --i) { + callbacks = (xmlSecIOCallbackPtr)xmlSecPtrListGetItem(list, i - 1); xmlSecAssert2(callbacks != NULL, NULL); xmlSecAssert2(callbacks->matchcallback != NULL, NULL); @@ -156,29 +157,31 @@ xmlSecIOInit(void) { ret = xmlSecPtrListInitialize(&xmlSecAllIOCallbacks, xmlSecIOCallbackPtrListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListPtrInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize", NULL); return(-1); } +#ifdef LIBXML_FTP_ENABLED + xmlNanoFTPInit(); +#endif /* LIBXML_FTP_ENABLED */ + #ifdef LIBXML_HTTP_ENABLED xmlNanoHTTPInit(); #endif /* LIBXML_HTTP_ENABLED */ -#ifdef LIBXML_FTP_ENABLED - xmlNanoFTPInit(); -#endif /* LIBXML_FTP_ENABLED */ + ret = xmlSecIORegisterDefaultCallbacks(); + if(ret < 0) { + xmlSecInternalError("xmlSecIORegisterDefaultCallbacks", NULL); + return(-1); + } - return(xmlSecIORegisterDefaultCallbacks()); + return(0); } /** * xmlSecIOShutdown: * - * The IO clenaup (called from #xmlSecShutdown function). + * The IO cleanup (called from #xmlSecShutdown function). * Applications should not call this function directly. */ void @@ -228,21 +231,13 @@ xmlSecIORegisterCallbacks(xmlInputMatchCallback matchFunc, callbacks = xmlSecIOCallbackCreate(matchFunc, openFunc, readFunc, closeFunc); if(callbacks == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecIOCallbackCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecIOCallbackCreate", NULL); return(-1); } ret = xmlSecPtrListAdd(&xmlSecAllIOCallbacks, callbacks); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", NULL); xmlSecIOCallbackDestroy(callbacks); return(-1); } @@ -261,15 +256,19 @@ int xmlSecIORegisterDefaultCallbacks(void) { int ret; + /* Callbacks added later are picked up first */ + ret = xmlSecIORegisterCallbacks(xmlFileMatch, xmlFileOpen, + xmlFileRead, xmlFileClose); + if(ret < 0) { + xmlSecInternalError("xmlSecIORegisterCallbacks(file)", NULL); + return(-1); + } + #ifdef LIBXML_HTTP_ENABLED ret = xmlSecIORegisterCallbacks(xmlIOHTTPMatch, xmlIOHTTPOpen, xmlIOHTTPRead, xmlIOHTTPClose); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecIORegisterCallbacks", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "http"); + xmlSecInternalError("xmlSecIORegisterCallbacks(http)", NULL); return(-1); } #endif /* LIBXML_HTTP_ENABLED */ @@ -278,26 +277,12 @@ xmlSecIORegisterDefaultCallbacks(void) { ret = xmlSecIORegisterCallbacks(xmlIOFTPMatch, xmlIOFTPOpen, xmlIOFTPRead, xmlIOFTPClose); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecIORegisterCallbacks", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ftp"); + xmlSecInternalError("xmlSecIORegisterCallbacks(ftp)", NULL); return(-1); } #endif /* LIBXML_FTP_ENABLED */ - ret = xmlSecIORegisterCallbacks(xmlFileMatch, xmlFileOpen, - xmlFileRead, xmlFileClose); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecIORegisterCallbacks", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "file"); - return(-1); - } - + /* done */ return(0); } @@ -421,16 +406,9 @@ xmlSecTransformInputURIOpen(xmlSecTransformPtr transform, const xmlChar *uri) { } } - char buf[ERR_BUF_SIZE]; if((ctx->clbks == NULL) || (ctx->clbksCtx == NULL)) { - strerror_r(errno, buf, sizeof(buf)); - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "opencallback", - XMLSEC_ERRORS_R_IO_FAILED, - "uri=%s;error=%s", - xmlSecErrorsSafeString(uri), - buf); + xmlSecInternalError2("ctx->clbks->opencallback", xmlSecTransformGetName(transform), + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -442,7 +420,7 @@ xmlSecTransformInputURIOpen(xmlSecTransformPtr transform, const xmlChar *uri) { * xmlSecTransformInputURIClose: * @transform: the pointer to IO transform. * - * Closes the given @transform and frees up resourses. + * Closes the given @transform and frees up resources. * * Returns: 0 on success or a negative value otherwise. */ @@ -491,11 +469,9 @@ xmlSecTransformInputURIFinalize(xmlSecTransformPtr transform) { ret = xmlSecTransformInputURIClose(transform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformInputURIClose", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError2("xmlSecTransformInputURIClose", + xmlSecTransformGetName(transform), + "ret=%d", ret); /* ignore the error */ /* return; */ } @@ -523,13 +499,7 @@ xmlSecTransformInputURIPopBin(xmlSecTransformPtr transform, xmlSecByte* data, if((ctx->clbksCtx != NULL) && (ctx->clbks != NULL) && (ctx->clbks->readcallback != NULL)) { ret = (ctx->clbks->readcallback)(ctx->clbksCtx, (char*)data, (int)maxDataSize); if(ret < 0) { - char buf[ERR_BUF_SIZE]; - strerror_r(errno, buf, sizeof(buf)); - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "readcallback", - XMLSEC_ERRORS_R_IO_FAILED, - "error=%s", buf); + xmlSecInternalError("ctx->clbks->readcallback", xmlSecTransformGetName(transform)); return(-1); } (*dataSize) = ret; diff --git a/src/keyinfo.c b/src/keyinfo.c index 958492f1..98dabc10 100644 --- a/src/keyinfo.c +++ b/src/keyinfo.c @@ -1,18 +1,27 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * <dsig:KeyInfo/> element processing - * (http://www.w3.org/TR/xmlSec-core/#sec-KeyInfo: * - * The KeyInfo Element + * This is free software; see Copyright file in the source + * distribution for preciese wording. * - * KeyInfo is an optional element that enables the recipient(s) to obtain + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ +/** + * SECTION:keyinfo + * @Short_description: <dsig:KeyInfo/> node parser functions. + * @Stability: Stable + * + * + * [KeyInfo](https://www.w3.org/TR/xmldsig-core/#sec-KeyInfo) is an + * optional element that enables the recipient(s) to obtain * the key needed to validate the signature. KeyInfo may contain keys, * names, certificates and other public key management information, such as * in-band key distribution or key agreement data. * - * Schema Definition: + * Schema Definition: * + * |[<!-- language="XML" --> * <element name="KeyInfo" type="ds:KeyInfoType"/> * <complexType name="KeyInfoType" mixed="true"> * <choice maxOccurs="unbounded"> @@ -28,19 +37,17 @@ * </choice> * <attribute name="Id" type="ID" use="optional"/> * </complexType> + * ]| * * DTD: * + * |[<!-- language="XML" --> * <!ELEMENT KeyInfo (#PCDATA|KeyName|KeyValue|RetrievalMethod| * X509Data|PGPData|SPKIData|MgmtData %KeyInfo.ANY;)* > * <!ATTLIST KeyInfo Id ID #IMPLIED > - * - * - * This is free software; see Copyright file in the source - * distribution for preciese wording. - * - * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + * ]| */ + #include "globals.h" #include <stdlib.h> @@ -111,22 +118,16 @@ xmlSecKeyInfoNodeRead(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCtx /* read data node */ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyDataXmlRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError2("xmlSecKeyDataXmlRead", + xmlSecKeyDataKlassGetName(dataId), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD) != 0) { /* there is a laxi schema validation but application may * desire to disable unknown nodes*/ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } } @@ -178,21 +179,15 @@ xmlSecKeyInfoNodeWrite(xmlNodePtr keyInfoNode, xmlSecKeyPtr key, xmlSecKeyInfoCt if(dataId != xmlSecKeyDataIdUnknown) { ret = xmlSecKeyDataXmlWrite(dataId, key, cur, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyDataXmlWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError2("xmlSecKeyDataXmlWrite", + xmlSecKeyDataKlassGetName(dataId), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation but application can disable it*/ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } } @@ -223,21 +218,13 @@ xmlSecKeyInfoCtxCreate(xmlSecKeysMngrPtr keysMngr) { /* Allocate a new xmlSecKeyInfoCtx and fill the fields. */ keyInfoCtx = (xmlSecKeyInfoCtxPtr)xmlMalloc(sizeof(xmlSecKeyInfoCtx)); if(keyInfoCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)sizeof(xmlSecKeyInfoCtx)); + xmlSecMallocError(sizeof(xmlSecKeyInfoCtx), NULL); return(NULL); } ret = xmlSecKeyInfoCtxInitialize(keyInfoCtx, keysMngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", NULL); xmlSecKeyInfoCtxDestroy(keyInfoCtx); return(NULL); } @@ -280,22 +267,14 @@ xmlSecKeyInfoCtxInitialize(xmlSecKeyInfoCtxPtr keyInfoCtx, xmlSecKeysMngrPtr key keyInfoCtx->base64LineSize = xmlSecBase64GetDefaultLineSize(); ret = xmlSecPtrListInitialize(&(keyInfoCtx->enabledKeyData), xmlSecKeyDataIdListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize", NULL); return(-1); } keyInfoCtx->maxRetrievalMethodLevel = 1; ret = xmlSecTransformCtxInitialize(&(keyInfoCtx->retrievalMethodCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxInitialize", NULL); return(-1); } @@ -309,11 +288,7 @@ xmlSecKeyInfoCtxInitialize(xmlSecKeyInfoCtxPtr keyInfoCtx, xmlSecKeysMngrPtr key ret = xmlSecKeyReqInitialize(&(keyInfoCtx->keyReq)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyReqInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqInitialize", NULL); return(-1); } @@ -388,11 +363,7 @@ xmlSecKeyInfoCtxCreateEncCtx(xmlSecKeyInfoCtxPtr keyInfoCtx) { /* we have to use tmp variable to avoid a recursive loop */ tmp = xmlSecEncCtxCreate(keyInfoCtx->keysMngr); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxCreate", NULL); return(-1); } tmp->mode = xmlEncCtxModeEncryptedKey; @@ -402,11 +373,7 @@ xmlSecKeyInfoCtxCreateEncCtx(xmlSecKeyInfoCtxPtr keyInfoCtx) { case xmlSecKeyInfoModeRead: ret = xmlSecKeyInfoCtxCopyUserPref(&(tmp->keyInfoReadCtx), keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxCopyUserPref", NULL); xmlSecEncCtxDestroy(tmp); return(-1); } @@ -414,11 +381,7 @@ xmlSecKeyInfoCtxCreateEncCtx(xmlSecKeyInfoCtxPtr keyInfoCtx) { case xmlSecKeyInfoModeWrite: ret = xmlSecKeyInfoCtxCopyUserPref(&(tmp->keyInfoWriteCtx), keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxCopyUserPref", NULL); xmlSecEncCtxDestroy(tmp); return(-1); } @@ -428,11 +391,8 @@ xmlSecKeyInfoCtxCreateEncCtx(xmlSecKeyInfoCtxPtr keyInfoCtx) { return(0); #else /* XMLSEC_NO_XMLENC */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xml encryption", - XMLSEC_ERRORS_R_DISABLED, - XMLSEC_ERRORS_NO_MESSAGE); + + xmlSecOtherError(XMLSEC_ERRORS_R_DISABLED, NULL, "xml encryption"); return(-1); #endif /* XMLSEC_NO_XMLENC */ } @@ -462,11 +422,7 @@ xmlSecKeyInfoCtxCopyUserPref(xmlSecKeyInfoCtxPtr dst, xmlSecKeyInfoCtxPtr src) { ret = xmlSecPtrListCopy(&(dst->enabledKeyData), &(src->enabledKeyData)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "enabledKeyData"); + xmlSecInternalError("xmlSecPtrListCopy(enabledKeyData)", NULL); return(-1); } @@ -475,11 +431,7 @@ xmlSecKeyInfoCtxCopyUserPref(xmlSecKeyInfoCtxPtr dst, xmlSecKeyInfoCtxPtr src) { ret = xmlSecTransformCtxCopyUserPref(&(dst->retrievalMethodCtx), &(src->retrievalMethodCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "enabledKeyData"); + xmlSecInternalError("xmlSecTransformCtxCopyUserPref(enabledKeyData)", NULL); return(-1); } @@ -489,22 +441,14 @@ xmlSecKeyInfoCtxCopyUserPref(xmlSecKeyInfoCtxPtr dst, xmlSecKeyInfoCtxPtr src) { if(src->encCtx != NULL) { dst->encCtx = xmlSecEncCtxCreate(dst->keysMngr); if(dst->encCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxCreate", NULL); return(-1); } dst->encCtx->mode = xmlEncCtxModeEncryptedKey; ret = xmlSecEncCtxCopyUserPref(dst->encCtx, src->encCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxCopyUserPref", NULL); return(-1); } } @@ -696,7 +640,6 @@ xmlSecKeyDataNameGetKlass(void) { static int xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - const xmlChar* oldName; xmlChar* newName; int ret; @@ -706,26 +649,10 @@ xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecAssert2(keyInfoCtx != NULL, -1); xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeRead, -1); - oldName = xmlSecKeyGetName(key); + /* read key name */ newName = xmlNodeGetContent(node); if(newName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - /* TODO: do we need to decode the name? */ - - /* compare name values */ - if((oldName != NULL) && !xmlStrEqual(oldName, newName)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "key name is already specified", - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(newName); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataKlassGetName(id), "empty"); return(-1); } @@ -746,32 +673,49 @@ xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, /* and copy what we've found */ ret = xmlSecKeyCopy(key, tmpKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCopy", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDestroy(tmpKey); xmlFree(newName); return(-1); } xmlSecKeyDestroy(tmpKey); - } - } - /* finally set key name if it is not there */ - if(xmlSecKeyGetName(key) == NULL) { - ret = xmlSecKeySetName(key, newName); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(newName); - return(-1); + /* and set the key name */ + ret = xmlSecKeySetName(key, newName); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetName", + xmlSecKeyDataKlassGetName(id)); + xmlFree(newName); + return(-1); + } + } + /* TODO: record the key names we tried */ + } else { + const xmlChar* oldName; + + /* if we already have a keyname, make sure that it matches or set it */ + oldName = xmlSecKeyGetName(key); + if(oldName != NULL) { + if(!xmlStrEqual(oldName, newName)) { + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key name is already specified"); + xmlFree(newName); + return(-1); + } + } else { + ret = xmlSecKeySetName(key, newName); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetName", + xmlSecKeyDataKlassGetName(id)); + xmlFree(newName); + return(-1); + } } } + + /* done */ xmlFree(newName); return(0); } @@ -779,6 +723,7 @@ xmlSecKeyDataNameXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, static int xmlSecKeyDataNameXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { const xmlChar* name; + int ret; xmlSecAssert2(id == xmlSecKeyDataNameId, -1); xmlSecAssert2(key != NULL, -1); @@ -787,9 +732,21 @@ xmlSecKeyDataNameXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecAssert2(keyInfoCtx->mode == xmlSecKeyInfoModeWrite, -1); name = xmlSecKeyGetName(key); - if(name != NULL) { - xmlSecNodeEncodeAndSetContent(node, name); + if(name == NULL) { + return(8); + } + + if(!xmlSecIsEmptyNode(node)) { + return(0); } + + ret = xmlSecNodeEncodeAndSetContent(node, name); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + return(-1); + } + + /* done */ return(0); } @@ -896,32 +853,22 @@ xmlSecKeyDataValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, /* read data node */ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataXmlRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError2("xmlSecKeyDataXmlRead", + xmlSecKeyDataKlassGetName(id), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation but application can disable it */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); return(-1); } /* <dsig:KeyValue/> might have only one node */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); return(-1); } @@ -967,23 +914,19 @@ xmlSecKeyDataValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node /* create key node */ cur = xmlSecAddChild(node, nodeName, nodeNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(node))); return(-1); } ret = xmlSecKeyDataXmlWrite(key->value->id, key, cur, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataXmlWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError2("xmlSecKeyDataXmlWrite", + xmlSecKeyDataKlassGetName(id), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } @@ -1090,13 +1033,11 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod /* check retrieval level */ if(keyInfoCtx->curRetrievalMethodLevel >= keyInfoCtx->maxRetrievalMethodLevel) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL, - "cur=%d;max=%d", - keyInfoCtx->curRetrievalMethodLevel, - keyInfoCtx->maxRetrievalMethodLevel); + xmlSecOtherError3(XMLSEC_ERRORS_R_MAX_RETRIEVALS_LEVEL, + xmlSecKeyDataKlassGetName(id), + "cur=%d;max=%d", + keyInfoCtx->curRetrievalMethodLevel, + keyInfoCtx->maxRetrievalMethodLevel); goto done; } ++keyInfoCtx->curRetrievalMethodLevel; @@ -1113,14 +1054,12 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod } } - /* laxi schema validation but aplication can disable it */ + /* laxi schema validation but application can disable it */ if(dataId == xmlSecKeyDataIdUnknown) { if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_UNKNOWN_HREF) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecAttrType), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "value=%s", xmlSecErrorsSafeString(retrType)); + xmlSecInvalidNodeAttributeError(node, xmlSecAttrType, + xmlSecKeyDataKlassGetName(id), + "retrieval type is unknown"); } else { res = 0; } @@ -1134,12 +1073,9 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod uri = xmlGetProp(node, xmlSecAttrURI); ret = xmlSecTransformCtxSetUri(&(keyInfoCtx->retrievalMethodCtx), uri, node); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecTransformCtxSetUri", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecTransformCtxSetUri", + xmlSecKeyDataKlassGetName(id), + "uri=%s", xmlSecErrorsSafeString(uri)); goto done; } @@ -1149,23 +1085,17 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod ret = xmlSecTransformCtxNodesListRead(&(keyInfoCtx->retrievalMethodCtx), cur, xmlSecTransformUsageDSigTransform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecTransformCtxNodesListRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError2("xmlSecTransformCtxNodesListRead", + xmlSecKeyDataKlassGetName(id), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); goto done; } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); goto done; } @@ -1175,11 +1105,8 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod (keyInfoCtx->retrievalMethodCtx.result == NULL) || (xmlSecBufferGetData(keyInfoCtx->retrievalMethodCtx.result) == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecTransformCtxExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxExecute", + xmlSecKeyDataKlassGetName(id)); goto done; } @@ -1193,11 +1120,8 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod xmlSecBufferGetSize(keyInfoCtx->retrievalMethodCtx.result), keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataRetrievalMethodReadXmlResult", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataRetrievalMethodReadXmlResult", + xmlSecKeyDataKlassGetName(id)); goto done; } } else { @@ -1206,11 +1130,8 @@ xmlSecKeyDataRetrievalMethodXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNod xmlSecBufferGetSize(keyInfoCtx->retrievalMethodCtx.result), keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataBinRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataBinRead", + xmlSecKeyDataKlassGetName(id)); goto done; } } @@ -1258,21 +1179,13 @@ xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId, xmlSecKeyPtr k doc = xmlRecoverMemory((const char*)buffer, bufferSize); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)), - "xmlRecoverMemory", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlRecoverMemory", xmlSecKeyDataKlassGetName(typeId)); return(-1); } cur = xmlDocGetRootElement(doc); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)), - "xmlDocGetRootElement", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlDocGetRootElement", xmlSecKeyDataKlassGetName(typeId)); xmlFreeDoc(doc); return(-1); } @@ -1293,22 +1206,16 @@ xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId, xmlSecKeyPtr k /* laxi schema validation but application can disable it */ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_KEYVALUE_STOP_ON_UNKNOWN_CHILD) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(typeId)); return(-1); } return(0); } else if((typeId != xmlSecKeyDataIdUnknown) && (typeId != dataId) && ((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_RETRMETHOD_STOP_ON_MISMATCH_HREF) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)), - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_MAX_RETRIEVAL_TYPE_MISMATCH, + xmlSecKeyDataKlassGetName(dataId), + "typeId=%s", xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId))); xmlFreeDoc(doc); return(-1); } @@ -1316,12 +1223,10 @@ xmlSecKeyDataRetrievalMethodReadXmlResult(xmlSecKeyDataId typeId, xmlSecKeyPtr k /* read data node */ ret = xmlSecKeyDataXmlRead(dataId, key, cur, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(typeId)), - "xmlSecKeyDataXmlRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError2("xmlSecKeyDataXmlRead", + xmlSecKeyDataKlassGetName(typeId), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); xmlFreeDoc(doc); return(-1); } @@ -1420,13 +1325,11 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt /* check the enc level */ if(keyInfoCtx->curEncryptedKeyLevel >= keyInfoCtx->maxEncryptedKeyLevel) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL, - "cur=%d;max=%d", - keyInfoCtx->curEncryptedKeyLevel, - keyInfoCtx->maxEncryptedKeyLevel); + xmlSecOtherError3(XMLSEC_ERRORS_R_MAX_ENCKEY_LEVEL, + xmlSecKeyDataKlassGetName(id), + "cur=%d;max=%d", + (int)keyInfoCtx->curEncryptedKeyLevel, + (int)keyInfoCtx->maxEncryptedKeyLevel); return(-1); } ++keyInfoCtx->curEncryptedKeyLevel; @@ -1437,11 +1340,8 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt } else { ret = xmlSecKeyInfoCtxCreateEncCtx(keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyInfoCtxCreateEncCtx", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxCreateEncCtx", + xmlSecKeyDataKlassGetName(id)); return(-1); } } @@ -1450,15 +1350,12 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt result = xmlSecEncCtxDecryptToBuffer(keyInfoCtx->encCtx, node); if((result == NULL) || (xmlSecBufferGetData(result) == NULL)) { /* We might have multiple EncryptedKey elements, encrypted - * for different receipints but application can enforce + * for different recipients but application can enforce * correct enc key. */ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ENCKEY_DONT_STOP_ON_FAILED_DECRYPTION) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecEncCtxDecryptToBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxDecryptToBuffer", + xmlSecKeyDataKlassGetName(id)); return(-1); } return(0); @@ -1469,11 +1366,8 @@ xmlSecKeyDataEncryptedKeyXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePt xmlSecBufferGetSize(result), keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataBinRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataBinRead", + xmlSecKeyDataKlassGetName(id)); return(-1); } --keyInfoCtx->curEncryptedKeyLevel; @@ -1499,21 +1393,15 @@ xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodeP /* dump key to a binary buffer */ ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx2, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecKeyInfoCtxCopyUserPref(&keyInfoCtx2, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyInfoCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxCopyUserPref", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx2); goto done; } @@ -1521,11 +1409,8 @@ xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodeP keyInfoCtx2.keyReq.keyType = xmlSecKeyDataTypeAny; ret = xmlSecKeyDataBinWrite(key->value->id, key, &keyBuf, &keySize, &keyInfoCtx2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataBinWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataBinWrite", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx2); goto done; } @@ -1537,11 +1422,8 @@ xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodeP } else { ret = xmlSecKeyInfoCtxCreateEncCtx(keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyInfoCtxCreateEncCtx", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxCreateEncCtx", + xmlSecKeyDataKlassGetName(id)); goto done; } } @@ -1549,11 +1431,8 @@ xmlSecKeyDataEncryptedKeyXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodeP ret = xmlSecEncCtxBinaryEncrypt(keyInfoCtx->encCtx, node, keyBuf, keySize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecEncCtxBinaryEncrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxBinaryEncrypt", + xmlSecKeyDataKlassGetName(id)); goto done; } @@ -1,13 +1,19 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Keys. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:keys + * @Short_description: Crypto key object functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -24,6 +30,7 @@ #include <xmlsec/keyinfo.h> #include <xmlsec/errors.h> + /************************************************************************** * * xmlSecKeyUseWith @@ -107,34 +114,21 @@ xmlSecKeyUseWithCreate(const xmlChar* application, const xmlChar* identifier) { /* Allocate a new xmlSecKeyUseWith and fill the fields. */ keyUseWith = (xmlSecKeyUseWithPtr)xmlMalloc(sizeof(xmlSecKeyUseWith)); if(keyUseWith == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecKeyUseWith)=%d", - (int)sizeof(xmlSecKeyUseWith)); + xmlSecMallocError(sizeof(xmlSecKeyUseWith), NULL); return(NULL); } memset(keyUseWith, 0, sizeof(xmlSecKeyUseWith)); ret = xmlSecKeyUseWithInitialize(keyUseWith); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyUseWithInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyUseWithInitialize", NULL); xmlSecKeyUseWithDestroy(keyUseWith); return(NULL); } ret = xmlSecKeyUseWithSet(keyUseWith, application, identifier); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyUseWithSet", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyUseWithSet", NULL); xmlSecKeyUseWithDestroy(keyUseWith); return(NULL); } @@ -161,21 +155,13 @@ xmlSecKeyUseWithDuplicate(xmlSecKeyUseWithPtr keyUseWith) { newKeyUseWith = xmlSecKeyUseWithCreate(NULL, NULL); if(newKeyUseWith == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyUseWithCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyUseWithCreate", NULL); return(NULL); } ret = xmlSecKeyUseWithCopy(newKeyUseWith, keyUseWith); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyUseWithCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyUseWithCopy", NULL); xmlSecKeyUseWithDestroy(keyUseWith); return(NULL); } @@ -224,24 +210,14 @@ xmlSecKeyUseWithSet(xmlSecKeyUseWithPtr keyUseWith, const xmlChar* application, if(application != NULL) { keyUseWith->application = xmlStrdup(application); if(keyUseWith->application == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "xmlStrlen(application)=%d", - xmlStrlen(application)); + xmlSecStrdupError(application, NULL); return(-1); } } if(identifier != NULL) { keyUseWith->identifier = xmlStrdup(identifier); if(keyUseWith->identifier == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "xmlStrlen(identifier)=%d", - xmlStrlen(identifier)); + xmlSecStrdupError(identifier, NULL); return(-1); } } @@ -341,11 +317,7 @@ xmlSecKeyReqInitialize(xmlSecKeyReqPtr keyReq) { keyReq->keyUsage = xmlSecKeyUsageAny; /* by default you can do whatever you want with the key */ ret = xmlSecPtrListInitialize(&keyReq->keyUseWithList, xmlSecKeyUseWithPtrListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize", NULL); return(-1); } @@ -408,11 +380,7 @@ xmlSecKeyReqCopy(xmlSecKeyReqPtr dst, xmlSecKeyReqPtr src) { ret = xmlSecPtrListCopy(&dst->keyUseWithList, &src->keyUseWithList); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListCopy", NULL); return(-1); } @@ -543,12 +511,7 @@ xmlSecKeyCreate(void) { /* Allocate a new xmlSecKey and fill the fields. */ key = (xmlSecKeyPtr)xmlMalloc(sizeof(xmlSecKey)); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecKey)=%d", - (int)sizeof(xmlSecKey)); + xmlSecMallocError(sizeof(xmlSecKey), NULL); return(NULL); } memset(key, 0, sizeof(xmlSecKey)); @@ -614,11 +577,7 @@ xmlSecKeyCopy(xmlSecKeyPtr keyDst, xmlSecKeyPtr keySrc) { if(keySrc->name != NULL) { keyDst->name = xmlStrdup(keySrc->name); if(keyDst->name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_STRDUP_FAILED, - "len=%d", xmlStrlen(keySrc->name)); + xmlSecStrdupError(keySrc->name, NULL); return(-1); } } @@ -626,11 +585,7 @@ xmlSecKeyCopy(xmlSecKeyPtr keyDst, xmlSecKeyPtr keySrc) { if(keySrc->value != NULL) { keyDst->value = xmlSecKeyDataDuplicate(keySrc->value); if(keyDst->value == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataDuplicate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataDuplicate", NULL); return(-1); } } @@ -638,11 +593,7 @@ xmlSecKeyCopy(xmlSecKeyPtr keyDst, xmlSecKeyPtr keySrc) { if(keySrc->dataList != NULL) { keyDst->dataList = xmlSecPtrListDuplicate(keySrc->dataList); if(keyDst->dataList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListDuplicate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListDuplicate", NULL); return(-1); } } @@ -671,21 +622,13 @@ xmlSecKeyDuplicate(xmlSecKeyPtr key) { newKey = xmlSecKeyCreate(); if(newKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); return(NULL); } ret = xmlSecKeyCopy(newKey, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCopy", NULL); xmlSecKeyDestroy(newKey); return(NULL); } @@ -771,11 +714,7 @@ xmlSecKeySetName(xmlSecKeyPtr key, const xmlChar* name) { if(name != NULL) { key->name = xmlStrdup(name); if(key->name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_STRDUP_FAILED, - "len=%d", xmlStrlen(name)); + xmlSecStrdupError(name, NULL); return(-1); } } @@ -878,23 +817,17 @@ xmlSecKeyEnsureData(xmlSecKeyPtr key, xmlSecKeyDataId dataId) { data = xmlSecKeyDataCreate(dataId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "dataId=%s", - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId))); + xmlSecInternalError2("xmlSecKeyDataCreate", NULL, + "dataId=%s", + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId))); return(NULL); } ret = xmlSecKeyAdoptData(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "dataId=%s", - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId))); + xmlSecInternalError2("xmlSecKeyAdoptData", NULL, + "dataId=%s", + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId))); xmlSecKeyDataDestroy(data); return(NULL); } @@ -932,11 +865,7 @@ xmlSecKeyAdoptData(xmlSecKeyPtr key, xmlSecKeyDataPtr data) { if(key->dataList == NULL) { key->dataList = xmlSecPtrListCreate(xmlSecKeyDataListId); if(key->dataList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListCreate", NULL); return(-1); } } @@ -1067,43 +996,32 @@ xmlSecKeyGenerate(xmlSecKeyDataId dataId, xmlSecSize sizeBits, xmlSecKeyDataType data = xmlSecKeyDataCreate(dataId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(dataId)); return(NULL); } ret = xmlSecKeyDataGenerate(data, sizeBits, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyDataGenerate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d;type=%d", sizeBits, type); + xmlSecInternalError3("xmlSecKeyDataGenerate", + xmlSecKeyDataKlassGetName(dataId), + "size=%d;type=%d", sizeBits, type); xmlSecKeyDataDestroy(data); return(NULL); } key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyDataKlassGetName(dataId)); xmlSecKeyDataDestroy(data); return(NULL); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataKlassGetName(dataId)); xmlSecKeyDataDestroy(data); xmlSecKeyDestroy(key); return(NULL); @@ -1130,11 +1048,7 @@ xmlSecKeyGenerateByName(const xmlChar* name, xmlSecSize sizeBits, xmlSecKeyDataT dataId = xmlSecKeyDataIdListFindByName(xmlSecKeyDataIdsGet(), name, xmlSecKeyDataUsageAny); if(dataId == xmlSecKeyDataIdUnknown) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(name), - XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_DATA_NOT_FOUND, name, NULL); return(NULL); } @@ -1162,21 +1076,15 @@ xmlSecKeyReadBuffer(xmlSecKeyDataId dataId, xmlSecBuffer* buffer) { /* create key data */ key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyDataKlassGetName(dataId)); return(NULL); } ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyDataKlassGetName(dataId)); xmlSecKeyDestroy(key); return(NULL); } @@ -1187,11 +1095,8 @@ xmlSecKeyReadBuffer(xmlSecKeyDataId dataId, xmlSecBuffer* buffer) { xmlSecBufferGetSize(buffer), &keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyDataBinRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataBinRead", + xmlSecKeyDataKlassGetName(dataId)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlSecKeyDestroy(key); return(NULL); @@ -1222,34 +1127,27 @@ xmlSecKeyReadBinaryFile(xmlSecKeyDataId dataId, const char* filename) { /* read file to buffer */ ret = xmlSecBufferInitialize(&buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecKeyDataKlassGetName(dataId)); return(NULL); } ret = xmlSecBufferReadFile(&buffer, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", + xmlSecKeyDataKlassGetName(dataId), + "filename=%s", + xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(NULL); } key = xmlSecKeyReadBuffer(dataId, &buffer); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyReadBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecKeyReadBuffer", + xmlSecKeyDataKlassGetName(dataId), + "filename=%s", + xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -1281,31 +1179,22 @@ xmlSecKeyReadMemory(xmlSecKeyDataId dataId, const xmlSecByte* data, xmlSecSize d /* read file to buffer */ ret = xmlSecBufferInitialize(&buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecKeyDataKlassGetName(dataId)); return(NULL); } if (xmlSecBufferAppend(&buffer, data, dataSize) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferAppend", + xmlSecKeyDataKlassGetName(dataId)); xmlSecBufferFinalize(&buffer); return(NULL); } key = xmlSecKeyReadBuffer(dataId, &buffer); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(dataId)), - "xmlSecKeyReadBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReadBuffer", + xmlSecKeyDataKlassGetName(dataId)); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -1335,23 +1224,17 @@ xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) { /* first try to read data from <dsig:KeyInfo/> node */ key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); return(NULL); } if(keyInfoNode != NULL) { ret = xmlSecKeyInfoNodeRead(keyInfoNode, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(keyInfoNode))); + xmlSecInternalError2("xmlSecKeyInfoNodeRead", + NULL, + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeGetName(keyInfoNode))); xmlSecKeyDestroy(key); return(NULL); } @@ -1367,11 +1250,7 @@ xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) { if(keyInfoCtx->keysMngr != NULL) { key = xmlSecKeysMngrFindKey(keyInfoCtx->keysMngr, NULL, keyInfoCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrFindKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrFindKey", NULL); return(NULL); } if(xmlSecKeyGetValue(key) != NULL) { @@ -1380,11 +1259,7 @@ xmlSecKeysMngrGetKey(xmlNodePtr keyInfoNode, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDestroy(key); } - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_KEY_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_NOT_FOUND, NULL, NULL); return(NULL); } diff --git a/src/keysdata.c b/src/keysdata.c index 30c800df..925521fc 100644 --- a/src/keysdata.c +++ b/src/keysdata.c @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Key data. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:keysdata + * @Short_description: Crypto key data object functions. + * @Stability: Stable + * + */ #include "globals.h" @@ -25,13 +30,13 @@ #include <xmlsec/keyinfo.h> #include <xmlsec/errors.h> - /************************************************************************** * * Global xmlSecKeyDataIds list functions * *************************************************************************/ static xmlSecPtrList xmlSecAllKeyDataIds; +static int xmlSecImportPersistKey = 0; /** * xmlSecKeyDataIdsGet: @@ -59,21 +64,13 @@ xmlSecKeyDataIdsInit(void) { ret = xmlSecPtrListInitialize(xmlSecKeyDataIdsGet(), xmlSecKeyDataIdListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListPtrInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecKeyDataIdListId"); + xmlSecInternalError("xmlSecPtrListInitialize(xmlSecKeyDataIdListId)", NULL); return(-1); } ret = xmlSecKeyDataIdsRegisterDefault(); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataIdsRegisterDefault", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsRegisterDefault", NULL); return(-1); } @@ -107,12 +104,8 @@ xmlSecKeyDataIdsRegister(xmlSecKeyDataId id) { ret = xmlSecPtrListAdd(xmlSecKeyDataIdsGet(), (xmlSecPtr)id); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "dataId=%s", - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id))); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecKeyDataKlassGetName(id)); return(-1); } @@ -131,39 +124,23 @@ xmlSecKeyDataIdsRegister(xmlSecKeyDataId id) { int xmlSecKeyDataIdsRegisterDefault(void) { if(xmlSecKeyDataIdsRegister(xmlSecKeyDataNameId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecKeyDataNameId"); + xmlSecInternalError("xmlSecKeyDataIdsRegister(xmlSecKeyDataNameId)", NULL); return(-1); } if(xmlSecKeyDataIdsRegister(xmlSecKeyDataValueId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecKeyDataValueId"); + xmlSecInternalError("xmlSecKeyDataIdsRegister(xmlSecKeyDataValueId)", NULL); return(-1); } if(xmlSecKeyDataIdsRegister(xmlSecKeyDataRetrievalMethodId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecKeyDataRetrievalMethodId"); + xmlSecInternalError("xmlSecKeyDataIdsRegister(xmlSecKeyDataRetrievalMethodId", NULL); return(-1); } #ifndef XMLSEC_NO_XMLENC if(xmlSecKeyDataIdsRegister(xmlSecKeyDataEncryptedKeyId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecKeyDataEncryptedKeyId"); + xmlSecInternalError("xmlSecKeyDataIdsRegister(xmlSecKeyDataEncryptedKeyId)", NULL); return(-1); } #endif /* XMLSEC_NO_XMLENC */ @@ -200,11 +177,8 @@ xmlSecKeyDataCreate(xmlSecKeyDataId id) { /* Allocate a new xmlSecKeyData and fill the fields. */ data = (xmlSecKeyDataPtr)xmlMalloc(id->objSize); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", id->objSize); + xmlSecMallocError(id->objSize, + xmlSecKeyDataKlassGetName(id)); return(NULL); } memset(data, 0, id->objSize); @@ -213,11 +187,8 @@ xmlSecKeyDataCreate(xmlSecKeyDataId id) { if(id->initialize != NULL) { ret = (id->initialize)(data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "id->initialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("id->initialize", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); return(NULL); } @@ -246,21 +217,15 @@ xmlSecKeyDataDuplicate(xmlSecKeyDataPtr data) { newData = xmlSecKeyDataCreate(data->id); if(newData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataGetName(data)); return(NULL); } ret = (data->id->duplicate)(newData, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "id->duplicate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("id->duplicate", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(newData); return(NULL); } @@ -398,11 +363,9 @@ xmlSecKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, /* write data */ ret = data->id->generate(data, sizeBits, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "id->generate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", sizeBits); + xmlSecInternalError2("id->generate", + xmlSecKeyDataGetName(data), + "size=%d", sizeBits); return(-1); } return(0); @@ -517,11 +480,8 @@ xmlSecKeyDataBinaryValueInitialize(xmlSecKeyDataPtr data) { ret = xmlSecBufferInitialize(buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecKeyDataGetName(data)); return(-1); } @@ -555,11 +515,8 @@ xmlSecKeyDataBinaryValueDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecKeyDataBinaryValueSetBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataBinaryValueSetBuffer", + xmlSecKeyDataGetName(dst)); return(-1); } @@ -612,22 +569,15 @@ xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, str = xmlNodeGetContent(node); if(str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataKlassGetName(id), "empty"); return(-1); } /* usual trick: decode into the same buffer */ ret = xmlSecBase64Decode(str, (xmlSecByte*)str, xmlStrlen(str)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", + xmlSecKeyDataKlassGetName(id)); xmlFree(str); return(-1); } @@ -639,32 +589,28 @@ xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecBufferPtr buffer; if(!xmlSecKeyDataCheckId(data, id)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, + xmlSecKeyDataGetName(data), + "id=%s", + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id))); xmlFree(str); return(-1); } buffer = xmlSecKeyDataBinaryValueGetBuffer(data); - if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != len)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, - "cur-data-size=%d;new-data-size=%d", - xmlSecBufferGetSize(buffer), len); + if((buffer != NULL) && (xmlSecBufferGetSize(buffer) != len)) { + xmlSecOtherError3(XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, + xmlSecKeyDataGetName(data), + "cur-data-size=%lu;new-data-size=%lu", + (unsigned long)xmlSecBufferGetSize(buffer), + (unsigned long)len); xmlFree(str); return(-1); } if((buffer != NULL) && (len > 0) && (memcmp(xmlSecBufferGetData(buffer), str, len) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, - "key already has a different value"); + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, + xmlSecKeyDataGetName(data), + "key already has a different value"); xmlFree(str); return(-1); } @@ -680,22 +626,17 @@ xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); xmlFree(str); return(-1); } ret = xmlSecKeyDataBinaryValueSetBuffer(data, (xmlSecByte*)str, len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataBinaryValueSetBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", len); + xmlSecInternalError2("xmlSecKeyDataBinaryValueSetBuffer", + xmlSecKeyDataKlassGetName(id), + "size=%d", len); xmlSecKeyDataDestroy(data); xmlFree(str); return(-1); @@ -703,22 +644,16 @@ xmlSecKeyDataBinaryValueXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlFree(str); if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); return(0); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); return(-1); } @@ -765,11 +700,8 @@ xmlSecKeyDataBinaryValueXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecBufferGetSize(buffer), keyInfoCtx->base64LineSize); if(str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", + xmlSecKeyDataKlassGetName(id)); return(-1); } xmlNodeSetContent(node, str); @@ -808,30 +740,26 @@ xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecBufferPtr buffer; if(!xmlSecKeyDataCheckId(data, id)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, + xmlSecKeyDataGetName(data), + "id=%s", + xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id))); return(-1); } buffer = xmlSecKeyDataBinaryValueGetBuffer(data); - if((buffer != NULL) && ((xmlSecSize)xmlSecBufferGetSize(buffer) != bufSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, - "cur-data-size=%d;new-data-size=%d", - xmlSecBufferGetSize(buffer), bufSize); + if((buffer != NULL) && (xmlSecBufferGetSize(buffer) != bufSize)) { + xmlSecOtherError3(XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, + xmlSecKeyDataGetName(data), + "cur-data-size=%lu;new-data-size=%lu", + (unsigned long)xmlSecBufferGetSize(buffer), + (unsigned long)bufSize); return(-1); } if((buffer != NULL) && (bufSize > 0) && (memcmp(xmlSecBufferGetData(buffer), buf, bufSize) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, - "key already has a different value"); + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_DATA_ALREADY_EXIST, + xmlSecKeyDataGetName(data), + "key already has a different value"); return(-1); } if(buffer != NULL) { @@ -844,42 +772,31 @@ xmlSecKeyDataBinaryValueBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecKeyDataBinaryValueSetBuffer(data, buf, bufSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataBinaryValueSetBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", bufSize); + xmlSecInternalError2("xmlSecKeyDataBinaryValueSetBuffer", + xmlSecKeyDataKlassGetName(id), + "size=%d", bufSize); xmlSecKeyDataDestroy(data); return(-1); } if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), data) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); return(0); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); return(-1); } @@ -926,11 +843,8 @@ xmlSecKeyDataBinaryValueBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, (*bufSize) = xmlSecBufferGetSize(buffer); (*buf) = (xmlSecByte*) xmlMalloc((*bufSize)); if((*buf) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError((*bufSize), + xmlSecKeyDataKlassGetName(id)); return(-1); } memcpy((*buf), xmlSecBufferGetData(buffer), (*bufSize)); @@ -1314,11 +1228,8 @@ xmlSecKeyDataStoreCreate(xmlSecKeyDataStoreId id) { /* Allocate a new xmlSecKeyDataStore and fill the fields. */ store = (xmlSecKeyDataStorePtr)xmlMalloc(id->objSize); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", id->objSize); + xmlSecMallocError(id->objSize, + xmlSecKeyDataStoreKlassGetName(id)); return(NULL); } memset(store, 0, id->objSize); @@ -1327,11 +1238,8 @@ xmlSecKeyDataStoreCreate(xmlSecKeyDataStoreId id) { if(id->initialize != NULL) { ret = (id->initialize)(store); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreKlassGetName(id)), - "id->initialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("id->initialize", + xmlSecKeyDataStoreKlassGetName(id)); xmlSecKeyDataStoreDestroy(store); return(NULL); } @@ -1384,4 +1292,11 @@ xmlSecKeyDataStorePtrListGetKlass(void) { return(&xmlSecKeyDataStorePtrListKlass); } +void xmlSecImportSetPersistKey(void) { + xmlSecImportPersistKey = 1; +} + +int xmlSecImportGetPersistKey(void) { + return xmlSecImportPersistKey; +} diff --git a/src/keysmngr.c b/src/keysmngr.c index 5315203a..61dc9c7b 100644 --- a/src/keysmngr.c +++ b/src/keysmngr.c @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Keys Manager. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:keysmngr + * @Short_description: Keys manager object functions. + * @Stability: Stable + * + */ #include "globals.h" #include <stdlib.h> @@ -25,6 +30,8 @@ #include <xmlsec/transforms.h> #include <xmlsec/keysmngr.h> #include <xmlsec/errors.h> +#include <xmlsec/private.h> + /**************************************************************************** * @@ -48,23 +55,14 @@ xmlSecKeysMngrCreate(void) { /* Allocate a new xmlSecKeysMngr and fill the fields. */ mngr = (xmlSecKeysMngrPtr)xmlMalloc(sizeof(xmlSecKeysMngr)); if(mngr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecKeysMngr)=%d", - (int)sizeof(xmlSecKeysMngr)); + xmlSecMallocError(sizeof(xmlSecKeysMngr), NULL); return(NULL); } memset(mngr, 0, sizeof(xmlSecKeysMngr)); ret = xmlSecPtrListInitialize(&(mngr->storesList), xmlSecKeyDataStorePtrListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecKeyDataStorePtrListId"); + xmlSecInternalError("xmlSecPtrListInitialize(xmlSecKeyDataStorePtrListId)", NULL); return(NULL); } @@ -241,11 +239,8 @@ xmlSecKeyStoreCreate(xmlSecKeyStoreId id) { /* Allocate a new xmlSecKeyStore and fill the fields. */ store = (xmlSecKeyStorePtr)xmlMalloc(id->objSize); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", id->objSize); + xmlSecMallocError(id->objSize, + xmlSecKeyStoreKlassGetName(id)); return(NULL); } memset(store, 0, id->objSize); @@ -254,11 +249,8 @@ xmlSecKeyStoreCreate(xmlSecKeyStoreId id) { if(id->initialize != NULL) { ret = (id->initialize)(store); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreKlassGetName(id)), - "id->initialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("id->initialize", + xmlSecKeyStoreKlassGetName(id)); xmlSecKeyStoreDestroy(store); return(NULL); } @@ -376,11 +368,8 @@ xmlSecSimpleKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { ret = xmlSecPtrListAdd(list, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecKeyStoreGetName(store)); return(-1); } @@ -399,7 +388,7 @@ xmlSecSimpleKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { */ int xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, - xmlSecKeysMngrPtr keysMngr) { + xmlSecKeysMngrPtr keysMngr ATTRIBUTE_UNUSED) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; @@ -409,25 +398,19 @@ xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecSimpleKeysStoreId), -1); xmlSecAssert2(uri != NULL, -1); + UNREFERENCED_PARAMETER(keysMngr); doc = xmlParseFile(uri); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlParseFile", - XMLSEC_ERRORS_R_XML_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecXmlError2("xmlParseFile", xmlSecKeyStoreGetName(store), + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } root = xmlDocGetRootElement(doc); if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(root)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=<xmlsec:Keys>"); + xmlSecInvalidNodeError(root, BAD_CAST "Keys", + xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -436,30 +419,23 @@ xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } keyInfoCtx.mode = xmlSecKeyInfoModeRead; - keyInfoCtx.keysMngr = keysMngr; + keyInfoCtx.keysMngr = NULL; keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND | XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; @@ -468,11 +444,8 @@ xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoNodeRead", + xmlSecKeyStoreGetName(store)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlSecKeyDestroy(key); xmlFreeDoc(doc); @@ -483,11 +456,8 @@ xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, if(xmlSecKeyIsValid(key)) { ret = xmlSecSimpleKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecSimpleKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSimpleKeysStoreAdoptKey", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); @@ -500,11 +470,7 @@ xmlSecSimpleKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -547,11 +513,8 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK /* create doc */ doc = xmlSecCreateTree(BAD_CAST "Keys", xmlSecNs); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecCreateTree", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCreateTree", + xmlSecKeyStoreGetName(store)); return(-1); } @@ -566,12 +529,10 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK cur = xmlSecAddChild(xmlDocGetRootElement(doc), xmlSecNodeKeyInfo, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyStoreGetName(store), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); xmlFreeDoc(doc); return(-1); } @@ -579,12 +540,10 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK /* special data key name */ if(xmlSecKeyGetName(key) != NULL) { if(xmlSecAddChild(cur, xmlSecNodeKeyName, xmlSecDSigNs) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyName)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyStoreGetName(store), + "node=%s", + xmlSecErrorsSafeString(xmlSecNodeKeyName)); xmlFreeDoc(doc); return(-1); } @@ -605,12 +564,9 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK } if(xmlSecAddChild(cur, dataId->dataNodeName, dataId->dataNodeNs) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(dataId->dataNodeName)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyStoreGetName(store), + "node=%s", xmlSecErrorsSafeString(dataId->dataNodeName)); xmlFreeDoc(doc); return(-1); } @@ -618,11 +574,8 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -635,11 +588,8 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK /* finally write key in the node */ ret = xmlSecKeyInfoNodeWrite(cur, key, &keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoNodeWrite", + xmlSecKeyStoreGetName(store)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlFreeDoc(doc); return(-1); @@ -650,12 +600,8 @@ xmlSecSimpleKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecK /* now write result */ ret = xmlSaveFormatFile(filename, doc, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSaveFormatFile", - XMLSEC_ERRORS_R_XML_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecXmlError2("xmlSaveFormatFile", xmlSecKeyStoreGetName(store), + "filename=%s", xmlSecErrorsSafeString(filename)); xmlFreeDoc(doc); return(-1); } @@ -697,11 +643,8 @@ xmlSecSimpleKeysStoreInitialize(xmlSecKeyStorePtr store) { ret = xmlSecPtrListInitialize(list, xmlSecKeyPtrListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecKeyPtrListId"); + xmlSecInternalError("xmlSecPtrListInitialize(xmlSecKeyPtrListId)", + xmlSecKeyStoreGetName(store)); return(-1); } diff --git a/src/kw_aes_des.c b/src/kw_aes_des.c index 7eb74b05..b51c006e 100644 --- a/src/kw_aes_des.c +++ b/src/kw_aes_des.c @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Implementation of AES/DES Key Transport algorithm - * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_aes_des + * @Short_description: AES/DES Key Transport implementation. + * @Stability: Private + * + */ + #include "globals.h" #include <stdlib.h> @@ -16,6 +21,7 @@ #include <libxml/tree.h> #include <xmlsec/xmlsec.h> +#include <xmlsec/buffer.h> #include <xmlsec/errors.h> #include "kw_aes_des.h" @@ -93,11 +99,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, /* step 2: calculate sha1 and CMS */ ret = kwDes3Id->sha1(context, in, inSize, sha1, sizeof(sha1)); if((ret < 0) || (ret != sizeof(sha1))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->sha1", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->sha1", NULL); return(-1); } @@ -108,11 +110,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, /* step 4: generate random iv */ ret = kwDes3Id->generateRandom(context, iv, sizeof(iv)); if((ret < 0) || (ret != sizeof(iv))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->generateRandom", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->generateRandom", NULL); return(-1); } @@ -122,11 +120,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, out, inSize + XMLSEC_KW_DES3_BLOCK_LENGTH, out, outSize); if((ret < 0) || ((xmlSecSize)ret != inSize + XMLSEC_KW_DES3_BLOCK_LENGTH)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->encrypt", NULL); return(-1); } @@ -138,11 +132,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, /* step 7: reverse octets order, result is TEMP3 */ ret = xmlSecKWDes3BufferReverse(out, s); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKWDes3BufferReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("xmlSecKWDes3BufferReverse", NULL); return(-1); } @@ -152,11 +142,7 @@ xmlSecKWDes3Encode(xmlSecKWDes3Id kwDes3Id, void *context, out, s, out, outSize); if((ret < 0) || ((xmlSecSize)ret != s)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->encrypt", NULL); return(-1); } @@ -170,6 +156,7 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context, xmlSecByte *out, xmlSecSize outSize) { xmlSecByte sha1[XMLSEC_KW_DES3_SHA_DIGEST_LENGTH]; + xmlSecBufferPtr tmp; xmlSecSize s; int ret; @@ -182,42 +169,39 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context, /* step 2: first decryption with static IV, result is TEMP3 */ + tmp = xmlSecBufferCreate(inSize); + if(tmp == NULL) { + xmlSecInternalError2("xmlSecBufferCreate", NULL, "inSize=%d", (int)inSize); + return(-1); + } + ret = kwDes3Id->decrypt(context, xmlSecKWDes3Iv, sizeof(xmlSecKWDes3Iv), in, inSize, - out, outSize); + xmlSecBufferGetData(tmp), xmlSecBufferGetMaxSize(tmp)); if((ret < 0) || (ret < XMLSEC_KW_DES3_IV_LENGTH)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->decrypt", NULL); + xmlSecBufferDestroy(tmp); return(-1); } s = ret; /* step 3: reverse octets order in TEMP3, result is TEMP2 */ - ret = xmlSecKWDes3BufferReverse(out, s); + ret = xmlSecKWDes3BufferReverse(xmlSecBufferGetData(tmp), s); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKWDes3BufferReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("xmlSecKWDes3BufferReverse", NULL); + xmlSecBufferDestroy(tmp); return(-1); } /* steps 4 and 5: get IV and decrypt second time, result is WKCKS */ ret = kwDes3Id->decrypt(context, - out, XMLSEC_KW_DES3_IV_LENGTH, - out + XMLSEC_KW_DES3_IV_LENGTH, s - XMLSEC_KW_DES3_IV_LENGTH, + xmlSecBufferGetData(tmp), XMLSEC_KW_DES3_IV_LENGTH, + xmlSecBufferGetData(tmp) + XMLSEC_KW_DES3_IV_LENGTH, s - XMLSEC_KW_DES3_IV_LENGTH, out, outSize); if((ret < 0) || (ret < XMLSEC_KW_DES3_BLOCK_LENGTH)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->decrypt", NULL); + xmlSecBufferDestroy(tmp); return(-1); } s = ret - XMLSEC_KW_DES3_BLOCK_LENGTH; @@ -227,26 +211,21 @@ xmlSecKWDes3Decode(xmlSecKWDes3Id kwDes3Id, void *context, out, s, sha1, sizeof(sha1)); if((ret < 0) || (ret != sizeof(sha1))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwDes3Id->sha1", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); + xmlSecInternalError("kwDes3Id->sha1", NULL); + xmlSecBufferDestroy(tmp); return(-1); } /* check sha1 */ xmlSecAssert2(XMLSEC_KW_DES3_BLOCK_LENGTH <= sizeof(sha1), -1); if(memcmp(sha1, out + s, XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "SHA1 does not match"); + xmlSecInvalidDataError("SHA1 does not match", NULL); + xmlSecBufferDestroy(tmp); return(-1); } /* done */ + xmlSecBufferDestroy(tmp); return(s); } @@ -285,11 +264,11 @@ xmlSecKWDes3BufferReverse(xmlSecByte *buf, xmlSecSize size) * 64-bit register A, 128-bit register B, and array of 64-bit quantities * R(1) through R(N). * - * "|" represents concatentation so x|y, where x and y and 64-bit quantities, + * "|" represents concatenation so x|y, where x and y and 64-bit quantities, * is the 128-bit quantity with x in the most significant bits and y in the * least significant bits. AES(K)enc(x) is the operation of AES encrypting * the 128-bit quantity x under the key K. AES(K)dec(x) is the corresponding - * decryption opteration. XOR(x,y) is the bitwise exclusive or of x and y. + * decryption operation. XOR(x,y) is the bitwise exclusive or of x and y. * MSB(x) and LSB(y) are the most significant 64 bits and least significant * 64 bits of x and y respectively. * @@ -378,11 +357,7 @@ xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context, if(N == 1) { ret = kwAesId->encrypt(out, inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE, out, outSize, context); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwAesId->encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("kwAesId->encrypt", NULL); return(-1); } } else { @@ -396,11 +371,7 @@ xmlSecKWAesEncode(xmlSecKWAesId kwAesId, void *context, ret = kwAesId->encrypt(block, sizeof(block), block, sizeof(block), context); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwAesId->encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("kwAesId->encrypt", NULL); return(-1); } block[7] ^= t; @@ -440,11 +411,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context, if(N == 1) { ret = kwAesId->decrypt(out, inSize, out, outSize, context); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwAesId->decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("kwAesId->decrypt", NULL); return(-1); } } else { @@ -459,11 +426,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context, ret = kwAesId->decrypt(block, sizeof(block), block, sizeof(block), context); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "kwAesId->decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("kwAesId->decrypt", NULL); return(-1); } memcpy(out, block, 8); @@ -476,11 +439,7 @@ xmlSecKWAesDecode(xmlSecKWAesId kwAesId, void *context, /* check the output */ if(memcmp(xmlSecKWAesMagicBlock, out, XMLSEC_KW_AES_MAGIC_BLOCK_SIZE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "bad magic block"); + xmlSecInvalidDataError("bad magic block", NULL); return(-1); } diff --git a/src/kw_aes_des.h b/src/kw_aes_des.h index 19c98513..58eba886 100644 --- a/src/kw_aes_des.h +++ b/src/kw_aes_des.h @@ -1,5 +1,5 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * THIS IS A PRIVATE XMLSEC HEADER FILE * DON'T USE IT IN YOUR APPLICATION @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * List of pointers. * * This is free software; see Copyright file in the source * distribution for preciese wording. - * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:list + * @Short_description: Generic list structure functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -19,7 +24,6 @@ #include <xmlsec/list.h> #include <xmlsec/errors.h> - static int xmlSecPtrListEnsureSize (xmlSecPtrListPtr list, xmlSecSize size); @@ -60,22 +64,15 @@ xmlSecPtrListCreate(xmlSecPtrListId id) { /* Allocate a new xmlSecPtrList and fill the fields. */ list = (xmlSecPtrListPtr)xmlMalloc(sizeof(xmlSecPtrList)); if(list == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecPtrListKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecPtrList)=%d", - (int)sizeof(xmlSecPtrList)); + xmlSecMallocError(sizeof(xmlSecPtrList), + xmlSecPtrListKlassGetName(id)); return(NULL); } ret = xmlSecPtrListInitialize(list, id); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecPtrListKlassGetName(id)), - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize", + xmlSecPtrListKlassGetName(id)); xmlFree(list); return(NULL); } @@ -186,11 +183,9 @@ xmlSecPtrListCopy(xmlSecPtrListPtr dst, xmlSecPtrListPtr src) { /* allocate memory */ ret = xmlSecPtrListEnsureSize(dst, dst->use + src->use); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecPtrListGetName(src)), - "xmlSecPtrListEnsureSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", src->use); + xmlSecInternalError2("xmlSecPtrListEnsureSize", + xmlSecPtrListGetName(src), + "size=%d", src->use); return(-1); } @@ -202,11 +197,8 @@ xmlSecPtrListCopy(xmlSecPtrListPtr dst, xmlSecPtrListPtr src) { if((dst->id->duplicateItem != NULL) && (src->data[i] != NULL)) { dst->data[dst->use] = dst->id->duplicateItem(src->data[i]); if(dst->data[dst->use] == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecPtrListGetName(src)), - "duplicateItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("duplicateItem", + xmlSecPtrListGetName(src)); return(-1); } } else { @@ -234,21 +226,15 @@ xmlSecPtrListDuplicate(xmlSecPtrListPtr list) { newList = xmlSecPtrListCreate(list->id); if(newList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecPtrListGetName(list)), - "xmlSecPtrListCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListCreate", + xmlSecPtrListGetName(list)); return(NULL); } ret = xmlSecPtrListCopy(newList, list); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecPtrListGetName(list)), - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListCopy", + xmlSecPtrListGetName(list)); xmlSecPtrListDestroy(newList); return(NULL); } @@ -261,7 +247,7 @@ xmlSecPtrListDuplicate(xmlSecPtrListPtr list) { * * Gets list size. * - * Returns: the number of itmes in @list. + * Returns: the number of items in @list. */ xmlSecSize xmlSecPtrListGetSize(xmlSecPtrListPtr list) { @@ -306,11 +292,9 @@ xmlSecPtrListAdd(xmlSecPtrListPtr list, xmlSecPtr item) { ret = xmlSecPtrListEnsureSize(list, list->use + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecPtrListGetName(list)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", list->use + 1); + xmlSecInternalError2("xmlSecPtrListEnsureSize", + xmlSecPtrListGetName(list), + "size=%d", list->use + 1); return(-1); } @@ -474,12 +458,8 @@ xmlSecPtrListEnsureSize(xmlSecPtrListPtr list, xmlSecSize size) { newData = (xmlSecPtr*)xmlMalloc(sizeof(xmlSecPtr) * newSize); } if(newData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecPtrListGetName(list)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecPtr)*%d=%d", - newSize, (int)(sizeof(xmlSecPtr) * newSize)); + xmlSecMallocError(sizeof(xmlSecPtr) * newSize, + xmlSecPtrListGetName(list)); return(-1); } @@ -508,7 +488,7 @@ static xmlSecPtrListKlass xmlSecStringListKlass = { /** * xmlSecStringListGetKlass: * - * The strins list class. + * The strings list class. * * Returns: strings list klass. */ diff --git a/src/membuf.c b/src/membuf.c index 24cca3da..41568c60 100644 --- a/src/membuf.c +++ b/src/membuf.c @@ -1,13 +1,19 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Memory buffer transform * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:membuf + * @Short_description: Memory buffer transform functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -24,7 +30,6 @@ #include <xmlsec/membuf.h> #include <xmlsec/errors.h> - /***************************************************************************** * * Memory Buffer Transform @@ -74,7 +79,7 @@ static xmlSecTransformKlass xmlSecTransformMemBufKlass = { /** * xmlSecTransformMemBufGetKlass: * - * The memory buffer transorm (used to store the data that go through it). + * The memory buffer transform (used to store the data that go through it). * * Returns: memory buffer transform klass. */ @@ -115,11 +120,8 @@ xmlSecTransformMemBufInitialize(xmlSecTransformPtr transform) { ret = xmlSecBufferInitialize(buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -162,31 +164,25 @@ xmlSecTransformMemBufExecute(xmlSecTransformPtr transform, int last, xmlSecTrans /* just copy everything from in to our buffer and out */ ret = xmlSecBufferAppend(buffer, xmlSecBufferGetData(in), inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } ret = xmlSecBufferAppend(out, xmlSecBufferGetData(in), inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -197,11 +193,7 @@ xmlSecTransformMemBufExecute(xmlSecTransformPtr transform, int last, xmlSecTrans /* the only way we can get here is if there is no input */ xmlSecAssert2(inSize == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); diff --git a/src/mscng/Makefile.am b/src/mscng/Makefile.am new file mode 100644 index 00000000..4d9daf3b --- /dev/null +++ b/src/mscng/Makefile.am @@ -0,0 +1,49 @@ +NULL = + +EXTRA_DIST = \ + README \ + $(NULL) + +lib_LTLIBRARIES = \ + libxmlsec1-mscng.la \ + $(NULL) + +libxmlsec1_mscng_la_CPPFLAGS = \ + -DPACKAGE=\"@PACKAGE@\" \ + -I../../include \ + -I$(top_srcdir)/include \ + $(XMLSEC_DEFINES) \ + $(MSCNG_CFLAGS) \ + $(LIBXSLT_CFLAGS) \ + $(LIBXML_CFLAGS) \ + $(NULL) + +libxmlsec1_mscng_la_SOURCES =\ + app.c \ + certkeys.c \ + ciphers.c \ + crypto.c \ + digests.c \ + globals.h \ + hmac.c \ + keysstore.c \ + kt_rsa.c \ + kw_aes.c \ + kw_des.c \ + signatures.c \ + symkeys.c \ + x509.c \ + x509vfy.c \ + $(NULL) + +libxmlsec1_mscng_la_LIBADD = \ + $(MSCNG_LIBS) \ + $(LIBXSLT_LIBS) \ + $(LIBXML_LIBS) \ + ../libxmlsec1.la \ + $(NULL) + +libxmlsec1_mscng_la_LDFLAGS = \ + @XMLSEC_CRYPTO_EXTRA_LDFLAGS@ \ + -version-info @XMLSEC_VERSION_INFO@ \ + $(NULL) diff --git a/src/mscng/README b/src/mscng/README new file mode 100644 index 00000000..72b37baf --- /dev/null +++ b/src/mscng/README @@ -0,0 +1,16 @@ +What version of Windows? +------------------------------------------------------------------------ + +The Microsoft CNG API is a set of BCrypt* and NCrypt* functions. Taking +BCryptOpenAlgorithmProvider() as a representative example, the minimum +supported client is Windows Vista and the minimum supported server is Windows +Server 2008. + +Keys manager with MS Certificate store support. +------------------------------------------------------------------------ + +Similarly to the nss and mscrypto backends, the xmlsec-mscng keys manager is +based on the simple keys store from xmlsec core. If keys are not found in the +simple keys store, then the MS Certificate store (the "MY" store by default, +visible as Personal -> Certificates in certmgr.msc) is used to look up keys. +The certificate store from the OS is a read-only store. diff --git a/src/mscng/app.c b/src/mscng/app.c new file mode 100644 index 00000000..8a54f598 --- /dev/null +++ b/src/mscng/app.c @@ -0,0 +1,824 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:app + * @Short_description: Application support functions for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Stable + * + */ + +#include "globals.h" + +#include <string.h> + +#include <windows.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/keysmngr.h> +#include <xmlsec/xmltree.h> + +#include <xmlsec/mscng/app.h> +#include <xmlsec/mscng/crypto.h> +#include <xmlsec/mscng/symbols.h> +#include <xmlsec/mscng/x509.h> +#include <xmlsec/mscng/certkeys.h> +#include <xmlsec/mscng/keysstore.h> + +/* config info for the mscng keysstore */ +static LPTSTR gXmlSecMSCngAppCertStoreName = NULL; + +/** + * xmlSecMSCngAppInit: + * @config: the path to MSCng configuration (unused). + * + * General crypto engine initialization. This function is used + * by XMLSec command line utility and called before + * @xmlSecInit function. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppInit(const char* config) { + /* initialize MSCng crypto engine */ + + /* config parameter is an ms cert store name */ + if(config != NULL && strlen(config) > 0) { + if(gXmlSecMSCngAppCertStoreName != NULL) { + /* deny double initialization */ + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_CONFIG, NULL, + "config=%s, config already set", + xmlSecErrorsSafeString(config)); + return(-1); + } + + gXmlSecMSCngAppCertStoreName = xmlSecWin32ConvertUtf8ToTstr((const xmlChar*)config); + if(gXmlSecMSCngAppCertStoreName == NULL) { + xmlSecInternalError2("xmlSecWin32ConvertUtf8ToTstr", NULL, + "config=%s", xmlSecErrorsSafeString(config)); + return(-1); + } + } + + return(0); +} + +/** + * xmlSecMSCngAppShutdown: + * + * General crypto engine shutdown. This function is used + * by XMLSec command line utility and called after + * @xmlSecShutdown function. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppShutdown(void) { + /* shutdown MSCng crypto engine */ + if(gXmlSecMSCngAppCertStoreName != NULL) { + xmlFree(gXmlSecMSCngAppCertStoreName); + gXmlSecMSCngAppCertStoreName = NULL; + } + return(0); +} + +/** + * xmlSecMSCngAppGetCertStoreName: + * + * Gets the MS Cng certs store name set by @xmlSecMSCngAppInit function. + * + * Returns: the MS Cng certs name used by xmlsec-mscng. + */ +LPCTSTR +xmlSecMSCngAppGetCertStoreName(void) { + return(gXmlSecMSCngAppCertStoreName); +} + +/** + * xmlSecMSCngAppKeyLoad: + * @filename: the key filename. + * @format: the key file format. + * @pwd: the key file password. + * @pwdCallback: the key password callback. + * @pwdCallbackCtx: the user context for password callback. + * + * Reads key from the a file (not implemented yet). + * + * Returns: pointer to the key or NULL if an error occurs. + */ +xmlSecKeyPtr +xmlSecMSCngAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, + const char *pwd, + void* pwdCallback, + void* pwdCallbackCtx) { + xmlSecBuffer buffer; + xmlSecKeyPtr key = NULL; + int ret; + + xmlSecAssert2(filename != NULL, NULL); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); + + switch(format) { + case xmlSecKeyDataFormatPkcs12: + key = xmlSecMSCngAppPkcs12Load(filename, pwd, pwdCallback, + pwdCallbackCtx); + if(key == NULL) { + xmlSecInternalError("xmlSecMSCngAppPkcs12Load", NULL); + return(NULL); + } + break; + case xmlSecKeyDataFormatCertDer: + ret = xmlSecBufferInitialize(&buffer, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", NULL); + return(NULL); + } + + ret = xmlSecBufferReadFile(&buffer, filename); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); + xmlSecBufferFinalize(&buffer); + return (NULL); + } + + key = xmlSecMSCngAppKeyLoadMemory(xmlSecBufferGetData(&buffer), + xmlSecBufferGetSize(&buffer), format, + pwd, pwdCallback, pwdCallbackCtx); + if(key == NULL) { + xmlSecInternalError("xmlSecMSCngAppKeyLoadMemory", NULL); + xmlSecBufferFinalize(&buffer); + return(NULL); + } + xmlSecBufferFinalize(&buffer); + break; + default: + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, "format=%d", + (int)format); + return(NULL); + break; + } + + return(key); +} + +/** + * xmlSecMSCngAppKeyLoadMemory: + * @data: the key binary data. + * @dataSize: the key binary data size. + * @format: the key data format. + * @pwd: the key data2 password. + * @pwdCallback: the key password callback. + * @pwdCallbackCtx: the user context for password callback. + * + * Reads key from a binary @data. + * + * Returns: pointer to the key or NULL if an error occurs. + */ +xmlSecKeyPtr +xmlSecMSCngAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKeyDataFormat format, + const char *pwd, void* pwdCallback, void* pwdCallbackCtx) { + PCCERT_CONTEXT pCert = NULL; + PCCERT_CONTEXT tmpcert = NULL; + xmlSecKeyDataPtr x509Data = NULL; + xmlSecKeyDataPtr keyData = NULL; + xmlSecKeyPtr key = NULL; + xmlSecKeyPtr res = NULL; + int ret; + + xmlSecAssert2(data != NULL, NULL); + xmlSecAssert2(dataSize > 0, NULL); + xmlSecAssert2(format == xmlSecKeyDataFormatCertDer, NULL); + UNREFERENCED_PARAMETER(pwd); + UNREFERENCED_PARAMETER(pwdCallback); + UNREFERENCED_PARAMETER(pwdCallbackCtx); + + pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize); + if(pCert == NULL) { + xmlSecMSCngLastError("CertCreateCertificateContext", NULL); + goto done; + } + + x509Data = xmlSecKeyDataCreate(xmlSecMSCngKeyDataX509Id); + if(x509Data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", NULL); + goto done; + } + + tmpcert = CertDuplicateCertificateContext(pCert); + if(tmpcert == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + + ret = xmlSecMSCngKeyDataX509AdoptKeyCert(x509Data, tmpcert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + tmpcert = NULL; + + keyData = xmlSecMSCngCertAdopt(pCert, xmlSecKeyDataTypePublic); + if(keyData == NULL) { + xmlSecInternalError("xmlSecMSCngCertAdopt", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + pCert = NULL; + + key = xmlSecKeyCreate(); + if(key == NULL) { + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + + ret = xmlSecKeySetValue(key, keyData); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + keyData = NULL; + + ret = xmlSecKeyAdoptData(key, x509Data); + if(ret < 0) { + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + x509Data = NULL; + + /* success */ + res = key; + key = NULL; +done: + if(pCert != NULL) { + CertFreeCertificateContext(pCert); + } + if(tmpcert != NULL) { + CertFreeCertificateContext(tmpcert); + } + if(x509Data != NULL) { + xmlSecKeyDataDestroy(x509Data); + } + if(keyData != NULL) { + xmlSecKeyDataDestroy(keyData); + } + if(key != NULL) { + xmlSecKeyDestroy(key); + } + + return(res); +} + + +#ifndef XMLSEC_NO_X509 +/** + * xmlSecMSCngAppKeyCertLoad: + * @key: the pointer to key. + * @filename: the certificate filename. + * @format: the certificate file format. + * + * Reads the certificate from $@filename and adds it to key + * (not implemented yet). + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, + xmlSecKeyDataFormat format) { + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(filename != NULL, -1); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); + + /* TODO */ + xmlSecNotImplementedError(NULL); + return(-1); +} + +/** + * xmlSecMSCngAppKeyCertLoadMemory: + * @key: the pointer to key. + * @data: the certificate binary data. + * @dataSize: the certificate binary data size. + * @format: the certificate file format. + * + * Reads the certificate from memory buffer and adds it to key. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSize dataSize, + xmlSecKeyDataFormat format) { + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(dataSize > 0, -1); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); + + /* TODO */ + xmlSecNotImplementedError(NULL); + return(-1); +} + +/** + * xmlSecMSCngAppPkcs12Load: + * @filename: the PKCS12 key filename. + * @pwd: the PKCS12 file password. + * @pwdCallback: the password callback. + * @pwdCallbackCtx: the user context for password callback. + * + * Reads key and all associated certificates from the PKCS12 file + * (not implemented yet). + * For uniformity, call xmlSecMSCngAppKeyLoad instead of this function. Pass + * in format=xmlSecKeyDataFormatPkcs12. + * + * + * Returns: pointer to the key or NULL if an error occurs. + */ +xmlSecKeyPtr +xmlSecMSCngAppPkcs12Load(const char *filename, + const char *pwd, + void* pwdCallback, + void* pwdCallbackCtx) { + xmlSecBuffer buffer; + xmlSecByte* data; + xmlSecKeyPtr key; + int ret; + + xmlSecAssert2(filename != NULL, NULL); + xmlSecAssert2(pwd != NULL, NULL); + + ret = xmlSecBufferInitialize(&buffer, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", NULL); + return(NULL); + } + + ret = xmlSecBufferReadFile(&buffer, filename); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferReadFile", NULL, "filename=%s", + xmlSecErrorsSafeString(filename)); + return(NULL); + } + + data = xmlSecBufferGetData(&buffer); + if(data == NULL) { + xmlSecInternalError("xmlSecBufferGetData", NULL); + xmlSecBufferFinalize(&buffer); + return(NULL); + } + + key = xmlSecMSCngAppPkcs12LoadMemory(data, xmlSecBufferGetSize(&buffer), + pwd, pwdCallback, pwdCallbackCtx); + if(key == NULL) { + xmlSecInternalError("xmlSecMSCngAppPkcs12LoadMemory", NULL); + xmlSecBufferFinalize(&buffer); + return(NULL); + } + + xmlSecBufferFinalize(&buffer); + return(key); +} + +/** + * xmlSecMSCngAppPkcs12LoadMemory: + * @data: the key binary data. + * @dataSize: the key binary data size. + * @pwd: the PKCS12 password. + * @pwdCallback: the password callback. + * @pwdCallbackCtx: the user context for password callback. + * + * Reads key and all associated certificates from the PKCS12 binary data. + * For uniformity, call xmlSecMSCngAppKeyLoad instead of this function. Pass + * in format=xmlSecKeyDataFormatPkcs12. + * + * Returns: pointer to the key or NULL if an error occurs. + */ +xmlSecKeyPtr +xmlSecMSCngAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const char *pwd, + void *pwdCallback, + void* pwdCallbackCtx) { + UNREFERENCED_PARAMETER(pwdCallback); + UNREFERENCED_PARAMETER(pwdCallbackCtx); + CRYPT_DATA_BLOB pfx; + xmlSecKeyPtr key = NULL; + WCHAR* pwdWideChar = NULL; + HCERTSTORE certStore = NULL; + xmlSecKeyDataPtr keyData = NULL; + xmlSecKeyDataPtr privKeyData = NULL; + PCCERT_CONTEXT cert = NULL; + PCCERT_CONTEXT certDuplicate = NULL; + int ret; + + xmlSecAssert2(data != NULL, NULL); + xmlSecAssert2(dataSize > 1, NULL); + xmlSecAssert2(pwd != NULL, NULL); + + memset(&pfx, 0, sizeof(pfx)); + pfx.pbData = (BYTE *)data; + pfx.cbData = dataSize; + ret = PFXIsPFXBlob(&pfx); + if(ret == FALSE) { + xmlSecMSCngLastError("PFXIsPFXBlob", NULL); + return(NULL); + } + + pwdWideChar = xmlSecWin32ConvertLocaleToUnicode(pwd); + if(pwdWideChar == NULL) { + xmlSecInternalError("xmlSecWin32ConvertLocaleToUnicode", NULL); + goto cleanup; + } + + ret = PFXVerifyPassword(&pfx, pwdWideChar, 0); + if(ret == FALSE) { + xmlSecMSCngLastError("PFXVerifyPassword", NULL); + goto cleanup; + } + + DWORD flags = CRYPT_EXPORTABLE; + if (!xmlSecImportGetPersistKey()) { + flags |= PKCS12_NO_PERSIST_KEY; + } + certStore = PFXImportCertStore(&pfx, pwdWideChar, flags); + if(certStore == NULL) { + xmlSecMSCngLastError("PFXImportCertStore", NULL); + goto cleanup; + } + + keyData = xmlSecKeyDataCreate(xmlSecMSCngKeyDataX509Id); + if(keyData == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", NULL); + goto cleanup; + } + + /* enumerate over certifiates in the store */ + while((cert = CertEnumCertificatesInStore(certStore, cert)) != NULL) { + DWORD dwData = 0; + DWORD dwDataLen = sizeof(DWORD); + + ret = CertGetCertificateContextProperty(cert, CERT_KEY_SPEC_PROP_ID, + &dwData, &dwDataLen); + if(ret == TRUE) { + /* adopt private key */ + certDuplicate = CertDuplicateCertificateContext(cert); + if(certDuplicate == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", NULL); + goto cleanup; + } + + privKeyData = xmlSecMSCngCertAdopt(certDuplicate, + xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + if(privKeyData == NULL) { + xmlSecInternalError("xmlSecMSCngCertAdopt", NULL); + goto cleanup; + } + certDuplicate = NULL; + } + + /* adopt certificate */ + certDuplicate = CertDuplicateCertificateContext(cert); + if(certDuplicate == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", NULL); + goto cleanup; + } + + ret = xmlSecMSCngKeyDataX509AdoptCert(keyData, certDuplicate); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptKeyCert", NULL); + goto cleanup; + } + certDuplicate = NULL; + } + + /* at this point we should have a private key */ + if(privKeyData == NULL) { + xmlSecInternalError2("xmlSecMSCngAppPkcs12LoadMemory", + xmlSecKeyDataGetName(keyData), "privKeyData is NULL", NULL); + goto cleanup; + } + + key = xmlSecKeyCreate(); + if(key == NULL) { + xmlSecInternalError("xmlSecKeyCreate", NULL); + goto cleanup; + } + + ret = xmlSecKeySetValue(key, privKeyData); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetValue", NULL); + xmlSecKeyDestroy(key); + key = NULL; + goto cleanup; + } + privKeyData = NULL; + + ret = xmlSecKeyAdoptData(key, keyData); + if(ret < 0) { + xmlSecInternalError("xmlSecKeyAdoptData", NULL); + xmlSecKeyDestroy(key); + key = NULL; + goto cleanup; + } + keyData = NULL; + +cleanup: + if(certStore != NULL) { + CertCloseStore(certStore, 0); + } + if(pwdWideChar != NULL) { + xmlFree(pwdWideChar); + } + if(keyData != NULL) { + xmlSecKeyDataDestroy(keyData); + } + if(privKeyData != NULL) { + xmlSecKeyDataDestroy(privKeyData); + } + if(certDuplicate != NULL) { + CertFreeCertificateContext(certDuplicate); + } + return(key); +} + +/** + * xmlSecMSCngAppKeysMngrCertLoad: + * @mngr: the keys manager. + * @filename: the certificate file. + * @format: the certificate file format. + * @type: the flag that indicates is the certificate in @filename + * trusted or not. + * + * Reads cert from @filename and adds to the list of trusted or known + * untrusted certs in @store (not implemented yet). + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, + xmlSecKeyDataFormat format, + xmlSecKeyDataType type ATTRIBUTE_UNUSED) { + xmlSecBuffer buffer; + int ret; + + xmlSecAssert2(mngr != NULL, -1); + xmlSecAssert2(filename != NULL, -1); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); + + ret = xmlSecBufferInitialize(&buffer, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", NULL); + return(-1); + } + + ret = xmlSecBufferReadFile(&buffer, filename); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); + xmlSecBufferFinalize(&buffer); + return(-1); + } + + ret = xmlSecMSCngAppKeysMngrCertLoadMemory(mngr, xmlSecBufferGetData(&buffer), + xmlSecBufferGetSize(&buffer), format, type); + if(ret < 0) { + xmlSecInternalError2("xmlSecMSCngAppKeysMngrCertLoadMemory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); + xmlSecBufferFinalize(&buffer); + return(-1); + } + + xmlSecBufferFinalize(&buffer); + return(ret); +} + +/** + * xmlSecMSCngAppKeysMngrCertLoadMemory: + * @mngr: the pointer to keys manager. + * @data: the key binary data. + * @dataSize: the key binary data size. + * @format: the certificate format (PEM or DER). + * @type: the certificate type (trusted/untrusted). + * + * Reads cert from @data and adds to the list of trusted or known + * untrusted certs in @store + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* data, + xmlSecSize dataSize, xmlSecKeyDataFormat format, + xmlSecKeyDataType type) { + xmlSecKeyDataStorePtr x509Store; + PCCERT_CONTEXT pCert = NULL; + int ret; + + xmlSecAssert2(mngr != NULL, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); + + x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId); + if(x509Store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetDataStore(xmlSecMSCngX509StoreId)", NULL); + return(-1); + } + + switch (format) { + case xmlSecKeyDataFormatDer: + pCert = CertCreateCertificateContext( + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + data, + dataSize); + if(pCert == NULL) { + xmlSecMSCngLastError("CertCreateCertificateContext", NULL) + return(-1); + } + break; + default: + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); + return(-1); + break; + } + + xmlSecAssert2(pCert != NULL, -1); + ret = xmlSecMSCngX509StoreAdoptCert(x509Store, pCert, type); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509StoreAdoptCert", NULL); + CertFreeCertificateContext(pCert); + return(-1); + } + + return(0); +} + +#endif /* XMLSEC_NO_X509 */ + +/** + * xmlSecMSCngAppDefaultKeysMngrInit: + * @mngr: the pointer to keys manager. + * + * Initializes @mngr with simple keys store #xmlSecSimpleKeysStoreId + * and a default MSCng crypto key data stores. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { + int ret; + + xmlSecAssert2(mngr != NULL, -1); + + /* create MSCng keys store if needed */ + if(xmlSecKeysMngrGetKeysStore(mngr) == NULL) { + xmlSecKeyStorePtr keysStore; + + keysStore = xmlSecKeyStoreCreate(xmlSecMSCngKeysStoreId); + if(keysStore == NULL) { + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecMSCngKeysStoreId)", NULL); + return(-1); + } + + ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore); + if(ret < 0) { + xmlSecInternalError("xmlSecKeysMngrAdoptKeysStore", NULL); + xmlSecKeyStoreDestroy(keysStore); + return(-1); + } + } + + ret = xmlSecMSCngKeysMngrInit(mngr); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeysMngrInit", NULL); + return(-1); + } + + mngr->getKey = xmlSecKeysMngrGetKey; + return(0); +} + +/** + * xmlSecMSCngAppDefaultKeysMngrAdoptKey: + * @mngr: the pointer to keys manager. + * @key: the pointer to key. + * + * Adds @key to the keys manager @mngr created with #xmlSecMSCngAppDefaultKeysMngrInit + * function. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) { + xmlSecKeyStorePtr store; + int ret; + + xmlSecAssert2(mngr != NULL, -1); + xmlSecAssert2(key != NULL, -1); + + store = xmlSecKeysMngrGetKeysStore(mngr); + if(store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); + return(-1); + } + + ret = xmlSecMSCngKeysStoreAdoptKey(store, key); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeysStoreAdoptKey", NULL); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngAppDefaultKeysMngrLoad: + * @mngr: the pointer to keys manager. + * @uri: the uri. + * + * Loads XML keys file from @uri to the keys manager @mngr created + * with #xmlSecMSCngAppDefaultKeysMngrInit function. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { + xmlSecKeyStorePtr store; + int ret; + + xmlSecAssert2(mngr != NULL, -1); + xmlSecAssert2(uri != NULL, -1); + + store = xmlSecKeysMngrGetKeysStore(mngr); + if(store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); + return(-1); + } + + ret = xmlSecMSCngKeysStoreLoad(store, uri, mngr); + if(ret < 0) { + xmlSecInternalError2("xmlSecMSCngKeysStoreLoad", NULL, "uri=%s", + xmlSecErrorsSafeString(uri)); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngAppDefaultKeysMngrSave: + * @mngr: the pointer to keys manager. + * @filename: the destination filename. + * @type: the type of keys to save (public/private/symmetric). + * + * Saves keys from @mngr to XML keys file. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xmlSecKeyDataType type) { + xmlSecKeyStorePtr store; + int ret; + + xmlSecAssert2(mngr != NULL, -1); + xmlSecAssert2(filename != NULL, -1); + + store = xmlSecKeysMngrGetKeysStore(mngr); + if(store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); + return(-1); + } + + ret = xmlSecMSCngKeysStoreSave(store, filename, type); + if(ret < 0) { + xmlSecInternalError2("xmlSecMSCngKeysStoreSave", NULL, "filename%s", + xmlSecErrorsSafeString(filename)); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngAppGetDefaultPwdCallback: + * + * Gets default password callback. + * + * Returns: default password callback. + */ +void* +xmlSecMSCngAppGetDefaultPwdCallback(void) { + /* TODO */ + return(NULL); +} + diff --git a/src/mscng/certkeys.c b/src/mscng/certkeys.c new file mode 100644 index 00000000..55cfde26 --- /dev/null +++ b/src/mscng/certkeys.c @@ -0,0 +1,1649 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:certkeys + * @Short_description: Certificate keys support functions for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Stable + * + */ + +#include "globals.h" + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <wincrypt.h> +#include <ntstatus.h> +#include <bcrypt.h> +#include <ncrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/bn.h> + +#include <xmlsec/mscng/crypto.h> + +typedef struct _xmlSecMSCngKeyDataCtx xmlSecMSCngKeyDataCtx, + *xmlSecMSCngKeyDataCtxPtr; + +struct _xmlSecMSCngKeyDataCtx { + PCCERT_CONTEXT cert; + NCRYPT_KEY_HANDLE privkey; + BCRYPT_KEY_HANDLE pubkey; +}; + +#define xmlSecMSCngKeyDataSize \ + (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCngKeyDataCtx)) +#define xmlSecMSCngKeyDataGetCtx(data) \ + ((xmlSecMSCngKeyDataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData))) + +static int xmlSecMSCngKeyDataGetSize(xmlSecKeyDataPtr data); + +static int +xmlSecMSCngKeyDataCertGetPubkey(PCCERT_CONTEXT cert, BCRYPT_KEY_HANDLE* key) { + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(key != NULL, -1); + + if(!CryptImportPublicKeyInfoEx2(X509_ASN_ENCODING, + &cert->pCertInfo->SubjectPublicKeyInfo, + 0, + NULL, + key)) { + xmlSecMSCngLastError("CryptImportPublicKeyInfoEx2", NULL); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngKeyDataCertGetPrivkey(PCCERT_CONTEXT cert, NCRYPT_KEY_HANDLE* key) { + int ret; + + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(key != NULL, -1); + + DWORD keySpec = 0; + BOOL callerFree = FALSE; + + ret = CryptAcquireCertificatePrivateKey( + cert, + CRYPT_ACQUIRE_COMPARE_KEY_FLAG | CRYPT_ACQUIRE_ONLY_NCRYPT_KEY_FLAG, + NULL, + key, + &keySpec, + &callerFree); + if(ret == FALSE) { + xmlSecMSCngLastError("CryptAcquireCertificatePrivateKey", NULL); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngKeyDataAdoptCert: + * @data: the pointer to MSCng pccert data. + * @cert: the pointer to PCCERT key. + * + * Sets the value of key data. + * + * Returns: 0 on success or a negative value otherwise. + */ +static int +xmlSecMSCngKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert, xmlSecKeyDataType type) { + xmlSecMSCngKeyDataCtxPtr ctx; + BCRYPT_KEY_HANDLE hPubKey; + int ret; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize), -1); + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(cert->pCertInfo != NULL, -1); + xmlSecAssert2((type & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate)) != 0, -1); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pubkey == NULL, -1); + xmlSecAssert2(ctx->cert == NULL, -1); + + /* acquire the CNG key handle from the certificate */ + if((type & xmlSecKeyDataTypePrivate) != 0) { + NCRYPT_KEY_HANDLE hPrivKey; + + ret = xmlSecMSCngKeyDataCertGetPrivkey(cert, &hPrivKey); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataCertGetPrivkey", NULL); + return(-1); + } + + ctx->privkey = hPrivKey; + } + + ret = xmlSecMSCngKeyDataCertGetPubkey(cert, &hPubKey); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataCertGetPubkey", NULL); + return(-1); + } + + ctx->pubkey = hPubKey; + ctx->cert = cert; + + return(0); +} + +static int +xmlSecMSCngKeyDataAdoptKey(xmlSecKeyDataPtr data, BCRYPT_KEY_HANDLE hPubKey) { + xmlSecMSCngKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize), -1); + xmlSecAssert2(hPubKey != NULL, -1); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pubkey == NULL, -1); + + ctx->pubkey = hPubKey; + + return(0); +} + +/** + * xmlSecMSCngCertAdopt: + * @pCert: the pointer to cert. + * @type: the expected key type. + * + * Creates key data value from the cert. + * + * Returns: pointer to newly created xmlsec key or NULL if an error occurs. + */ +xmlSecKeyDataPtr +xmlSecMSCngCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { + xmlSecKeyDataPtr data = NULL; + int ret; + + xmlSecAssert2(pCert != NULL, NULL); + xmlSecAssert2(pCert->pCertInfo != NULL, NULL); + xmlSecAssert2(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId != NULL, NULL); + +#ifndef XMLSEC_NO_DSA + if(!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_X957_DSA)) { + data = xmlSecKeyDataCreate(xmlSecMSCngKeyDataDsaId); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataDsaId)", NULL); + return(NULL); + } + } +#endif /* XMLSEC_NO_DSA */ + +#ifndef XMLSEC_NO_RSA + if(!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_RSA_RSA)) { + data = xmlSecKeyDataCreate(xmlSecMSCngKeyDataRsaId); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataRsaId)", NULL); + return(NULL); + } + } +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_ECDSA + if(!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_ECC_PUBLIC_KEY)) { + data = xmlSecKeyDataCreate(xmlSecMSCngKeyDataEcdsaId); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataEcdsaId)", NULL); + return(NULL); + } + } +#endif /* XMLSEC_NO_ECDSA */ + + if(data == NULL) { + xmlSecInvalidStringTypeError("PCCERT_CONTEXT key type", + pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, + "unsupported keytype", + NULL); + return(NULL); + } + + ret = xmlSecMSCngKeyDataAdoptCert(data, pCert, type); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataAdoptCert", NULL); + xmlSecKeyDataDestroy(data); + return(NULL); + } + + return(data); +} + +/** + * xmlSecMSCngKeyDataGetPubKey: + * @data: the key data to retrieve certificate from. + * + * Native MSCng public key retrieval from xmlsec keydata. The returned key must + * not be destroyed by the caller. + * + * Returns: key on success or 0 otherwise. + */ +BCRYPT_KEY_HANDLE +xmlSecMSCngKeyDataGetPubKey(xmlSecKeyDataPtr data) { + xmlSecMSCngKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), 0); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize), 0); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + + return(ctx->pubkey); +} + +/** + * xmlSecMSCngKeyDataGetPrivKey: + * @data: the key data to retrieve certificate from. + * + * Native MSCng private key retrieval from xmlsec keydata. The returned key + * must not be destroyed by the caller. + * + * Returns: key on success or 0 otherwise. + */ +NCRYPT_KEY_HANDLE +xmlSecMSCngKeyDataGetPrivKey(xmlSecKeyDataPtr data) { + xmlSecMSCngKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), 0); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize), 0); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + + return(ctx->privkey); +} + +static int +xmlSecMSCngKeyDataInitialize(xmlSecKeyDataPtr data) { + xmlSecMSCngKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize), -1); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + memset(ctx, 0, sizeof(xmlSecMSCngKeyDataCtx)); + + return(0); +} + +static void +xmlSecMSCngKeyDataFinalize(xmlSecKeyDataPtr data) { + xmlSecMSCngKeyDataCtxPtr ctx; + NTSTATUS status; + + xmlSecAssert(xmlSecKeyDataIsValid(data)); + xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize)); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert(ctx != NULL); + + if(ctx->privkey != 0) { + status = NCryptFreeObject(ctx->privkey); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDestroyKey", NULL, status); + } + } + + if(ctx->pubkey != 0) { + status = BCryptDestroyKey(ctx->pubkey); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDestroyKey", NULL, status); + } + } + + if(ctx->cert != NULL) { + CertFreeCertificateContext(ctx->cert); + } + + memset(ctx, 0, sizeof(xmlSecMSCngKeyDataCtx)); +} + +static int +xmlSecMSCngKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecMSCngKeyDataCtxPtr dstCtx; + xmlSecMSCngKeyDataCtxPtr srcCtx; + NTSTATUS status; + DWORD cbBlob = 0; + PUCHAR pbBlob; + BCRYPT_ALG_HANDLE hAlg = NULL; + LPCWSTR pszAlgId; + int ret; + + xmlSecAssert2(xmlSecKeyDataIsValid(dst), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(dst, xmlSecMSCngKeyDataSize), -1); + xmlSecAssert2(xmlSecKeyDataIsValid(src), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(src, xmlSecMSCngKeyDataSize), -1); + + dstCtx = xmlSecMSCngKeyDataGetCtx(dst); + xmlSecAssert2(dstCtx != NULL, -1); + xmlSecAssert2(dstCtx->cert == NULL, -1); + xmlSecAssert2(dstCtx->privkey == 0, -1); + xmlSecAssert2(dstCtx->pubkey == NULL, -1); + + srcCtx = xmlSecMSCngKeyDataGetCtx(src); + xmlSecAssert2(srcCtx != NULL, -1); + + if(srcCtx->cert != NULL) { + dstCtx->cert = CertDuplicateCertificateContext(srcCtx->cert); + if(dstCtx->cert == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", NULL); + return(-1); + } + } + + if(srcCtx->privkey != 0) { + ret = xmlSecMSCngKeyDataCertGetPrivkey(dstCtx->cert, &dstCtx->privkey); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataCertGetPrivkey", NULL); + return(-1); + } + } + + if(dstCtx->cert != NULL) { + /* avoid BCryptDuplicateKey() here as that works for symmetric keys only */ + ret = xmlSecMSCngKeyDataCertGetPubkey(dstCtx->cert, &dstCtx->pubkey); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataCertGetPubkey", NULL); + return(-1); + } + } else if(srcCtx->pubkey != NULL) { + /* BCryptDuplicateKey() works with symmetric keys only, so go with + * export + import instead */ + status = BCryptExportKey(srcCtx->pubkey, + NULL, + BCRYPT_PUBLIC_KEY_BLOB, + NULL, + 0, + &cbBlob, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptExportKey", NULL, status); + return(-1); + } + + pbBlob = (PUCHAR)xmlMalloc(cbBlob); + if(pbBlob == NULL) { + xmlSecMallocError(cbBlob, NULL); + return(-1); + } + + status = BCryptExportKey(srcCtx->pubkey, + NULL, + BCRYPT_PUBLIC_KEY_BLOB, + pbBlob, + cbBlob, + &cbBlob, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptExportKey", NULL, status); + xmlFree(pbBlob); + return(-1); + } + + switch(((BCRYPT_KEY_BLOB*)pbBlob)->Magic) { +#ifndef XMLSEC_NO_DSA + case BCRYPT_DSA_PUBLIC_MAGIC: + pszAlgId = BCRYPT_DSA_ALGORITHM; + break; +#endif +#ifndef XMLSEC_NO_RSA + case BCRYPT_RSAPUBLIC_MAGIC: + pszAlgId = BCRYPT_RSA_ALGORITHM; + break; +#endif + default: + xmlSecNotImplementedError(NULL); + xmlFree(pbBlob); + return(-1); + } + + status = BCryptOpenAlgorithmProvider( + &hAlg, + pszAlgId, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", + NULL, status); + xmlFree(pbBlob); + return(-1); + } + + status = BCryptImportKeyPair(hAlg, NULL, BCRYPT_PUBLIC_KEY_BLOB, &dstCtx->pubkey, pbBlob, + cbBlob, 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptImportKeyPair", + NULL, status); + xmlFree(pbBlob); + BCryptCloseAlgorithmProvider(hAlg, 0); + return(-1); + } + + xmlFree(pbBlob); + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(0); +} + +#ifndef XMLSEC_NO_DSA +static int +xmlSecMSCngKeyDataDsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCngKeyDataDsaId), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCngKeyDataDsaId), -1); + + return(xmlSecMSCngKeyDataDuplicate(dst, src)); +} + +static xmlSecKeyDataType +xmlSecMSCngKeyDataDsaGetType(xmlSecKeyDataPtr data) { + xmlSecMSCngKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataDsaId), xmlSecKeyDataTypeUnknown); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown); + + if(ctx->privkey != 0) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } + + return(xmlSecKeyDataTypePublic); +} + +static xmlSecSize +xmlSecMSCngKeyDataDsaGetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataDsaId), 0); + + return(xmlSecMSCngKeyDataGetSize(data)); +} + +static int +xmlSecMSCngKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecBn p; + xmlSecBn q; + xmlSecBn g; + xmlSecBn y; + xmlSecBuffer blob; + xmlNodePtr cur; + xmlSecSize length; + xmlSecSize offset; + xmlSecSize blobLen; + unsigned char* blobData; + BCRYPT_DSA_KEY_BLOB* dsakey; + LPCWSTR lpszBlobType; + BCRYPT_KEY_HANDLE hKey = NULL; + NTSTATUS status; + BCRYPT_ALG_HANDLE hAlg = NULL; + xmlSecKeyDataPtr keyData = NULL; + int res = -1; + int ret; + + xmlSecAssert2(id == xmlSecMSCngKeyDataDsaId, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + if(xmlSecKeyGetValue(key) != NULL) { + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), "key already has a value"); + return(-1); + } + + /* initialize buffers */ + ret = xmlSecBnInitialize(&p, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBnInitialize(p)", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + + ret = xmlSecBnInitialize(&q, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBnInitialize(q)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBnFinalize(&p); + return(-1); + } + + ret = xmlSecBnInitialize(&g, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBnInitialize(g)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBnFinalize(&p); + xmlSecBnFinalize(&q); + return(-1); + } + + ret = xmlSecBnInitialize(&y, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBnInitialize(g)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBnFinalize(&p); + xmlSecBnFinalize(&q); + xmlSecBnFinalize(&g); + return(-1); + } + + ret = xmlSecBufferInitialize(&blob, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecKeyDataKlassGetName(id)); + xmlSecBnFinalize(&p); + xmlSecBnFinalize(&q); + xmlSecBnFinalize(&g); + xmlSecBnFinalize(&y); + return(-1); + } + + /* read xml */ + cur = xmlSecGetNextElementNode(node->children); + + /* P node */ + if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) { + xmlSecInvalidNodeError(cur, xmlSecNodeDSAP, + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + /* 0 as both the XML and CNG works with big-endian */ + ret = xmlSecBnGetNodeValue(&p, cur, xmlSecBnBase64, 0); + if((ret < 0) || (xmlSecBnGetSize(&p) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue(p)", + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + cur = xmlSecGetNextElementNode(cur->next); + + /* Q node */ + if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) { + xmlSecInvalidNodeError(cur, xmlSecNodeDSAQ, + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + ret = xmlSecBnGetNodeValue(&q, cur, xmlSecBnBase64, 0); + if((ret < 0) || (xmlSecBnGetSize(&q) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue(q)", + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + cur = xmlSecGetNextElementNode(cur->next); + + /* G node */ + if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) { + xmlSecInvalidNodeError(cur, xmlSecNodeDSAG, + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + ret = xmlSecBnGetNodeValue(&g, cur, xmlSecBnBase64, 0); + if((ret < 0) || (xmlSecBnGetSize(&q) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue(g)", + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + cur = xmlSecGetNextElementNode(cur->next); + + /* TODO X node */ + if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) { + cur = xmlSecGetNextElementNode(cur->next); + } + + /* Y node */ + if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) { + xmlSecInvalidNodeError(cur, xmlSecNodeDSAY, + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + ret = xmlSecBnGetNodeValue(&y, cur, xmlSecBnBase64, 0); + if((ret < 0) || (xmlSecBnGetSize(&y) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue(y)", + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + cur = xmlSecGetNextElementNode(cur->next); + + /* TODO J node */ + if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAJ, xmlSecDSigNs))) { + cur = xmlSecGetNextElementNode(cur->next); + } + + /* TODO Seed node */ + if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSASeed, xmlSecDSigNs))) { + cur = xmlSecGetNextElementNode(cur->next); + } + + /* TODO PgenCounter node */ + if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAPgenCounter, xmlSecDSigNs))) { + cur = xmlSecGetNextElementNode(cur->next); + } + + if(cur != NULL) { + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); + goto done; + } + + /* turn the read data into a public key blob, as documented at + * <https://msdn.microsoft.com/library/windows/desktop/aa833126.aspx>: Q is + * part of the struct, need to write P, G, Y after it */ + length = xmlSecBnGetSize(&p); + offset = sizeof(BCRYPT_DSA_KEY_BLOB); + blobLen = offset + length * 3; + + ret = xmlSecBufferSetSize(&blob, blobLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", blobLen); + goto done; + } + + blobData = xmlSecBufferGetData(&blob); + dsakey = (BCRYPT_DSA_KEY_BLOB *)blobData; + dsakey->cbKey = length; + + memset(dsakey->Count, -1, sizeof(dsakey->Count)); + memset(dsakey->Seed, -1, sizeof(dsakey->Seed)); + + if(xmlSecBnGetSize(&q) != 20) { + xmlSecInternalError("assumed sizeof(q) == 20", xmlSecKeyDataKlassGetName(id)); + goto done; + } + + memcpy(dsakey->q, xmlSecBnGetData(&q), 20); + + memcpy(blobData + offset, xmlSecBnGetData(&p), length); + offset += length; + + if(xmlSecBnGetSize(&g) != xmlSecBnGetSize(&p)) { + xmlSecInternalError("assumed sizeof(g) == sizeof(p)", xmlSecKeyDataKlassGetName(id)); + goto done; + } + + memcpy(blobData + offset, xmlSecBnGetData(&g), length); + offset += length; + + if(xmlSecBnGetSize(&y) != xmlSecBnGetSize(&p)) { + xmlSecInternalError("assumed sizeof(y) == sizeof(p)", xmlSecKeyDataKlassGetName(id)); + goto done; + } + + memcpy(blobData + offset, xmlSecBnGetData(&y), length); + + lpszBlobType = BCRYPT_DSA_PUBLIC_BLOB; + dsakey->dwMagic = BCRYPT_DSA_PUBLIC_MAGIC; + + status = BCryptOpenAlgorithmProvider( + &hAlg, + BCRYPT_DSA_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", + xmlSecKeyDataKlassGetName(id), status); + goto done; + } + + status = BCryptImportKeyPair(hAlg, NULL, lpszBlobType, &hKey, blobData, + blobLen, 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptImportKeyPair", + xmlSecKeyDataKlassGetName(id), status); + goto done; + } + + keyData = xmlSecKeyDataCreate(id); + if(keyData == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + ret = xmlSecMSCngKeyDataAdoptKey(keyData, hKey); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataAdoptKey", + xmlSecKeyDataGetName(keyData)); + goto done; + } + + hKey = 0; + ret = xmlSecKeySetValue(key, keyData); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(keyData)); + goto done; + } + + keyData = NULL; + res = 0; + +done: + xmlSecBnFinalize(&p); + xmlSecBnFinalize(&q); + xmlSecBnFinalize(&g); + xmlSecBnFinalize(&y); + xmlSecBufferFinalize(&blob); + + if(hAlg != 0) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + if(hKey != 0) { + BCryptDestroyKey(hKey); + } + + return(res); +} + +static int +xmlSecMSCngKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecMSCngKeyDataCtxPtr ctx; + NTSTATUS status; + xmlSecBuffer buf; + xmlSecByte* bufData; + DWORD bufLen; + BCRYPT_DSA_KEY_BLOB* dsakey; + xmlNodePtr cur; + int ret; + + xmlSecAssert2(id == xmlSecMSCngKeyDataDsaId, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), + xmlSecMSCngKeyDataDsaId), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + ctx = xmlSecMSCngKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pubkey, -1); + + /* turn ctx->pubkey into dsakey */ + status = BCryptExportKey(ctx->pubkey, + NULL, + BCRYPT_DSA_PUBLIC_BLOB, + NULL, + 0, + &bufLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptExportKey", xmlSecKeyDataKlassGetName(id), + status); + return(-1); + } + + ret = xmlSecBufferInitialize(&buf, bufLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferInitialize", + xmlSecKeyDataKlassGetName(id), "size=%ld", bufLen); + return(-1); + } + + bufData = xmlSecBufferGetData(&buf); + dsakey = (BCRYPT_DSA_KEY_BLOB*)bufData; + + status = BCryptExportKey(ctx->pubkey, + NULL, + BCRYPT_DSA_PUBLIC_BLOB, + (PUCHAR)dsakey, + bufLen, + &bufLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptExportKey", xmlSecKeyDataKlassGetName(id), + status); + xmlSecBufferFinalize(&buf); + return(-1); + } + + /* write dsaykey in XML format, see xmlSecMSCngKeyDataDsaXmlRead() on the + * memory layout of bufData: the struct contains Q, and P, G, Y follows it */ + + /* P node */ + cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecAddChild(p)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + /* reverse is 0, both CNG and XML is big-endian */ + bufData += sizeof(BCRYPT_DSA_KEY_BLOB); + ret = xmlSecBnBlobSetNodeValue(bufData, dsakey->cbKey, cur, xmlSecBnBase64, 0, 1); + if(ret < 0) { + xmlSecInternalError("xmlSecBnBlobSetNodeValue(p)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + /* Q node */ + cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecAddChild(q)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + /* 20 is the documented size of BCRYPT_DSA_KEY_BLOB.q */ + ret = xmlSecBnBlobSetNodeValue((xmlSecByte*)dsakey->q, 20, cur, xmlSecBnBase64, 0, 1); + if(ret < 0) { + xmlSecInternalError("xmlSecBnBlobSetNodeValue(q)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + /* G node */ + cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecAddChild(g)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + bufData += dsakey->cbKey; + ret = xmlSecBnBlobSetNodeValue(bufData, dsakey->cbKey, cur, xmlSecBnBase64, 0, 1); + if(ret < 0) { + xmlSecInternalError("xmlSecBnBlobSetNodeValue(g)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + /* Y node */ + cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecAddChild(y)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + bufData += dsakey->cbKey; + ret = xmlSecBnBlobSetNodeValue(bufData, dsakey->cbKey, cur, xmlSecBnBase64, 0, 1); + if(ret < 0) { + xmlSecInternalError("xmlSecBnBlobSetNodeValue(y)", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + xmlSecBufferFinalize(&buf); + + return(0); +} + +static void +xmlSecMSCngKeyDataDsaDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataDsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== rsa key: size = %d\n", + (int)xmlSecMSCngKeyDataDsaGetSize(data)); +} + +static void xmlSecMSCngKeyDataDsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataDsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "<DSAKeyValue size=\"%d\" />\n", + (int)xmlSecMSCngKeyDataDsaGetSize(data)); +} + +static int +xmlSecMSCngKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, + xmlSecKeyDataType type) { + UNREFERENCED_PARAMETER(type); + xmlSecMSCngKeyDataCtxPtr ctx; + BCRYPT_ALG_HANDLE hAlg = 0; + BCRYPT_KEY_HANDLE hKey = 0; + int res = -1; + NTSTATUS status; + int ret; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize), xmlSecKeyDataTypeUnknown); + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataDsaId), -1); + xmlSecAssert2(sizeBits > 0, -1); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + status = BCryptOpenAlgorithmProvider( + &hAlg, + BCRYPT_DSA_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", + xmlSecKeyDataGetName(data), status); + goto done; + } + + status = BCryptGenerateKeyPair( + hAlg, + &hKey, + sizeBits, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGenerateKeyPair", xmlSecKeyDataGetName(data), + status); + goto done; + } + + /* need to finalize the key before it can be used */ + status = BCryptFinalizeKeyPair(hKey, 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptFinalizeKeyPair", xmlSecKeyDataGetName(data), + status); + goto done; + } + + ret = xmlSecMSCngKeyDataAdoptKey(data, hKey); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); + goto done; + } + hKey = 0; + + /* success */ + res = 0; + +done: + if (hKey != 0) { + BCryptDestroyKey(hKey); + } + + if (hAlg != 0) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(res); +} + +static xmlSecKeyDataKlass xmlSecMSCngKeyDataDsaKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecMSCngKeyDataSize, + + /* data */ + xmlSecNameDSAKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefDSAKeyValue, /* const xmlChar* href; */ + xmlSecNodeDSAKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCngKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCngKeyDataDsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCngKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecMSCngKeyDataDsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCngKeyDataDsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCngKeyDataDsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + xmlSecMSCngKeyDataDsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecMSCngKeyDataDsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCngKeyDataDsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCngKeyDataDsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeyDataDsaGetKlass: + * + * The MSCng DSA CertKey data klass. + * + * Returns: pointer to MSCng DSA key data klass. + */ +xmlSecKeyDataId +xmlSecMSCngKeyDataDsaGetKlass(void) { + return(&xmlSecMSCngKeyDataDsaKlass); +} +#endif /* XMLSEC_NO_DSA */ + +#ifndef XMLSEC_NO_RSA +static int +xmlSecMSCngKeyDataRsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCngKeyDataRsaId), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCngKeyDataRsaId), -1); + + return(xmlSecMSCngKeyDataDuplicate(dst, src)); +} + +static xmlSecKeyDataType +xmlSecMSCngKeyDataRsaGetType(xmlSecKeyDataPtr data) { + xmlSecMSCngKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataRsaId), xmlSecKeyDataTypeUnknown); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown); + + if(ctx->privkey != 0) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } + + return(xmlSecKeyDataTypePublic); +} + +static int +xmlSecMSCngKeyDataGetSize(xmlSecKeyDataPtr data) { + NTSTATUS status; + xmlSecMSCngKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), 0); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize), 0); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, 0); + + if(ctx->cert != NULL) { + xmlSecAssert2(ctx->cert->pCertInfo != NULL, 0); + return(CertGetPublicKeyLength(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &ctx->cert->pCertInfo->SubjectPublicKeyInfo)); + } else if(ctx->pubkey != 0) { + DWORD length = 0; + DWORD lenlen = sizeof(DWORD); + + status = BCryptGetProperty(ctx->pubkey, + BCRYPT_KEY_STRENGTH, + (PUCHAR)&length, + lenlen, + &lenlen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetproperty", NULL, status); + return(0); + } + + return(length); + } else if(ctx->privkey != 0) { + xmlSecNotImplementedError(NULL); + return(0); + } + + return(0); +} + +static xmlSecSize +xmlSecMSCngKeyDataRsaGetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataRsaId), 0); + + return(xmlSecMSCngKeyDataGetSize(data)); +} + + +static void +xmlSecMSCngKeyDataRsaDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataRsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== rsa key: size = %d\n", + (int)xmlSecMSCngKeyDataRsaGetSize(data)); +} + +static void xmlSecMSCngKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataRsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "<RSAKeyValue size=\"%d\" />\n", + (int)xmlSecMSCngKeyDataRsaGetSize(data)); +} + +static int +xmlSecMSCngKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecBn modulus, exponent; + xmlSecBuffer blob; + xmlSecSize blobBufferLen; + xmlSecSize offset; + BCRYPT_RSAKEY_BLOB* rsakey; + LPCWSTR lpszBlobType; + BCRYPT_ALG_HANDLE hAlg = NULL; + xmlSecKeyDataPtr keyData = NULL; + BCRYPT_KEY_HANDLE hKey = 0; + xmlNodePtr cur; + int res = -1; + NTSTATUS status; + int ret; + + xmlSecAssert2(id == xmlSecMSCngKeyDataRsaId, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + if(xmlSecKeyGetValue(key) != NULL) { + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); + return(-1); + } + + /* initialize buffers */ + ret = xmlSecBnInitialize(&modulus, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBnInitialize", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + + ret = xmlSecBnInitialize(&exponent, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBnInitialize", + xmlSecKeyDataKlassGetName(id)); + xmlSecBnFinalize(&modulus); + return(-1); + } + + ret = xmlSecBufferInitialize(&blob, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecKeyDataKlassGetName(id)); + xmlSecBnFinalize(&modulus); + xmlSecBnFinalize(&exponent); + return(-1); + } + + /* read xml */ + cur = xmlSecGetNextElementNode(node->children); + + /* first is Modulus node, it is required because we do not support Seed and PgenCounter */ + if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) { + xmlSecInvalidNodeError(cur, xmlSecNodeRSAModulus, + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + /* 0 as both the XML and CNG works with big-endian */ + ret = xmlSecBnGetNodeValue(&modulus, cur, xmlSecBnBase64, 0); + if((ret < 0) || (xmlSecBnGetSize(&modulus) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue", + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + cur = xmlSecGetNextElementNode(cur->next); + + /* next is Exponent node, it is required because we do not support Seed and PgenCounter */ + if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { + xmlSecInvalidNodeError(cur, xmlSecNodeRSAExponent, xmlSecKeyDataKlassGetName(id)); + goto done; + } + + ret = xmlSecBnGetNodeValue(&exponent, cur, xmlSecBnBase64, 0); + if((ret < 0) || (xmlSecBnGetSize(&exponent) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue", + xmlSecKeyDataKlassGetName(id)); + goto done; + } + cur = xmlSecGetNextElementNode(cur->next); + + /* TODO X node */ + if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) { + cur = xmlSecGetNextElementNode(cur->next); + } + + if(cur != NULL) { + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); + goto done; + } + + /* turn the read data into a public key blob, as documented at + * <https://msdn.microsoft.com/en-us/library/windows/desktop/aa375531(v=vs.85).aspx>: + * need to write exponent and modulus after the struct */ + blobBufferLen = sizeof(BCRYPT_RSAKEY_BLOB) + xmlSecBnGetSize(&exponent) + + xmlSecBnGetSize(&modulus); + ret = xmlSecBufferSetSize(&blob, blobBufferLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecKeyDataKlassGetName(id), "size=%d", blobBufferLen); + goto done; + } + + rsakey = (BCRYPT_RSAKEY_BLOB *)xmlSecBufferGetData(&blob); + rsakey->Magic = BCRYPT_RSAPUBLIC_MAGIC; + rsakey->BitLength = xmlSecBnGetSize(&modulus) * 8; + rsakey->cbPublicExp = xmlSecBnGetSize(&exponent); + rsakey->cbModulus = xmlSecBnGetSize(&modulus); + offset = sizeof(BCRYPT_RSAKEY_BLOB); + + memcpy(xmlSecBufferGetData(&blob) + offset, xmlSecBnGetData(&exponent), + xmlSecBnGetSize(&exponent)); + offset += xmlSecBnGetSize(&exponent); + + memcpy(xmlSecBufferGetData(&blob) + offset, xmlSecBnGetData(&modulus), + xmlSecBnGetSize(&modulus)); + + lpszBlobType = BCRYPT_RSAPUBLIC_BLOB; + + status = BCryptOpenAlgorithmProvider( + &hAlg, + BCRYPT_RSA_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", + xmlSecKeyDataKlassGetName(id), status); + goto done; + } + + status = BCryptImportKeyPair(hAlg, NULL, lpszBlobType, &hKey, + xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptImportKeyPair", + xmlSecKeyDataKlassGetName(id), status); + goto done; + } + + keyData = xmlSecKeyDataCreate(id); + if(keyData == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); + goto done; + } + + ret = xmlSecMSCngKeyDataAdoptKey(keyData, hKey); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataAdoptKey", + xmlSecKeyDataGetName(keyData)); + goto done; + } + + hKey = 0; + ret = xmlSecKeySetValue(key, keyData); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(keyData)); + goto done; + } + + keyData = NULL; + res = 0; + +done: + xmlSecBnFinalize(&exponent); + xmlSecBnFinalize(&modulus); + xmlSecBufferFinalize(&blob); + + if(hKey != 0) { + BCryptDestroyKey(hKey); + } + + if(hAlg != 0) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(res); +} + +static int +xmlSecMSCngKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecMSCngKeyDataCtxPtr ctx; + NTSTATUS status; + xmlSecBuffer buf; + xmlSecByte* bufData; + DWORD bufLen; + BCRYPT_RSAKEY_BLOB* rsakey; + xmlNodePtr cur; + int ret; + + xmlSecAssert2(id == xmlSecMSCngKeyDataRsaId, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), + xmlSecMSCngKeyDataRsaId), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + ctx = xmlSecMSCngKeyDataGetCtx(xmlSecKeyGetValue(key)); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pubkey, -1); + + /* turn ctx->pubkey into rsakey */ + status = BCryptExportKey(ctx->pubkey, + NULL, + BCRYPT_RSAPUBLIC_BLOB, + NULL, + 0, + &bufLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptExportKey", xmlSecKeyDataKlassGetName(id), + status); + return(-1); + } + + ret = xmlSecBufferInitialize(&buf, bufLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferInitialize", + xmlSecKeyDataKlassGetName(id), "size=%ld", bufLen); + return(-1); + } + + bufData = xmlSecBufferGetData(&buf); + rsakey = (BCRYPT_RSAKEY_BLOB*)bufData; + + status = BCryptExportKey(ctx->pubkey, + NULL, + BCRYPT_RSAPUBLIC_BLOB, + (PUCHAR)rsakey, + bufLen, + &bufLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptExportKey", xmlSecKeyDataKlassGetName(id), + status); + xmlSecBufferFinalize(&buf); + return(-1); + } + + /* write rsaykey in XML format, see xmlSecMSCngKeyDataRsaXmlRead() on the + * memory layout of bufData: the struct is followed by Exponent and Modulus */ + + /* Modulus node */ + cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + bufData += sizeof(BCRYPT_RSAKEY_BLOB) + rsakey->cbPublicExp; + ret = xmlSecBnBlobSetNodeValue(bufData, rsakey->cbModulus, cur, xmlSecBnBase64, 0, 1); + if(ret < 0) { + xmlSecInternalError("xmlSecBnBlobSetNodeValue", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + /* Exponent node */ + cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + bufData = xmlSecBufferGetData(&buf); + bufData += sizeof(BCRYPT_RSAKEY_BLOB); + ret = xmlSecBnBlobSetNodeValue(bufData, rsakey->cbPublicExp, cur, xmlSecBnBase64, 0, 1); + if(ret < 0) { + xmlSecInternalError("xmlSecBnBlobSetNodeValue", + xmlSecKeyDataKlassGetName(id)); + xmlSecBufferFinalize(&buf); + return(-1); + } + + xmlSecBufferFinalize(&buf); + + return(0); +} + +static int +xmlSecMSCngKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, + xmlSecKeyDataType type) { + UNREFERENCED_PARAMETER(type); + xmlSecMSCngKeyDataCtxPtr ctx; + BCRYPT_ALG_HANDLE hAlg = 0; + BCRYPT_KEY_HANDLE hKey = 0; + int res = -1; + NTSTATUS status; + int ret; + + xmlSecAssert2(xmlSecKeyDataIsValid(data), xmlSecKeyDataTypeUnknown); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCngKeyDataSize), xmlSecKeyDataTypeUnknown); + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataRsaId), -1); + xmlSecAssert2(sizeBits > 0, -1); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + status = BCryptOpenAlgorithmProvider( + &hAlg, + BCRYPT_RSA_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", + xmlSecKeyDataGetName(data), status); + goto done; + } + + status = BCryptGenerateKeyPair( + hAlg, + &hKey, + sizeBits, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGenerateKeyPair", xmlSecKeyDataGetName(data), + status); + goto done; + } + + /* need to finalize the key before it can be used */ + status = BCryptFinalizeKeyPair(hKey, 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptFinalizeKeyPair", xmlSecKeyDataGetName(data), + status); + goto done; + } + + ret = xmlSecMSCngKeyDataAdoptKey(data, hKey); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); + goto done; + } + hKey = 0; + + /* success */ + res = 0; + +done: + if (hKey != 0) { + BCryptDestroyKey(hKey); + } + + if (hAlg != 0) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(res); +} + +static xmlSecKeyDataKlass xmlSecMSCngKeyDataRsaKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecMSCngKeyDataSize, + + /* data */ + xmlSecNameRSAKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefRSAKeyValue, /* const xmlChar* href; */ + xmlSecNodeRSAKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCngKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCngKeyDataRsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCngKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecMSCngKeyDataRsaGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCngKeyDataRsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCngKeyDataRsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + xmlSecMSCngKeyDataRsaXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecMSCngKeyDataRsaXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCngKeyDataRsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCngKeyDataRsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeyDataRsaGetKlass: + * + * The MSCng RSA CertKey data klass. + * + * Returns: pointer to MSCng RSA key data klass. + */ +xmlSecKeyDataId +xmlSecMSCngKeyDataRsaGetKlass(void) { + return(&xmlSecMSCngKeyDataRsaKlass); +} +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_ECDSA +static int +xmlSecMSCngKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCngKeyDataEcdsaId), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCngKeyDataEcdsaId), -1); + + return(xmlSecMSCngKeyDataDuplicate(dst, src)); +} + +static xmlSecKeyDataType +xmlSecMSCngKeyDataEcdsaGetType(xmlSecKeyDataPtr data) { + xmlSecMSCngKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataEcdsaId), xmlSecKeyDataTypeUnknown); + + ctx = xmlSecMSCngKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, xmlSecKeyDataTypeUnknown); + + if(ctx->privkey != 0) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } + + return(xmlSecKeyDataTypePublic); +} + +static xmlSecSize +xmlSecMSCngKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataEcdsaId), 0); + + return(xmlSecMSCngKeyDataGetSize(data)); +} + + +static void +xmlSecMSCngKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataEcdsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== rsa key: size = %d\n", + (int)xmlSecMSCngKeyDataEcdsaGetSize(data)); +} + +static void xmlSecMSCngKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataEcdsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "<ECDSAKeyValue size=\"%d\" />\n", + (int)xmlSecMSCngKeyDataEcdsaGetSize(data)); +} + +static xmlSecKeyDataKlass xmlSecMSCngKeyDataEcdsaKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecMSCngKeyDataSize, + + /* data */ + xmlSecNameECDSAKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefECDSAKeyValue, /* const xmlChar* href; */ + xmlSecNodeECDSAKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCngKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCngKeyDataEcdsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCngKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCngKeyDataEcdsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCngKeyDataEcdsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCngKeyDataEcdsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCngKeyDataEcdsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeyDataEcdsaGetKlass: + * + * The MSCng ECDSA CertKey data klass. + * + * Returns: pointer to MSCng ECDSA key data klass. + */ +xmlSecKeyDataId +xmlSecMSCngKeyDataEcdsaGetKlass(void) { + return(&xmlSecMSCngKeyDataEcdsaKlass); +} +#endif /* XMLSEC_NO_ECDSA */ diff --git a/src/mscng/ciphers.c b/src/mscng/ciphers.c new file mode 100644 index 00000000..a4bef208 --- /dev/null +++ b/src/mscng/ciphers.c @@ -0,0 +1,1529 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:ciphers + * @Short_description: Ciphers transforms implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ +#include "globals.h" + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> +#include <ncrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/bn.h> + +#include <xmlsec/mscng/crypto.h> + +/************************************************************************** + * + * Internal MSCng Block cipher CTX + * + *****************************************************************************/ +typedef struct _xmlSecMSCngBlockCipherCtx xmlSecMSCngBlockCipherCtx, *xmlSecMSCngBlockCipherCtxPtr; + +struct _xmlSecMSCngBlockCipherCtx { + LPCWSTR pszAlgId; + BCRYPT_ALG_HANDLE hAlg; + BCRYPT_KEY_HANDLE hKey; + BCRYPT_AUTHENTICATED_CIPHER_MODE_INFO authInfo; + PBYTE pbIV; + ULONG cbIV; + PBYTE pbKeyObject; + DWORD dwBlockLen; + xmlSecKeyDataId keyId; + xmlSecSize keySize; + int cbcMode; + int ctxInitialized; +}; + +#define xmlSecMSCngBlockCipherSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecMSCngBlockCipherCtx)) +#define xmlSecMSCngBlockCipherGetCtx(transform) \ + ((xmlSecMSCngBlockCipherCtxPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform))) + +#define xmlSecMSCngAesGcmNonceLengthInBytes 12 +#define xmlSecMSCngAesGcmTagLengthInBytes 16 + +static int +xmlSecMSCngBlockCipherCheckId(xmlSecTransformPtr transform) { +#ifndef XMLSEC_NO_AES + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformAes128CbcId)) { + return(1); + } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformAes192CbcId)) { + return(1); + } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformAes256CbcId)) { + return(1); + } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformAes128GcmId)) { + return(1); + } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformAes192GcmId)) { + return(1); + } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformAes256GcmId)) { + return(1); + } +#endif /* XMLSEC_NO_AES */ + +#ifndef XMLSEC_NO_DES + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformDes3CbcId)) { + return(1); + } +#endif /* XMLSEC_NO_DES */ + + return(0); +} + +static int +xmlSecMSCngBlockCipherInitialize(xmlSecTransformPtr transform) { + xmlSecMSCngBlockCipherCtxPtr ctx; + NTSTATUS status; + + xmlSecAssert2(xmlSecMSCngBlockCipherCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngBlockCipherSize), -1); + + ctx = xmlSecMSCngBlockCipherGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + memset(ctx, 0, sizeof(xmlSecMSCngBlockCipherCtx)); + +#ifndef XMLSEC_NO_AES + if(transform->id == xmlSecMSCngTransformAes128CbcId) { + ctx->pszAlgId = BCRYPT_AES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataAesId; + ctx->keySize = 16; + ctx->cbcMode = 1; + } else if(transform->id == xmlSecMSCngTransformAes192CbcId) { + ctx->pszAlgId = BCRYPT_AES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataAesId; + ctx->keySize = 24; + ctx->cbcMode = 1; + } else if(transform->id == xmlSecMSCngTransformAes256CbcId) { + ctx->pszAlgId = BCRYPT_AES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataAesId; + ctx->keySize = 32; + ctx->cbcMode = 1; + } else if(transform->id == xmlSecMSCngTransformAes128GcmId) { + ctx->pszAlgId = BCRYPT_AES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataAesId; + ctx->keySize = 16; + ctx->cbcMode = 0; + } else if(transform->id == xmlSecMSCngTransformAes192GcmId) { + ctx->pszAlgId = BCRYPT_AES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataAesId; + ctx->keySize = 24; + ctx->cbcMode = 0; + } else if(transform->id == xmlSecMSCngTransformAes256GcmId) { + ctx->pszAlgId = BCRYPT_AES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataAesId; + ctx->keySize = 32; + ctx->cbcMode = 0; + } else +#endif /* XMLSEC_NO_AES */ + +#ifndef XMLSEC_NO_DES + if(transform->id == xmlSecMSCngTransformDes3CbcId) { + ctx->pszAlgId = BCRYPT_3DES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataDesId; + ctx->keySize = 24; + ctx->cbcMode = 1; + } else +#endif /* XMLSEC_NO_DES */ + + { + xmlSecInvalidTransfromError(transform) + return(-1); + } + + status = BCryptOpenAlgorithmProvider( + &ctx->hAlg, + ctx->pszAlgId, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", + xmlSecTransformGetName(transform), status); + return(-1); + } + + if(ctx->cbcMode) { + status = BCryptSetProperty(ctx->hAlg, + BCRYPT_CHAINING_MODE, + (PUCHAR)BCRYPT_CHAIN_MODE_CBC, + sizeof(BCRYPT_CHAIN_MODE_CBC), + 0); + } else { + status = BCryptSetProperty(ctx->hAlg, + BCRYPT_CHAINING_MODE, + (PUCHAR)BCRYPT_CHAIN_MODE_GCM, + sizeof(BCRYPT_CHAIN_MODE_GCM), + 0); + } + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptSetProperty", xmlSecTransformGetName(transform), status); + return(-1); + } + + ctx->ctxInitialized = 0; + + return(0); +} + +static void +xmlSecMSCngBlockCipherFinalize(xmlSecTransformPtr transform) { + xmlSecMSCngBlockCipherCtxPtr ctx; + + xmlSecAssert(xmlSecMSCngBlockCipherCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCngBlockCipherSize)); + + ctx = xmlSecMSCngBlockCipherGetCtx(transform); + xmlSecAssert(ctx != NULL); + + if(ctx->pbIV != NULL) { + xmlFree(ctx->pbIV); + } + + if(ctx->authInfo.pbNonce != NULL) { + xmlFree(ctx->authInfo.pbNonce); + } + if(ctx->authInfo.pbTag != NULL) { + xmlFree(ctx->authInfo.pbTag); + } + if(ctx->authInfo.pbMacContext != NULL) { + xmlFree(ctx->authInfo.pbMacContext); + } + + if(ctx->hKey != NULL) { + BCryptDestroyKey(ctx->hKey); + } + + if(ctx->pbKeyObject != NULL) { + xmlFree(ctx->pbKeyObject); + } + + if(ctx->hAlg != NULL) { + BCryptCloseAlgorithmProvider(ctx->hAlg, 0); + } + + memset(ctx, 0, sizeof(xmlSecMSCngBlockCipherCtx)); +} + +static int +xmlSecMSCngBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecMSCngBlockCipherCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngBlockCipherCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngBlockCipherSize), -1); + xmlSecAssert2(keyReq != NULL, -1); + + ctx = xmlSecMSCngBlockCipherGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hAlg != 0, -1); + + keyReq->keyId = ctx->keyId; + keyReq->keyType = xmlSecKeyDataTypeSymmetric; + if(transform->operation == xmlSecTransformOperationEncrypt) { + keyReq->keyUsage = xmlSecKeyUsageEncrypt; + } else { + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + } + + keyReq->keyBitsSize = 8 * ctx->keySize; + return(0); +} + +static int +xmlSecMSCngBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecMSCngBlockCipherCtxPtr ctx; + xmlSecBufferPtr buffer; + xmlSecBuffer blob; + BCRYPT_KEY_DATA_BLOB_HEADER* blobHeader; + xmlSecSize blobHeaderLen; + BYTE* bufData; + DWORD dwKeyObjectLength, bytesWritten; + NTSTATUS status; + int ret; + + xmlSecAssert2(xmlSecMSCngBlockCipherCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngBlockCipherSize), -1); + xmlSecAssert2(key != NULL, -1); + + /* get the symmetric key into bufData */ + ctx = xmlSecMSCngBlockCipherGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hKey == 0, -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); + xmlSecAssert2(ctx->keySize > 0, -1); + xmlSecAssert2(ctx->pbKeyObject == NULL, -1); + + buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); + xmlSecAssert2(buffer != NULL, -1); + + if(xmlSecBufferGetSize(buffer) < ctx->keySize) { + xmlSecInvalidKeyDataSizeError(xmlSecBufferGetSize(buffer), ctx->keySize, + xmlSecTransformGetName(transform)); + return(-1); + } + + bufData = xmlSecBufferGetData(buffer); + xmlSecAssert2(bufData != NULL, -1); + + /* allocate the key object */ + dwKeyObjectLength = 0; + status = BCryptGetProperty(ctx->hAlg, + BCRYPT_OBJECT_LENGTH, + (PUCHAR)&dwKeyObjectLength, + (ULONG)sizeof(DWORD), + &bytesWritten, 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", + xmlSecTransformGetName(transform), status); + return(-1); + } + + ctx->pbKeyObject = xmlMalloc(dwKeyObjectLength); + if(ctx->pbKeyObject == NULL) { + xmlSecMallocError(dwKeyObjectLength, xmlSecTransformGetName(transform)); + return(-1); + } + + /* prefix the key with a BCRYPT_KEY_DATA_BLOB_HEADER */ + blobHeaderLen = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + xmlSecBufferGetSize(buffer); + ret = xmlSecBufferInitialize(&blob, blobHeaderLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferInitialize", + xmlSecTransformGetName(transform), "size=%d", blobHeaderLen); + return(-1); + } + + blobHeader = (BCRYPT_KEY_DATA_BLOB_HEADER*)xmlSecBufferGetData(&blob); + blobHeader->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; + blobHeader->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; + blobHeader->cbKeyData = (ULONG)xmlSecBufferGetSize(buffer); + memcpy(xmlSecBufferGetData(&blob) + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER), + bufData, xmlSecBufferGetSize(buffer)); + xmlSecBufferSetSize(&blob, blobHeaderLen); + + /* perform the actual import */ + status = BCryptImportKey(ctx->hAlg, + NULL, + BCRYPT_KEY_DATA_BLOB, + &ctx->hKey, + ctx->pbKeyObject, + dwKeyObjectLength, + xmlSecBufferGetData(&blob), + (ULONG)xmlSecBufferGetSize(&blob), + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptImportKey", + xmlSecTransformGetName(transform), status); + xmlSecBufferFinalize(&blob); + return(-1); + } + + xmlSecBufferFinalize(&blob); + + return(0); +} + +static int xmlSecMSCngCBCBlockCipherCtxInit(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { + + NTSTATUS status; + int ret; + + /* unreferenced parameter */ + (void)transformCtx; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hKey != 0, -1); + xmlSecAssert2(ctx->ctxInitialized == 0, -1); + xmlSecAssert2(ctx->dwBlockLen > 0, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + /* iv len == block len */ + ctx->cbIV = ctx->dwBlockLen; + + if(encrypt) { + unsigned char* iv; + xmlSecSize outSize; + + /* allocate space for IV */ + outSize = xmlSecBufferGetSize(out); + ret = xmlSecBufferSetSize(out, outSize + ctx->dwBlockLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + ctx->dwBlockLen); + return(-1); + } + iv = xmlSecBufferGetData(out) + outSize; + + /* generate and use random iv */ + status = BCryptGenRandom(NULL, + (PBYTE)iv, + ctx->dwBlockLen, + BCRYPT_USE_SYSTEM_PREFERRED_RNG); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGenRandom", cipherName, status); + return(-1); + } + + if(ctx->pbIV == NULL) { + ctx->pbIV = xmlMalloc(ctx->dwBlockLen); + } + if(ctx->pbIV == NULL) { + xmlSecMallocError(ctx->dwBlockLen, cipherName); + return(-1); + } + + memcpy(ctx->pbIV, iv, ctx->dwBlockLen); + } else { + /* if we don't have enough data, exit and hope that + * we'll have iv next time */ + if(xmlSecBufferGetSize(in) < XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen)) { + return(0); + } + xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); + + /* set iv */ + ctx->pbIV = xmlMalloc(ctx->dwBlockLen); + if(ctx->pbIV == NULL) { + xmlSecMallocError(ctx->dwBlockLen, cipherName); + return(-1); + } + memcpy(ctx->pbIV, xmlSecBufferGetData(in), ctx->dwBlockLen); + + /* and remove from input */ + ret = xmlSecBufferRemoveHead(in, ctx->dwBlockLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", ctx->dwBlockLen); + return(-1); + + } + } + + ctx->ctxInitialized = 1; + return(0); +} + +static int xmlSecMSCngGCMBlockCipherCtxInit(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, int last, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { + + NTSTATUS status; + int ret; + xmlSecByte *bufferPtr; + xmlSecSize bufferSize; + DWORD bytesRead; + BCRYPT_AUTH_TAG_LENGTHS_STRUCT authTagLengths; + + /* unreferenced parameter */ + (void)transformCtx; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hKey != 0, -1); + xmlSecAssert2(ctx->ctxInitialized == 0, -1); + xmlSecAssert2(ctx->dwBlockLen > 0, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + /* Check that we haven't already allocated space for the nonce. Might + * happen if the context is initialised more that once */ + if(ctx->authInfo.pbNonce == NULL) { + ctx->authInfo.pbNonce = xmlMalloc(xmlSecMSCngAesGcmNonceLengthInBytes); + if(ctx->authInfo.pbNonce == NULL) { + xmlSecMallocError(xmlSecMSCngAesGcmNonceLengthInBytes, cipherName); + return(-1); + } + } + ctx->authInfo.cbNonce = xmlSecMSCngAesGcmNonceLengthInBytes; + + /* Tag length is 128 bits */ + /* See http://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM */ + if(ctx->authInfo.pbTag == NULL) { + ctx->authInfo.pbTag = xmlMalloc(xmlSecMSCngAesGcmTagLengthInBytes); + if(ctx->authInfo.pbTag == NULL) { + xmlSecMallocError(xmlSecMSCngAesGcmTagLengthInBytes, cipherName); + return(-1); + } + } + memset(ctx->authInfo.pbTag, 0, xmlSecMSCngAesGcmTagLengthInBytes); + ctx->authInfo.cbTag = xmlSecMSCngAesGcmTagLengthInBytes; + + if(last == 0) { + /* Need some working buffers */ + + /* iv len == block len */ + if(ctx->pbIV == NULL) { + ctx->pbIV = xmlMalloc(ctx->dwBlockLen); + if(ctx->pbIV == NULL) { + xmlSecMallocError(ctx->dwBlockLen, cipherName); + return(-1); + } + } + ctx->cbIV = ctx->dwBlockLen; + memset(ctx->pbIV, 0, ctx->dwBlockLen); + + /* Setup an empty MAC context if we're chaining calls */ + status = BCryptGetProperty(ctx->hAlg, + BCRYPT_AUTH_TAG_LENGTH, + (PUCHAR)&authTagLengths, + (ULONG)sizeof(authTagLengths), + &bytesRead, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", cipherName, status); + return(-1); + } + + if(ctx->authInfo.pbMacContext == NULL) { + ctx->authInfo.pbMacContext = xmlMalloc(authTagLengths.dwMaxLength); + if(ctx->authInfo.pbMacContext == NULL) { + xmlSecMallocError(authTagLengths.dwMaxLength, cipherName); + return(-1); + } + } + ctx->authInfo.cbMacContext = authTagLengths.dwMaxLength; + memset(ctx->authInfo.pbMacContext, 0, authTagLengths.dwMaxLength); + ctx->authInfo.dwFlags |= BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG; + } else { + ctx->pbIV = NULL; + ctx->cbIV = 0; + } + + if(encrypt) { + + /* allocate space for nonce in the output buffer - it is 96 bits for GCM mode */ + /* See http://www.w3.org/TR/xmlenc-core1/#sec-AES-GCM */ + bufferSize = xmlSecBufferGetSize(out); + ret = xmlSecBufferSetSize(out, bufferSize + xmlSecMSCngAesGcmNonceLengthInBytes); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", bufferSize + xmlSecMSCngAesGcmNonceLengthInBytes); + return(-1); + } + bufferPtr = xmlSecBufferGetData(out) + bufferSize; + + /* generate and use random nonce */ + status = BCryptGenRandom(NULL, + (PBYTE)bufferPtr, + xmlSecMSCngAesGcmNonceLengthInBytes, + BCRYPT_USE_SYSTEM_PREFERRED_RNG); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGenRandom", cipherName, status); + return(-1); + } + /* copy the nonce into the padding info */ + memcpy(ctx->authInfo.pbNonce, bufferPtr, xmlSecMSCngAesGcmNonceLengthInBytes); + + } else { + /* if we don't have enough data, exit and hope that + we'll have the nonce next time */ + bufferSize = xmlSecBufferGetSize(in); + if(bufferSize < xmlSecMSCngAesGcmNonceLengthInBytes) { + return(0); + } + + bufferPtr = xmlSecBufferGetData(in); + + xmlSecAssert2(bufferPtr != NULL, -1); + + /* set nonce */ + memcpy(ctx->authInfo.pbNonce, bufferPtr, xmlSecMSCngAesGcmNonceLengthInBytes); + + /* remove nonce from input */ + ret = xmlSecBufferRemoveHead(in, xmlSecMSCngAesGcmNonceLengthInBytes); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", xmlSecMSCngAesGcmNonceLengthInBytes); + return(-1); + } + } + + ctx->ctxInitialized = 1; + return(0); +} + +static int +xmlSecMSCngBlockCipherCtxInit(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, int last, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { + NTSTATUS status; + DWORD dwBlockLenLen; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hKey != 0, -1); + xmlSecAssert2(ctx->hAlg != 0, -1); + xmlSecAssert2(ctx->ctxInitialized == 0, -1); + + /* Get the cipher block length */ + dwBlockLenLen = sizeof(DWORD); + status = BCryptGetProperty(ctx->hAlg, + BCRYPT_BLOCK_LENGTH, + (PUCHAR)&ctx->dwBlockLen, + sizeof(ctx->dwBlockLen), + &dwBlockLenLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", cipherName, status); + return(-1); + } + + xmlSecAssert2(ctx->dwBlockLen > 0, -1); + + if(ctx->cbcMode) { + return xmlSecMSCngCBCBlockCipherCtxInit(ctx, in, out, encrypt, + cipherName, transformCtx); + } else { + return xmlSecMSCngGCMBlockCipherCtxInit(ctx, in, out, encrypt, last, + cipherName, transformCtx); + } +} + +static int +xmlSecMSCngCBCBlockCipherCtxUpdate(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { + xmlSecSize inSize, inBlocks, outSize; + unsigned char* outBuf; + unsigned char* inBuf; + DWORD dwCLen; + NTSTATUS status; + int ret; + + /* unreferenced parameter */ + (void)transformCtx; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->ctxInitialized != 0, -1); + xmlSecAssert2(ctx->dwBlockLen > 0, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + inSize = xmlSecBufferGetSize(in); + outSize = xmlSecBufferGetSize(out); + + if(inSize < XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen)) { + return(0); + } + + if(encrypt) { + inBlocks = inSize / XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen); + } else { + /* we want to have the last block in the input buffer + * for padding check */ + inBlocks = (inSize - 1) / XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen); + } + inSize = inBlocks * XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen); + + /* we write out the input size plus maybe one block */ + ret = xmlSecBufferSetMaxSize(out, outSize + inSize + ctx->dwBlockLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + inSize + ctx->dwBlockLen); + return(-1); + } + outBuf = xmlSecBufferGetData(out) + outSize; + inBuf = xmlSecBufferGetData(in); + xmlSecAssert2(inBuf != NULL, -1); + + dwCLen = (DWORD)inSize; + if(encrypt) { + status = BCryptEncrypt(ctx->hKey, + inBuf, + (ULONG)inSize, + NULL, + ctx->pbIV, + ctx->cbIV, + outBuf, + (ULONG)inSize, + &dwCLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptEncrypt", cipherName, status); + return(-1); + } + + /* check if we really have encrypted the numbers of bytes that we + * requested */ + if(dwCLen != inSize) { + xmlSecInternalError2("BCryptEncrypt", cipherName, "size=%ld", + dwCLen); + return(-1); + } + } else { + status = BCryptDecrypt(ctx->hKey, + inBuf, + (ULONG)inSize, + NULL, + ctx->pbIV, + ctx->cbIV, + outBuf, + (ULONG)inSize, + &dwCLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDecrypt", cipherName, status); + return(-1); + } + + /* check if we really have decrypted the numbers of bytes that we + * requested */ + if(dwCLen != inSize) { + xmlSecInternalError2("BCryptDecrypt", cipherName, "size=%ld", + dwCLen); + return(-1); + } + } + + /* set correct output buffer size */ + ret = xmlSecBufferSetSize(out, outSize + inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, "size=%d", + outSize + inSize); + return(-1); + } + + /* remove the processed block from input */ + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, "size=%d", + inSize); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngGCMBlockCipherCtxUpdate(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, int last, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { + + NTSTATUS status; + xmlSecSize inSize, outSize; + xmlSecByte *inBuf, *outBuf; + DWORD dwCLen; + int ret; + + /* unreferenced parameter */ + (void)transformCtx; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->ctxInitialized != 0, -1); + xmlSecAssert2(ctx->dwBlockLen > 0, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + if(last != 0) { + /* We handle everything in finalize for the last block of data */ + return(0); + } + + inBuf = xmlSecBufferGetData(in); + xmlSecAssert2(inBuf != NULL, -1); + + if(xmlSecBufferGetSize(in) < ctx->dwBlockLen) { + return 0; + } + + if(encrypt) { + /* Round to the block size. We will finalize this later */ + inSize = (xmlSecBufferGetSize(in) / XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen)) * XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen); + } else { + /* If we've been called here, we know there is more data + * to come, but we don't know how much. The spec tells us that + * the tag is the last 16 bytes of the data when decrypting, so to make sure + * we don't try to decrypt it, we leave at least 16 bytes in the buffer + * until we know we're processing the last one */ + inSize = ((xmlSecBufferGetSize(in) - xmlSecMSCngAesGcmTagLengthInBytes) / XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen)) * XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen); + if (inSize < ctx->dwBlockLen) { + return 0; + } + } + + outSize = xmlSecBufferGetSize(out); + ret = xmlSecBufferSetMaxSize(out, outSize + inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + inSize); + return(-1); + } + + outBuf = xmlSecBufferGetData(out) + outSize; + + dwCLen = 0; + if(encrypt) { + status = BCryptEncrypt(ctx->hKey, + inBuf, + (ULONG)inSize, + &ctx->authInfo, + ctx->pbIV, + ctx->cbIV, + outBuf, + (ULONG)inSize, + &dwCLen, + 0); + + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptEncrypt", cipherName, status); + return(-1); + } + + /* check if we really have encrypted the numbers of bytes that we + * requested */ + if(dwCLen != inSize) { + xmlSecInternalError2("BCryptEncrypt", cipherName, "size=%ld", + dwCLen); + return(-1); + } + + } else { + status = BCryptDecrypt(ctx->hKey, + inBuf, + (ULONG)inSize, + &ctx->authInfo, + ctx->pbIV, + ctx->cbIV, + outBuf, + (ULONG)inSize, + &dwCLen, + 0); + + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDecrypt", cipherName, status); + return(-1); + } + + /* check if we really have decrypted the numbers of bytes that we + * requested */ + if(dwCLen != inSize) { + xmlSecInternalError2("BCryptDecrypt", cipherName, "size=%ld", + dwCLen); + return(-1); + } + } + + /* set correct output buffer size */ + ret = xmlSecBufferSetSize(out, outSize + dwCLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, "size=%d", + outSize + dwCLen); + return(-1); + } + + /* remove the processed data from input */ + ret = xmlSecBufferRemoveHead(in, dwCLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, "size=%d", + dwCLen); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngBlockCipherCtxUpdate(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, int last, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { + + xmlSecAssert2(ctx != NULL, -1); + + if(ctx->cbcMode) { + return xmlSecMSCngCBCBlockCipherCtxUpdate(ctx, in, out, encrypt, + cipherName, transformCtx); + } else { + return xmlSecMSCngGCMBlockCipherCtxUpdate(ctx, in, out, encrypt, last, + cipherName, transformCtx); + } +} + +static int +xmlSecMSCngCBCBlockCipherCtxFinal(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { + xmlSecSize inSize, outSize; + int outLen; + unsigned char* inBuf; + unsigned char* outBuf; + DWORD dwCLen; + NTSTATUS status; + int ret; + + /* unreferenced parameter */ + (void)transformCtx; + + inSize = xmlSecBufferGetSize(in); + outSize = xmlSecBufferGetSize(out); + + if(encrypt != 0) { + xmlSecAssert2(inSize < XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen), -1); + + /* create padding */ + ret = xmlSecBufferSetMaxSize(in, ctx->dwBlockLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", ctx->dwBlockLen); + return(-1); + } + inBuf = xmlSecBufferGetData(in); + + /* create random padding */ + if(XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen) > (inSize + 1)) { + status = BCryptGenRandom(NULL, + (PBYTE) inBuf + inSize, + (ULONG)(ctx->dwBlockLen - inSize - 1), + BCRYPT_USE_SYSTEM_PREFERRED_RNG); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", cipherName, status); + return(-1); + } + } + inBuf[ctx->dwBlockLen - 1] = (unsigned char)(ctx->dwBlockLen - inSize); + inSize = ctx->dwBlockLen; + } else { + if(inSize != XMLSEC_SIZE_BAD_CAST(ctx->dwBlockLen)) { + xmlSecInvalidSizeError("Input data", inSize, ctx->dwBlockLen, cipherName); + return(-1); + } + inBuf = xmlSecBufferGetData(in); + } + + /* process last block */ + ret = xmlSecBufferSetMaxSize(out, outSize + 2 * ctx->dwBlockLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, "size=%d", + outSize + 2 * ctx->dwBlockLen); + return(-1); + } + + outBuf = xmlSecBufferGetData(out) + outSize; + + dwCLen = (ULONG)inSize; + if(encrypt) { + status = BCryptEncrypt(ctx->hKey, + inBuf, + (ULONG)inSize, + NULL, + ctx->pbIV, + ctx->cbIV, + outBuf, + (ULONG)(inSize + ctx->dwBlockLen), + &dwCLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDecrypt", cipherName, status); + return(-1); + } + + /* check if we really have encrypted the numbers of bytes that we + * requested */ + if(dwCLen != inSize) { + xmlSecInternalError2("BCryptEncrypt", cipherName, "size=%ld", + dwCLen); + return(-1); + } + } else { + status = BCryptDecrypt(ctx->hKey, + inBuf, + (ULONG)inSize, + NULL, + ctx->pbIV, + ctx->cbIV, + outBuf, + (ULONG)inSize, + &dwCLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDecrypt", cipherName, status); + return(-1); + } + + /* check if we really have decrypted the numbers of bytes that we + * requested */ + if(dwCLen != inSize) { + xmlSecInternalError2("BCryptDecrypt", cipherName, "size=%ld", + dwCLen); + return(-1); + } + } + + if(encrypt == 0) { + /* check padding */ + if(inSize < outBuf[ctx->dwBlockLen - 1]) { + xmlSecInvalidSizeLessThanError("Input data padding", inSize, + outBuf[ctx->dwBlockLen - 1], cipherName); + return(-1); + } + outLen = (int)(inSize - outBuf[ctx->dwBlockLen - 1]); + } else { + outLen = (int)inSize; + } + + /* set correct output buffer size */ + ret = xmlSecBufferSetSize(out, outSize + outLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, "size=%d", + outSize + outLen); + return(-1); + } + + /* remove the processed block from input */ + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, "size=%d", + inSize); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngGCMBlockCipherCtxFinal(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) +{ + xmlSecByte *inBuf, *outBuf; + xmlSecSize inBufSize, outBufSize, outLen; + DWORD dwCLen; + int ret; + NTSTATUS status; + + /* unreferenced parameter */ + (void)transformCtx; + + ctx->authInfo.dwFlags &= ~BCRYPT_AUTH_MODE_CHAIN_CALLS_FLAG; /* clear chaining flag */ + + outBufSize = xmlSecBufferGetSize(out); + inBufSize = xmlSecBufferGetSize(in); + inBuf = xmlSecBufferGetData(in); + + if(encrypt) { + ret = xmlSecBufferSetMaxSize(out, + outBufSize + inBufSize + xmlSecMSCngAesGcmTagLengthInBytes); /* add space for the tag */ + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outBufSize + inBufSize + xmlSecMSCngAesGcmTagLengthInBytes); + return(-1); + } + + outBuf = xmlSecBufferGetData(out) + outBufSize; + + status = BCryptEncrypt(ctx->hKey, + inBuf, + (ULONG)inBufSize, + &ctx->authInfo, + ctx->pbIV, + ctx->cbIV, + outBuf, + (ULONG)inBufSize, + &dwCLen, + 0); + + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptEncrypt", cipherName, status); + return(-1); + } + + /* check if we really have encrypted the numbers of bytes that we + * requested */ + if(dwCLen != inBufSize) { + xmlSecInternalError2("BCryptEncrypt", cipherName, "size=%ld", + dwCLen); + return(-1); + } + + /* Now add the tag at the end of the buffer */ + memcpy(outBuf + inBufSize, ctx->authInfo.pbTag, xmlSecMSCngAesGcmTagLengthInBytes); + + outLen = inBufSize + xmlSecMSCngAesGcmTagLengthInBytes; + + } else { + /* Get the tag */ + memcpy(ctx->authInfo.pbTag, inBuf + inBufSize - xmlSecMSCngAesGcmTagLengthInBytes, + xmlSecMSCngAesGcmTagLengthInBytes); + + /* remove the tag from the buffer */ + ret = xmlSecBufferRemoveTail(in, xmlSecMSCngAesGcmTagLengthInBytes); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveTail", cipherName, + "size=%d", xmlSecMSCngAesGcmTagLengthInBytes); + return(-1); + } + + inBuf = xmlSecBufferGetData(in); + inBufSize = xmlSecBufferGetSize(in); + + ret = xmlSecBufferSetMaxSize(out, outBufSize + inBufSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outBufSize + inBufSize); + return(-1); + } + + outBuf = xmlSecBufferGetData(out) + outBufSize; + + status = BCryptDecrypt(ctx->hKey, + inBuf, + (ULONG)inBufSize, + &ctx->authInfo, + ctx->pbIV, + ctx->cbIV, + outBuf, + (ULONG)inBufSize, + &dwCLen, + 0); + + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDecrypt", cipherName, status); + return(-1); + } + + /* check if we really have decrypted the numbers of bytes that we + * requested */ + if(dwCLen != inBufSize) { + xmlSecInternalError2("BCryptDecrypt", cipherName, "size=%ld", + dwCLen); + return(-1); + } + + outLen = inBufSize; + } + + /* set correct output buffer size */ + ret = xmlSecBufferSetSize(out, outBufSize + outLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, "size=%d", + outBufSize + outLen); + return(-1); + } + + /* remove the processed block from input */ + ret = xmlSecBufferRemoveHead(in, inBufSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, "size=%d", + inBufSize); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngBlockCipherCtxFinal(xmlSecMSCngBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, + const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) +{ + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->ctxInitialized != 0, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + if(ctx->cbcMode) { + return xmlSecMSCngCBCBlockCipherCtxFinal(ctx, in, out, encrypt, + cipherName, transformCtx); + } else { + return xmlSecMSCngGCMBlockCipherCtxFinal(ctx, in, out, encrypt, + cipherName, transformCtx); + } +} + +static int +xmlSecMSCngBlockCipherExecute(xmlSecTransformPtr transform, int last, + xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngBlockCipherCtxPtr ctx; + xmlSecBufferPtr in, out; + int ret, encrypt; + + xmlSecAssert2(xmlSecMSCngBlockCipherCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngBlockCipherSize), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + in = &(transform->inBuf); + out = &(transform->outBuf); + + ctx = xmlSecMSCngBlockCipherGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + if(transform->status == xmlSecTransformStatusNone) { + /* This should only be done once, before the context has been initialised */ + BCRYPT_INIT_AUTH_MODE_INFO(ctx->authInfo); + transform->status = xmlSecTransformStatusWorking; + } + + if(transform->status == xmlSecTransformStatusWorking) { + + encrypt = (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0; + + if(ctx->ctxInitialized == 0) { + ret = xmlSecMSCngBlockCipherCtxInit(ctx, + in, + out, + encrypt, + last, + xmlSecTransformGetName(transform), + transformCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngBlockCipherCtxInit", + xmlSecTransformGetName(transform)); + return(-1); + } + + } + if((ctx->ctxInitialized == 0) && (last != 0)) { + xmlSecInvalidDataError("not enough data to initialize transform", + xmlSecTransformGetName(transform)); + return(-1); + } + + if(ctx->ctxInitialized != 0) { + ret = xmlSecMSCngBlockCipherCtxUpdate(ctx, in, out, + encrypt, + last, + xmlSecTransformGetName(transform), transformCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngBlockCipherCtxUpdate", + xmlSecTransformGetName(transform)); + return(-1); + } + } + + if(last) { + ret = xmlSecMSCngBlockCipherCtxFinal(ctx, in, out, + encrypt, + xmlSecTransformGetName(transform), transformCtx); + + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngBlockCipherCtxFinal", + xmlSecTransformGetName(transform)); + return(-1); + } + + transform->status = xmlSecTransformStatusFinished; + } + } else if(transform->status == xmlSecTransformStatusFinished) { + /* the only way we can get here is if there is no input */ + xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); + } else if(transform->status == xmlSecTransformStatusNone) { + /* the only way we can get here is if there is not enough data in the input */ + xmlSecAssert2(last == 0, -1); + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } + + return(0); +} + +#ifndef XMLSEC_NO_AES + +static xmlSecTransformKlass xmlSecMSCngAes128CbcKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes128Cbc, /* const xmlChar* name; */ + xmlSecHrefAes128Cbc, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformAes128CbcGetKlass: + * + * AES 128 CBC encryption transform klass. + * + * Returns: pointer to AES 128 CBC encryption transform. + */ +xmlSecTransformId +xmlSecMSCngTransformAes128CbcGetKlass(void) { + return(&xmlSecMSCngAes128CbcKlass); +} + +static xmlSecTransformKlass xmlSecMSCngAes192CbcKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes192Cbc, /* const xmlChar* name; */ + xmlSecHrefAes192Cbc, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformAes192CbcGetKlass: + * + * AES 192 CBC encryption transform klass. + * + * Returns: pointer to AES 192 CBC encryption transform. + */ +xmlSecTransformId +xmlSecMSCngTransformAes192CbcGetKlass(void) { + return(&xmlSecMSCngAes192CbcKlass); +} + +static xmlSecTransformKlass xmlSecMSCngAes256CbcKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes256Cbc, /* const xmlChar* name; */ + xmlSecHrefAes256Cbc, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformAes256CbcGetKlass: + * + * AES 256 CBC encryption transform klass. + * + * Returns: pointer to AES 256 CBC encryption transform. + */ +xmlSecTransformId +xmlSecMSCngTransformAes256CbcGetKlass(void) { + return(&xmlSecMSCngAes256CbcKlass); +} + +static xmlSecTransformKlass xmlSecMSCngAes128GcmKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes128Gcm, /* const xmlChar* name; */ + xmlSecHrefAes128Gcm, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformAes128GcmGetKlass: + * + * AES 128 GCM encryption transform klass. + * + * Returns: pointer to AES 128 GCM encryption transform. + */ +xmlSecTransformId +xmlSecMSCngTransformAes128GcmGetKlass(void) { + return(&xmlSecMSCngAes128GcmKlass); +} + +static xmlSecTransformKlass xmlSecMSCngAes192GcmKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes192Gcm, /* const xmlChar* name; */ + xmlSecHrefAes192Gcm, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformAes192GcmGetKlass: + * + * AES 192 GCM encryption transform klass. + * + * Returns: pointer to AES 192 GCM encryption transform. + */ +xmlSecTransformId +xmlSecMSCngTransformAes192GcmGetKlass(void) { + return(&xmlSecMSCngAes192GcmKlass); +} + + +static xmlSecTransformKlass xmlSecMSCngAes256GcmKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes256Gcm, /* const xmlChar* name; */ + xmlSecHrefAes256Gcm, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformAes256GcmGetKlass: + * + * AES 256 GCM encryption transform klass. + * + * Returns: pointer to AES 256 GCM encryption transform. + */ +xmlSecTransformId +xmlSecMSCngTransformAes256GcmGetKlass(void) { + return(&xmlSecMSCngAes256GcmKlass); +} + +#endif /* XMLSEC_NO_AES */ + +#ifndef XMLSEC_NO_DES + +static xmlSecTransformKlass xmlSecMSCngDes3CbcKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCngBlockCipherSize, /* size_t objSize */ + + xmlSecNameDes3Cbc, /* const xmlChar* name; */ + xmlSecHrefDes3Cbc, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod,/* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformDes3CbcGetKlass: + * + * Triple DES CBC encryption transform klass. + * + * Returns: pointer to Triple DES encryption transform. + */ +xmlSecTransformId +xmlSecMSCngTransformDes3CbcGetKlass(void) { + return(&xmlSecMSCngDes3CbcKlass); +} + +#endif /* XMLSEC_NO_DES */ diff --git a/src/mscng/crypto.c b/src/mscng/crypto.c new file mode 100644 index 00000000..15c7de9d --- /dev/null +++ b/src/mscng/crypto.c @@ -0,0 +1,463 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:crypto + * @Short_description: Crypto transforms implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Stable + * + */ + +#include "globals.h" + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/dl.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/private.h> + +#include <xmlsec/mscng/app.h> +#include <xmlsec/mscng/crypto.h> +#include <xmlsec/mscng/x509.h> + +static xmlSecCryptoDLFunctionsPtr gXmlSecMSCngFunctions = NULL; + +/** + * xmlSecCryptoGetFunctions_mscng: + * + * Gets the pointer to xmlsec-mscng functions table. + * + * Returns: the xmlsec-mscng functions table or NULL if an error occurs. + */ +xmlSecCryptoDLFunctionsPtr +xmlSecCryptoGetFunctions_mscng(void) { + static xmlSecCryptoDLFunctions functions; + + if(gXmlSecMSCngFunctions != NULL) { + return(gXmlSecMSCngFunctions); + } + + memset(&functions, 0, sizeof(functions)); + gXmlSecMSCngFunctions = &functions; + + /******************************************************************** + * + * Crypto Init/shutdown + * + ********************************************************************/ + gXmlSecMSCngFunctions->cryptoInit = xmlSecMSCngInit; + gXmlSecMSCngFunctions->cryptoShutdown = xmlSecMSCngShutdown; + gXmlSecMSCngFunctions->cryptoKeysMngrInit = xmlSecMSCngKeysMngrInit; + + /******************************************************************** + * + * Key data ids + * + ********************************************************************/ +#ifndef XMLSEC_NO_AES + gXmlSecMSCngFunctions->keyDataAesGetKlass = xmlSecMSCngKeyDataAesGetKlass; +#endif /* XMLSEC_NO_AES */ + +#ifndef XMLSEC_NO_DES + gXmlSecMSCngFunctions->keyDataDesGetKlass = xmlSecMSCngKeyDataDesGetKlass; +#endif /* XMLSEC_NO_DES */ + +#ifndef XMLSEC_NO_DSA + gXmlSecMSCngFunctions->keyDataDsaGetKlass = xmlSecMSCngKeyDataDsaGetKlass; +#endif /* XMLSEC_NO_DSA */ + +#ifndef XMLSEC_NO_ECDSA + gXmlSecMSCngFunctions->keyDataEcdsaGetKlass = xmlSecMSCngKeyDataEcdsaGetKlass; +#endif /* XMLSEC_NO_ECDSA */ + +#ifdef XMLSEC_MSCNG_TODO + gXmlSecMSCngFunctions->keyDataGost2001GetKlass = xmlSecMSCngKeyDataGost2001GetKlass; + gXmlSecMSCngFunctions->keyDataGostR3410_2012GetKlass = xmlSecMSCngKeyDataGostR3410_2012GetKlass; +#endif /* XMLSEC_NO_GOST */ + +#ifndef XMLSEC_NO_HMAC + gXmlSecMSCngFunctions->keyDataHmacGetKlass = xmlSecMSCngKeyDataHmacGetKlass; +#endif /* XMLSEC_NO_HMAC */ + +#ifndef XMLSEC_NO_RSA + gXmlSecMSCngFunctions->keyDataRsaGetKlass = xmlSecMSCngKeyDataRsaGetKlass; +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_X509 + gXmlSecMSCngFunctions->keyDataX509GetKlass = xmlSecMSCngKeyDataX509GetKlass; + gXmlSecMSCngFunctions->keyDataRawX509CertGetKlass = xmlSecMSCngKeyDataRawX509CertGetKlass; +#endif /* XMLSEC_NO_X509 */ + + /******************************************************************** + * + * Key data store ids + * + ********************************************************************/ +#ifndef XMLSEC_NO_X509 + gXmlSecMSCngFunctions->x509StoreGetKlass = xmlSecMSCngX509StoreGetKlass; +#endif /* XMLSEC_NO_X509 */ + + /******************************************************************** + * + * Crypto transforms ids + * + ********************************************************************/ + + /******************************* AES ********************************/ +#ifndef XMLSEC_NO_AES + gXmlSecMSCngFunctions->transformAes128CbcGetKlass = xmlSecMSCngTransformAes128CbcGetKlass; + gXmlSecMSCngFunctions->transformAes192CbcGetKlass = xmlSecMSCngTransformAes192CbcGetKlass; + gXmlSecMSCngFunctions->transformAes256CbcGetKlass = xmlSecMSCngTransformAes256CbcGetKlass; + gXmlSecMSCngFunctions->transformAes128GcmGetKlass = xmlSecMSCngTransformAes128GcmGetKlass; + gXmlSecMSCngFunctions->transformAes192GcmGetKlass = xmlSecMSCngTransformAes192GcmGetKlass; + gXmlSecMSCngFunctions->transformAes256GcmGetKlass = xmlSecMSCngTransformAes256GcmGetKlass; + gXmlSecMSCngFunctions->transformKWAes128GetKlass = xmlSecMSCngTransformKWAes128GetKlass; + gXmlSecMSCngFunctions->transformKWAes192GetKlass = xmlSecMSCngTransformKWAes192GetKlass; + gXmlSecMSCngFunctions->transformKWAes256GetKlass = xmlSecMSCngTransformKWAes256GetKlass; +#endif /* XMLSEC_NO_AES */ + + /******************************* DES ********************************/ +#ifndef XMLSEC_NO_DES + gXmlSecMSCngFunctions->transformDes3CbcGetKlass = xmlSecMSCngTransformDes3CbcGetKlass; + gXmlSecMSCngFunctions->transformKWDes3GetKlass = xmlSecMSCngTransformKWDes3GetKlass; +#endif /* XMLSEC_NO_DES */ + + /******************************* DSA ********************************/ +#ifndef XMLSEC_NO_DSA + +#ifndef XMLSEC_NO_SHA1 + gXmlSecMSCngFunctions->transformDsaSha1GetKlass = xmlSecMSCngTransformDsaSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ + +#ifdef XMLSEC_MSCNG_TODO + gXmlSecMSCngFunctions->transformDsaSha256GetKlass = xmlSecMSCngTransformDsaSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ + +#endif /* XMLSEC_NO_DSA */ + + /******************************* ECDSA ********************************/ +#ifndef XMLSEC_NO_ECDSA + +#ifndef XMLSEC_NO_SHA1 + gXmlSecMSCngFunctions->transformEcdsaSha1GetKlass = xmlSecMSCngTransformEcdsaSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ + +#ifdef XMLSEC_MSCNG_TODO + gXmlSecMSCngFunctions->transformEcdsaSha224GetKlass = xmlSecMSCngTransformEcdsaSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ + +#ifndef XMLSEC_NO_SHA256 + gXmlSecMSCngFunctions->transformEcdsaSha256GetKlass = xmlSecMSCngTransformEcdsaSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + gXmlSecMSCngFunctions->transformEcdsaSha384GetKlass = xmlSecMSCngTransformEcdsaSha384GetKlass; +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + gXmlSecMSCngFunctions->transformEcdsaSha512GetKlass = xmlSecMSCngTransformEcdsaSha512GetKlass; +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_ECDSA */ + + /******************************* GOST ********************************/ +#ifdef XMLSEC_MSCNG_TODO + gXmlSecMSCngFunctions->transformGost2001GostR3411_94GetKlass = xmlSecMSCngTransformGost2001GostR3411_94GetKlass; + gXmlSecMSCngFunctions->transformGostR3410_2012GostR3411_2012_256GetKlass = xmlSecMSCngTransformGostR3410_2012GostR3411_2012_256GetKlass; + gXmlSecMSCngFunctions->transformGostR3410_2012GostR3411_2012_512GetKlass = xmlSecMSCngTransformGostR3410_2012GostR3411_2012_512GetKlass; +#endif /* XMLSEC_NO_GOST */ + +#ifdef XMLSEC_MSCNG_TODO + gXmlSecMSCngFunctions->transformGostR3411_94GetKlass = xmlSecMSCngTransformGostR3411_94GetKlass; + gXmlSecMSCngFunctions->transformGostR3411_2012_256GetKlass = xmlSecMSCngTransformGostR3411_2012_256GetKlass; + gXmlSecMSCngFunctions->transformGostR3411_2012_512GetKlass = xmlSecMSCngTransformGostR3411_2012_512GetKlass; +#endif /* XMLSEC_NO_GOST */ + + /******************************* HMAC ********************************/ +#ifndef XMLSEC_NO_HMAC + +#ifndef XMLSEC_NO_MD5 + gXmlSecMSCngFunctions->transformHmacMd5GetKlass = xmlSecMSCngTransformHmacMd5GetKlass; +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 + gXmlSecMSCngFunctions->transformHmacSha1GetKlass = xmlSecMSCngTransformHmacSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + gXmlSecMSCngFunctions->transformHmacSha256GetKlass = xmlSecMSCngTransformHmacSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + gXmlSecMSCngFunctions->transformHmacSha384GetKlass = xmlSecMSCngTransformHmacSha384GetKlass; +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + gXmlSecMSCngFunctions->transformHmacSha512GetKlass = xmlSecMSCngTransformHmacSha512GetKlass; +#endif /* XMLSEC_NO_SHA512 */ + +#ifdef XMLSEC_MSCNG_TODO + gXmlSecMSCngFunctions->transformHmacRipemd160GetKlass = xmlSecMSCngTransformHmacRipemd160GetKlass; +#endif /* XMLSEC_NO_RIPEMD160 */ + +#ifdef XMLSEC_MSCNG_TODO + gXmlSecMSCngFunctions->transformHmacMd5GetKlass = xmlSecMSCngTransformHmacMd5GetKlass; +#endif /* XMLSEC_NO_MD5 */ + +#endif /* XMLSEC_NO_HMAC */ + + /******************************* RIPEMD160 ********************************/ +#ifdef XMLSEC_MSCNG_TODO + gXmlSecMSCngFunctions->transformRipemd160GetKlass = xmlSecMSCngTransformRipemd160GetKlass; +#endif /* XMLSEC_NO_RIPEMD160 */ + + /******************************* RSA ********************************/ +#ifndef XMLSEC_NO_RSA + +#ifndef XMLSEC_NO_MD5 + gXmlSecMSCngFunctions->transformRsaMd5GetKlass = xmlSecMSCngTransformRsaMd5GetKlass; +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 + gXmlSecMSCngFunctions->transformRsaSha1GetKlass = xmlSecMSCngTransformRsaSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + gXmlSecMSCngFunctions->transformRsaSha256GetKlass = xmlSecMSCngTransformRsaSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + gXmlSecMSCngFunctions->transformRsaSha384GetKlass = xmlSecMSCngTransformRsaSha384GetKlass; +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + gXmlSecMSCngFunctions->transformRsaSha512GetKlass = xmlSecMSCngTransformRsaSha512GetKlass; +#endif /* XMLSEC_NO_SHA512 */ + + gXmlSecMSCngFunctions->transformRsaPkcs1GetKlass = xmlSecMSCngTransformRsaPkcs1GetKlass; + gXmlSecMSCngFunctions->transformRsaOaepGetKlass = xmlSecMSCngTransformRsaOaepGetKlass; + +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_MD5 + gXmlSecMSCngFunctions->transformMd5GetKlass = xmlSecMSCngTransformMd5GetKlass; +#endif /* XMLSEC_NO_MD5 */ + + /******************************* SHA1 ********************************/ +#ifndef XMLSEC_NO_SHA1 + gXmlSecMSCngFunctions->transformSha1GetKlass = xmlSecMSCngTransformSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + gXmlSecMSCngFunctions->transformSha256GetKlass = xmlSecMSCngTransformSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + gXmlSecMSCngFunctions->transformSha384GetKlass = xmlSecMSCngTransformSha384GetKlass; +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + gXmlSecMSCngFunctions->transformSha512GetKlass = xmlSecMSCngTransformSha512GetKlass; +#endif /* XMLSEC_NO_SHA512 */ + + /******************************************************************** + * + * High level routines form xmlsec command line utility + * + ********************************************************************/ + gXmlSecMSCngFunctions->cryptoAppInit = xmlSecMSCngAppInit; + gXmlSecMSCngFunctions->cryptoAppShutdown = xmlSecMSCngAppShutdown; + gXmlSecMSCngFunctions->cryptoAppDefaultKeysMngrInit = xmlSecMSCngAppDefaultKeysMngrInit; + gXmlSecMSCngFunctions->cryptoAppDefaultKeysMngrAdoptKey = xmlSecMSCngAppDefaultKeysMngrAdoptKey; + gXmlSecMSCngFunctions->cryptoAppDefaultKeysMngrLoad = xmlSecMSCngAppDefaultKeysMngrLoad; + gXmlSecMSCngFunctions->cryptoAppDefaultKeysMngrSave = xmlSecMSCngAppDefaultKeysMngrSave; +#ifndef XMLSEC_NO_X509 + gXmlSecMSCngFunctions->cryptoAppKeysMngrCertLoad = xmlSecMSCngAppKeysMngrCertLoad; + gXmlSecMSCngFunctions->cryptoAppKeysMngrCertLoadMemory = xmlSecMSCngAppKeysMngrCertLoadMemory; + gXmlSecMSCngFunctions->cryptoAppPkcs12Load = xmlSecMSCngAppPkcs12Load; + gXmlSecMSCngFunctions->cryptoAppPkcs12LoadMemory = xmlSecMSCngAppPkcs12LoadMemory; + gXmlSecMSCngFunctions->cryptoAppKeyCertLoad = xmlSecMSCngAppKeyCertLoad; + gXmlSecMSCngFunctions->cryptoAppKeyCertLoadMemory = xmlSecMSCngAppKeyCertLoadMemory; +#endif /* XMLSEC_NO_X509 */ + gXmlSecMSCngFunctions->cryptoAppKeyLoad = xmlSecMSCngAppKeyLoad; + gXmlSecMSCngFunctions->cryptoAppKeyLoadMemory = xmlSecMSCngAppKeyLoadMemory; + gXmlSecMSCngFunctions->cryptoAppDefaultPwdCallback = (void*)xmlSecMSCngAppGetDefaultPwdCallback(); + + return(gXmlSecMSCngFunctions); +} + + +/** + * xmlSecMSCngInit: + * + * XMLSec library specific crypto engine initialization. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngInit (void) { + /* Check loaded xmlsec library version */ + if(xmlSecCheckVersionExact() != 1) { + xmlSecInternalError("xmlSecCheckVersionExact", NULL); + return(-1); + } + + /* register our klasses */ + if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_mscng()) < 0) { + xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL); + return(-1); + } + return(0); + + /* TODO: if necessary do, additional initialization here */ +} + +/** + * xmlSecMSCngShutdown: + * + * XMLSec library specific crypto engine shutdown. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngShutdown(void) { + /* TODO: if necessary, do additional shutdown here */ + return(0); +} + +/** + * xmlSecMSCngGenerateRandom: + * @buffer: the destination buffer. + * @size: the numer of bytes to generate. + * + * Generates @size random bytes and puts result in @buffer + * (not implemented yet). + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { + NTSTATUS status; + int ret; + + xmlSecAssert2(buffer != NULL, -1); + xmlSecAssert2(size > 0, -1); + + ret = xmlSecBufferSetSize(buffer, size); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", size); + return(-1); + } + + status = BCryptGenRandom( + NULL, + (PBYTE)xmlSecBufferGetData(buffer), + (ULONG)size, + BCRYPT_USE_SYSTEM_PREFERRED_RNG); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGenRandom", NULL, status); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngKeysMngrInit: + * @mngr: the pointer to keys manager. + * + * Adds MSCng specific key data stores in keys manager. + * + * Returns: 0 on success or a negative value otherwise. + */ +int +xmlSecMSCngKeysMngrInit(xmlSecKeysMngrPtr mngr) { + int ret; + xmlSecAssert2(mngr != NULL, -1); + +#ifndef XMLSEC_NO_X509 + /* create x509 store if needed */ + if(xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCngX509StoreId) == NULL) { + xmlSecKeyDataStorePtr x509Store; + + x509Store = xmlSecKeyDataStoreCreate(xmlSecMSCngX509StoreId); + if(x509Store == NULL) { + xmlSecInternalError("xmlSecKeyDataStoreCreate(xmlSecMSCngX509StoreId)", NULL); + return(-1); + } + + ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store); + if(ret < 0) { + xmlSecInternalError("xmlSecKeysMngrAdoptDataStore", NULL); + xmlSecKeyDataStoreDestroy(x509Store); + return(-1); + } + } +#endif /* XMLSEC_NO_X509 */ + + return(0); +} + +/** + * xmlSecMSCngConvertUtf8ToTstr: + * @str: the string to convert. + * + * Converts input string from UTF8 to TSTR (locale or Unicode). + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +LPTSTR +xmlSecMSCngConvertUtf8ToTstr(const xmlChar* str) { + return(xmlSecWin32ConvertUtf8ToTstr(str)); +} + +/** + * xmlSecMSCngConvertTstrToUtf8: + * @str: the string to convert. + * + * Converts input string from TSTR (locale or Unicode) to UTF8. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +xmlChar* +xmlSecMSCngConvertTstrToUtf8(LPCTSTR str) { + return(xmlSecWin32ConvertTstrToUtf8(str)); +} + +/** + * xmlSecMSCngConvertUnicodeToUtf8: + * @str: the string to convert. + * + * Converts input string from Unicode to UTF8. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +xmlChar* +xmlSecMSCngConvertUnicodeToUtf8(LPCWSTR str) { + return(xmlSecWin32ConvertUnicodeToUtf8(str)); +} + +/** + * xmlSecMSCngConvertUtf8ToUnicode: + * @str: the string to convert. + * + * Converts input string from UTF8 to Unicode. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +LPWSTR +xmlSecMSCngConvertUtf8ToUnicode(const xmlChar* str) { + return(xmlSecWin32ConvertUtf8ToUnicode(str)); +} diff --git a/src/mscng/digests.c b/src/mscng/digests.c new file mode 100644 index 00000000..1f783dc2 --- /dev/null +++ b/src/mscng/digests.c @@ -0,0 +1,588 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:digests + * @Short_description: Digests transforms implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ + +#include "globals.h" + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/strings.h> + +#include <xmlsec/mscng/crypto.h> + +typedef struct _xmlSecMSCngDigestCtx xmlSecMSCngDigestCtx, *xmlSecMSCngDigestCtxPtr; +struct _xmlSecMSCngDigestCtx { + LPCWSTR pszAlgId; + DWORD cbHash; + PBYTE pbHash; + BCRYPT_ALG_HANDLE hAlg; + PBYTE pbHashObject; + BCRYPT_HASH_HANDLE hHash; +}; + +/****************************************************************************** + * + * MSCng Digest transforms + * + * xmlSecMSCngDigestCtx is located after xmlSecTransform + * + *****************************************************************************/ +#define xmlSecMSCngDigestSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecMSCngDigestCtx)) +#define xmlSecMSCngDigestGetCtx(transform) \ + ((xmlSecMSCngDigestCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + + +static int xmlSecMSCngDigestInitialize (xmlSecTransformPtr transform); +static void xmlSecMSCngDigestFinalize (xmlSecTransformPtr transform); +static int xmlSecMSCngDigestVerify (xmlSecTransformPtr transform, + const xmlSecByte* data, + xmlSecSize dataSize, + xmlSecTransformCtxPtr transformCtx); +static int xmlSecMSCngDigestExecute (xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); +static int xmlSecMSCngDigestCheckId (xmlSecTransformPtr transform); + + +static int +xmlSecMSCngDigestCheckId(xmlSecTransformPtr transform) { + +#ifndef XMLSEC_NO_MD5 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformMd5Id)) { + return(1); + } else +#endif /* XMLSEC_NO_MD5 */ +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformSha1Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformSha256Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformSha384Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformSha512Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA512 */ + + return(0); +} + +static int +xmlSecMSCngDigestInitialize(xmlSecTransformPtr transform) { + xmlSecMSCngDigestCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngDigestCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngDigestSize), -1); + + ctx = xmlSecMSCngDigestGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + /* initialize context */ + memset(ctx, 0, sizeof(xmlSecMSCngDigestCtx)); + +#ifndef XMLSEC_NO_MD5 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformMd5Id)) { + ctx->pszAlgId = BCRYPT_MD5_ALGORITHM; + } else +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformSha1Id)) { + ctx->pszAlgId = BCRYPT_SHA1_ALGORITHM; + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformSha256Id)) { + ctx->pszAlgId = BCRYPT_SHA256_ALGORITHM; + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformSha384Id)) { + ctx->pszAlgId = BCRYPT_SHA384_ALGORITHM; + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformSha512Id)) { + ctx->pszAlgId = BCRYPT_SHA512_ALGORITHM; + } else +#endif /* XMLSEC_NO_SHA512 */ + + { + xmlSecInvalidTransfromError(transform); + return(-1); + } + + return(0); +} + +static void xmlSecMSCngDigestFinalize(xmlSecTransformPtr transform) { + xmlSecMSCngDigestCtxPtr ctx; + + xmlSecAssert(xmlSecMSCngDigestCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCngDigestSize)); + + ctx = xmlSecMSCngDigestGetCtx(transform); + xmlSecAssert(ctx != NULL); + + if(ctx->hAlg != 0) { + BCryptCloseAlgorithmProvider(ctx->hAlg, 0); + } + + if(ctx->hHash != 0) { + BCryptDestroyHash(ctx->hHash); + } + + if(ctx->pbHashObject != NULL) { + xmlFree(ctx->pbHashObject); + } + + if(ctx->pbHash != NULL) { + xmlFree(ctx->pbHash); + } + + memset(ctx, 0, sizeof(xmlSecMSCngDigestCtx)); +} + +static int +xmlSecMSCngDigestVerify(xmlSecTransformPtr transform, + const xmlSecByte* data, + xmlSecSize dataSize, + xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngDigestCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngDigestCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngDigestSize), -1); + xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); + xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngDigestGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cbHash > 0, -1); + + if(dataSize != ctx->cbHash) { + xmlSecInvalidSizeError("Digest", dataSize, ctx->cbHash, + xmlSecTransformGetName(transform)); + transform->status = xmlSecTransformStatusFail; + return(0); + } + + if(memcmp(ctx->pbHash, data, ctx->cbHash) != 0) { + xmlSecInvalidDataError("data and digest do not match", + xmlSecTransformGetName(transform)); + transform->status = xmlSecTransformStatusFail; + return(0); + } + + transform->status = xmlSecTransformStatusOk; + return(0); +} + +static int +xmlSecMSCngDigestExecute(xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngDigestCtxPtr ctx; + xmlSecBufferPtr in, out; + NTSTATUS status; + int ret; + DWORD cbData = 0; + DWORD cbHashObject = 0; + + xmlSecAssert2(xmlSecMSCngDigestCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngDigestSize), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + in = &(transform->inBuf); + xmlSecAssert2(in != NULL, -1); + + out = &(transform->outBuf); + xmlSecAssert2(out != NULL, -1); + + ctx = xmlSecMSCngDigestGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + if(transform->status == xmlSecTransformStatusNone) { + /* open an algorithm handle */ + status = BCryptOpenAlgorithmProvider( + &ctx->hAlg, + ctx->pszAlgId, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", xmlSecTransformGetName(transform), status); + return(-1); + } + + /* calculate the size of the buffer to hold the hash object */ + status = BCryptGetProperty( + ctx->hAlg, + BCRYPT_OBJECT_LENGTH, + (PBYTE)&cbHashObject, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", xmlSecTransformGetName(transform), status); + return(-1); + } + + /* allocate the hash object on the heap */ + ctx->pbHashObject = (PBYTE)xmlMalloc(cbHashObject); + if(ctx->pbHashObject == NULL) { + xmlSecMallocError(cbHashObject, NULL); + return(-1); + } + + /* calculate the length of the hash */ + status = BCryptGetProperty( + ctx->hAlg, + BCRYPT_HASH_LENGTH, + (PBYTE)&ctx->cbHash, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", xmlSecTransformGetName(transform), status); + return(-1); + } + + /* allocate the hash buffer on the heap */ + ctx->pbHash = (PBYTE)xmlMalloc(ctx->cbHash); + if(ctx->pbHash == NULL) { + xmlSecMallocError(ctx->cbHash, NULL); + return(-1); + } + + /* create the hash */ + status = BCryptCreateHash( + ctx->hAlg, + &ctx->hHash, + ctx->pbHashObject, + cbHashObject, + NULL, + 0, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptCreateHash", xmlSecTransformGetName(transform), status); + return(-1); + } + + transform->status = xmlSecTransformStatusWorking; + } + + if(transform->status == xmlSecTransformStatusWorking) { + xmlSecSize inSize; + + inSize = xmlSecBufferGetSize(in); + if(inSize > 0) { + /* hash some data */ + status = BCryptHashData( + ctx->hHash, + (PBYTE)xmlSecBufferGetData(in), + inSize, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptHashData", xmlSecTransformGetName(transform), status); + return(-1); + } + + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); + return(-1); + } + } + + if(last) { + /* close the hash */ + status = BCryptFinishHash( + ctx->hHash, + ctx->pbHash, + ctx->cbHash, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptFinishHash", xmlSecTransformGetName(transform), status); + return(-1); + } + + xmlSecAssert2(ctx->cbHash > 0, -1); + + /* copy result to output */ + if(transform->operation == xmlSecTransformOperationSign) { + ret = xmlSecBufferAppend(out, ctx->pbHash, ctx->cbHash); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferAppend", + xmlSecTransformGetName(transform)); + return(-1); + } + } + transform->status = xmlSecTransformStatusFinished; + } + } else if(transform->status == xmlSecTransformStatusFinished) { + xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } + + return(0); +} + +#ifndef XMLSEC_NO_MD5 +/****************************************************************************** + * + * MD5 + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngMd5Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCngDigestSize, /* size_t objSize */ + + xmlSecNameMd5, /* const xmlChar* name; */ + xmlSecHrefMd5, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecMSCngDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformMd5GetKlass: + * + * MD-5 digest transform klass. + * + * Returns: pointer to MD-5 digest transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformMd5GetKlass(void) { + return(&xmlSecMSCngMd5Klass); +} +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 +/****************************************************************************** + * + * SHA1 + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCngDigestSize, /* size_t objSize */ + + xmlSecNameSha1, /* const xmlChar* name; */ + xmlSecHrefSha1, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecMSCngDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformSha1GetKlass: + * + * SHA-1 digest transform klass. + * + * Returns: pointer to SHA-1 digest transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformSha1GetKlass(void) { + return(&xmlSecMSCngSha1Klass); +} +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 +/****************************************************************************** + * + * SHA256 + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCngDigestSize, /* size_t objSize */ + + xmlSecNameSha256, /* const xmlChar* name; */ + xmlSecHrefSha256, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecMSCngDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformSha256GetKlass: + * + * SHA-256 digest transform klass. + * + * Returns: pointer to SHA-256 digest transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformSha256GetKlass(void) { + return(&xmlSecMSCngSha256Klass); +} +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 +/****************************************************************************** + * + * SHA384 + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngSha384Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCngDigestSize, /* size_t objSize */ + + xmlSecNameSha384, /* const xmlChar* name; */ + xmlSecHrefSha384, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecMSCngDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformSha384GetKlass: + * + * SHA-256 digest transform klass. + * + * Returns: pointer to SHA-256 digest transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformSha384GetKlass(void) { + return(&xmlSecMSCngSha384Klass); +} +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 +/****************************************************************************** + * + * SHA512 + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngSha512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCngDigestSize, /* size_t objSize */ + + xmlSecNameSha512, /* const xmlChar* name; */ + xmlSecHrefSha512, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecMSCngDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformSha512GetKlass: + * + * SHA-512 digest transform klass. + * + * Returns: pointer to SHA-512 digest transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformSha512GetKlass(void) { + return(&xmlSecMSCngSha512Klass); +} +#endif /* XMLSEC_NO_SHA512 */ diff --git a/src/mscng/globals.h b/src/mscng/globals.h new file mode 100644 index 00000000..24becae0 --- /dev/null +++ b/src/mscng/globals.h @@ -0,0 +1,65 @@ +/* + * XML Security Library + * + * globals.h: internal header only used during the compilation + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +#ifndef __XMLSEC_GLOBALS_H__ +#define __XMLSEC_GLOBALS_H__ + +/** + * Use autoconf defines if present. + */ +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif /* HAVE_CONFIG_H */ + +#define IN_XMLSEC_CRYPTO +#define XMLSEC_PRIVATE + +/* Include common error helper macros. */ +#include "../errors_helpers.h" + +/** + * xmlSecMSCngLastError: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting crypro errors from GetLastError(). + */ +#define xmlSecMSCngLastError(errorFunction, errorObject) \ + { \ + DWORD dwError = GetLastError(); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "MSCng last error: 0x%08lx", \ + (long int)dwError \ + ); \ + } + +/** + * xmlSecMSCngNtError: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting crypro errors from NTSTATUS. + * See e.g. <http://errorco.de/win32/ntstatus-h/> to look up the matching define. + */ +#define xmlSecMSCngNtError(errorFunction, errorObject, status) \ + { \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "MSCng NTSTATUS: 0x%08lx", \ + (long int)(status) \ + ); \ + } + +#endif /* ! __XMLSEC_GLOBALS_H__ */ diff --git a/src/mscng/hmac.c b/src/mscng/hmac.c new file mode 100644 index 00000000..faeb919a --- /dev/null +++ b/src/mscng/hmac.c @@ -0,0 +1,691 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ + +#ifndef XMLSEC_NO_HMAC +#include "globals.h" + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> +#include <ncrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/bn.h> + +#include <xmlsec/mscng/crypto.h> + +typedef struct _xmlSecMSCngHmacCtx xmlSecMSCngHmacCtx, *xmlSecMSCngHmacCtxPtr; + +struct _xmlSecMSCngHmacCtx { + LPCWSTR pszAlgId; + int initialized; + BCRYPT_ALG_HANDLE hAlg; + PBYTE hash; + DWORD hashLength; + /* truncation length in bits */ + DWORD truncationLength; + BCRYPT_HASH_HANDLE hHash; +}; + +#define xmlSecMSCngHmacGetCtx(data) \ + ((xmlSecMSCngHmacCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecTransform))) +#define xmlSecMSCngHmacSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecMSCngHmacCtx)) + +static int +xmlSecMSCngHmacCheckId(xmlSecTransformPtr transform) { + +#ifndef XMLSEC_NO_MD5 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacMd5Id)) { + return(1); + } else +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacSha1Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacSha256Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacSha384Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacSha512Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA512 */ + + /* not found */ + { + return(0); + } +} +static int +xmlSecMSCngHmacInitialize(xmlSecTransformPtr transform) { + xmlSecMSCngHmacCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngHmacCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngHmacSize), -1); + + ctx = xmlSecMSCngHmacGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + /* initialize context */ + memset(ctx, 0, sizeof(xmlSecMSCngHmacCtx)); + +#ifndef XMLSEC_NO_MD5 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacMd5Id)) { + ctx->pszAlgId = BCRYPT_MD5_ALGORITHM; + } else +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacSha1Id)) { + ctx->pszAlgId = BCRYPT_SHA1_ALGORITHM; + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacSha256Id)) { + ctx->pszAlgId = BCRYPT_SHA256_ALGORITHM; + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacSha384Id)) { + ctx->pszAlgId = BCRYPT_SHA384_ALGORITHM; + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformHmacSha512Id)) { + ctx->pszAlgId = BCRYPT_SHA512_ALGORITHM; + } else +#endif /* XMLSEC_NO_SHA512 */ + + /* not found */ + { + xmlSecInvalidTransfromError(transform) + return(-1); + } + + return(0); +} + +static void +xmlSecMSCngHmacFinalize(xmlSecTransformPtr transform) { + xmlSecMSCngHmacCtxPtr ctx; + + xmlSecAssert(xmlSecMSCngHmacCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCngHmacSize)); + + ctx = xmlSecMSCngHmacGetCtx(transform); + xmlSecAssert(ctx != NULL); + + if(ctx->hash != NULL) { + xmlFree(ctx->hash); + } + + if(ctx->hHash != NULL) { + BCryptDestroyHash(ctx->hHash); + } + + if(ctx->hAlg != NULL) { + BCryptCloseAlgorithmProvider(ctx->hAlg, 0); + } + + memset(ctx, 0, sizeof(xmlSecMSCngHmacCtx)); +} + +static int +xmlSecMSCngHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngHmacCtxPtr ctx; + xmlNodePtr cur; + + xmlSecAssert2(xmlSecMSCngHmacCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngHmacSize), -1); + xmlSecAssert2(node!= NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngHmacGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + cur = xmlSecGetNextElementNode(node->children); + if((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeHMACOutputLength, xmlSecDSigNs)) { + xmlChar *content; + + content = xmlNodeGetContent(cur); + if(content != NULL) { + ctx->truncationLength = atoi((char*)content); + xmlFree(content); + } + + /* 80 is a minimum value from + * <https://www.w3.org/TR/xmldsig-core1/#sec-SignatureMethod> */ + if((int)ctx->truncationLength < 80) { + xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), + "HMAC output length is too small"); + return(-1); + } + + cur = xmlSecGetNextElementNode(cur->next); + } + + if(cur != NULL) { + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecAssert2(xmlSecMSCngHmacCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngHmacSize), -1); + xmlSecAssert2(keyReq != NULL, -1); + + keyReq->keyId = xmlSecMSCngKeyDataHmacId; + keyReq->keyType = xmlSecKeyDataTypeSymmetric; + if(transform->operation == xmlSecTransformOperationSign) { + keyReq->keyUsage = xmlSecKeyUsageSign; + } else { + keyReq->keyUsage = xmlSecKeyUsageVerify; + } + + return(0); +} + +static int +xmlSecMSCngHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecMSCngHmacCtxPtr ctx; + xmlSecKeyDataPtr value; + xmlSecBufferPtr buffer; + DWORD resultLength = 0; + NTSTATUS status; + + xmlSecAssert2(xmlSecMSCngHmacCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngHmacSize), -1); + xmlSecAssert2(key != NULL, -1); + + ctx = xmlSecMSCngHmacGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->initialized == 0, -1); + + value = xmlSecKeyGetValue(key); + xmlSecAssert2(xmlSecKeyDataCheckId(value, xmlSecMSCngKeyDataHmacId), -1); + + buffer = xmlSecKeyDataBinaryValueGetBuffer(value); + xmlSecAssert2(buffer != NULL, -1); + + if(xmlSecBufferGetSize(buffer) == 0) { + xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform)); + return(-1); + } + + xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); + + /* at this point we know what should be they key, go ahead with the CNG + * calls */ + + status = BCryptOpenAlgorithmProvider(&ctx->hAlg, + ctx->pszAlgId, + NULL, + BCRYPT_ALG_HANDLE_HMAC_FLAG); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", + xmlSecTransformGetName(transform), status); + return(-1); + } + + status = BCryptGetProperty(ctx->hAlg, + BCRYPT_HASH_LENGTH, + (PBYTE)&ctx->hashLength, + sizeof(ctx->hashLength), + &resultLength, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", + xmlSecTransformGetName(transform), status); + return(-1); + } + + ctx->hash = (PBYTE)xmlMalloc(ctx->hashLength); + if(ctx->hash == NULL) { + xmlSecMallocError(ctx->hashLength, NULL); + return(-1); + } + + status = BCryptCreateHash(ctx->hAlg, + &ctx->hHash, + NULL, + 0, + (PBYTE)xmlSecBufferGetData(buffer), + xmlSecBufferGetSize(buffer), + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptCreateHash", + xmlSecTransformGetName(transform), status); + return(-1); + } + + if (ctx->truncationLength == 0) { + /* no custom value is requested, then default to the full length */ + ctx->truncationLength = ctx->hashLength * 8; + } + + ctx->initialized = 1; + return(0); +} + +static int +xmlSecMSCngHmacVerify(xmlSecTransformPtr transform, const xmlSecByte* data, + xmlSecSize dataSize, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngHmacCtxPtr ctx; + xmlSecSize truncationBytes; + static xmlSecByte lastByteMasks[] = { 0xFF, 0x80, 0xC0, 0xE0, 0xF0, 0xF8, + 0xFC, 0xFE }; + xmlSecByte mask; + + xmlSecAssert2(xmlSecTransformIsValid(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngHmacSize), -1); + xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); + xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(dataSize > 0, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngHmacGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->truncationLength > 0, -1); + + /* round up */ + truncationBytes = (ctx->truncationLength + 7) / 8; + + /* compare the digest size in bytes */ + if(dataSize != truncationBytes) { + xmlSecInvalidSizeError("HMAC digest", + dataSize, truncationBytes, + xmlSecTransformGetName(transform)); + transform->status = xmlSecTransformStatusFail; + return(0); + } + + /* we check the last byte separately as possibly not all bits should be + * compared */ + mask = lastByteMasks[ctx->truncationLength % 8]; + if((ctx->hash[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) { + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match (last byte)"); + transform->status = xmlSecTransformStatusFail; + return(0); + } + + /* now check the rest of the digest */ + if((dataSize > 1) && (memcmp(ctx->hash, data, dataSize - 1) != 0)) { + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match"); + transform->status = xmlSecTransformStatusFail; + return(0); + } + + transform->status = xmlSecTransformStatusOk; + return(0); +} + +static int +xmlSecMSCngHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngHmacCtxPtr ctx; + xmlSecBufferPtr in, out; + NTSTATUS status; + int ret; + + xmlSecAssert2(xmlSecTransformIsValid(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngHmacSize), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + in = &(transform->inBuf); + out = &(transform->outBuf); + + ctx = xmlSecMSCngHmacGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->initialized != 0, -1); + + if(transform->status == xmlSecTransformStatusNone) { + /* we should be already initialized when we set key */ + transform->status = xmlSecTransformStatusWorking; + } + + if(transform->status == xmlSecTransformStatusWorking) { + xmlSecSize inSize; + + inSize = xmlSecBufferGetSize(in); + if(inSize > 0) { + status = BCryptHashData(ctx->hHash, + xmlSecBufferGetData(in), + inSize, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptHashData", + xmlSecTransformGetName(transform), status); + return(-1); + } + + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), "size=%d", inSize); + return(-1); + } + } + + if(last) { + status = BCryptFinishHash(ctx->hHash, + ctx->hash, + ctx->hashLength, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptFinishHash", + xmlSecTransformGetName(transform), status); + return(-1); + } + + /* copy result to output */ + if(transform->operation == xmlSecTransformOperationSign) { + /* round up */ + xmlSecSize truncationBytes = (ctx->truncationLength + 7) / 8; + + ret = xmlSecBufferAppend(out, ctx->hash, truncationBytes); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", truncationBytes); + return(-1); + } + } + transform->status = xmlSecTransformStatusFinished; + } + } else if(transform->status == xmlSecTransformStatusFinished) { + /* the only way we can get here is if there is no input */ + xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } + + return(0); +} + +#ifndef XMLSEC_NO_MD5 +/****************************************************************************** + * + * HMAC MD5 + * + ******************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngHmacMd5Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngHmacSize, /* xmlSecSize objSize */ + + xmlSecNameHmacMd5, /* const xmlChar* name; */ + xmlSecHrefHmacMd5, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecMSCngHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngHmacVerify, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngHmacExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformHmacMd5GetKlass: + * + * The HMAC-MD5 transform klass. + * + * Returns: the HMAC-MD5 transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformHmacMd5GetKlass(void) { + return(&xmlSecMSCngHmacMd5Klass); +} + +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 +/****************************************************************************** + * + * HMAC SHA1 + * + ******************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngHmacSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngHmacSize, /* xmlSecSize objSize */ + + xmlSecNameHmacSha1, /* const xmlChar* name; */ + xmlSecHrefHmacSha1, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecMSCngHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngHmacVerify, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngHmacExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformHmacSha1GetKlass: + * + * The HMAC-SHA1 transform klass. + * + * Returns: the HMAC-SHA1 transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformHmacSha1GetKlass(void) { + return(&xmlSecMSCngHmacSha1Klass); +} + +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 +/****************************************************************************** + * + * HMAC SHA256 + * + ******************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngHmacSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngHmacSize, /* xmlSecSize objSize */ + + xmlSecNameHmacSha256, /* const xmlChar* name; */ + xmlSecHrefHmacSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecMSCngHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngHmacVerify, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngHmacExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformHmacSha256GetKlass: + * + * The HMAC-SHA256 transform klass. + * + * Returns: the HMAC-SHA256 transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformHmacSha256GetKlass(void) { + return(&xmlSecMSCngHmacSha256Klass); +} + +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 +/****************************************************************************** + * + * HMAC SHA384 + * + ******************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngHmacSha384Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngHmacSize, /* xmlSecSize objSize */ + + xmlSecNameHmacSha384, /* const xmlChar* name; */ + xmlSecHrefHmacSha384, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecMSCngHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngHmacVerify, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngHmacExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformHmacSha384GetKlass: + * + * The HMAC-SHA384 transform klass. + * + * Returns: the HMAC-SHA384 transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformHmacSha384GetKlass(void) { + return(&xmlSecMSCngHmacSha384Klass); +} + +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 +/****************************************************************************** + * + * HMAC SHA512 + * + ******************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngHmacSha512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngHmacSize, /* xmlSecSize objSize */ + + xmlSecNameHmacSha512, /* const xmlChar* name; */ + xmlSecHrefHmacSha512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecMSCngHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngHmacVerify, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngHmacExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformHmacSha512GetKlass: + * + * The HMAC-SHA512 transform klass. + * + * Returns: the HMAC-SHA512 transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformHmacSha512GetKlass(void) { + return(&xmlSecMSCngHmacSha512Klass); +} + +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_HMAC */ diff --git a/src/mscng/keysstore.c b/src/mscng/keysstore.c new file mode 100644 index 00000000..7cb5fea7 --- /dev/null +++ b/src/mscng/keysstore.c @@ -0,0 +1,519 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:keysstore + * @Short_description: Keys store implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Stable + * + */ + +#include "globals.h" + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> +#include <ncrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/bn.h> + +#include <xmlsec/mscng/app.h> +#include <xmlsec/mscng/crypto.h> +#include <xmlsec/mscng/keysstore.h> +#include <xmlsec/mscng/x509.h> +#include <xmlsec/mscng/certkeys.h> + +#define XMLSEC_MSCNG_APP_DEFAULT_CERT_STORE_NAME TEXT("MY") + +/**************************************************************************** + * + * MSCng Keys Store. Uses Simple Keys Store under the hood + * + * Simple Keys Store ptr is located after xmlSecKeyStore + * + ***************************************************************************/ +#define xmlSecMSCngKeysStoreSize (sizeof(xmlSecKeyStore) + sizeof(xmlSecKeyStorePtr)) + +#define xmlSecMSCngKeysStoreGetSS(store) \ + ((xmlSecKeyStoreCheckSize((store), xmlSecMSCngKeysStoreSize)) ? \ + (xmlSecKeyStorePtr*)(((xmlSecByte*)(store)) + sizeof(xmlSecKeyStore)) : \ + (xmlSecKeyStorePtr*)NULL) + +static int +xmlSecMSCngKeysStoreInitialize(xmlSecKeyStorePtr store) { + xmlSecKeyStorePtr *ss; + + xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCngKeysStoreId), -1); + + ss = xmlSecMSCngKeysStoreGetSS(store); + xmlSecAssert2(*ss == NULL, -1); + + *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); + if(*ss == NULL) { + xmlSecInternalError("xmlSecKeyStoreCreate", + xmlSecKeyStoreGetName(store)); + return(-1); + } + + return(0); +} + +static void +xmlSecMSCngKeysStoreFinalize(xmlSecKeyStorePtr store) { + xmlSecKeyStorePtr *ss; + + xmlSecAssert(xmlSecKeyStoreCheckId(store, xmlSecMSCngKeysStoreId)); + + ss = xmlSecMSCngKeysStoreGetSS(store); + xmlSecAssert((ss != NULL) && (*ss != NULL)); + + xmlSecKeyStoreDestroy(*ss); +} + +static PCCERT_CONTEXT +xmlSecMSCngKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + LPCTSTR storeName; + HCERTSTORE hStore = NULL; + PCCERT_CONTEXT pCertContext = NULL; + LPTSTR wcName = NULL; + BOOL ret; + + xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCngKeysStoreId), NULL); + xmlSecAssert2(name != NULL, NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + + storeName = xmlSecMSCngAppGetCertStoreName(); + if(storeName == NULL) { + storeName = XMLSEC_MSCNG_APP_DEFAULT_CERT_STORE_NAME; + } + + hStore = CertOpenSystemStore(0, storeName); + if(hStore == NULL) { + xmlSecMSCngLastError("CertOpenSystemStore", + xmlSecKeyStoreGetName(store)); + return(NULL); + } + + /* convert name to unicode */ + wcName = xmlSecWin32ConvertUtf8ToTstr(name); + if(wcName == NULL) { + xmlSecInternalError("xmlSecWin32ConvertUtf8ToTstr(name)", + xmlSecKeyStoreGetName(store)); + CertCloseStore(hStore, 0); + return(NULL); + } + + /* find cert based on subject */ + pCertContext = xmlSecMSCngX509FindCertBySubject( + hStore, + wcName, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING); + + if(pCertContext == NULL) { + /* find cert based on friendly name */ + DWORD dwPropSize; + PBYTE pbFriendlyName; + PCCERT_CONTEXT pCertCtxIter = NULL; + + + while (1) { + pCertCtxIter = CertEnumCertificatesInStore(hStore, pCertCtxIter); + if(pCertCtxIter == NULL) { + break; + } + + ret = CertGetCertificateContextProperty(pCertCtxIter, + CERT_FRIENDLY_NAME_PROP_ID, + NULL, &dwPropSize); + if(ret != TRUE) { + continue; + } + + pbFriendlyName = xmlMalloc(dwPropSize); + if(pbFriendlyName == NULL) { + xmlSecMallocError(dwPropSize, xmlSecKeyStoreGetName(store)); + xmlFree(wcName); + CertCloseStore(hStore, 0); + return(NULL); + } + + ret = CertGetCertificateContextProperty(pCertCtxIter, + CERT_FRIENDLY_NAME_PROP_ID, + pbFriendlyName, + &dwPropSize); + if(ret != TRUE) { + xmlFree(pbFriendlyName); + continue; + } + + if(lstrcmp(wcName, (LPCTSTR)pbFriendlyName) == 0) { + pCertContext = pCertCtxIter; + xmlFree(pbFriendlyName); + break; + } + + xmlFree(pbFriendlyName); + } + } + + if(pCertContext == NULL) { + /* find cert based on part of the name */ + pCertContext = CertFindCertificateInStore( + hStore, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_STR, + wcName, + NULL); + } + + + xmlFree(wcName); + /* dwFlags=0 means close the store with memory remaining allocated for + * contexts that have not been freed */ + CertCloseStore(hStore, 0); + + return(pCertContext); +} + +static xmlSecKeyPtr +xmlSecMSCngKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyStorePtr* ss; + xmlSecKeyPtr key = NULL; + xmlSecKeyReqPtr keyReq = NULL; + PCCERT_CONTEXT pCertContext = NULL; + PCCERT_CONTEXT pDuplicatedCertContext = NULL; + xmlSecKeyDataPtr data = NULL; + xmlSecKeyDataPtr x509Data = NULL; + xmlSecKeyPtr res = NULL; + int ret; + + xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCngKeysStoreId), NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + + ss = xmlSecMSCngKeysStoreGetSS(store); + xmlSecAssert2(((ss != NULL) && (*ss != NULL)), NULL); + + /* look for the key in the simple store */ + key = xmlSecKeyStoreFindKey(*ss, name, keyInfoCtx); + if(key != NULL) { + return(key); + } + + /* look for a named public or private key in the OS store */ + if(name == NULL) { + goto done; + } + + keyReq = &(keyInfoCtx->keyReq); + if(!(keyReq->keyType & (xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate))) { + goto done; + } + + pCertContext = xmlSecMSCngKeysStoreFindCert(store, name, keyInfoCtx); + if(pCertContext == NULL) { + goto done; + } + + /* set cert in x509 data */ + x509Data = xmlSecKeyDataCreate(xmlSecMSCngKeyDataX509Id); + if(x509Data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + + pDuplicatedCertContext = CertDuplicateCertificateContext(pCertContext); + if(pDuplicatedCertContext == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + + ret = xmlSecMSCngKeyDataX509AdoptCert(x509Data, pDuplicatedCertContext); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + pDuplicatedCertContext = NULL; + + pDuplicatedCertContext = CertDuplicateCertificateContext(pCertContext); + if(pDuplicatedCertContext == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + + ret = xmlSecMSCngKeyDataX509AdoptKeyCert(x509Data, pDuplicatedCertContext); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + pDuplicatedCertContext = NULL; + + /* set cert in key data */ + data = xmlSecMSCngCertAdopt(pCertContext, keyReq->keyType); + if(data == NULL) { + xmlSecInternalError("xmlSecMSCngCertAdopt", NULL); + goto done; + } + pCertContext = NULL; + + /* create key and add key data and x509 data to it */ + key = xmlSecKeyCreate(); + if(key == NULL) { + xmlSecInternalError("xmlSecKeyCreate", NULL); + goto done; + } + + ret = xmlSecKeySetValue(key, data); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetValue", xmlSecKeyDataGetName(data)); + goto done; + } + data = NULL; + + ret = xmlSecKeyAdoptData(key, x509Data); + if(ret < 0) { + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); + goto done; + } + x509Data = NULL; + + /* set the name of the key to the given name */ + ret = xmlSecKeySetName(key, name); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetName", xmlSecKeyStoreGetName(store)); + goto done; + } + + /* now that we have a key, make sure it is valid */ + if(xmlSecKeyIsValid(key)) { + res = key; + key = NULL; + } + +done: + if(pCertContext != NULL) { + CertFreeCertificateContext(pCertContext); + } + + if(pDuplicatedCertContext != NULL) { + CertFreeCertificateContext(pDuplicatedCertContext); + } + + if(data != NULL) { + xmlSecKeyDataDestroy(data); + } + + if(x509Data != NULL) { + xmlSecKeyDataDestroy(x509Data); + } + + if(key != NULL) { + xmlSecKeyDestroy(key); + } + + return(res); +} + +static xmlSecKeyStoreKlass xmlSecMSCngKeysStoreKlass = { + sizeof(xmlSecKeyStoreKlass), + xmlSecMSCngKeysStoreSize, + + /* data */ + BAD_CAST "MSCng-keys-store", /* const xmlChar* name; */ + + /* constructors/destructor */ + xmlSecMSCngKeysStoreInitialize, /* xmlSecKeyStoreInitializeMethod initialize; */ + xmlSecMSCngKeysStoreFinalize, /* xmlSecKeyStoreFinalizeMethod finalize; */ + xmlSecMSCngKeysStoreFindKey, /* xmlSecKeyStoreFindKeyMethod findKey; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeysStoreGetKlass: + * + * The MSCng list based keys store klass. + * + * Returns: MSCng list based keys store klass. + */ +xmlSecKeyStoreId +xmlSecMSCngKeysStoreGetKlass(void) { + return(&xmlSecMSCngKeysStoreKlass); +} + +/** + * xmlSecMSCngKeysStoreAdoptKey: + * @store: the pointer to MSCng keys store. + * @key: the pointer to key. + * + * Adds @key to the @store. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +int +xmlSecMSCngKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { + xmlSecKeyStorePtr *ss; + + xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCngKeysStoreId), -1); + xmlSecAssert2((key != NULL), -1); + + ss = xmlSecMSCngKeysStoreGetSS(store); + xmlSecAssert2(ss != NULL, -1); + xmlSecAssert2(*ss != NULL, -1); + xmlSecAssert2(xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId), -1); + + return(xmlSecSimpleKeysStoreAdoptKey(*ss, key)); +} + +/** + * xmlSecMSCngKeysStoreLoad: + * @store: the pointer to MSCng keys store. + * @uri: the filename. + * @keysMngr: the pointer to associated keys manager. + * + * Reads keys from an XML file. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +int +xmlSecMSCngKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, + xmlSecKeysMngrPtr keysMngr) { + xmlDocPtr doc; + xmlNodePtr root; + xmlNodePtr cur; + xmlSecKeyPtr key; + xmlSecKeyInfoCtx keyInfoCtx; + int ret; + + xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCngKeysStoreId), -1); + xmlSecAssert2((uri != NULL), -1); + UNREFERENCED_PARAMETER(keysMngr); + + doc = xmlParseFile(uri); + if(doc == NULL) { + xmlSecXmlError2("xmlParseFile", xmlSecKeyStoreGetName(store), "uri=%s", + xmlSecErrorsSafeString(uri)); + return(-1); + } + + root = xmlDocGetRootElement(doc); + if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) { + xmlSecInvalidNodeError(root, BAD_CAST "Keys", xmlSecKeyStoreGetName(store)); + xmlFreeDoc(doc); + return(-1); + } + + cur = xmlSecGetNextElementNode(root->children); + while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { + key = xmlSecKeyCreate(); + if(key == NULL) { + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyStoreGetName(store)); + xmlFreeDoc(doc); + return(-1); + } + + ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); + if(ret < 0) { + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyStoreGetName(store)); + xmlSecKeyDestroy(key); + xmlFreeDoc(doc); + return(-1); + } + + keyInfoCtx.mode = xmlSecKeyInfoModeRead; + keyInfoCtx.keysMngr = NULL; + keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND | + XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; + keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; + keyInfoCtx.keyReq.keyType = xmlSecKeyDataTypeAny; + keyInfoCtx.keyReq.keyUsage= xmlSecKeyDataUsageAny; + + ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecKeyInfoNodeRead", + xmlSecKeyStoreGetName(store)); + xmlSecKeyInfoCtxFinalize(&keyInfoCtx); + xmlSecKeyDestroy(key); + xmlFreeDoc(doc); + return(-1); + } + xmlSecKeyInfoCtxFinalize(&keyInfoCtx); + + if(xmlSecKeyIsValid(key)) { + ret = xmlSecMSCngKeysStoreAdoptKey(store, key); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeysStoreAdoptKey", + xmlSecKeyStoreGetName(store)); + xmlSecKeyDestroy(key); + xmlFreeDoc(doc); + return(-1); + } + } else { + /* we have an unknown key in our file, just ignore it */ + xmlSecKeyDestroy(key); + } + cur = xmlSecGetNextElementNode(cur->next); + } + + if(cur != NULL) { + xmlSecUnexpectedNodeError(cur, xmlSecKeyStoreGetName(store)); + xmlFreeDoc(doc); + return(-1); + } + + xmlFreeDoc(doc); + return(0); +} + +/** + * xmlSecMSCngKeysStoreSave: + * @store: the pointer to MSCng keys store. + * @filename: the filename. + * @type: the saved keys type (public, private, ...). + * + * Writes keys from @store to an XML file. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +int +xmlSecMSCngKeysStoreSave(xmlSecKeyStorePtr store, const char *filename, xmlSecKeyDataType type) { + xmlSecKeyStorePtr *ss; + + xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCngKeysStoreId), -1); + xmlSecAssert2((filename != NULL), -1); + + ss = xmlSecMSCngKeysStoreGetSS(store); + xmlSecAssert2(ss != NULL, -1); + xmlSecAssert2(*ss != NULL, -1); + xmlSecAssert2(xmlSecKeyStoreCheckId(*ss, xmlSecSimpleKeysStoreId), -1); + + return(xmlSecSimpleKeysStoreSave(*ss, filename, type)); +} diff --git a/src/mscng/kt_rsa.c b/src/mscng/kt_rsa.c new file mode 100644 index 00000000..3c8d1285 --- /dev/null +++ b/src/mscng/kt_rsa.c @@ -0,0 +1,544 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:kt_rsa + * @Short_description: RSA Key Transport transforms implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ + +#include "globals.h" + +#ifndef XMLSEC_NO_RSA + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> +#include <ncrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/bn.h> + +#include <xmlsec/mscng/crypto.h> +#include <xmlsec/mscng/certkeys.h> + +/************************************************************************** + * + * Internal MSCNG RSA PKCS1 CTX + * + *************************************************************************/ +typedef struct _xmlSecMSCngRsaPkcs1OaepCtx xmlSecMSCngRsaPkcs1OaepCtx, *xmlSecMSCngRsaPkcs1OaepCtxPtr; + +struct _xmlSecMSCngRsaPkcs1OaepCtx { + xmlSecKeyDataPtr data; + xmlSecBuffer oaepParams; + +}; + +/********************************************************************* + * + * RSA PKCS1 key transport transform + * + * xmlSecMSCngRsaPkcs1OaepCtx is located after xmlSecTransform + * + ********************************************************************/ +#define xmlSecMSCngRsaPkcs1OaepCtx \ + (sizeof(xmlSecTransform) + sizeof(xmlSecMSCngRsaPkcs1OaepCtx)) +#define xmlSecMSCngRsaPkcs1OaepGetCtx(transform) \ + ((xmlSecMSCngRsaPkcs1OaepCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + +static int +xmlSecMSCngRsaPkcs1OaepCheckId(xmlSecTransformPtr transform) { + + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaPkcs1Id)) { + return(1); + } + + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId)) { + return(1); + } + + return(0); +} + +static int +xmlSecMSCngRsaPkcs1OaepInitialize(xmlSecTransformPtr transform) { + xmlSecMSCngRsaPkcs1OaepCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecMSCngRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngRsaPkcs1OaepCtx), -1); + + ctx = xmlSecMSCngRsaPkcs1OaepGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + /* initialize */ + memset(ctx, 0, sizeof(xmlSecMSCngRsaPkcs1OaepCtx)); + + ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); + return(-1); + } + + /* done */ + return(0); +} + +static void +xmlSecMSCngRsaPkcs1OaepFinalize(xmlSecTransformPtr transform) { + xmlSecMSCngRsaPkcs1OaepCtxPtr ctx; + + xmlSecAssert(xmlSecMSCngRsaPkcs1OaepCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCngRsaPkcs1OaepCtx)); + + ctx = xmlSecMSCngRsaPkcs1OaepGetCtx(transform); + xmlSecAssert(ctx != NULL); + + if(ctx->data != NULL) { + xmlSecKeyDataDestroy(ctx->data); + ctx->data = NULL; + } + + xmlSecBufferFinalize(&(ctx->oaepParams)); + memset(ctx, 0, sizeof(xmlSecMSCngRsaPkcs1OaepCtx)); +} + +static int +xmlSecMSCngRsaPkcs1OaepSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecMSCngRsaPkcs1OaepCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngRsaPkcs1OaepCtx), -1); + xmlSecAssert2(keyReq != NULL, -1); + + ctx = xmlSecMSCngRsaPkcs1OaepGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + keyReq->keyId = xmlSecMSCngKeyDataRsaId; + if(transform->operation == xmlSecTransformOperationEncrypt) { + keyReq->keyType = xmlSecKeyDataTypePublic; + keyReq->keyUsage = xmlSecKeyUsageEncrypt; + } else { + keyReq->keyType = xmlSecKeyDataTypePrivate; + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + } + return(0); +} + +static int +xmlSecMSCngRsaPkcs1OaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecMSCngRsaPkcs1OaepCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngRsaPkcs1OaepCtx), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), xmlSecMSCngKeyDataRsaId), -1); + + ctx = xmlSecMSCngRsaPkcs1OaepGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->data == NULL, -1); + + ctx->data = xmlSecKeyDataDuplicate(xmlSecKeyGetValue(key)); + if(ctx->data == NULL) { + xmlSecInternalError("xmlSecKeyDataDuplicate", + xmlSecTransformGetName(transform)); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngRsaPkcs1OaepCtxPtr ctx; + xmlSecBufferPtr in, out; + xmlSecSize inSize, outSize; + xmlSecSize keySize; + BCRYPT_KEY_HANDLE hPubKey; + NCRYPT_KEY_HANDLE hPrivKey; + DWORD dwInLen; + DWORD dwOutLen; + xmlSecByte * outBuf; + xmlSecByte * inBuf; + SECURITY_STATUS securityStatus; + NTSTATUS status; + int ret; + + xmlSecAssert2(xmlSecMSCngRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngRsaPkcs1OaepCtx), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngRsaPkcs1OaepGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->data != NULL, -1); + + keySize = xmlSecKeyDataGetSize(ctx->data) / 8; + xmlSecAssert2(keySize > 0, -1); + + in = &(transform->inBuf); + out = &(transform->outBuf); + + inSize = xmlSecBufferGetSize(in); + outSize = xmlSecBufferGetSize(out); + xmlSecAssert2(outSize == 0, -1); + + /* the encoded size is equal to the keys size so we could not + * process more than that */ + if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) { + xmlSecInvalidSizeLessThanError("Input data", inSize, keySize, + xmlSecTransformGetName(transform)); + return(-1); + } else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) { + xmlSecInvalidSizeError("Input data", inSize, keySize, + xmlSecTransformGetName(transform)); + return(-1); + } + + outSize = keySize; + ret = xmlSecBufferSetMaxSize(out, outSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), "size=%d", outSize); + return(-1); + } + + if(transform->operation == xmlSecTransformOperationEncrypt) { + if(inSize > outSize) { + xmlSecInvalidSizeLessThanError("Output data", outSize, inSize, + xmlSecTransformGetName(transform)); + return(-1); + } + dwInLen = inSize; + + inBuf = xmlSecBufferGetData(in); + outBuf = xmlSecBufferGetData(out); + + hPubKey = xmlSecMSCngKeyDataGetPubKey(ctx->data); + if (hPubKey == 0) { + xmlSecInternalError("xmlSecMSCngKeyDataGetPubKey", + xmlSecTransformGetName(transform)); + return (-1); + } + + /* encrypt */ + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaPkcs1Id)) { + status = BCryptEncrypt(hPubKey, + inBuf, + inSize, + NULL, + NULL, + 0, + outBuf, + outSize, + &dwOutLen, + BCRYPT_PAD_PKCS1); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptEncrypt", + xmlSecTransformGetName(transform), status); + return(-1); + } + } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId)) { + BCRYPT_OAEP_PADDING_INFO paddingInfo; + paddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM; + paddingInfo.pbLabel = xmlSecBufferGetData(&(ctx->oaepParams)); + paddingInfo.cbLabel = xmlSecBufferGetSize(&(ctx->oaepParams)); + status = BCryptEncrypt(hPubKey, + inBuf, + inSize, + &paddingInfo, + NULL, + 0, + outBuf, + outSize, + &dwOutLen, + BCRYPT_PAD_OAEP); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptEncrypt", + xmlSecTransformGetName(transform), status); + return(-1); + } + } else { + xmlSecInvalidTransfromError(transform) + return(-1); + } + } else { + dwOutLen = inSize; + + ret = xmlSecBufferSetSize(out, inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), "size=%d", inSize); + return(-1); + } + + inBuf = xmlSecBufferGetData(in); + outBuf = xmlSecBufferGetData(out); + + hPrivKey = xmlSecMSCngKeyDataGetPrivKey(ctx->data); + if (hPrivKey == 0) { + xmlSecInternalError("xmlSecMSCngKeyDataGetPrivKey", + xmlSecTransformGetName(transform)); + return (-1); + } + + /* decrypt */ + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaPkcs1Id)) { + securityStatus = NCryptDecrypt(hPrivKey, + inBuf, + inSize, + NULL, + outBuf, + inSize, + &dwOutLen, + NCRYPT_PAD_PKCS1_FLAG); + if(securityStatus != ERROR_SUCCESS) { + xmlSecMSCngNtError("NCryptDecrypt", + xmlSecTransformGetName(transform), securityStatus); + return(-1); + } + } else if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaOaepId)) { + BCRYPT_OAEP_PADDING_INFO paddingInfo; + paddingInfo.pszAlgId = BCRYPT_SHA1_ALGORITHM; + paddingInfo.pbLabel = xmlSecBufferGetData(&(ctx->oaepParams)); + paddingInfo.cbLabel = xmlSecBufferGetSize(&(ctx->oaepParams)); + + securityStatus = NCryptDecrypt(hPrivKey, + inBuf, + inSize, + &paddingInfo, + outBuf, + inSize, + &dwOutLen, + NCRYPT_PAD_OAEP_FLAG); + if(securityStatus != ERROR_SUCCESS) { + xmlSecMSCngNtError("NCryptDecrypt", + xmlSecTransformGetName(transform), securityStatus); + return(-1); + } + } else { + xmlSecInvalidTransfromError(transform) + return(-1); + } + + outSize = dwOutLen; + } + + ret = xmlSecBufferSetSize(out, outSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), "size=%d", outSize); + return(-1); + } + + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), "size=%d", inSize); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngRsaPkcs1OaepCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecMSCngRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngRsaPkcs1OaepCtx), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngRsaPkcs1OaepGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + if(transform->status == xmlSecTransformStatusNone) { + transform->status = xmlSecTransformStatusWorking; + } + + if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) { + /* just do nothing */ + } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { + ret = xmlSecMSCngRsaPkcs1OaepProcess(transform, transformCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngRsaPkcs1OaepProcess", + xmlSecTransformGetName(transform)); + return(-1); + } + + transform->status = xmlSecTransformStatusFinished; + } else if(transform->status == xmlSecTransformStatusFinished) { + /* the only way we can get here is if there is no input */ + xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } + + return(0); +} + +/********************************************************************** + * + * RSA/PKCS1 transform + * + **********************************************************************/ +static xmlSecTransformKlass xmlSecMSCngRsaPkcs1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngRsaPkcs1OaepCtx, /* xmlSecSize objSize */ + + xmlSecNameRsaPkcs1, /* const xmlChar* name; */ + xmlSecHrefRsaPkcs1, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformRsaPkcs1GetKlass: + * + * The RSA-PKCS1 key transport transform klass. + * + * Returns: RSA-PKCS1 key transport transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformRsaPkcs1GetKlass(void) { + return(&xmlSecMSCngRsaPkcs1Klass); +} + +static int +xmlSecMSCngRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, + xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngRsaPkcs1OaepCtxPtr ctx; + xmlNodePtr cur; + int ret; + + xmlSecAssert2(xmlSecMSCngRsaPkcs1OaepCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngRsaPkcs1OaepCtx), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngRsaPkcs1OaepGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + cur = xmlSecGetNextElementNode(node->children); + while(cur != NULL) { + if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) { + ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", + xmlSecTransformGetName(transform)); + return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) { + xmlChar* algorithm; + + /* Algorithm attribute is required */ + algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm); + if(algorithm == NULL) { + xmlSecInvalidNodeAttributeError(cur, xmlSecAttrAlgorithm, + xmlSecTransformGetName(transform), + "empty"); + return(-1); + } + + /* for now we support only sha1 */ + if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) { + xmlSecInvalidTransfromError2(transform, + "digest algorithm=\"%s\" is not supported for rsa/oaep", + xmlSecErrorsSafeString(algorithm)); + xmlFree(algorithm); + return(-1); + } + xmlFree(algorithm); + } else { + /* node not recognized */ + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); + return(-1); + } + + /* next node */ + cur = xmlSecGetNextElementNode(cur->next); + } + + return(0); +} + +static xmlSecTransformKlass xmlSecMSCngRsaOaepKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngRsaPkcs1OaepCtx, /* xmlSecSize objSize */ + + xmlSecNameRsaOaep, /* const xmlChar* name; */ + xmlSecHrefRsaOaep, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngRsaPkcs1OaepInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngRsaPkcs1OaepFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecMSCngRsaOaepNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngRsaPkcs1OaepSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngRsaPkcs1OaepSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngRsaPkcs1OaepExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformRsaOaepGetKlass: + * + * The RSA-OAEP key transport transform klass. + * + * Returns: RSA-OAEP key transport transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformRsaOaepGetKlass(void) { + return(&xmlSecMSCngRsaOaepKlass); +} + +#endif /* XMLSEC_NO_RSA */ diff --git a/src/mscng/kw_aes.c b/src/mscng/kw_aes.c new file mode 100644 index 00000000..4c52a952 --- /dev/null +++ b/src/mscng/kw_aes.c @@ -0,0 +1,702 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:kw_aes + * @Short_description: AES Key Transport transforms implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ + +#include "globals.h" + +#ifndef XMLSEC_NO_AES + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> +#include <ncrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/bn.h> + +#include <xmlsec/mscng/crypto.h> + +#include "../kw_aes_des.h" + +/************************************************************************** + * + * Internal MSCng KW AES cipher CTX + * + *****************************************************************************/ +typedef struct _xmlSecMSCngKWAesCtx xmlSecMSCngKWAesCtx, *xmlSecMSCngKWAesCtxPtr; +struct _xmlSecMSCngKWAesCtx { + LPCWSTR pszAlgId; + xmlSecKeyDataId keyId; + xmlSecSize keySize; + xmlSecBuffer keyBuffer; +}; + +/****************************************************************************** + * + * KW AES transforms + * + * xmlSecMSCngKWAesCtx block is located after xmlSecTransform structure + * + *****************************************************************************/ +#define xmlSecMSCngKWAesSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecMSCngKWAesCtx)) +#define xmlSecMSCngKWAesGetCtx(transform) \ + ((xmlSecMSCngKWAesCtxPtr)(((unsigned char*)(transform)) + sizeof(xmlSecTransform))) + +/********************************************************************* + * + * AES KW implementation + * + ********************************************************************/ +static int +xmlSecMSCngKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize, + xmlSecByte * out, xmlSecSize outSize, void * context) { + xmlSecMSCngKWAesCtxPtr ctx = (xmlSecMSCngKWAesCtxPtr)context; + BCRYPT_ALG_HANDLE hAlg = NULL; + BCRYPT_KEY_HANDLE hKey = NULL; + DWORD cbData; + PBYTE pbKeyObject = NULL; + DWORD cbKeyObject; + xmlSecBuffer blob; + BCRYPT_KEY_DATA_BLOB_HEADER* blobHeader; + xmlSecSize blobHeaderLen; + int res = -1; + NTSTATUS status; + int ret; + + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(outSize >= inSize, -1); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1); + + ret = xmlSecBufferInitialize(&blob, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", NULL); + goto done; + } + + status = BCryptOpenAlgorithmProvider( + &hAlg, + BCRYPT_AES_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", NULL, status); + goto done; + } + + /* allocate the key object */ + status = BCryptGetProperty(hAlg, + BCRYPT_OBJECT_LENGTH, + (PBYTE)&cbKeyObject, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", NULL, status); + goto done; + } + + pbKeyObject = xmlMalloc(cbKeyObject); + if(pbKeyObject == NULL) { + xmlSecMallocError(cbKeyObject, NULL); + goto done; + } + + /* prefix the key with a BCRYPT_KEY_DATA_BLOB_HEADER */ + blobHeaderLen = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + xmlSecBufferGetSize(&ctx->keyBuffer); + ret = xmlSecBufferSetSize(&blob, blobHeaderLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", + blobHeaderLen); + goto done; + } + + blobHeader = (BCRYPT_KEY_DATA_BLOB_HEADER*)xmlSecBufferGetData(&blob); + blobHeader->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; + blobHeader->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; + blobHeader->cbKeyData = xmlSecBufferGetSize(&ctx->keyBuffer); + memcpy(xmlSecBufferGetData(&blob) + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER), + xmlSecBufferGetData(&ctx->keyBuffer), + xmlSecBufferGetSize(&ctx->keyBuffer)); + + /* perform the actual import */ + status = BCryptImportKey(hAlg, + NULL, + BCRYPT_KEY_DATA_BLOB, + &hKey, + pbKeyObject, + cbKeyObject, + xmlSecBufferGetData(&blob), + xmlSecBufferGetSize(&blob), + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptImportKey", NULL, status); + goto done; + } + + /* handle padding ourselves */ + if(out != in) { + memcpy(out, in, inSize); + } + + cbData = inSize; + status = BCryptEncrypt(hKey, + (PUCHAR)in, + inSize, + NULL, + NULL, + 0, + out, + inSize, + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptEncrypt", NULL, status); + goto done; + } + + res = cbData; + +done: + if (hKey != NULL) { + BCryptDestroyKey(hKey); + } + + xmlSecBufferFinalize(&blob); + + if (pbKeyObject != NULL) { + xmlFree(pbKeyObject); + } + + if(hAlg != NULL) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(res); +} + +static int +xmlSecMSCngKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, + xmlSecByte * out, xmlSecSize outSize, void * context) { + xmlSecMSCngKWAesCtxPtr ctx = (xmlSecMSCngKWAesCtxPtr)context; + BCRYPT_ALG_HANDLE hAlg = NULL; + BCRYPT_KEY_HANDLE hKey = NULL; + DWORD cbData; + PBYTE pbKeyObject = NULL; + DWORD cbKeyObject; + xmlSecBuffer blob; + BCRYPT_KEY_DATA_BLOB_HEADER* blobHeader; + xmlSecSize blobHeaderLen; + int res = -1; + NTSTATUS status; + int ret; + + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(inSize >= XMLSEC_KW_AES_BLOCK_SIZE, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(outSize >= inSize, -1); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(xmlSecBufferGetSize(&ctx->keyBuffer) == ctx->keySize, -1); + + ret = xmlSecBufferInitialize(&blob, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", NULL); + goto done; + } + + status = BCryptOpenAlgorithmProvider( + &hAlg, + BCRYPT_AES_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", NULL, status); + goto done; + } + + /* allocate the key object */ + status = BCryptGetProperty(hAlg, + BCRYPT_OBJECT_LENGTH, + (PBYTE)&cbKeyObject, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", NULL, status); + goto done; + } + + pbKeyObject = xmlMalloc(cbKeyObject); + if(pbKeyObject == NULL) { + xmlSecMallocError(cbKeyObject, NULL); + goto done; + } + + /* prefix the key with a BCRYPT_KEY_DATA_BLOB_HEADER */ + blobHeaderLen = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + xmlSecBufferGetSize(&ctx->keyBuffer); + ret = xmlSecBufferSetSize(&blob, blobHeaderLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", + blobHeaderLen); + goto done; + } + + blobHeader = (BCRYPT_KEY_DATA_BLOB_HEADER*)xmlSecBufferGetData(&blob); + blobHeader->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; + blobHeader->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; + blobHeader->cbKeyData = xmlSecBufferGetSize(&ctx->keyBuffer); + memcpy(xmlSecBufferGetData(&blob) + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER), + xmlSecBufferGetData(&ctx->keyBuffer), + xmlSecBufferGetSize(&ctx->keyBuffer)); + + /* perform the actual import */ + status = BCryptImportKey(hAlg, + NULL, + BCRYPT_KEY_DATA_BLOB, + &hKey, + pbKeyObject, + cbKeyObject, + xmlSecBufferGetData(&blob), + xmlSecBufferGetSize(&blob), + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptImportKey", NULL, status); + goto done; + } + + /* handle padding ourselves */ + if(out != in) { + memcpy(out, in, inSize); + } + + cbData = inSize; + status = BCryptDecrypt(hKey, + (PUCHAR)in, + inSize, + NULL, + NULL, + 0, + out, + inSize, + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDecrypt", NULL, status); + goto done; + } + + res = cbData; + +done: + if (hKey != NULL) { + BCryptDestroyKey(hKey); + } + + xmlSecBufferFinalize(&blob); + + if (pbKeyObject != NULL) { + xmlFree(pbKeyObject); + } + + if(hAlg != NULL) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(res); +} + +/* klass for KW AES operation */ +static xmlSecKWAesKlass xmlSecMSCngKWAesKlass = { + /* callbacks */ + xmlSecMSCngKWAesBlockEncrypt, /* xmlSecKWAesBlockEncryptMethod encrypt; */ + xmlSecMSCngKWAesBlockDecrypt, /* xmlSecKWAesBlockDecryptMethod decrypt; */ + + /* for the future */ + NULL, /* void* reserved0; */ + NULL /* void* reserved1; */ +}; + +static int +xmlSecMSCngKWAesCheckId(xmlSecTransformPtr transform) { + + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformKWAes128Id)) { + return(1); + } + + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformKWAes192Id)) { + return(1); + } + + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformKWAes256Id)) { + return(1); + } + + return(0); +} + +static int +xmlSecMSCngKWAesInitialize(xmlSecTransformPtr transform) { + xmlSecMSCngKWAesCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecMSCngKWAesCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngKWAesSize), -1); + + ctx = xmlSecMSCngKWAesGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + memset(ctx, 0, sizeof(xmlSecMSCngKWAesCtx)); + + ctx->pszAlgId = BCRYPT_AES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataAesId; + + if(transform->id == xmlSecMSCngTransformKWAes128Id) { + ctx->keySize = XMLSEC_KW_AES128_KEY_SIZE; + } else if(transform->id == xmlSecMSCngTransformKWAes192Id) { + ctx->keySize = XMLSEC_KW_AES192_KEY_SIZE; + } else if(transform->id == xmlSecMSCngTransformKWAes256Id) { + ctx->keySize = XMLSEC_KW_AES256_KEY_SIZE; + } else { + xmlSecInvalidTransfromError(transform) + return(-1); + } + + ret = xmlSecBufferInitialize(&ctx->keyBuffer, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); + return(-1); + } + + return(0); +} + +static void +xmlSecMSCngKWAesFinalize(xmlSecTransformPtr transform) { + xmlSecMSCngKWAesCtxPtr ctx; + + xmlSecAssert(xmlSecMSCngKWAesCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCngKWAesSize)); + + ctx = xmlSecMSCngKWAesGetCtx(transform); + xmlSecAssert(ctx != NULL); + + xmlSecBufferFinalize(&ctx->keyBuffer); + + memset(ctx, 0, sizeof(xmlSecMSCngKWAesCtx)); +} + +static int +xmlSecMSCngKWAesSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecMSCngKWAesCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngKWAesCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || + (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngKWAesSize), -1); + xmlSecAssert2(keyReq != NULL, -1); + + ctx = xmlSecMSCngKWAesGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + keyReq->keyId = ctx->keyId; + keyReq->keyType = xmlSecKeyDataTypeSymmetric; + if(transform->operation == xmlSecTransformOperationEncrypt) { + keyReq->keyUsage = xmlSecKeyUsageEncrypt; + } else { + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + } + keyReq->keyBitsSize = ctx->keySize * 8; + return(0); +} + +static int +xmlSecMSCngKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecMSCngKWAesCtxPtr ctx; + xmlSecBufferPtr buffer; + xmlSecSize keySize; + int ret; + + xmlSecAssert2(xmlSecMSCngKWAesCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || + (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngKWAesSize), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), + xmlSecMSCngKeyDataAesId), -1); + + ctx = xmlSecMSCngKWAesGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); + xmlSecAssert2(buffer != NULL, -1); + + keySize = xmlSecBufferGetSize(buffer); + if(keySize < ctx->keySize) { + xmlSecInvalidKeyDataSizeError(keySize, ctx->keySize, + xmlSecTransformGetName(transform)); + return(-1); + } + + ret = xmlSecBufferSetData(&ctx->keyBuffer, xmlSecBufferGetData(buffer), + ctx->keySize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), "size=%d", ctx->keySize); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngKWAesCtxPtr ctx; + xmlSecBufferPtr in, out; + xmlSecSize inSize, outSize; + int ret; + + xmlSecAssert2(xmlSecMSCngKWAesCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || + (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngKWAesSize), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngKWAesGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + in = &transform->inBuf; + out = &transform->outBuf; + inSize = xmlSecBufferGetSize(in); + outSize = xmlSecBufferGetSize(out); + xmlSecAssert2(outSize == 0, -1); + + if(transform->status == xmlSecTransformStatusNone) { + transform->status = xmlSecTransformStatusWorking; + } + + if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) { + /* just do nothing */ + } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { + if((inSize % 8) != 0) { + xmlSecInvalidSizeNotMultipleOfError("transform->inBuf", inSize, 8, + xmlSecTransformGetName(transform)); + return(-1); + } + + if(transform->operation == xmlSecTransformOperationEncrypt) { + /* the encoded key might be 8 bytes longer plus 8 bytes just in + * case */ + outSize = inSize + XMLSEC_KW_AES_MAGIC_BLOCK_SIZE + + XMLSEC_KW_AES_BLOCK_SIZE; + } else { + outSize = inSize + XMLSEC_KW_AES_BLOCK_SIZE; + } + + ret = xmlSecBufferSetMaxSize(out, outSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), "size=%d", outSize); + return(-1); + } + + if(transform->operation == xmlSecTransformOperationEncrypt) { + ret = xmlSecKWAesEncode(&xmlSecMSCngKWAesKlass, ctx, + xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), + outSize); + if(ret < 0) { + xmlSecInternalError("xmlSecKWAesEncode", + xmlSecTransformGetName(transform)); + return(-1); + } + + outSize = ret; + } else { + ret = xmlSecKWAesDecode(&xmlSecMSCngKWAesKlass, ctx, + xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), + outSize); + if(ret < 0) { + xmlSecInternalError("xmlSecKWAesEncode", + xmlSecTransformGetName(transform)); + return(-1); + } + outSize = ret; + } + + ret = xmlSecBufferSetSize(out, outSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), "size=%d", outSize); + return(-1); + } + + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), "size=%d", inSize); + return(-1); + } + + transform->status = xmlSecTransformStatusFinished; + } else if(transform->status == xmlSecTransformStatusFinished) { + /* the only way we can get here is if there is no input */ + xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } + + return(0); +} + +/* + * The AES-128 key wrapper transform klass. + */ +static xmlSecTransformKlass xmlSecMSCngKWAes128Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngKWAesSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes128, /* const xmlChar* name; */ + xmlSecHrefKWAes128, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngKWAesExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformKWAes128GetKlass: + * + * The AES-128 key wrapper transform klass. + * + * Returns: AES-128 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformKWAes128GetKlass(void) { + return(&xmlSecMSCngKWAes128Klass); +} + +/* + * The AES-192 key wrapper transform klass. + */ +static xmlSecTransformKlass xmlSecMSCngKWAes192Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngKWAesSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes192, /* const xmlChar* name; */ + xmlSecHrefKWAes192, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngKWAesExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformKWAes192GetKlass: + * + * The AES-192 key wrapper transform klass. + * + * Returns: AES-192 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformKWAes192GetKlass(void) { + return(&xmlSecMSCngKWAes192Klass); +} + +/* + * The AES-256 key wrapper transform klass. + */ +static xmlSecTransformKlass xmlSecMSCngKWAes256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngKWAesSize, /* xmlSecSize objSize */ + + xmlSecNameKWAes256, /* const xmlChar* name; */ + xmlSecHrefKWAes256, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngKWAesInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngKWAesFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngKWAesSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngKWAesSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngKWAesExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformKWAes256GetKlass: + * + * The AES-256 key wrapper transform klass. + * + * Returns: AES-256 key wrapper transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformKWAes256GetKlass(void) { + return(&xmlSecMSCngKWAes256Klass); +} + +#endif /* XMLSEC_NO_AES */ diff --git a/src/mscng/kw_des.c b/src/mscng/kw_des.c new file mode 100644 index 00000000..236f042e --- /dev/null +++ b/src/mscng/kw_des.c @@ -0,0 +1,790 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:kw_des + * @Short_description: DES Key Transport transforms implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ + +#include "globals.h" + +#ifndef XMLSEC_NO_DES + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> +#include <ncrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/bn.h> + +#include <xmlsec/mscng/crypto.h> + +#include "../kw_aes_des.h" + +/********************************************************************* + * + * Triple DES Key Wrap transform + * + * key (xmlSecBuffer) is located after xmlSecTransform structure + * + ********************************************************************/ +typedef struct _xmlSecMSCngKWDes3Ctx xmlSecMSCngKWDes3Ctx, *xmlSecMSCngKWDes3CtxPtr; + +struct _xmlSecMSCngKWDes3Ctx { + LPCWSTR pszAlgId; + xmlSecKeyDataId keyId; + xmlSecSize keySize; + xmlSecBuffer keyBuffer; +}; + +#define xmlSecMSCngKWDes3Size \ + (sizeof(xmlSecTransform) + sizeof(xmlSecMSCngKWDes3Ctx)) +#define xmlSecMSCngKWDes3GetCtx(transform) \ + ((xmlSecMSCngKWDes3CtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + +static int +xmlSecMSCngKWDes3GenerateRandom(void * context, xmlSecByte * out, + xmlSecSize outSize) +{ + NTSTATUS status; + + UNREFERENCED_PARAMETER(context); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(outSize > 0, -1); + + status = BCryptGenRandom( + NULL, + (PBYTE)out, + outSize, + BCRYPT_USE_SYSTEM_PREFERRED_RNG); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGenRandom", NULL, status); + return(-1); + } + + return((int)outSize); +} + +static int +xmlSecMSCngKWDes3Sha1(void * context, const xmlSecByte * in, xmlSecSize inSize, + xmlSecByte * out, xmlSecSize outSize) { + xmlSecMSCngKWDes3CtxPtr ctx = (xmlSecMSCngKWDes3CtxPtr)context; + BCRYPT_ALG_HANDLE hAlg = NULL; + BCRYPT_HASH_HANDLE hHash = NULL; + PBYTE pbHashObject = NULL; + DWORD cbHashObject; + PBYTE pbHash = NULL; + DWORD cbHash; + DWORD cbData; + int res = -1; + NTSTATUS status; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(inSize > 0, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(outSize > 0, -1); + + /* create */ + status = BCryptOpenAlgorithmProvider(&hAlg, + BCRYPT_SHA1_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", NULL, status); + goto done; + } + + status = BCryptGetProperty(hAlg, + BCRYPT_OBJECT_LENGTH, + (PBYTE)&cbHashObject, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", NULL, status); + goto done; + } + + pbHashObject = (PBYTE)xmlMalloc(cbHashObject); + if(pbHashObject == NULL) { + xmlSecMallocError(cbHashObject, NULL); + goto done; + } + + status = BCryptGetProperty(hAlg, + BCRYPT_HASH_LENGTH, + (PBYTE)&cbHash, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", NULL, status); + goto done; + } + + pbHash = (PBYTE)xmlMalloc(cbHash); + if(pbHash == NULL) { + xmlSecMallocError(cbHash, NULL); + goto done; + } + + status = BCryptCreateHash(hAlg, + &hHash, + pbHashObject, + cbHashObject, + NULL, + 0, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptCreateHash", NULL, status); + goto done; + } + + /* hash */ + status = BCryptHashData(hHash, + (PBYTE)in, + inSize, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptHashData", NULL, status); + goto done; + } + + /* get results */ + status = BCryptFinishHash(hHash, + pbHash, + cbHash, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptFinishHash", NULL, status); + goto done; + } + memcpy(out, pbHash, outSize); + res = cbHash; + +done: + + if(hHash != NULL) { + BCryptDestroyHash(hHash); + } + + if(pbHash != NULL) { + xmlFree(pbHash); + } + + if(pbHashObject != NULL) { + xmlFree(pbHashObject); + } + + if(hAlg != NULL) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(res); +} + +static int +xmlSecMSCngKWDes3BlockEncrypt(void * context, const xmlSecByte * iv, + xmlSecSize ivSize, const xmlSecByte * in, xmlSecSize inSize, + xmlSecByte * out, xmlSecSize outSize) { + xmlSecMSCngKWDes3CtxPtr ctx = (xmlSecMSCngKWDes3CtxPtr)context; + BCRYPT_ALG_HANDLE hAlg = NULL; + BCRYPT_KEY_HANDLE hKey = NULL; + DWORD cbData; + PBYTE pbKeyObject = NULL; + DWORD cbKeyObject; + xmlSecBuffer blob; + BCRYPT_KEY_DATA_BLOB_HEADER* blobHeader; + xmlSecSize blobHeaderLen; + int res = -1; + NTSTATUS status; + DWORD dwBlockLen, dwBlockLenLen; + xmlSecBuffer ivCopy; + int ret; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1); + xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1); + xmlSecAssert2(iv != NULL, -1); + xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(inSize > 0, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(outSize >= inSize, -1); + + ret = xmlSecBufferInitialize(&blob, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", NULL); + goto done; + } + + status = BCryptOpenAlgorithmProvider( + &hAlg, + BCRYPT_3DES_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", NULL, status); + goto done; + } + + /* allocate the key object */ + status = BCryptGetProperty(hAlg, + BCRYPT_OBJECT_LENGTH, + (PBYTE)&cbKeyObject, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", NULL, status); + goto done; + } + + pbKeyObject = xmlMalloc(cbKeyObject); + if(pbKeyObject == NULL) { + xmlSecMallocError(cbKeyObject, NULL); + goto done; + } + + /* prefix the key with a BCRYPT_KEY_DATA_BLOB_HEADER */ + blobHeaderLen = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + xmlSecBufferGetSize(&ctx->keyBuffer); + ret = xmlSecBufferSetSize(&blob, blobHeaderLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", + blobHeaderLen); + goto done; + } + + blobHeader = (BCRYPT_KEY_DATA_BLOB_HEADER*)xmlSecBufferGetData(&blob); + blobHeader->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; + blobHeader->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; + blobHeader->cbKeyData = xmlSecBufferGetSize(&ctx->keyBuffer); + memcpy(xmlSecBufferGetData(&blob) + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER), + xmlSecBufferGetData(&ctx->keyBuffer), + xmlSecBufferGetSize(&ctx->keyBuffer)); + + /* perform the actual import */ + status = BCryptImportKey(hAlg, + NULL, + BCRYPT_KEY_DATA_BLOB, + &hKey, + pbKeyObject, + cbKeyObject, + xmlSecBufferGetData(&blob), + xmlSecBufferGetSize(&blob), + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptImportKey", NULL, status); + goto done; + } + + /* iv len == block len */ + dwBlockLenLen = sizeof(DWORD); + status = BCryptGetProperty(hAlg, + BCRYPT_BLOCK_LENGTH, + (PUCHAR)&dwBlockLen, + sizeof(dwBlockLen), + &dwBlockLenLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", NULL, status); + goto done; + } + + if(ivSize < dwBlockLen / 8) { + xmlSecInvalidSizeLessThanError("ivSize", ivSize, dwBlockLen / 8, NULL); + goto done; + } + + /* handle padding manually */ + if(out != in) { + memcpy(out, in, inSize); + } + + /* caller handles iv manually, so let CNG work on a copy */ + ret = xmlSecBufferInitialize(&ivCopy, ivSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferInitialize", NULL, "size=%d", + ivSize); + goto done; + } + + memcpy(xmlSecBufferGetData(&ivCopy), iv, ivSize); + + cbData = inSize; + status = BCryptEncrypt(hKey, + (PUCHAR)in, + inSize, + NULL, + xmlSecBufferGetData(&ivCopy), + ivSize, + out, + outSize, + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptEncrypt", NULL, status); + goto done; + } + + res = cbData; + +done: + xmlSecBufferFinalize(&ivCopy); + + if (hKey != NULL) { + BCryptDestroyKey(hKey); + } + + xmlSecBufferFinalize(&blob); + + if (pbKeyObject != NULL) { + xmlFree(pbKeyObject); + } + + if(hAlg != NULL) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(res); +} + +static int +xmlSecMSCngKWDes3BlockDecrypt(void * context, const xmlSecByte * iv, + xmlSecSize ivSize, const xmlSecByte * in, xmlSecSize inSize, + xmlSecByte * out, xmlSecSize outSize) { + xmlSecMSCngKWDes3CtxPtr ctx = (xmlSecMSCngKWDes3CtxPtr)context; + BCRYPT_ALG_HANDLE hAlg = NULL; + BCRYPT_KEY_HANDLE hKey = NULL; + DWORD cbData; + PBYTE pbKeyObject = NULL; + DWORD cbKeyObject; + xmlSecBuffer blob; + BCRYPT_KEY_DATA_BLOB_HEADER* blobHeader; + xmlSecSize blobHeaderLen; + int res = -1; + NTSTATUS status; + DWORD dwBlockLen, dwBlockLenLen; + int ret; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1); + xmlSecAssert2(xmlSecBufferGetSize(&(ctx->keyBuffer)) >= XMLSEC_KW_DES3_KEY_LENGTH, -1); + xmlSecAssert2(iv != NULL, -1); + xmlSecAssert2(ivSize >= XMLSEC_KW_DES3_IV_LENGTH, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(inSize > 0, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(outSize >= inSize, -1); + + ret = xmlSecBufferInitialize(&blob, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", NULL); + goto done; + } + + status = BCryptOpenAlgorithmProvider( + &hAlg, + BCRYPT_3DES_ALGORITHM, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", NULL, status); + goto done; + } + + /* allocate the key object */ + status = BCryptGetProperty(hAlg, + BCRYPT_OBJECT_LENGTH, + (PBYTE)&cbKeyObject, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", NULL, status); + goto done; + } + + pbKeyObject = xmlMalloc(cbKeyObject); + if(pbKeyObject == NULL) { + xmlSecMallocError(cbKeyObject, NULL); + goto done; + } + + /* prefix the key with a BCRYPT_KEY_DATA_BLOB_HEADER */ + blobHeaderLen = sizeof(BCRYPT_KEY_DATA_BLOB_HEADER) + xmlSecBufferGetSize(&ctx->keyBuffer); + ret = xmlSecBufferSetSize(&blob, blobHeaderLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", + blobHeaderLen); + goto done; + } + + blobHeader = (BCRYPT_KEY_DATA_BLOB_HEADER*)xmlSecBufferGetData(&blob); + blobHeader->dwMagic = BCRYPT_KEY_DATA_BLOB_MAGIC; + blobHeader->dwVersion = BCRYPT_KEY_DATA_BLOB_VERSION1; + blobHeader->cbKeyData = xmlSecBufferGetSize(&ctx->keyBuffer); + memcpy(xmlSecBufferGetData(&blob) + sizeof(BCRYPT_KEY_DATA_BLOB_HEADER), + xmlSecBufferGetData(&ctx->keyBuffer), + xmlSecBufferGetSize(&ctx->keyBuffer)); + + /* perform the actual import */ + status = BCryptImportKey(hAlg, + NULL, + BCRYPT_KEY_DATA_BLOB, + &hKey, + pbKeyObject, + cbKeyObject, + xmlSecBufferGetData(&blob), + xmlSecBufferGetSize(&blob), + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptImportKey", NULL, status); + goto done; + } + + /* iv len == block len */ + dwBlockLenLen = sizeof(DWORD); + status = BCryptGetProperty(hAlg, + BCRYPT_BLOCK_LENGTH, + (PUCHAR)&dwBlockLen, + sizeof(dwBlockLen), + &dwBlockLenLen, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", NULL, status); + goto done; + } + + if(ivSize < dwBlockLen / 8) { + xmlSecInvalidSizeLessThanError("ivSize", ivSize, dwBlockLen / 8, NULL); + goto done; + } + + /* handle padding manually */ + if(out != in) { + memcpy(out, in, inSize); + } + + cbData = inSize; + status = BCryptDecrypt(hKey, + (PUCHAR)in, + inSize, + NULL, + (PUCHAR)iv, + ivSize, + out, + inSize, + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptDecrypt", NULL, status); + goto done; + } + + res = cbData; + +done: + if (hKey != NULL) { + BCryptDestroyKey(hKey); + } + + xmlSecBufferFinalize(&blob); + + if (pbKeyObject != NULL) { + xmlFree(pbKeyObject); + } + + if(hAlg != NULL) { + BCryptCloseAlgorithmProvider(hAlg, 0); + } + + return(res); +} + +static xmlSecKWDes3Klass xmlSecMSCngKWDesKlass = { + /* callbacks */ + xmlSecMSCngKWDes3GenerateRandom, /* xmlSecKWDes3GenerateRandomMethod generateRandom; */ + xmlSecMSCngKWDes3Sha1, /* xmlSecKWDes3Sha1Method sha1; */ + xmlSecMSCngKWDes3BlockEncrypt, /* xmlSecKWDes3BlockEncryptMethod encrypt; */ + xmlSecMSCngKWDes3BlockDecrypt, /* xmlSecKWDes3BlockDecryptMethod decrypt; */ + + /* for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +static int +xmlSecMSCngKWDes3Initialize(xmlSecTransformPtr transform) { + xmlSecMSCngKWDes3CtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCngTransformKWDes3Id), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngKWDes3Size), -1); + + ctx = xmlSecMSCngKWDes3GetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + memset(ctx, 0, sizeof(xmlSecMSCngKWDes3Ctx)); + + if(transform->id == xmlSecMSCngTransformKWDes3Id) { + ctx->pszAlgId = BCRYPT_DES_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataDesId; + ctx->keySize = XMLSEC_KW_DES3_KEY_LENGTH; + } else { + xmlSecInvalidTransfromError(transform) + return(-1); + } + + ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); + return(-1); + } + + return(0); +} + +static void +xmlSecMSCngKWDes3Finalize(xmlSecTransformPtr transform) { + xmlSecMSCngKWDes3CtxPtr ctx; + + xmlSecAssert(xmlSecTransformCheckId(transform, xmlSecMSCngTransformKWDes3Id)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCngKWDes3Size)); + + ctx = xmlSecMSCngKWDes3GetCtx(transform); + xmlSecAssert(ctx != NULL); + + xmlSecBufferFinalize(&ctx->keyBuffer); + + memset(ctx, 0, sizeof(xmlSecMSCngKWDes3Ctx)); +} + +static int +xmlSecMSCngKWDes3SetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecMSCngKWDes3CtxPtr ctx; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCngTransformKWDes3Id), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || + (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngKWDes3Size), -1); + xmlSecAssert2(keyReq != NULL, -1); + + ctx = xmlSecMSCngKWDes3GetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + keyReq->keyId = ctx->keyId; + keyReq->keyType = xmlSecKeyDataTypeSymmetric; + if(transform->operation == xmlSecTransformOperationEncrypt) { + keyReq->keyUsage = xmlSecKeyUsageEncrypt; + } else { + keyReq->keyUsage = xmlSecKeyUsageDecrypt; + } + keyReq->keyBitsSize = ctx->keySize * 8; + return(0); +} + +static int +xmlSecMSCngKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecMSCngKWDes3CtxPtr ctx; + xmlSecBufferPtr buffer; + xmlSecSize keySize; + int ret; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCngTransformKWDes3Id), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || + (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngKWDes3Size), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(xmlSecKeyDataCheckId(xmlSecKeyGetValue(key), + xmlSecMSCngKeyDataDesId), -1); + + ctx = xmlSecMSCngKWDes3GetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + buffer = xmlSecKeyDataBinaryValueGetBuffer(xmlSecKeyGetValue(key)); + xmlSecAssert2(buffer != NULL, -1); + + keySize = xmlSecBufferGetSize(buffer); + if(keySize < ctx->keySize) { + xmlSecInvalidKeyDataSizeError(keySize, ctx->keySize, + xmlSecTransformGetName(transform)); + return(-1); + } + + ret = xmlSecBufferSetData(&ctx->keyBuffer, xmlSecBufferGetData(buffer), + ctx->keySize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), "size=%d", ctx->keySize); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngKWDes3CtxPtr ctx; + xmlSecBufferPtr in, out; + xmlSecSize inSize, outSize, keySize; + int ret; + + xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecMSCngTransformKWDes3Id), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || + (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngKWDes3Size), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngKWDes3GetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + keySize = xmlSecBufferGetSize(&(ctx->keyBuffer)); + xmlSecAssert2(keySize == XMLSEC_KW_DES3_KEY_LENGTH, -1); + + in = &(transform->inBuf); + out = &(transform->outBuf); + inSize = xmlSecBufferGetSize(in); + outSize = xmlSecBufferGetSize(out); + xmlSecAssert2(outSize == 0, -1); + + if(transform->status == xmlSecTransformStatusNone) { + transform->status = xmlSecTransformStatusWorking; + } + + if((transform->status == xmlSecTransformStatusWorking) && (last == 0)) { + /* just do nothing */ + } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { + if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) { + xmlSecInvalidSizeNotMultipleOfError("Input data", inSize, + XMLSEC_KW_DES3_BLOCK_LENGTH, + xmlSecTransformGetName(transform)); + return(-1); + } + + if(transform->operation == xmlSecTransformOperationEncrypt) { + /* the encoded key might be 16 bytes longer plus one block just in case */ + outSize = inSize + XMLSEC_KW_DES3_IV_LENGTH + + XMLSEC_KW_DES3_BLOCK_LENGTH + XMLSEC_KW_DES3_BLOCK_LENGTH; + } else { + /* just in case, add a block */ + outSize = inSize + XMLSEC_KW_DES3_BLOCK_LENGTH; + } + + ret = xmlSecBufferSetMaxSize(out, outSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), "size=%d", outSize); + return(-1); + } + + if(transform->operation == xmlSecTransformOperationEncrypt) { + ret = xmlSecKWDes3Encode(&xmlSecMSCngKWDesKlass, ctx, + xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), + outSize); + if(ret < 0) { + xmlSecInternalError4("xmlSecKWDes3Encode", + xmlSecTransformGetName(transform), "key=%d,in=%d,out=%d", + keySize, inSize, outSize); + return(-1); + } + + outSize = ret; + } else { + ret = xmlSecKWDes3Decode(&xmlSecMSCngKWDesKlass, ctx, + xmlSecBufferGetData(in), inSize, + xmlSecBufferGetData(out), outSize); + if(ret < 0) { + xmlSecInternalError4("xmlSecKWDes3Decode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", keySize, inSize, outSize); + return(-1); + } + outSize = ret; + } + + ret = xmlSecBufferSetSize(out, outSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), "size=%d", outSize); + return(-1); + } + + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), "size=%d", inSize); + return(-1); + } + + transform->status = xmlSecTransformStatusFinished; + } else if(transform->status == xmlSecTransformStatusFinished) { + /* the only way we can get here is if there is no input */ + xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } + + return(0); +} + +static xmlSecTransformKlass xmlSecMSCngKWDes3Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngKWDes3Size, /* xmlSecSize objSize */ + + xmlSecNameKWDes3, /* const xmlChar* name; */ + xmlSecHrefKWDes3, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecMSCngKWDes3Initialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngKWDes3Finalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngKWDes3SetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecMSCngKWDes3SetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngKWDes3Execute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformKWDes3GetKlass: + * + * The Triple DES key wrapper transform klass. + * + * Returns: Triple DES key wrapper transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformKWDes3GetKlass(void) { + return(&xmlSecMSCngKWDes3Klass); +} + +#endif /* XMLSEC_NO_DES */ diff --git a/src/mscng/signatures.c b/src/mscng/signatures.c new file mode 100644 index 00000000..fb89569a --- /dev/null +++ b/src/mscng/signatures.c @@ -0,0 +1,1095 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:signatures + * @Short_description: Signatures implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ + +#include "globals.h" + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/keys.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> + +#include <xmlsec/mscng/crypto.h> +#include <xmlsec/mscng/certkeys.h> + +/************************************************************************** + * + * Internal MSCng signatures ctx + * + *****************************************************************************/ +typedef struct _xmlSecMSCngSignatureCtx xmlSecMSCngSignatureCtx, + *xmlSecMSCngSignatureCtxPtr; +struct _xmlSecMSCngSignatureCtx { + xmlSecKeyDataPtr data; + xmlSecKeyDataId keyId; + LPCWSTR pszHashAlgId; + DWORD cbHash; + PBYTE pbHash; + BCRYPT_ALG_HANDLE hHashAlg; + PBYTE pbHashObject; + BCRYPT_HASH_HANDLE hHash; +}; + +/****************************************************************************** + * + * Signature transforms + * + * xmlSecMSCngSignatureCtx is located after xmlSecTransform + * + *****************************************************************************/ +#define xmlSecMSCngSignatureSize \ + (sizeof(xmlSecTransform) + sizeof(xmlSecMSCngSignatureCtx)) +#define xmlSecMSCngSignatureGetCtx(transform) \ + ((xmlSecMSCngSignatureCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) + +static int xmlSecMSCngSignatureCheckId (xmlSecTransformPtr transform); +static int xmlSecMSCngSignatureInitialize (xmlSecTransformPtr transform); +static void xmlSecMSCngSignatureFinalize (xmlSecTransformPtr transform); +static int xmlSecMSCngSignatureSetKeyReq (xmlSecTransformPtr transform, + xmlSecKeyReqPtr keyReq); +static int xmlSecMSCngSignatureSetKey (xmlSecTransformPtr transform, + xmlSecKeyPtr key); +static int xmlSecMSCngSignatureVerify (xmlSecTransformPtr transform, + const xmlSecByte* data, + xmlSecSize dataSize, + xmlSecTransformCtxPtr transformCtx); +static int xmlSecMSCngSignatureExecute (xmlSecTransformPtr transform, + int last, + xmlSecTransformCtxPtr transformCtx); + + +static int xmlSecMSCngSignatureCheckId(xmlSecTransformPtr transform) { + +#ifndef XMLSEC_NO_DSA + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformDsaSha1Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA1 */ + +#endif /* XMLSEC_NO_DSA */ + +#ifndef XMLSEC_NO_RSA + +#ifndef XMLSEC_NO_MD5 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaMd5Id)) { + return(1); + } else +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaSha1Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaSha256Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaSha384Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaSha512Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_ECDSA + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformEcdsaSha1Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformEcdsaSha256Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformEcdsaSha384Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformEcdsaSha512Id)) { + return(1); + } else +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_ECDSA */ + + /* not found */ + return(0); +} + +static int xmlSecMSCngSignatureInitialize(xmlSecTransformPtr transform) { + xmlSecMSCngSignatureCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1); + + ctx = xmlSecMSCngSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + memset(ctx, 0, sizeof(xmlSecMSCngSignatureCtx)); + +#ifndef XMLSEC_NO_DSA + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformDsaSha1Id)) { + ctx->pszHashAlgId = BCRYPT_SHA1_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataDsaId; + } else +#endif /* XMLSEC_NO_SHA1 */ + +#endif /* XMLSEC_NO_DSA */ + +#ifndef XMLSEC_NO_RSA + +#ifndef XMLSEC_NO_MD5 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaMd5Id)) { + ctx->pszHashAlgId = BCRYPT_MD5_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataRsaId; + } else +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaSha1Id)) { + ctx->pszHashAlgId = BCRYPT_SHA1_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaSha256Id)) { + ctx->pszHashAlgId = BCRYPT_SHA256_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaSha384Id)) { + ctx->pszHashAlgId = BCRYPT_SHA384_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformRsaSha512Id)) { + ctx->pszHashAlgId = BCRYPT_SHA512_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataRsaId; + } else +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_ECDSA + +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformEcdsaSha1Id)) { + ctx->pszHashAlgId = BCRYPT_SHA1_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataEcdsaId; + } else +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformEcdsaSha256Id)) { + ctx->pszHashAlgId = BCRYPT_SHA256_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataEcdsaId; + } else +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformEcdsaSha384Id)) { + ctx->pszHashAlgId = BCRYPT_SHA384_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataEcdsaId; + } else +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecMSCngTransformEcdsaSha512Id)) { + ctx->pszHashAlgId = BCRYPT_SHA512_ALGORITHM; + ctx->keyId = xmlSecMSCngKeyDataEcdsaId; + } else +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_ECDSA */ + + /* not found */ + { + xmlSecInvalidTransfromError(transform) + return(-1); + } + + return(0); +} + +static void xmlSecMSCngSignatureFinalize(xmlSecTransformPtr transform) { + xmlSecMSCngSignatureCtxPtr ctx; + + xmlSecAssert(xmlSecMSCngSignatureCheckId(transform)); + xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize)); + + ctx = xmlSecMSCngSignatureGetCtx(transform); + xmlSecAssert(ctx != NULL); + + if(ctx->data != NULL) { + xmlSecKeyDataDestroy(ctx->data); + } + + // MSDN documents at + // https://msdn.microsoft.com/en-us/library/windows/desktop/aa376217(v=vs.85).aspx + // that the order of cleanup should be: + // - algo handle + // - hash handle + // - hash object pointer + // - hash pointer + + if(ctx->hHashAlg != 0) { + BCryptCloseAlgorithmProvider(ctx->hHashAlg, 0); + } + + if(ctx->hHash != 0) { + BCryptDestroyHash(ctx->hHash); + } + + if(ctx->pbHashObject != NULL) { + xmlFree(ctx->pbHashObject); + } + + if(ctx->pbHash != NULL) { + xmlFree(ctx->pbHash); + } + + memset(ctx, 0, sizeof(xmlSecMSCngSignatureCtx)); +} + +static int xmlSecMSCngSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { + xmlSecMSCngSignatureCtxPtr ctx; + xmlSecKeyDataPtr value; + + xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1); + xmlSecAssert2(key != NULL, -1); + + ctx = xmlSecMSCngSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(ctx->pszHashAlgId != 0, -1); + xmlSecAssert2(xmlSecKeyCheckId(key, ctx->keyId), -1); + + value = xmlSecKeyGetValue(key); + xmlSecAssert2(value != NULL, -1); + + ctx->data = xmlSecKeyDataDuplicate(value); + if(ctx->data == NULL) { + xmlSecInternalError("xmlSecKeyDataDuplicate", + xmlSecTransformGetName(transform)); + return(-1); + } + + return(0); +} + +static int xmlSecMSCngSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { + xmlSecMSCngSignatureCtxPtr ctx; + + xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1); + xmlSecAssert2(keyReq != NULL, -1); + + ctx = xmlSecMSCngSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + + keyReq->keyId = ctx->keyId; + if(transform->operation == xmlSecTransformOperationSign) { + keyReq->keyType = xmlSecKeyDataTypePrivate; + keyReq->keyUsage = xmlSecKeyUsageSign; + } else { + keyReq->keyType = xmlSecKeyDataTypePublic; + keyReq->keyUsage = xmlSecKeyUsageVerify; + } + return(0); +} + +static int xmlSecMSCngSignatureVerify(xmlSecTransformPtr transform, + const xmlSecByte* data, + xmlSecSize dataSize, + xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngSignatureCtxPtr ctx; + BCRYPT_KEY_HANDLE pubkey; + NTSTATUS status; + BCRYPT_PKCS1_PADDING_INFO info; + BCRYPT_PKCS1_PADDING_INFO* pInfo = NULL; + DWORD infoFlags = 0; + + xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1); + xmlSecAssert2(transform->operation == xmlSecTransformOperationVerify, -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1); + xmlSecAssert2(transform->status == xmlSecTransformStatusFinished, -1); + xmlSecAssert2(data != NULL, -1); + xmlSecAssert2(dataSize > 0, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + + pubkey = xmlSecMSCngKeyDataGetPubKey(ctx->data); + if(pubkey == 0) { + xmlSecInternalError("xmlSecMSCngKeyDataGetPubKey", + xmlSecTransformGetName(transform)); + return(-1); + } + + if(ctx->keyId == xmlSecMSCngKeyDataRsaId) { + /* RSA needs explicit padding, otherwise STATUS_INVALID_PARAMETER is + * returned */ + info.pszAlgId = ctx->pszHashAlgId; + pInfo = &info; + infoFlags = BCRYPT_PAD_PKCS1; + } + + status = BCryptVerifySignature( + pubkey, + pInfo, + ctx->pbHash, + ctx->cbHash, + (PBYTE)data, + dataSize, + infoFlags); + if(status != STATUS_SUCCESS) { + if(status == STATUS_INVALID_SIGNATURE) { + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "BCryptVerifySignature: the signature was not verified"); + transform->status = xmlSecTransformStatusFail; + return(-1); + } else { + xmlSecMSCngNtError("BCryptVerifySignature", + xmlSecTransformGetName(transform), status); + return(-1); + } + } + + transform->status = xmlSecTransformStatusOk; + return(0); +} + +static int +xmlSecMSCngSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { + xmlSecMSCngSignatureCtxPtr ctx; + xmlSecSize inSize; + xmlSecSize outSize; + NTSTATUS status; + DWORD cbData = 0; + DWORD cbHashObject = 0; + BCRYPT_PKCS1_PADDING_INFO info; + BCRYPT_PKCS1_PADDING_INFO* pInfo = NULL; + DWORD infoFlags = 0; + int ret; + + xmlSecAssert2(xmlSecMSCngSignatureCheckId(transform), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCngSignatureSize), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + ctx = xmlSecMSCngSignatureGetCtx(transform); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pszHashAlgId != NULL, -1); + + inSize = xmlSecBufferGetSize(&transform->inBuf); + outSize = xmlSecBufferGetSize(&transform->outBuf); + + if(transform->status == xmlSecTransformStatusNone) { + xmlSecAssert2(outSize == 0, -1); + + /* open an algorithm handle */ + status = BCryptOpenAlgorithmProvider( + &ctx->hHashAlg, + ctx->pszHashAlgId, + NULL, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptOpenAlgorithmProvider", + xmlSecTransformGetName(transform), status); + return(-1); + } + + /* calculate the size of the buffer to hold the hash object */ + status = BCryptGetProperty( + ctx->hHashAlg, + BCRYPT_OBJECT_LENGTH, + (PBYTE)&cbHashObject, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", + xmlSecTransformGetName(transform), status); + return(-1); + } + + /* allocate the hash object on the heap */ + ctx->pbHashObject = (PBYTE)xmlMalloc(cbHashObject); + if(ctx->pbHashObject == NULL) { + xmlSecMallocError(cbHashObject, NULL); + return(-1); + } + + /* calculate the length of the hash */ + status = BCryptGetProperty( + ctx->hHashAlg, + BCRYPT_HASH_LENGTH, + (PBYTE)&ctx->cbHash, + sizeof(DWORD), + &cbData, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptGetProperty", + xmlSecTransformGetName(transform), status); + return(-1); + } + + /* allocate the hash buffer on the heap */ + ctx->pbHash = (PBYTE)xmlMalloc(ctx->cbHash); + if(ctx->pbHash == NULL) { + xmlSecMallocError(ctx->cbHash, NULL); + return(-1); + } + + /* create the hash */ + status = BCryptCreateHash( + ctx->hHashAlg, + &ctx->hHash, + ctx->pbHashObject, + cbHashObject, + NULL, + 0, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptCreateHash", + xmlSecTransformGetName(transform), status); + return(-1); + } + + transform->status = xmlSecTransformStatusWorking; + } + + if(transform->status == xmlSecTransformStatusWorking) { + if(inSize > 0) { + xmlSecAssert2(outSize == 0, -1); + + /* hash some data */ + status = BCryptHashData( + ctx->hHash, + (PBYTE)xmlSecBufferGetData(&transform->inBuf), + inSize, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptHashData", + xmlSecTransformGetName(transform), status); + return(-1); + } + + ret = xmlSecBufferRemoveHead(&transform->inBuf, inSize); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); + return(-1); + } + } + + if(last != 0) { + /* close the hash */ + status = BCryptFinishHash( + ctx->hHash, + ctx->pbHash, + ctx->cbHash, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("BCryptFinishHash", xmlSecTransformGetName(transform), status); + return(-1); + } + + xmlSecAssert2(ctx->cbHash > 0, -1); + + if(transform->operation == xmlSecTransformOperationSign) { + NCRYPT_KEY_HANDLE privkey; + DWORD cbSignature; + + privkey = xmlSecMSCngKeyDataGetPrivKey(ctx->data); + if(privkey == 0) { + xmlSecInternalError("xmlSecMSCngKeyDataGetPrivKey", + xmlSecTransformGetName(transform)); + return(-1); + } + + /* calculate the length of the signature */ + status = NCryptSignHash( + privkey, + NULL, + ctx->pbHash, + ctx->cbHash, + NULL, + 0, + &cbSignature, + 0); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("NCryptSignHash", + xmlSecTransformGetName(transform), status); + return(-1); + } + outSize = (xmlSecSize)cbSignature; + + /* allocate the signature buffer on the heap */ + ret = xmlSecBufferSetSize(&transform->outBuf, outSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), "size=%d", outSize); + return(-1); + } + + /* sign the hash */ + if(ctx->keyId == xmlSecMSCngKeyDataRsaId) { + info.pszAlgId = ctx->pszHashAlgId; + pInfo = &info; + infoFlags = BCRYPT_PAD_PKCS1; + } + status = NCryptSignHash( + privkey, + pInfo, + ctx->pbHash, + ctx->cbHash, + (PBYTE)xmlSecBufferGetData(&transform->outBuf), + cbSignature, + &cbSignature, + infoFlags); + if(status != STATUS_SUCCESS) { + xmlSecMSCngNtError("NCryptSignHash", + xmlSecTransformGetName(transform), status); + return(-1); + } + } + transform->status = xmlSecTransformStatusFinished; + } + } + + if((transform->status == xmlSecTransformStatusWorking) || + (transform->status == xmlSecTransformStatusFinished)) { + xmlSecAssert2(xmlSecBufferGetSize(&transform->inBuf) == 0, -1); + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } + + return(0); +} + +#ifndef XMLSEC_NO_DSA + +#ifndef XMLSEC_NO_SHA1 +/**************************************************************************** + * + * DSA-SHA1 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngDsaSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameDsaSha1, /* const xmlChar* name; */ + xmlSecHrefDsaSha1, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformDsaSha1GetKlass: + * + * The DSA-SHA1 signature transform klass. + * + * Returns: DSA-SHA1 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformDsaSha1GetKlass(void) { + return(&xmlSecMSCngDsaSha1Klass); +} +#endif /* XMLSEC_NO_SHA1 */ + +#endif /* XMLSEC_NO_DSA */ + +#ifndef XMLSEC_NO_RSA + +#ifndef XMLSEC_NO_MD5 +/**************************************************************************** + * + * RSA-MD5 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngRsaMd5Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaMd5, /* const xmlChar* name; */ + xmlSecHrefRsaMd5, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformRsaMd5GetKlass: + * + * The RSA-MD5 signature transform klass. + * + * Returns: RSA-MD5 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformRsaMd5GetKlass(void) { + return(&xmlSecMSCngRsaMd5Klass); +} +#endif /* XMLSEC_NO_MD5 */ + +#ifndef XMLSEC_NO_SHA1 +/**************************************************************************** + * + * RSA-SHA1 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngRsaSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha1, /* const xmlChar* name; */ + xmlSecHrefRsaSha1, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformRsaSha1GetKlass: + * + * The RSA-SHA1 signature transform klass. + * + * Returns: RSA-SHA1 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformRsaSha1GetKlass(void) { + return(&xmlSecMSCngRsaSha1Klass); +} +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * RSA-SHA256 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngRsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha256, /* const xmlChar* name; */ + xmlSecHrefRsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformRsaSha256GetKlass: + * + * The RSA-SHA256 signature transform klass. + * + * Returns: RSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformRsaSha256GetKlass(void) { + return(&xmlSecMSCngRsaSha256Klass); +} +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 +/**************************************************************************** + * + * RSA-SHA384 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngRsaSha384Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha384, /* const xmlChar* name; */ + xmlSecHrefRsaSha384, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformRsaSha384GetKlass: + * + * The RSA-SHA384 signature transform klass. + * + * Returns: RSA-SHA384 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformRsaSha384GetKlass(void) { + return(&xmlSecMSCngRsaSha384Klass); +} +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 +/**************************************************************************** + * + * RSA-SHA512 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngRsaSha512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha512, /* const xmlChar* name; */ + xmlSecHrefRsaSha512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformRsaSha512GetKlass: + * + * The RSA-SHA512 signature transform klass. + * + * Returns: RSA-SHA512 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformRsaSha512GetKlass(void) { + return(&xmlSecMSCngRsaSha512Klass); +} +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_RSA */ + +#ifndef XMLSEC_NO_ECDSA + +#ifndef XMLSEC_NO_SHA1 +/**************************************************************************** + * + * ECDSA-SHA1 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngEcdsaSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha1, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha1, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformEcdsaSha1GetKlass: + * + * The ECDSA-SHA1 signature transform klass. + * + * Returns: ECDSA-SHA1 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformEcdsaSha1GetKlass(void) { + return(&xmlSecMSCngEcdsaSha1Klass); +} +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * ECDSA-SHA256 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngEcdsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha256, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformEcdsaSha256GetKlass: + * + * The ECDSA-SHA256 signature transform klass. + * + * Returns: ECDSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformEcdsaSha256GetKlass(void) { + return(&xmlSecMSCngEcdsaSha256Klass); +} +#endif /* XMLSEC_NO_SHA256 */ + +#ifndef XMLSEC_NO_SHA384 +/**************************************************************************** + * + * ECDSA-SHA384 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngEcdsaSha384Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha384, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha384, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformEcdsaSha384GetKlass: + * + * The ECDSA-SHA384 signature transform klass. + * + * Returns: ECDSA-SHA384 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformEcdsaSha384GetKlass(void) { + return(&xmlSecMSCngEcdsaSha384Klass); +} +#endif /* XMLSEC_NO_SHA384 */ + +#ifndef XMLSEC_NO_SHA512 +/**************************************************************************** + * + * ECDSA-SHA512 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecMSCngEcdsaSha512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCngSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha512, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCngSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCngSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCngSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCngSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCngSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCngSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngTransformEcdsaSha512GetKlass: + * + * The ECDSA-SHA512 signature transform klass. + * + * Returns: ECDSA-SHA512 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCngTransformEcdsaSha512GetKlass(void) { + return(&xmlSecMSCngEcdsaSha512Klass); +} +#endif /* XMLSEC_NO_SHA512 */ + +#endif /* XMLSEC_NO_ECDSA */ diff --git a/src/mscng/symkeys.c b/src/mscng/symkeys.c new file mode 100644 index 00000000..916cd388 --- /dev/null +++ b/src/mscng/symkeys.c @@ -0,0 +1,345 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:symkeys + * @Short_description: Symmetric keys implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ + +#include "globals.h" + +#include <string.h> + +#define WIN32_NO_STATUS +#include <windows.h> +#undef WIN32_NO_STATUS +#include <ntstatus.h> +#include <bcrypt.h> +#include <ncrypt.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> +#include <xmlsec/bn.h> + +#include <xmlsec/mscng/crypto.h> + +#define xmlSecMSCngSymKeyDataCheckId(data) \ + (xmlSecKeyDataIsValid((data)) && \ + xmlSecMSCngSymKeyDataKlassCheck((data)->id)) + +static int +xmlSecMSCngSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { + +#ifndef XMLSEC_NO_AES + if(klass == xmlSecMSCngKeyDataAesId) { + return(1); + } else +#endif /* XMLSEC_NO_AES */ + +#ifndef XMLSEC_NO_DES + if(klass == xmlSecMSCngKeyDataDesId) { + return(1); + } else +#endif /* XMLSEC_NO_DES */ + +#ifndef XMLSEC_NO_HMAC + if(klass == xmlSecMSCngKeyDataHmacId) { + return(1); + } else +#endif /* XMLSEC_NO_HMAC */ + + { + return(0); + } +} + +static int +xmlSecMSCngSymKeyDataInitialize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecMSCngSymKeyDataCheckId(data), -1); + + return(xmlSecKeyDataBinaryValueInitialize(data)); +} + +static int +xmlSecMSCngSymKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecMSCngSymKeyDataCheckId(dst), -1); + xmlSecAssert2(xmlSecMSCngSymKeyDataCheckId(src), -1); + xmlSecAssert2(dst->id == src->id, -1); + + return(xmlSecKeyDataBinaryValueDuplicate(dst, src)); +} + +static void +xmlSecMSCngSymKeyDataFinalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecMSCngSymKeyDataCheckId(data)); + + xmlSecKeyDataBinaryValueFinalize(data); +} + +static int +xmlSecMSCngSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, + xmlSecKeyDataType type) { + xmlSecBufferPtr buffer; + + xmlSecAssert2(xmlSecMSCngSymKeyDataCheckId(data), -1); + xmlSecAssert2(sizeBits > 0, -1); + UNREFERENCED_PARAMETER(type); + + buffer = xmlSecKeyDataBinaryValueGetBuffer(data); + xmlSecAssert2(buffer != NULL, -1); + + return(xmlSecMSCngGenerateRandom(buffer, (sizeBits + 7) / 8)); +} + +static xmlSecKeyDataType +xmlSecMSCngSymKeyDataGetType(xmlSecKeyDataPtr data) { + xmlSecBufferPtr buffer; + + xmlSecAssert2(xmlSecMSCngSymKeyDataCheckId(data), xmlSecKeyDataTypeUnknown); + + buffer = xmlSecKeyDataBinaryValueGetBuffer(data); + xmlSecAssert2(buffer != NULL, xmlSecKeyDataTypeUnknown); + + return((xmlSecBufferGetSize(buffer) > 0) ? xmlSecKeyDataTypeSymmetric : xmlSecKeyDataTypeUnknown); +} + +static xmlSecSize +xmlSecMSCngSymKeyDataGetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecMSCngSymKeyDataCheckId(data), 0); + + return(xmlSecKeyDataBinaryValueGetSize(data)); +} + +static int +xmlSecMSCngSymKeyDataXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecAssert2(xmlSecMSCngSymKeyDataKlassCheck(id), -1); + + return(xmlSecKeyDataBinaryValueXmlRead(id, key, node, keyInfoCtx)); +} + +static int +xmlSecMSCngSymKeyDataXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecAssert2(xmlSecMSCngSymKeyDataKlassCheck(id), -1); + + return(xmlSecKeyDataBinaryValueXmlWrite(id, key, node, keyInfoCtx)); +} + +static int +xmlSecMSCngSymKeyDataBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, + const unsigned char* buf, xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecAssert2(xmlSecMSCngSymKeyDataKlassCheck(id), -1); + + return(xmlSecKeyDataBinaryValueBinRead(id, key, buf, bufSize, keyInfoCtx)); +} + +static int +xmlSecMSCngSymKeyDataBinWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + unsigned char** buf, xmlSecSize* bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecAssert2(xmlSecMSCngSymKeyDataKlassCheck(id), -1); + + return(xmlSecKeyDataBinaryValueBinWrite(id, key, buf, bufSize, keyInfoCtx)); +} + +static void +xmlSecMSCngSymKeyDataDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecMSCngSymKeyDataCheckId(data)); + + xmlSecKeyDataBinaryValueDebugDump(data, output); +} + +static void +xmlSecMSCngSymKeyDataDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecMSCngSymKeyDataCheckId(data)); + + xmlSecKeyDataBinaryValueDebugXmlDump(data, output); +} + +#ifndef XMLSEC_NO_HMAC + +/************************************************************************** + * + * <xmlsec:HMACKeyValue> processing + * + *************************************************************************/ +static xmlSecKeyDataKlass xmlSecMSCngKeyDataHmacKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecKeyDataBinarySize, + + /* data */ + xmlSecNameHMACKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefHMACKeyValue, /* const xmlChar* href; */ + xmlSecNodeHMACKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCngSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCngSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCngSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecMSCngSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCngSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCngSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + xmlSecMSCngSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecMSCngSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + xmlSecMSCngSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ + xmlSecMSCngSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCngSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCngSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeyDataHmacGetKlass: + * + * The HMAC key data klass. + * + * Returns: HMAC key data klass. + */ +xmlSecKeyDataId +xmlSecMSCngKeyDataHmacGetKlass(void) { + return(&xmlSecMSCngKeyDataHmacKlass); +} +#endif /* XMLSEC_NO_HMAC */ + +#ifndef XMLSEC_NO_AES +/************************************************************************** + * + * <xmlsec:AESKeyValue> processing + * + *************************************************************************/ +static xmlSecKeyDataKlass xmlSecMSCngKeyDataAesKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecKeyDataBinarySize, + + /* data */ + xmlSecNameAESKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefAESKeyValue, /* const xmlChar* href; */ + xmlSecNodeAESKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCngSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCngSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCngSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecMSCngSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCngSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCngSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + xmlSecMSCngSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecMSCngSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + xmlSecMSCngSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ + xmlSecMSCngSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCngSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCngSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeyDataAesGetKlass: + * + * The AES key data klass. + * + * Returns: AES key data klass. + */ +xmlSecKeyDataId +xmlSecMSCngKeyDataAesGetKlass(void) { + return(&xmlSecMSCngKeyDataAesKlass); +} +#endif /* XMLSEC_NO_AES */ + +#ifndef XMLSEC_NO_DES + +/************************************************************************** + * + * <xmlsec:DESKeyValue> processing + * + *************************************************************************/ +static xmlSecKeyDataKlass xmlSecMSCngKeyDataDesKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecKeyDataBinarySize, + + /* data */ + xmlSecNameDESKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefDESKeyValue, /* const xmlChar* href; */ + xmlSecNodeDESKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCngSymKeyDataInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCngSymKeyDataDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCngSymKeyDataFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + xmlSecMSCngSymKeyDataGenerate, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCngSymKeyDataGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCngSymKeyDataGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + xmlSecMSCngSymKeyDataXmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecMSCngSymKeyDataXmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + xmlSecMSCngSymKeyDataBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ + xmlSecMSCngSymKeyDataBinWrite, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCngSymKeyDataDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCngSymKeyDataDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeyDataDesGetKlass: + * + * The DES key data klass. + * + * Returns: DES key data klass. + */ +xmlSecKeyDataId +xmlSecMSCngKeyDataDesGetKlass(void) { + return(&xmlSecMSCngKeyDataDesKlass); +} + +#endif /* XMLSEC_NO_DES */ diff --git a/src/mscng/x509.c b/src/mscng/x509.c new file mode 100644 index 00000000..4db2659e --- /dev/null +++ b/src/mscng/x509.c @@ -0,0 +1,1423 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:x509 + * @Short_description: X509 certificates implementation for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Stable + * + */ + +#include "globals.h" + +#ifndef XMLSEC_NO_X509 + +#include <string.h> + +#include <windows.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/keysmngr.h> +#include <xmlsec/x509.h> +#include <xmlsec/base64.h> +#include <xmlsec/bn.h> +#include <xmlsec/errors.h> + +#include <xmlsec/mscng/crypto.h> +#include <xmlsec/mscng/x509.h> +#include <xmlsec/mscng/certkeys.h> + +typedef struct _xmlSecMSCngX509DataCtx xmlSecMSCngX509DataCtx, + *xmlSecMSCngX509DataCtxPtr; + +struct _xmlSecMSCngX509DataCtx { + HCERTSTORE hMemStore; + PCCERT_CONTEXT cert; +}; + +#define xmlSecMSCngX509DataSize \ + (sizeof(xmlSecKeyData) + sizeof(xmlSecMSCngX509DataCtx)) +#define xmlSecMSCngX509DataGetCtx(data) \ + ((xmlSecMSCngX509DataCtxPtr)(((xmlSecByte*)(data)) + sizeof(xmlSecKeyData))) + +static int +xmlSecMSCngKeyDataX509Initialize(xmlSecKeyDataPtr data) { + xmlSecMSCngX509DataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + ctx = xmlSecMSCngX509DataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + memset(ctx, 0, sizeof(xmlSecMSCngX509DataCtx)); + + ctx->hMemStore = CertOpenStore(CERT_STORE_PROV_MEMORY, + 0, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); + if(ctx->hMemStore == 0) { + xmlSecMSCngLastError("CertOpenStore", xmlSecKeyDataGetName(data)); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + PCCERT_CONTEXT srcCert = NULL; + PCCERT_CONTEXT dstCert; + xmlSecMSCngX509DataCtxPtr srcCtx; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCngKeyDataX509Id), -1); + srcCtx = xmlSecMSCngX509DataGetCtx(src); + + /* duplicate the certificate store */ + while((srcCert = CertEnumCertificatesInStore(srcCtx->hMemStore, srcCert)) != NULL) { + dstCert = CertDuplicateCertificateContext(srcCert); + if(dstCert == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(dst)); + return(-1); + } + + ret = xmlSecMSCngKeyDataX509AdoptCert(dst, dstCert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptCert", + xmlSecKeyDataGetName(dst)); + CertFreeCertificateContext(dstCert); + return(-1); + } + } + + if(srcCtx->cert != NULL) { + /* have a key certificate, duplicate that */ + dstCert = CertDuplicateCertificateContext(srcCtx->cert); + if(dstCert == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(dst)); + return(-1); + } + + ret = xmlSecMSCngKeyDataX509AdoptKeyCert(dst, dstCert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(dst)); + CertFreeCertificateContext(dstCert); + return(-1); + } + } + + return(0); +} + +static void +xmlSecMSCngKeyDataX509Finalize(xmlSecKeyDataPtr data) { + xmlSecMSCngX509DataCtxPtr ctx; + + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id)); + + ctx = xmlSecMSCngX509DataGetCtx(data); + xmlSecAssert(ctx != NULL); + + if(ctx->cert != NULL) { + if(!CertFreeCertificateContext(ctx->cert)) { + xmlSecMSCngLastError("CertFreeCertificateContext", NULL); + } + } + + if(ctx->hMemStore != 0) { + if(!CertCloseStore(ctx->hMemStore, 0)) { + xmlSecMSCngLastError("CertCloseStore", NULL); + } + } + + memset(ctx, 0, sizeof(xmlSecMSCngX509DataCtx)); +} + +static xmlSecKeyDataType +xmlSecMSCngKeyDataX509GetType(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), xmlSecKeyDataTypeUnknown); + + return(xmlSecKeyDataTypeUnknown); +} + +static const xmlChar* +xmlSecMSCngKeyDataX509GetIdentifier(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), NULL); + + return(NULL); +} + +/** + * xmlSecMSCngX509CertDerRead: + * + * The MSCng reader for the binary (DER-encoded) X509 certificate content. + */ +static PCCERT_CONTEXT +xmlSecMSCngX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) { + PCCERT_CONTEXT cert; + + xmlSecAssert2(buf != NULL, NULL); + xmlSecAssert2(size > 0, NULL); + + cert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, size); + if(cert == NULL) { + xmlSecMSCngLastError("CertCreateCertificateContext", NULL); + return(NULL); + } + + return(cert); +} + +/** + * xmlSecMSCngX509CertBase64DerRead: + * + * The MSCng reader for the <X509Certificate> XML content. + */ +static PCCERT_CONTEXT +xmlSecMSCngX509CertBase64DerRead(xmlChar* buf) { + int size; + + xmlSecAssert2(buf != NULL, NULL); + + /* in-place decoding */ + size = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); + if(size < 0) { + xmlSecInternalError("xmlSecBase64Decode", NULL); + return(NULL); + } + + return(xmlSecMSCngX509CertDerRead((xmlSecByte*)buf, size)); +} + + +int +xmlSecMSCngKeyDataX509AdoptKeyCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert) { + xmlSecMSCngX509DataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(cert != NULL, -1); + + ctx = xmlSecMSCngX509DataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + if(ctx->cert != NULL) { + CertFreeCertificateContext(ctx->cert); + } + ctx->cert = cert; + + return(0); +} + +int +xmlSecMSCngKeyDataX509AdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert) { + xmlSecMSCngX509DataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(cert != NULL, -1); + + ctx = xmlSecMSCngX509DataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hMemStore != 0, -1); + + if(!CertAddCertificateContextToStore(ctx->hMemStore, + cert, + CERT_STORE_ADD_ALWAYS, + NULL)) { + xmlSecMSCngLastError("CertAddCertificateContextToStore", + xmlSecKeyDataGetName(data)); + return(-1); + } + + /* this just decrements the refcount, so won't free */ + CertFreeCertificateContext(cert); + return(0); +} + +/** + * xmlSecMSCngKeyDataX509AdoptCrl: + * @data: the pointer to X509 key data. + * @crl: the pointer to MSCng X509 CRL. + * + * Adds CRL to the X509 key data. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +int +xmlSecMSCngKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, PCCRL_CONTEXT crl) { + xmlSecMSCngX509DataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(crl != 0, -1); + + ctx = xmlSecMSCngX509DataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hMemStore != 0, -1); + + if (!CertAddCRLContextToStore(ctx->hMemStore, crl, CERT_STORE_ADD_ALWAYS, NULL)) { + xmlSecMSCngLastError("CertAddCRLContextToStore", + xmlSecKeyDataGetName(data)); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngX509SubjectNameNodeRead: + * + * The MSCng reader for the <X509SubjectName> XML element. + */ +static int +xmlSecMSCngX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr store; + xmlChar* subject; + PCCERT_CONTEXT cert; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1); + + store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCngX509StoreId); + if(store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); + return(-1); + } + + subject = xmlNodeGetContent(node); + if((subject == NULL) || (xmlSecIsEmptyString(subject) == 1)) { + if(subject != NULL) { + xmlFree(subject); + } + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), + "empty"); + return(-1); + } + + return(0); + } + + cert = xmlSecMSCngX509StoreFindCert(store, subject, NULL, NULL, NULL, keyInfoCtx); + if(cert == NULL) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, + xmlSecKeyDataGetName(data), "subject=%s", + xmlSecErrorsSafeString(subject)); + xmlFree(subject); + return(-1); + } + + xmlFree(subject); + return(0); + } + + ret = xmlSecMSCngKeyDataX509AdoptCert(data, cert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); + CertFreeCertificateContext(cert); + xmlFree(subject); + return(-1); + } + + xmlFree(subject); + return(0); +} +/** + * xmlSecMSCngX509CertificateNodeRead: + * + * The MSCng reader for the <X509Certificate> XML element. + */ +static int +xmlSecMSCngX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlChar* content; + PCCERT_CONTEXT cert; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); + if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { + if(content != NULL) { + xmlFree(content); + } + + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), + "content is an empty string"); + return(-1); + } + + return(0); + } + + cert = xmlSecMSCngX509CertBase64DerRead(content); + if(cert == NULL) { + xmlSecInternalError("xmlSecMSCngX509CertBase64DerRead", + xmlSecKeyDataGetName(data)); + return(-1); + } + + ret = xmlSecMSCngKeyDataX509AdoptCert(data, cert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); + return(-1); + + } + + xmlFree(content); + return(0); +} + +/** + * xmlSecMSCngX509IssuerSerialNodeRead: + * + * The MSCng reader for the <X509IssuerSerial> XML element. + */ +static int +xmlSecMSCngX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr store; + xmlNodePtr cur; + xmlChar* issuerName; + xmlChar* issuerSerial; + PCCERT_CONTEXT cert; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1); + + store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCngX509StoreId); + if(store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); + return(-1); + } + + cur = xmlSecGetNextElementNode(node->children); + if(cur == NULL) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); + return(-1); + } + + return(0); + } + + /* handle X509IssuerName */ + if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { + xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, + xmlSecKeyDataGetName(data)); + return(-1); + } + + issuerName = xmlNodeGetContent(cur); + if(issuerName == NULL) { + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), + "empty"); + return(-1); + } + + cur = xmlSecGetNextElementNode(cur->next); + if(cur == NULL) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); + return(-1); + } + + return(0); + } + + /* handle X509SerialNumber */ + if(!xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { + xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, + xmlSecKeyDataGetName(data)); + xmlFree(issuerName); + return(-1); + } + + issuerSerial = xmlNodeGetContent(cur); + if(issuerSerial == NULL) { + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), + "empty"); + xmlFree(issuerSerial); + return(-1); + } + + cur = xmlSecGetNextElementNode(cur->next); + if(cur != NULL) { + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); + xmlFree(issuerSerial); + xmlFree(issuerName); + return(-1); + } + + cert = xmlSecMSCngX509StoreFindCert(store, NULL, issuerName, issuerSerial, + NULL, keyInfoCtx); + if(cert == NULL) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); + xmlFree(issuerSerial); + xmlFree(issuerName); + return(-1); + } + + xmlFree(issuerSerial); + xmlFree(issuerName); + return(0); + } + + ret = xmlSecMSCngKeyDataX509AdoptCert(data, cert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); + CertFreeCertificateContext(cert); + xmlFree(issuerSerial); + xmlFree(issuerName); + return(-1); + } + + xmlFree(issuerSerial); + xmlFree(issuerName); + return(0); +} + +/** + * xmlSecMSCngX509SKINodeRead: + * + * The MSCng reader for the <X509SKI> XML element. + */ +static int +xmlSecMSCngX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataStorePtr store; + xmlChar* ski; + PCCERT_CONTEXT cert; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1); + + store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCngX509StoreId); + if(store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); + return(-1); + } + + ski = xmlNodeGetContent(node); + if((ski == NULL) || (xmlSecIsEmptyString(ski) == 1)) { + if(ski != NULL) { + xmlFree(ski); + } + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), + "empty"); + return(-1); + } + return(0); + } + + cert = xmlSecMSCngX509StoreFindCert(store, NULL, NULL, NULL, ski, keyInfoCtx); + if(cert == NULL){ + xmlFree(ski); + + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "ski=%s", xmlSecErrorsSafeString(ski)); + return(-1); + } + return(0); + } + + ret = xmlSecMSCngKeyDataX509AdoptCert(data, cert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); + CertFreeCertificateContext(cert); + xmlFree(ski); + return(-1); + } + + xmlFree(ski); + return(0); +} + +static PCCRL_CONTEXT +xmlSecMSCngX509CrlDerRead(xmlSecByte* buf, xmlSecSize size, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + PCCRL_CONTEXT crl = NULL; + + xmlSecAssert2(buf != NULL, NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + xmlSecAssert2(size > 0, NULL); + + crl = CertCreateCRLContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, size); + + if(crl == NULL) { + xmlSecMSCngLastError("CertCreateCRLContext", NULL); + return(NULL); + } + + return(crl); +} + +static PCCRL_CONTEXT +xmlSecMSCngX509CrlBase64DerRead(xmlChar* buf, xmlSecKeyInfoCtxPtr keyInfoCtx) { + int ret; + + xmlSecAssert2(buf != NULL, NULL); + + /* usual trick with base64 decoding in-place */ + ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); + if(ret < 0) { + xmlSecInternalError("xmlSecBase64Decode", NULL); + return(NULL); + } + + return(xmlSecMSCngX509CrlDerRead((xmlSecByte*)buf, ret, keyInfoCtx)); +} + +static int +xmlSecMSCngX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlChar *content; + PCCRL_CONTEXT crl; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlNodeGetContent(node); + if((content == NULL) || (xmlSecIsEmptyString(content) == 1)) { + if(content != NULL) { + xmlFree(content); + } + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); + return(-1); + } + return(0); + } + + crl = xmlSecMSCngX509CrlBase64DerRead(content, keyInfoCtx); + if(crl == NULL) { + xmlSecInternalError("xmlSecMSCngX509CrlBase64DerRead", + xmlSecKeyDataGetName(data)); + xmlFree(content); + return(-1); + } + + ret = xmlSecMSCngKeyDataX509AdoptCrl(data, crl); + if (ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(data)); + xmlFree(content); + CertFreeCRLContext(crl); + return(-1); + } + + xmlFree(content); + return(0); +} + +/** + * xmlSecMSCngX509DataNodeRead: + * + * The MSCng reader for the <X509Data> XML element. + */ +static int +xmlSecMSCngX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr cur; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + for(cur = xmlSecGetNextElementNode(node->children); + cur != NULL; + cur = xmlSecGetNextElementNode(cur->next)) { + if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { + ret = xmlSecMSCngX509CertificateNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509CertificateNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { + ret = xmlSecMSCngX509SubjectNameNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { + ret = xmlSecMSCngX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509IssuerSerialNodeRead", NULL); + return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { + ret = xmlSecMSCngX509SKINodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509SKINodeRead", NULL); + return(-1); + } + } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { + ret = xmlSecMSCngX509CRLNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509CRLNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } + } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); + return(-1); + } + } + return(0); +} + +/** + * xmlSecMSCngX509CertGetTime: + * + * Converts FILETIME timestamp into time_t. See + * <https://msdn.microsoft.com/en-us/library/windows/desktop/ms724284(v=vs.85).aspx> + * for details. + */ +static int +xmlSecMSCngX509CertGetTime(FILETIME in, time_t* out) { + xmlSecAssert2(out != NULL, -1); + + *out = in.dwHighDateTime; + *out <<= 32; + *out |= in.dwLowDateTime; + /* 100 nanoseconds -> seconds */ + *out /= 10000; + /* 1601-01-01 epoch -> 1970-01-01 epoch */ + *out -= 11644473600000; + + return(0); +} + +static int +xmlSecMSCngKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, + xmlSecKeyPtr key, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecMSCngX509DataCtxPtr ctx; + xmlSecKeyDataStorePtr store; + PCCERT_CONTEXT cert; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id), -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + xmlSecAssert2(keyInfoCtx->keysMngr != NULL, -1); + + if(xmlSecKeyGetValue(key) != NULL) { + return(0); + } + + ctx = xmlSecMSCngX509DataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->hMemStore != 0, -1); + + if(ctx->cert != NULL) { + return(0); + } + + store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCngX509StoreId); + if(store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); + return(-1); + } + + cert = xmlSecMSCngX509StoreVerify(store, ctx->hMemStore, keyInfoCtx); + if(cert != NULL) { + int ret; + PCCERT_CONTEXT certCopy; + xmlSecKeyDataPtr keyValue = NULL; + + ctx->cert = CertDuplicateCertificateContext(cert); + if(ctx->cert == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(data)); + return(-1); + } + + /* copy the certificate, so it can be adopted according to the key data + * type */ + certCopy = CertDuplicateCertificateContext(ctx->cert); + if(certCopy == NULL) { + xmlSecMSCngLastError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(data)); + return(-1); + } + + if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) { + keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePrivate); + if(keyValue == NULL) { + xmlSecInternalError("xmlSecMSCngCertAdopt", + xmlSecKeyDataGetName(data)); + return(-1); + } + } else if((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic) != 0) { + keyValue = xmlSecMSCngCertAdopt(certCopy, xmlSecKeyDataTypePublic); + if(keyValue == NULL) { + xmlSecInternalError("xmlSecMSCngCertAdopt", + xmlSecKeyDataGetName(data)); + return(-1); + } + } + + /* verify that keyValue matches the key requirements */ + if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataGetName(data)); + xmlSecKeyDataDestroy(keyValue); + return(-1); + } + + ret = xmlSecKeySetValue(key, keyValue); + if(ret < 0) { + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); + xmlSecKeyDataDestroy(keyValue); + return(-1); + } + + ret = xmlSecMSCngX509CertGetTime(ctx->cert->pCertInfo->NotBefore, + &(key->notValidBefore)); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509CertGetTime", + xmlSecKeyDataGetName(data)); + return(-1); + } + + ret = xmlSecMSCngX509CertGetTime(ctx->cert->pCertInfo->NotAfter, + &(key->notValidAfter)); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509CertGetTime", + xmlSecKeyDataGetName(data)); + return(-1); + } + } else if((keyInfoCtx->flags & + XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, + xmlSecKeyDataGetName(data), NULL); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataPtr data; + int ret; + + xmlSecAssert2(id == xmlSecMSCngKeyDataX509Id, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + data = xmlSecKeyEnsureData(key, id); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + + ret = xmlSecMSCngX509DataNodeRead(data, node, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509DataNodeRead", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + + ret = xmlSecMSCngKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngX509CertificateNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlChar* buf; + xmlNodePtr child; + + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(cert->pbCertEncoded != NULL, -1); + xmlSecAssert2(cert->cbCertEncoded > 0, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + buf = xmlSecBase64Encode(cert->pbCertEncoded, cert->cbCertEncoded, + keyInfoCtx->base64LineSize); + if(buf == NULL) { + xmlSecInternalError("xmlSecBase64Encode", NULL); + return(-1); + } + + child = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + if(child == NULL) { + xmlSecInternalError("xmlSecEnsureEmptyChild", NULL); + xmlFree(buf); + return(-1); + } + + xmlNodeSetContent(child, buf); + xmlFree(buf); + + return(0); +} + +static xmlChar* +xmlSecMSCngX509NameWrite(PCERT_NAME_BLOB nm) { + LPTSTR resT = NULL; + xmlChar *res = NULL; + DWORD csz; + + + xmlSecAssert2(nm->pbData != NULL, NULL); + xmlSecAssert2(nm->cbData > 0, NULL); + + csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); + if(csz <= 0) { + xmlSecMSCngLastError("CertNameToStr", NULL); + return(NULL); + } + + resT = (LPTSTR)xmlMalloc(sizeof(TCHAR) * (csz + 1)); + if (NULL == resT) { + xmlSecMallocError(sizeof(TCHAR) * (csz + 1), NULL); + return (NULL); + } + + csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, resT, csz + 1); + if (csz <= 0) { + xmlSecMSCngLastError("CertNameToStr", NULL); + xmlFree(resT); + return(NULL); + } + + res = xmlSecWin32ConvertTstrToUtf8(resT); + if (NULL == res) { + xmlSecInternalError("xmlSecWin32ConvertTstrToUtf8", NULL); + xmlFree(resT); + return(NULL); + } + + xmlFree(resT); + return(res); +} + +static int +xmlSecMSCngX509SubjectNameNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node) { + xmlChar* buf = NULL; + xmlNodePtr cur = NULL; + int ret; + + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(node != NULL, -1); + + buf = xmlSecMSCngX509NameWrite(&(cert->pCertInfo->Subject)); + if(buf == NULL) { + xmlSecInternalError("xmlSecMSCngX509NameWrite", NULL); + return(-1); + } + + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecEnsureEmptyChild", NULL); + xmlFree(buf); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + + /* done */ + xmlFree(buf); + return(0); +} + +static int +xmlSecMSCngASN1IntegerWrite(xmlNodePtr node, PCRYPT_INTEGER_BLOB num) { + xmlSecBn bn; + int ret; + + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(num != NULL, -1); + + ret = xmlSecBnInitialize(&bn, num->cbData + 1); + if(ret < 0) { + xmlSecInternalError2("xmlSecBnInitialize", NULL, "size=%ld", + num->cbData + 1); + return(-1); + } + + ret = xmlSecBnSetData(&bn, num->pbData, num->cbData); + if(ret < 0) { + xmlSecInternalError("xmlSecBnSetData", NULL); + xmlSecBnFinalize(&bn); + return(-1); + } + + /* SerialNumber is little-endian, see <https://msdn.microsoft.com/en-us/library/windows/desktop/aa377200(v=vs.85).aspx>. + * xmldsig wants big-endian, so enable reversing */ + ret = xmlSecBnSetNodeValue(&bn, node, xmlSecBnDec, 1, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBnSetNodeValue", NULL); + xmlSecBnFinalize(&bn); + return(-1); + } + + xmlSecBnFinalize(&bn); + return(0); +} + +static int +xmlSecMSCngX509IssuerSerialNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node) { + xmlNodePtr cur; + xmlNodePtr issuerNameNode; + xmlNodePtr issuerNumberNode; + xmlChar* buf; + int ret; + + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(node != NULL, -1); + + /* create xml nodes */ + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecEnsureEmptyChild", NULL); + return(-1); + } + + issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); + if(issuerNameNode == NULL) { + xmlSecInternalError("xmlSecEnsureEmptyChild", NULL); + return(-1); + } + + issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + if(issuerNumberNode == NULL) { + xmlSecInternalError("xmlSecEnsureEmptyChild", NULL); + return(-1); + } + + /* write data */ + buf = xmlSecMSCngX509NameWrite(&(cert->pCertInfo->Issuer)); + if(buf == NULL) { + xmlSecInternalError("xmlSecMSCngX509NameWrite", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + + xmlFree(buf); + + ret = xmlSecMSCngASN1IntegerWrite(issuerNumberNode, &(cert->pCertInfo->SerialNumber)); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngASN1IntegerWrite", NULL); + return(-1); + } + return(0); +} + +static xmlChar* +xmlSecMSCngX509SKIWrite(PCCERT_CONTEXT cert) { + xmlChar *res = NULL; + DWORD dwSize; + BYTE *bSKI = NULL; + PCERT_EXTENSION pCertExt; + + xmlSecAssert2(cert != NULL, NULL); + + /* First check if the SKI extension actually exists, otherwise we get a SHA1 hash of the cert */ + pCertExt = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); + if (pCertExt == NULL) { + xmlSecMSCngLastError("CertFindExtension", NULL); + return (NULL); + } + + if (!CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, NULL, &dwSize) || dwSize < 1) { + xmlSecMSCngLastError("CertGetCertificateContextProperty", NULL); + return (NULL); + } + bSKI = xmlMalloc(dwSize); + if (bSKI == NULL) { + xmlSecMallocError(dwSize, NULL); + return (NULL); + } + + if (!CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, bSKI, &dwSize)) { + xmlSecMSCngLastError("CertGetCertificateContextProperty", NULL); + xmlFree(bSKI); + return (NULL); + } + + if (bSKI == NULL) { + return(NULL); + } + + res = xmlSecBase64Encode(bSKI, dwSize, 0); + if(res == NULL) { + xmlSecInternalError("xmlSecBase64Encode", NULL); + xmlFree(bSKI); + return(NULL); + } + xmlFree(bSKI); + + return(res); +} + +static int +xmlSecMSCngX509SKINodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node) { + xmlChar *buf = NULL; + xmlNodePtr cur = NULL; + int ret; + + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(node != NULL, -1); + + buf = xmlSecMSCngX509SKIWrite(cert); + if(buf == NULL) { + xmlSecInternalError("xmlSecMSCngX509SKIWrite", NULL); + return(-1); + } + + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); + if(cur == NULL) { + xmlSecInternalError("xmlSecEnsureEmptyChild", NULL); + xmlFree(buf); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + + xmlFree(buf); + return(0); +} + +static int +xmlSecMSCngX509CRLNodeWrite(PCCRL_CONTEXT crl, xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecAssert2(crl != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + xmlSecNotImplementedError(NULL); + + return(-1); +} + +static int +xmlSecMSCngKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + int content; + xmlSecKeyDataPtr keyData; + xmlSecMSCngX509DataCtxPtr x509DataCtx; + PCCERT_CONTEXT cert = NULL; + HCERTSTORE certs; + PCCRL_CONTEXT crlCtx = NULL; + int ret; + + xmlSecAssert2(id == xmlSecMSCngKeyDataX509Id, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(node != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + content = xmlSecX509DataGetNodeContent(node, keyInfoCtx); + if(content < 0) { + xmlSecInternalError("xmlSecX509DataGetNodeContent", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + if(content == 0) { + /* no content -> writer the default */ + content = XMLSEC_X509DATA_DEFAULT; + } + + keyData = xmlSecKeyGetData(key, id); + if(keyData == NULL) { + /* nothing to do */ + return(0); + } + + xmlSecAssert2(xmlSecKeyDataCheckId(keyData, xmlSecMSCngKeyDataX509Id), -1); + x509DataCtx = xmlSecMSCngX509DataGetCtx(keyData); + certs = x509DataCtx->hMemStore; + + /* write certificates */ + while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL) { + if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { + ret = xmlSecMSCngX509CertificateNodeWrite(cert, node, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509CertificateNodeWrite", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + } + + if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { + ret = xmlSecMSCngX509SubjectNameNodeWrite(cert, node); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509SubjectNameNodeWrite", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + } + + if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { + ret = xmlSecMSCngX509IssuerSerialNodeWrite(cert, node); + if(ret< 0) { + xmlSecInternalError("xmlSecMSCngX509IssuerSerialNodeWrite", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + } + + if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { + ret = xmlSecMSCngX509SKINodeWrite(cert, node); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509SKINodeWrite", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + } + } + + /* write CRLs */ + while((crlCtx = CertEnumCRLsInStore(certs, crlCtx)) != NULL) { + ret = xmlSecMSCngX509CRLNodeWrite(crlCtx, node, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509CRLNodeWrite", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + } + + return(0); +} + +static void +xmlSecMSCngKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id)); + xmlSecAssert(output != NULL); + + xmlSecNotImplementedError(NULL); +} + +static void +xmlSecMSCngKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCngKeyDataX509Id)); + xmlSecAssert(output != NULL); + + xmlSecNotImplementedError(NULL); +} + +static xmlSecKeyDataKlass xmlSecMSCngKeyDataX509Klass = { + sizeof(xmlSecKeyDataKlass), + xmlSecMSCngX509DataSize, + + /* data */ + xmlSecNameX509Data, + xmlSecKeyDataUsageKeyInfoNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefX509Data, /* const xmlChar* href; */ + xmlSecNodeX509Data, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCngKeyDataX509Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCngKeyDataX509Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCngKeyDataX509Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCngKeyDataX509GetType, /* xmlSecKeyDataGetTypeMethod getType; */ + NULL, /* xmlSecKeyDataGetSizeMethod getSize; */ + xmlSecMSCngKeyDataX509GetIdentifier, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + xmlSecMSCngKeyDataX509XmlRead, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + xmlSecMSCngKeyDataX509XmlWrite, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCngKeyDataX509DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCngKeyDataX509DebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeyDataX509GetKlass: + * + * The MSCng X509 key data klass. + * + * Returns: the X509 data klass. + */ +xmlSecKeyDataId +xmlSecMSCngKeyDataX509GetKlass(void) { + return(&xmlSecMSCngKeyDataX509Klass); +} + +/************************************************************************** + * + * Raw X509 Certificate processing + * + * + *************************************************************************/ +static int +xmlSecMSCngKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, + const xmlSecByte* buf, xmlSecSize bufSize, + xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlSecKeyDataPtr data; + PCCERT_CONTEXT cert; + int ret; + + xmlSecAssert2(id == xmlSecMSCngKeyDataRawX509CertId, -1); + xmlSecAssert2(key != NULL, -1); + xmlSecAssert2(buf != NULL, -1); + xmlSecAssert2(bufSize > 0, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + cert = xmlSecMSCngX509CertDerRead(buf, bufSize); + if(cert == NULL) { + xmlSecInternalError("xmlSecMSCngX509CertDerRead", NULL); + return(-1); + } + + data = xmlSecKeyEnsureData(key, xmlSecMSCngKeyDataX509Id); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); + CertFreeCertificateContext(cert); + return(-1); + } + + ret = xmlSecMSCngKeyDataX509AdoptCert(data, cert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509AdoptCert", + xmlSecKeyDataKlassGetName(id)); + CertFreeCertificateContext(cert); + return(-1); + } + + ret = xmlSecMSCngKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); + } + + return(0); +} + +static xmlSecKeyDataKlass xmlSecMSCngKeyDataRawX509CertKlass = { + sizeof(xmlSecKeyDataKlass), + sizeof(xmlSecKeyData), + + /* data */ + xmlSecNameRawX509Cert, + xmlSecKeyDataUsageRetrievalMethodNodeBin, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefRawX509Cert, /* const xmlChar* href; */ + NULL, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + NULL, /* xmlSecKeyDataInitializeMethod initialize; */ + NULL, /* xmlSecKeyDataDuplicateMethod duplicate; */ + NULL, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + NULL, /* xmlSecKeyDataGetTypeMethod getType; */ + NULL, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + xmlSecMSCngKeyDataRawX509CertBinRead, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + NULL, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + NULL, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngKeyDataRawX509CertGetKlass: + * + * The raw X509 certificates key data klass. + * + * Returns: raw X509 certificates key data klass. + */ +xmlSecKeyDataId +xmlSecMSCngKeyDataRawX509CertGetKlass(void) { + return(&xmlSecMSCngKeyDataRawX509CertKlass); +} + +#endif /* XMLSEC_NO_X509 */ diff --git a/src/mscng/x509vfy.c b/src/mscng/x509vfy.c new file mode 100644 index 00000000..8940ba3d --- /dev/null +++ b/src/mscng/x509vfy.c @@ -0,0 +1,1215 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2018 Miklos Vajna. All Rights Reserved. + */ +/** + * SECTION:x509vfy + * @Short_description: X509 certificates verification support functions for Microsoft Cryptography API: Next Generation (CNG). + * @Stability: Private + * + */ + +#include "globals.h" + +#ifndef XMLSEC_NO_X509 + +#include <string.h> + +#include <windows.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/keyinfo.h> +#include <xmlsec/keysmngr.h> +#include <xmlsec/base64.h> +#include <xmlsec/bn.h> +#include <xmlsec/errors.h> + +#include <xmlsec/mscng/crypto.h> +#include <xmlsec/mscng/x509.h> + +typedef struct _xmlSecMSCngX509StoreCtx xmlSecMSCngX509StoreCtx, + *xmlSecMSCngX509StoreCtxPtr; +struct _xmlSecMSCngX509StoreCtx { + HCERTSTORE trusted; + HCERTSTORE trustedMemStore; + HCERTSTORE untrusted; + HCERTSTORE untrustedMemStore; +}; + +#define xmlSecMSCngX509StoreGetCtx(store) \ + ((xmlSecMSCngX509StoreCtxPtr)(((xmlSecByte*)(store)) + \ + sizeof(xmlSecKeyDataStoreKlass))) +#define xmlSecMSCngX509StoreSize \ + (sizeof(xmlSecKeyDataStoreKlass) + sizeof(xmlSecMSCngX509StoreCtx)) + +static void +xmlSecMSCngX509StoreFinalize(xmlSecKeyDataStorePtr store) { + xmlSecMSCngX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId)); + ctx = xmlSecMSCngX509StoreGetCtx(store); + xmlSecAssert(ctx != NULL); + + if(ctx->trusted != NULL) { + ret = CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_CHECK_FLAG); + if(ret == FALSE) { + xmlSecMSCngLastError("CertCloseStore", xmlSecKeyDataStoreGetName(store)); + } + } + + if(ctx->trustedMemStore != NULL) { + ret = CertCloseStore(ctx->trustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + if(ret == FALSE) { + xmlSecMSCngLastError("CertCloseStore", xmlSecKeyDataStoreGetName(store)); + } + } + + if(ctx->untrusted != NULL) { + ret = CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_CHECK_FLAG); + if(ret == FALSE) { + xmlSecMSCngLastError("CertCloseStore", xmlSecKeyDataStoreGetName(store)); + } + } + + if(ctx->untrustedMemStore != NULL) { + ret = CertCloseStore(ctx->untrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); + if(ret == FALSE) { + xmlSecMSCngLastError("CertCloseStore", xmlSecKeyDataStoreGetName(store)); + } + } + + memset(ctx, 0, sizeof(xmlSecMSCngX509StoreCtx)); +} + +/** + * xmlSecMSCngX509StoreAdoptKeyStore: + * @store: the pointer to X509 key data store klass. + * @keyStore: the pointer to keys store. + * + * Adds @keyStore to the list of key stores. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +int +xmlSecMSCngX509StoreAdoptKeyStore(xmlSecKeyDataStorePtr store, HCERTSTORE keyStore) { + xmlSecMSCngX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId), -1); + xmlSecAssert2(keyStore != NULL, -1); + + ctx = xmlSecMSCngX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + ret = CertAddStoreToCollection(ctx->trusted, keyStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 2); + if(ret != TRUE) { + xmlSecMSCngLastError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngX509StoreAdoptTrustedStore: + * @store: the pointer to X509 key data store klass. + * @trustedStore: the pointer to certs store. + * + * Adds @trustedStore to the list of trusted certs stores. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +int +xmlSecMSCngX509StoreAdoptTrustedStore(xmlSecKeyDataStorePtr store, HCERTSTORE trustedStore) { + xmlSecMSCngX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId), -1); + xmlSecAssert2( trustedStore != NULL, -1); + + ctx = xmlSecMSCngX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + ret = CertAddStoreToCollection(ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3); + if(ret == FALSE) { + xmlSecMSCngLastError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngX509StoreAdoptUntrustedStore: + * @store: the pointer to X509 key data store klass. + * @untrustedStore: the pointer to certs store. + * + * Adds @trustedStore to the list of untrusted certs stores. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +int +xmlSecMSCngX509StoreAdoptUntrustedStore(xmlSecKeyDataStorePtr store, HCERTSTORE untrustedStore) { + xmlSecMSCngX509StoreCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId), -1); + xmlSecAssert2(untrustedStore != NULL, -1); + + ctx = xmlSecMSCngX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->untrusted != NULL, -1); + + ret = CertAddStoreToCollection(ctx->untrusted, untrustedStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2); + if(ret == FALSE) { + xmlSecMSCngLastError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); + return(-1); + } + + return(0); +} + +static int +xmlSecMSCngX509StoreInitialize(xmlSecKeyDataStorePtr store) { + int ret; + xmlSecMSCngX509StoreCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId), -1); + ctx = xmlSecMSCngX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + + memset(ctx, 0, sizeof(xmlSecMSCngX509StoreCtx)); + + /* create a trusted store that will be a collection of other stores */ + ctx->trusted = CertOpenStore( + CERT_STORE_PROV_COLLECTION, + 0, + 0, + 0, + NULL); + if(ctx->trusted == NULL) { + xmlSecMSCngLastError("CertOpenStore", xmlSecKeyDataStoreGetName(store)); + return(-1); + } + + /* create an actual trusted store */ + ctx->trustedMemStore = CertOpenStore( + CERT_STORE_PROV_MEMORY, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); + if(ctx->trustedMemStore == NULL) { + xmlSecMSCngLastError("CertOpenStore", xmlSecKeyDataStoreGetName(store)); + xmlSecMSCngX509StoreFinalize(store); + return(-1); + } + + /* add the store to the trusted collection */ + ret = CertAddStoreToCollection( + ctx->trusted, + ctx->trustedMemStore, + CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, + 1); + if(ret == 0) { + xmlSecMSCngLastError("CertAddStoreToCollection", xmlSecKeyDataStoreGetName(store)); + xmlSecMSCngX509StoreFinalize(store); + return(-1); + } + + /* create an untrusted store that will be a collection of other stores */ + ctx->untrusted = CertOpenStore( + CERT_STORE_PROV_COLLECTION, + 0, + 0, + 0, + NULL); + if(ctx->untrusted == NULL) { + xmlSecMSCngLastError("CertOpenStore", xmlSecKeyDataStoreGetName(store)); + xmlSecMSCngX509StoreFinalize(store); + return(-1); + } + + /* create an actual untrusted store */ + ctx->untrustedMemStore = CertOpenStore( + CERT_STORE_PROV_MEMORY, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_STORE_CREATE_NEW_FLAG, + NULL); + if(ctx->untrustedMemStore == NULL) { + xmlSecMSCngLastError("CertOpenStore", xmlSecKeyDataStoreGetName(store)); + xmlSecMSCngX509StoreFinalize(store); + return(-1); + } + + /* add the store to the untrusted collection */ + ret = CertAddStoreToCollection( + ctx->untrusted, + ctx->untrustedMemStore, + CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, + 1); + if(ret == 0) { + xmlSecMSCngLastError("CertAddStoreToCollection", xmlSecKeyDataStoreGetName(store)); + xmlSecMSCngX509StoreFinalize(store); + return(-1); + } + + return(0); +} + +static xmlSecKeyDataStoreKlass xmlSecMSCngX509StoreKlass = { + sizeof(xmlSecKeyDataStoreKlass), + xmlSecMSCngX509StoreSize, + + /* data */ + xmlSecNameX509Store, /* const xmlChar* name; */ + + /* constructors/destructor */ + xmlSecMSCngX509StoreInitialize, /* xmlSecKeyDataStoreInitializeMethod initialize; */ + xmlSecMSCngX509StoreFinalize, /* xmlSecKeyDataStoreFinalizeMethod finalize; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCngX509StoreGetKlass: + * + * The MSCng X509 certificates key data store klass. + * + * Returns: pointer to MSCng X509 certificates key data store klass. + */ +xmlSecKeyDataStoreId +xmlSecMSCngX509StoreGetKlass(void) { + return(&xmlSecMSCngX509StoreKlass); +} + +/** + * xmlSecMSCngX509StoreAdoptCert: + * @store: the pointer to X509 key data store klass. + * @cert: the pointer to PCCERT_CONTEXT X509 certificate. + * @type: the certificate type (trusted/untrusted). + * + * Adds trusted (root) or untrusted certificate to the store. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +int +xmlSecMSCngX509StoreAdoptCert(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { + xmlSecMSCngX509StoreCtxPtr ctx; + HCERTSTORE hCertStore; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId), -1); + xmlSecAssert2(pCert != NULL, -1); + + ctx = xmlSecMSCngX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + if(type == xmlSecKeyDataTypeTrusted) { + hCertStore = ctx->trusted; + } else if(type == xmlSecKeyDataTypeNone) { + hCertStore = ctx->untrusted; + } else { + xmlSecNotImplementedError(NULL); + return(-1); + } + + xmlSecAssert2(hCertStore != NULL, -1); + ret = CertAddCertificateContextToStore( + hCertStore, + pCert, + CERT_STORE_ADD_ALWAYS, + NULL); + if(ret == FALSE) { + xmlSecMSCngLastError("CertAddCertificateContextToStore", xmlSecKeyDataStoreGetName(store)); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngCheckRevocation: + * @store: may contain a CRL + * @cert: the certificate that is revoked (or not) + * + * Checks if @cert is in the CRL of @store. + * + * Returns: 0 on success or a negative value if an errors occurs. + */ +static int +xmlSecMSCngCheckRevocation(HCERTSTORE store, PCCERT_CONTEXT cert) { + PCCRL_CONTEXT crlCtx = NULL; + PCRL_ENTRY crlEntry = NULL; + int ret; + + xmlSecAssert2(store != NULL, -1); + xmlSecAssert2(cert != NULL, -1); + + while((crlCtx = CertEnumCRLsInStore(store, crlCtx)) != NULL) { + ret = CertFindCertificateInCRL(cert, + crlCtx, + 0, + NULL, + &crlEntry); + if(ret == 0) { + continue; + } + if(crlEntry == NULL) { + continue; + } + + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, NULL, + "cert found in CRL"); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngX509StoreContainsCert: + * @store: the certificate store + * @subject: the name of the subject or issuer to find + * @cert: the certificate + * + * Determines if cert is found in store. + * + * Returns: 1 and 0 if find does or does not succeed, or a negative value if an + * error occurs. + */ +static int +xmlSecMSCngX509StoreContainsCert(HCERTSTORE store, CERT_NAME_BLOB* name, + PCCERT_CONTEXT cert) +{ + PCCERT_CONTEXT issuerCert = NULL; + DWORD flags; + int ret; + + xmlSecAssert2(store != NULL, -1); + xmlSecAssert2(name != NULL, -1); + xmlSecAssert2(cert != NULL, -1); + + issuerCert = CertFindCertificateInStore(store, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, + name, + NULL); + if(issuerCert != NULL) { + flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; + ret = CertVerifySubjectCertificateContext(cert, + issuerCert, + &flags); + if(ret == 0) { + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + NULL, + "CertVerifySubjectCertificateContext"); + CertFreeCertificateContext(issuerCert); + return(-1); + } + CertFreeCertificateContext(issuerCert); + return(1); + } + + return(0); +} + +static int +xmlSecMSCngVerifyCertTime(PCCERT_CONTEXT cert, LPFILETIME time) { + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(cert->pCertInfo != NULL, -1); + xmlSecAssert2(time != NULL, -1); + + if(CompareFileTime(&cert->pCertInfo->NotBefore, time) == 1) { + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + NULL, + "CompareFileTime"); + return(-1); + } + + if(CompareFileTime(&cert->pCertInfo->NotAfter, time) == -1) { + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + NULL, + "CompareFileTime"); + return(-1); + } + + return(0); +} + +/** + * xmlSecMSCngX509StoreVerifyCertificateOwn: + * @cert: the certificate to verify. + * @time: pointer to FILETIME that we are interested in + * @trustedStore: trusted certificates added via xmlSecMSCngX509StoreAdoptCert(). + * @certStore: the untrusted certificates stack. + * @store: key data store, name used for error reporting only. + * + * Verifies @cert based on trustedStore (ignoring system trusted certificates). + * + * Returns: 0 on success or a negative value if an error occurs. + */ +static int +xmlSecMSCngX509StoreVerifyCertificateOwn(PCCERT_CONTEXT cert, + FILETIME* time, HCERTSTORE trustedStore, HCERTSTORE untrustedStore, HCERTSTORE certStore, + xmlSecKeyDataStorePtr store) { + PCCERT_CONTEXT issuerCert = NULL; + DWORD flags; + int ret; + + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(trustedStore != NULL, -1); + xmlSecAssert2(certStore != NULL, -1); + xmlSecAssert2(store != NULL, -1); + + ret = xmlSecMSCngVerifyCertTime(cert, time); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngVerifyCertTime", + xmlSecKeyDataStoreGetName(store)); + return(-1); + } + + ret = xmlSecMSCngCheckRevocation(certStore, cert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngCheckRevocation", + xmlSecKeyDataStoreGetName(store)); + return(-1); + } + + /* does trustedStore contain cert directly? */ + ret = xmlSecMSCngX509StoreContainsCert(trustedStore, + &cert->pCertInfo->Subject, cert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509StoreContainsCert", + xmlSecKeyDataStoreGetName(store)); + return(-1); + } + if(ret == 1) { + return(0); + } + + /* does trustedStore contain the issuer cert? */ + ret = xmlSecMSCngX509StoreContainsCert(trustedStore, + &cert->pCertInfo->Issuer, cert); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509StoreContainsCert", + xmlSecKeyDataStoreGetName(store)); + return(-1); + } + if(ret == 1) { + return(0); + } + + /* is cert self-signed? no recursion in that case */ + if(CertCompareCertificateName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &cert->pCertInfo->Subject, + &cert->pCertInfo->Issuer)) { + return(-1); + } + + /* the same checks recursively for the issuer cert in certStore */ + issuerCert = CertFindCertificateInStore(certStore, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, + &cert->pCertInfo->Issuer, + NULL); + if(issuerCert != NULL) { + flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; + ret = CertVerifySubjectCertificateContext(cert, issuerCert, &flags); + if(ret == 0) { + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "CertVerifySubjectCertificateContext"); + CertFreeCertificateContext(issuerCert); + return(-1); + } + + ret = xmlSecMSCngX509StoreVerifyCertificateOwn(issuerCert, time, + trustedStore, untrustedStore, certStore, store); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509StoreVerifyCertificateOwn", xmlSecKeyDataStoreGetName(store)); + CertFreeCertificateContext(issuerCert); + return(-1); + } + CertFreeCertificateContext(issuerCert); + return(0); + } + + /* the same checks recursively for the issuer cert in untrustedStore */ + issuerCert = CertFindCertificateInStore(untrustedStore, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_SUBJECT_NAME, + &cert->pCertInfo->Issuer, + NULL); + if(issuerCert != NULL) { + flags = CERT_STORE_REVOCATION_FLAG | CERT_STORE_SIGNATURE_FLAG; + ret = CertVerifySubjectCertificateContext(cert, issuerCert, &flags); + if(ret == 0) { + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "CertVerifySubjectCertificateContext"); + CertFreeCertificateContext(issuerCert); + return(-1); + } + + ret = xmlSecMSCngX509StoreVerifyCertificateOwn(issuerCert, time, + trustedStore, untrustedStore, certStore, store); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCngX509StoreVerifyCertificateOwn", xmlSecKeyDataStoreGetName(store)); + CertFreeCertificateContext(issuerCert); + return(-1); + } + CertFreeCertificateContext(issuerCert); + return(0); + } + + return(-1); +} + +/** + * xmlSecMSCngX509StoreVerifyCertificateSystem: + * @cert: the certificate we check + * @time: pointer to FILETIME that we are interested in + * @untrustedStore: untrusted certificates added via API + * @docStore: untrusted certificates/CRLs extracted from a document + * + * Verifies @cert based on system trusted certificates. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +static int +xmlSecMSCngX509StoreVerifyCertificateSystem(PCCERT_CONTEXT cert, + FILETIME* time, HCERTSTORE untrustedStore, HCERTSTORE docStore) { + PCCERT_CHAIN_CONTEXT pChainContext = NULL; + CERT_CHAIN_PARA chainPara; + HCERTSTORE chainStore = NULL; + int res = -1; + int ret; + + /* initialize data structures */ + memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA)); + chainPara.cbSize = sizeof(CERT_CHAIN_PARA); + + /* create additional store for CertGetCertificateChain() */ + chainStore = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL); + if(chainStore == NULL) { + xmlSecMSCngLastError("CertOpenStore", NULL); + goto end; + } + + ret = CertAddStoreToCollection(chainStore, docStore, 0, 0); + if(ret == FALSE) { + xmlSecMSCngLastError("CertAddStoreToCollection", NULL); + goto end; + } + + ret = CertAddStoreToCollection(chainStore, untrustedStore, 0, 0); + if(ret == FALSE) { + xmlSecMSCngLastError("CertAddStoreToCollection", NULL); + goto end; + } + + /* build a chain using CertGetCertificateChain + and the certificate retrieved */ + ret = CertGetCertificateChain(NULL, cert, time, chainStore, &chainPara, + CERT_CHAIN_REVOCATION_CHECK_CHAIN, NULL, &pChainContext); + if(ret == FALSE) { + xmlSecMSCngLastError("CertGetCertificateChain", NULL); + goto end; + } + + if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) { + CertFreeCertificateChain(pChainContext); + pChainContext = NULL; + ret = CertGetCertificateChain(NULL, cert, time, chainStore, &chainPara, + CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT, NULL, + &pChainContext); + if(ret == FALSE) { + xmlSecMSCngLastError("CertGetCertificateChain", NULL); + goto end; + } + } + + if(pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) { + res = 0; + } + +end: + if(pChainContext != NULL) { + CertFreeCertificateChain(pChainContext); + } + + if(chainStore != NULL) { + CertCloseStore(chainStore, 0); + } + + return (res); +} + +/** + * xmlSecMSCngUnixTimeToFileTime: + * + * Converts time_t into FILETIME timestamp. See xmlSecMSCngX509CertGetTime() + * for details. + */ +static int +xmlSecMSCngUnixTimeToFileTime(time_t in, LPFILETIME out) { + /* 64-bit value */ + LONGLONG ll; + + xmlSecAssert2(out != NULL, -1); + + /* seconds -> 100 nanoseconds */ + /* 1970-01-01 epoch -> 1601-01-01 epoch */ + ll = Int32x32To64(in, 10000000) + 116444736000000000; + out->dwLowDateTime = (DWORD)ll; + out->dwHighDateTime = ll >> 32; + + return(0); +} + +/** + * xmlSecMSCngX509StoreVerifyCertificate: + * @store: the pointer to X509 certificate context store klass. + * @cert: the certificate to verify. + * @certStore: the untrusted certificates stack. + * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. + * + * Verifies @cert. + * + * Returns: 0 on success or a negative value if an error occurs. + */ +static int +xmlSecMSCngX509StoreVerifyCertificate(xmlSecKeyDataStorePtr store, + PCCERT_CONTEXT cert, HCERTSTORE certStore, xmlSecKeyInfoCtx* keyInfoCtx) { + xmlSecMSCngX509StoreCtxPtr ctx; + FILETIME fTime; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId), -1); + xmlSecAssert2(cert != NULL, -1); + xmlSecAssert2(cert->pCertInfo != NULL, -1); + xmlSecAssert2(certStore != NULL, -1); + xmlSecAssert2(keyInfoCtx != NULL, -1); + + ctx = xmlSecMSCngX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->trusted != NULL, -1); + + if(keyInfoCtx->certsVerificationTime > 0) { + xmlSecMSCngUnixTimeToFileTime(keyInfoCtx->certsVerificationTime, + &fTime); + } else { + /* current time */ + GetSystemTimeAsFileTime(&fTime); + } + + /* verify based on the own trusted certificates */ + ret = xmlSecMSCngX509StoreVerifyCertificateOwn(cert, + &fTime, ctx->trusted, ctx->untrusted, certStore, store); + if(ret >= 0) { + return(0); + } + + /* verify based on the system certificates */ + ret = xmlSecMSCngX509StoreVerifyCertificateSystem(cert, + &fTime, ctx->untrusted, certStore); + if(ret >= 0) { + return(0); + } + + return(-1); +} + +/** + * xmlSecMSCngX509StoreVerify: + * @store: the pointer to X509 certificate context store klass. + * @certs: the untrusted certificates stack. + * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. + * + * Verifies @certs list. + * + * Returns: pointer to the first verified certificate from @certs. + */ +PCCERT_CONTEXT +xmlSecMSCngX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs, + xmlSecKeyInfoCtx* keyInfoCtx) { + PCCERT_CONTEXT cert = NULL; + int ret; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId), NULL); + xmlSecAssert2(certs != NULL, NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + + while((cert = CertEnumCertificatesInStore(certs, cert)) != NULL) { + PCCERT_CONTEXT foundCert = NULL; + int skip = 0; + xmlSecAssert2(cert->pCertInfo != NULL, NULL); + + /* is cert the issuer of a certificate in certs? if so, skip it */ + do { + foundCert = CertFindCertificateInStore(certs, + X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + 0, + CERT_FIND_ISSUER_NAME, + &(cert->pCertInfo->Subject), + foundCert); + /* don't skip self-signed certificates */ + if((foundCert != NULL) && + !CertCompareCertificateName(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, + &(foundCert->pCertInfo->Subject), + &(foundCert->pCertInfo->Issuer))) { + skip = 1; + } + } while(skip == 0 && foundCert != NULL); + if(foundCert != NULL) { + CertFreeCertificateContext(foundCert); + } + if(skip == 0) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) != 0) { + return(cert); + } + + /* need to actually verify the certificate */ + ret = xmlSecMSCngX509StoreVerifyCertificate(store, cert, certs, keyInfoCtx); + if(ret == 0) { + return(cert); + } + } + } + + return(NULL); +} + +static LPTSTR +xmlSecMSCngX509GetCertName(const xmlChar* name) { + xmlChar* copy; + xmlChar* p; + LPTSTR res; + + xmlSecAssert2(name != 0, NULL); + + /* emailAddress= results in an error, E= does not, so replace the former */ + copy = xmlStrdup(name); + if(copy == NULL) { + xmlSecStrdupError(name, NULL); + return(NULL); + } + + while((p = (xmlChar*)xmlStrstr(copy, BAD_CAST "emailAddress=")) != NULL) { + memcpy(p, " E=", 13); + } + + res = xmlSecWin32ConvertUtf8ToTstr(copy); + if(res == NULL) { + xmlSecInternalError("xmlSecWin32ConvertUtf8ToTstr", NULL); + xmlFree(copy); + return(NULL); + } + + xmlFree(copy); + + return(res); +} + +static BYTE* +xmlSecMSCngCertStrToName(DWORD dwCertEncodingType, LPTSTR pszX500, DWORD dwStrType, DWORD* len) { + BYTE* str = NULL; + LPCTSTR ppszError = NULL; + + xmlSecAssert2(pszX500 != NULL, NULL); + xmlSecAssert2(len != NULL, NULL); + + if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, + NULL, NULL, len, &ppszError)) { + /* this might not be an error, string might just not exist */ + return(NULL); + } + + str = (BYTE *)xmlMalloc(sizeof(TCHAR) * ((*len) + 1)); + if(str == NULL) { + xmlSecMallocError(sizeof(TCHAR) * ((*len) + 1), NULL); + return(NULL); + } + memset(str, 0, (*len) + 1); + + if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, + NULL, str, len, NULL)) { + xmlSecMSCngLastError("CertStrToName", NULL); + xmlFree(str); + return(NULL); + } + + return(str); +} + +static PCCERT_CONTEXT +xmlSecMSCngX509FindCertByIssuer(HCERTSTORE store, LPTSTR wcIssuer, + xmlSecBnPtr issuerSerialBn, DWORD dwCertEncodingType) { + xmlSecAssert2(store != NULL, NULL); + xmlSecAssert2(wcIssuer != NULL, NULL); + xmlSecAssert2(issuerSerialBn != NULL, NULL); + + PCCERT_CONTEXT res = NULL; + CERT_INFO certInfo; + BYTE* bdata; + DWORD len; + + + xmlSecAssert2(store != NULL, NULL); + xmlSecAssert2(wcIssuer != NULL, NULL); + xmlSecAssert2(issuerSerialBn != NULL, NULL); + + certInfo.SerialNumber.cbData = xmlSecBnGetSize(issuerSerialBn); + certInfo.SerialNumber.pbData = xmlSecBnGetData(issuerSerialBn); + + + /* CASE 1: UTF8, DN */ + if (NULL == res) { + bdata = xmlSecMSCngCertStrToName(dwCertEncodingType, + wcIssuer, + CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR, + &len); + if(bdata != NULL) { + certInfo.Issuer.cbData = len; + certInfo.Issuer.pbData = bdata; + + res = CertFindCertificateInStore(store, + dwCertEncodingType, + 0, + CERT_FIND_SUBJECT_CERT, + &certInfo, + NULL); + xmlFree(bdata); + } + } + + /* CASE 2: UTF8, REVERSE DN */ + if (NULL == res) { + bdata = xmlSecMSCngCertStrToName(dwCertEncodingType, + wcIssuer, + CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, + &len); + if(bdata != NULL) { + certInfo.Issuer.cbData = len; + certInfo.Issuer.pbData = bdata; + + res = CertFindCertificateInStore(store, + dwCertEncodingType, + 0, + CERT_FIND_SUBJECT_CERT, + &certInfo, + NULL); + xmlFree(bdata); + } + } + + /* CASE 3: UNICODE, DN */ + if (NULL == res) { + bdata = xmlSecMSCngCertStrToName(dwCertEncodingType, + wcIssuer, + CERT_OID_NAME_STR, + &len); + if(bdata != NULL) { + certInfo.Issuer.cbData = len; + certInfo.Issuer.pbData = bdata; + + res = CertFindCertificateInStore(store, + dwCertEncodingType, + 0, + CERT_FIND_SUBJECT_CERT, + &certInfo, + NULL); + xmlFree(bdata); + } + } + + /* CASE 4: UNICODE, REVERSE DN */ + if (NULL == res) { + bdata = xmlSecMSCngCertStrToName(dwCertEncodingType, + wcIssuer, + CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, + &len); + if(bdata != NULL) { + certInfo.Issuer.cbData = len; + certInfo.Issuer.pbData = bdata; + + res = CertFindCertificateInStore(store, + dwCertEncodingType, + 0, + CERT_FIND_SUBJECT_CERT, + &certInfo, + NULL); + xmlFree(bdata); + } + } + + return (res); +} + +static PCCERT_CONTEXT +xmlSecMSCngX509FindCert(HCERTSTORE store, xmlChar* subjectName, + xmlChar* issuerName, xmlChar* issuerSerial, xmlChar* ski) { + PCCERT_CONTEXT cert; + int ret; + + xmlSecAssert2(store != 0, NULL); + + if(subjectName != NULL) { + LPTSTR wcSubjectName; + + wcSubjectName = xmlSecMSCngX509GetCertName(subjectName); + if(wcSubjectName == NULL) { + xmlSecInternalError("xmlSecMSCngX509GetCertName", NULL); + return(NULL); + } + + cert = xmlSecMSCngX509FindCertBySubject(store, wcSubjectName, + PKCS_7_ASN_ENCODING | X509_ASN_ENCODING); + xmlFree(wcSubjectName); + + return(cert); + } + + if(issuerName != NULL && issuerSerial != NULL) { + xmlSecBn issuerSerialBn; + LPTSTR wcIssuerName = NULL; + + ret = xmlSecBnInitialize(&issuerSerialBn, 0); + if(ret < 0) { + xmlSecInternalError("xmlSecBnInitialize", NULL); + return(NULL); + } + + ret = xmlSecBnFromDecString(&issuerSerialBn, issuerSerial); + if(ret < 0) { + xmlSecInternalError("xmlSecBnFromDecString", NULL); + xmlSecBnFinalize(&issuerSerialBn); + return(NULL); + } + + /* xmlSecMSCngX509FindCertByIssuer() wants this in the opposite order */ + ret = xmlSecBnReverse(&issuerSerialBn); + if(ret < 0) { + xmlSecInternalError("xmlSecBnReverse", NULL); + xmlSecBnFinalize(&issuerSerialBn); + return(NULL); + } + + wcIssuerName = xmlSecMSCngX509GetCertName(issuerName); + if(wcIssuerName == NULL) { + xmlSecInternalError("xmlSecMSCngX509GetCertName", NULL); + xmlSecBnFinalize(&issuerSerialBn); + return(NULL); + } + + cert = xmlSecMSCngX509FindCertByIssuer(store, wcIssuerName, + &issuerSerialBn, X509_ASN_ENCODING | PKCS_7_ASN_ENCODING); + xmlFree(wcIssuerName); + xmlSecBnFinalize(&issuerSerialBn); + + return(cert); + } + + if(ski != NULL) { + CRYPT_HASH_BLOB blob; + xmlChar* binSki; + int binSkiLen; + + binSki = xmlStrdup(ski); + if(binSki == NULL) { + xmlSecStrdupError(ski, NULL); + return (NULL); + } + + /* base64 decode "in place" */ + binSkiLen = xmlSecBase64Decode(binSki, (xmlSecByte*)binSki, xmlStrlen(binSki)); + if(binSkiLen < 0) { + xmlSecInternalError("xmlSecBase64Decode", NULL); + xmlFree(binSki); + return(NULL); + } + + blob.pbData = binSki; + blob.cbData = binSkiLen; + cert = CertFindCertificateInStore(store, + PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, + 0, + CERT_FIND_KEY_IDENTIFIER, + &blob, + NULL); + xmlFree(binSki); + + return(cert); + } + + return(NULL); +} + +/** + * xmlSecMSCngX509StoreFindCert: + * @store: the pointer to X509 key data store klass. + * @subjectName: the desired certificate name. + * @issuerName: the desired certificate issuer name. + * @issuerSerial: the desired certificate issuer serial number. + * @ski: the desired certificate SKI. + * @keyInfoCtx: the pointer to <dsig:KeyInfo/> element processing context. + * + * Searches @store for a certificate that matches given criteria. + * + * Returns: pointer to found certificate or NULL if certificate is not found + * or an error occurs. + */ +PCCERT_CONTEXT +xmlSecMSCngX509StoreFindCert(xmlSecKeyDataStorePtr store, xmlChar *subjectName, + xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski, + xmlSecKeyInfoCtx* keyInfoCtx) { + xmlSecMSCngX509StoreCtxPtr ctx; + PCCERT_CONTEXT cert = NULL; + + xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecMSCngX509StoreId), NULL); + xmlSecAssert2(keyInfoCtx != NULL, NULL); + + ctx = xmlSecMSCngX509StoreGetCtx(store); + xmlSecAssert2(ctx != NULL, NULL); + + /* search untrusted certs store */ + if(ctx->untrusted != NULL) { + cert = xmlSecMSCngX509FindCert(ctx->untrusted, subjectName, + issuerName, issuerSerial, ski); + } + + /* search trusted certs store */ + if(cert == NULL && ctx->trusted != NULL) { + cert = xmlSecMSCngX509FindCert(ctx->trusted, subjectName, + issuerName, issuerSerial, ski); + } + + return(cert); +} + +/** + * xmlSecMSCngX509FindCertBySubject: + * @store: the pointer to certs store + * @wcSubject: the cert subject (Unicode) + * @dwCertEncodingType: the cert encoding type + * + * Searches for a cert with given @subject in the @store + * + * Returns: cert handle on success or NULL otherwise + */ +PCCERT_CONTEXT +xmlSecMSCngX509FindCertBySubject(HCERTSTORE store, LPTSTR wcSubject, + DWORD dwCertEncodingType) { + PCCERT_CONTEXT res = NULL; + CERT_NAME_BLOB cnb; + BYTE* bdata; + DWORD len; + + xmlSecAssert2(store != NULL, NULL); + xmlSecAssert2(wcSubject != NULL, NULL); + + /* CASE 1: UTF8, DN */ + if(res == NULL) { + bdata = xmlSecMSCngCertStrToName(dwCertEncodingType, + wcSubject, + CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR, + &len); + if(bdata != NULL) { + cnb.cbData = len; + cnb.pbData = bdata; + + res = CertFindCertificateInStore(store, + dwCertEncodingType, + 0, + CERT_FIND_SUBJECT_NAME, + &cnb, + NULL); + xmlFree(bdata); + } + } + + /* CASE 2: UTF8, REVERSE DN */ + if(res == NULL) { + bdata = xmlSecMSCngCertStrToName(dwCertEncodingType, + wcSubject, + CERT_NAME_STR_ENABLE_UTF8_UNICODE_FLAG | CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, + &len); + if(bdata != NULL) { + cnb.cbData = len; + cnb.pbData = bdata; + + res = CertFindCertificateInStore(store, + dwCertEncodingType, + 0, + CERT_FIND_SUBJECT_NAME, + &cnb, + NULL); + xmlFree(bdata); + } + } + + /* CASE 3: UNICODE, DN */ + if(res == NULL) { + bdata = xmlSecMSCngCertStrToName(dwCertEncodingType, + wcSubject, + CERT_OID_NAME_STR, + &len); + if(bdata != NULL) { + cnb.cbData = len; + cnb.pbData = bdata; + + res = CertFindCertificateInStore(store, + dwCertEncodingType, + 0, + CERT_FIND_SUBJECT_NAME, + &cnb, + NULL); + xmlFree(bdata); + } + } + + /* CASE 4: UNICODE, REVERSE DN */ + if(res == NULL) { + bdata = xmlSecMSCngCertStrToName(dwCertEncodingType, + wcSubject, + CERT_OID_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, + &len); + if(bdata != NULL) { + cnb.cbData = len; + cnb.pbData = bdata; + + res = CertFindCertificateInStore(store, + dwCertEncodingType, + 0, + CERT_FIND_SUBJECT_NAME, + &cnb, + NULL); + xmlFree(bdata); + } + } + + return(res); +} + +#endif /* XMLSEC_NO_X509 */ diff --git a/src/mscrypto/Makefile.am b/src/mscrypto/Makefile.am index 5cea654b..20aedc57 100644 --- a/src/mscrypto/Makefile.am +++ b/src/mscrypto/Makefile.am @@ -41,10 +41,6 @@ libxmlsec1_mscrypto_la_SOURCES =\ xmlsec-mingw.h \ $(NULL) -if SHAREDLIB_HACK -libxmlsec1_mscrypto_la_SOURCES += ../strings.c -endif - libxmlsec1_mscrypto_la_LIBADD = \ $(MSCRYPTO_LIBS) \ $(LIBXSLT_LIBS) \ diff --git a/src/mscrypto/app.c b/src/mscrypto/app.c index bcb0ea19..3f5ab179 100644 --- a/src/mscrypto/app.c +++ b/src/mscrypto/app.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:app + * @Short_description: Application support functions for Microsoft Crypto API. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -18,6 +26,8 @@ #include <xmlsec/keys.h> #include <xmlsec/transforms.h> #include <xmlsec/errors.h> +#include <xmlsec/keysdata.h> +#include <xmlsec/xmltree.h> #include <xmlsec/mscrypto/app.h> #include <xmlsec/mscrypto/crypto.h> @@ -26,6 +36,10 @@ #include <xmlsec/mscrypto/x509.h> #include "private.h" +#ifndef PKCS12_NO_PERSIST_KEY +/* Windows Server 2003 and Windows XP: This value is not supported. */ +# define PKCS12_NO_PERSIST_KEY 0x00008000 +#endif /* I don't see any other way then to use a global var to get the * config info to the mscrypto keysstore :( WK @@ -52,38 +66,18 @@ xmlSecMSCryptoAppInit(const char* config) { if (NULL != config && strlen(config) > 0) { if (gXmlSecMSCryptoAppCertStoreName != NULL) { /* This should not happen, initialize twice */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "config=%s, config already set", - xmlSecErrorsSafeString(config)); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_CONFIG, NULL, + "config=%s, config already set", + xmlSecErrorsSafeString(config)); return (-1); } -#ifdef UNICODE - gXmlSecMSCryptoAppCertStoreName = xmlSecMSCryptoConvertLocaleToUnicode(config); + gXmlSecMSCryptoAppCertStoreName = xmlSecWin32ConvertUtf8ToTstr((const xmlChar *)config); if (gXmlSecMSCryptoAppCertStoreName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoConvertLocaleToUnicode", - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "config=%s", - xmlSecErrorsSafeString(config)); + xmlSecInternalError2("xmlSecWin32ConvertUtf8ToTstr", NULL, + "config=%s", xmlSecErrorsSafeString(config)); return (-1); } -#else /* UNICODE */ - gXmlSecMSCryptoAppCertStoreName = xmlStrdup(config); - if (gXmlSecMSCryptoAppCertStoreName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlStrdup", - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "config=%s", - xmlSecErrorsSafeString(config)); - return (-1); - } -#endif /* UNICODE */ } return(0); @@ -150,33 +144,21 @@ xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, case xmlSecKeyDataFormatPkcs12: key = xmlSecMSCryptoAppPkcs12Load(filename, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoAppPkcs12Load", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoAppPkcs12Load", NULL); return(NULL); } break; case xmlSecKeyDataFormatCertDer: ret = xmlSecBufferInitialize(&buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferReadFile(&buffer, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return (NULL); } @@ -185,11 +167,7 @@ xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, xmlSecBufferGetSize(&buffer), format, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoAppKeyLoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoAppKeyLoadMemory", NULL); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -197,11 +175,8 @@ xmlSecMSCryptoAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, break; default: /* Any other format like PEM keys is currently not supported */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(NULL); } @@ -235,47 +210,33 @@ xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlS xmlSecAssert2(data != NULL, NULL); xmlSecAssert2(dataSize > 0, NULL); xmlSecAssert2(format == xmlSecKeyDataFormatCertDer, NULL); + UNREFERENCED_PARAMETER(pwd); + UNREFERENCED_PARAMETER(pwdCallback); + UNREFERENCED_PARAMETER(pwdCallbackCtx); pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize); if (NULL == pCert) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertCreateCertificateContext", - XMLSEC_ERRORS_R_IO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertCreateCertificateContext", NULL); goto done; } x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id)", NULL); goto done; } tmpcert = CertDuplicateCertificateContext(pCert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); CertFreeCertificateContext(tmpcert); goto done; } @@ -283,45 +244,31 @@ xmlSecMSCryptoAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlS keyData = xmlSecMSCryptoCertAdopt(pCert, xmlSecKeyDataTypePublic); if(keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoCertAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoCertAdopt", + xmlSecKeyDataGetName(x509Data)); goto done; } pCert = NULL; key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecKeySetValue(key, keyData); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(x509Data)); goto done; } keyData = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); goto done; } x509Data = NULL; @@ -378,22 +325,14 @@ xmlSecMSCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, ret = xmlSecBufferInitialize(&buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(-1); } ret = xmlSecBufferReadFile(&buffer, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return (-1); } @@ -401,11 +340,7 @@ xmlSecMSCryptoAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, ret = xmlSecMSCryptoAppKeyCertLoadMemory(key, xmlSecBufferGetData(&buffer), xmlSecBufferGetSize(&buffer), format); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoAppKeyCertLoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoAppKeyCertLoadMemory", NULL); xmlSecBufferFinalize(&buffer); return(-1); } @@ -438,12 +373,7 @@ xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xml kdata = xmlSecKeyEnsureData(key, xmlSecMSCryptoKeyDataX509Id); if(kdata == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyEnsureData(xmlSecMSCryptoKeyDataX509Id)", NULL); return(-1); } @@ -454,32 +384,22 @@ xmlSecMSCryptoAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xml case xmlSecKeyDataFormatCertDer: pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize); if (NULL == pCert) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertCreateCertificateContext", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "format=%d", format); + xmlSecInternalError2("CertCreateCertificateContext", NULL, + "format=%d", format); return(-1); } ret = xmlSecMSCryptoKeyDataX509AdoptCert(kdata, pCert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(kdata))); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(kdata)); CertFreeCertificateContext(pCert); return(-1); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", (int)format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(-1); } @@ -511,31 +431,19 @@ xmlSecMSCryptoAppPkcs12Load(const char *filename, ret = xmlSecBufferInitialize(&buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferReadFile(&buffer, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return (NULL); } if(xmlSecBufferGetData(&buffer) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidDataError("data buffer is empty", NULL); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -544,11 +452,7 @@ xmlSecMSCryptoAppPkcs12Load(const char *filename, xmlSecBufferGetSize(&buffer), pwd, pwdCallback, pwdCallbackCtx); if (key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoAppPkcs12LoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoAppPkcs12LoadMemory", NULL); xmlSecBufferFinalize(&buffer); return(NULL); } @@ -580,116 +484,93 @@ xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data, PCCERT_CONTEXT tmpcert = NULL; PCCERT_CONTEXT pCert = NULL; WCHAR* wcPwd = NULL; + DWORD dwFlags; xmlSecKeyDataPtr x509Data = NULL; xmlSecKeyDataPtr keyData = NULL; xmlSecKeyPtr key = NULL; - int ret; + int ret; + DWORD dwData = 0; + DWORD dwDataLen; xmlSecAssert2(data != NULL, NULL); xmlSecAssert2(dataSize > 1, NULL); xmlSecAssert2(pwd != NULL, NULL); + UNREFERENCED_PARAMETER(pwdCallback); + UNREFERENCED_PARAMETER(pwdCallbackCtx); memset(&pfx, 0, sizeof(pfx)); pfx.pbData = (BYTE *)data; pfx.cbData = dataSize; if(FALSE == PFXIsPFXBlob(&pfx)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PFXIsPFXBlob", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%ld", - pfx.cbData); + xmlSecMSCryptoError2("PFXIsPFXBlob", NULL, + "size=%ld", (long int)pfx.cbData); goto done; } - wcPwd = xmlSecMSCryptoConvertLocaleToUnicode(pwd); + wcPwd = xmlSecWin32ConvertLocaleToUnicode(pwd); if (wcPwd == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoConvertLocaleToUnicode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "wcPwd"); + xmlSecInternalError("xmlSecWin32ConvertLocaleToUnicode(pw)", NULL); goto done; } if (FALSE == PFXVerifyPassword(&pfx, wcPwd, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PFXVerifyPassword", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("PFXVerifyPassword", NULL); goto done; } - hCertStore = PFXImportCertStore(&pfx, wcPwd, CRYPT_EXPORTABLE | PKCS12_NO_PERSIST_KEY); + dwFlags = CRYPT_EXPORTABLE; + if (!xmlSecImportGetPersistKey()) { + dwFlags |= PKCS12_NO_PERSIST_KEY; + } + hCertStore = PFXImportCertStore(&pfx, wcPwd, dwFlags); if (NULL == hCertStore) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PFXImportCertStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("PFXImportCertStore", NULL); goto done; } x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecMSCryptoKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id)", NULL); goto done; } - while (pCert = CertEnumCertificatesInStore(hCertStore, pCert)) { - DWORD dwData = 0; - DWORD dwDataLen = sizeof(DWORD); + while (1) { + pCert = CertEnumCertificatesInStore(hCertStore, pCert); + if(pCert == NULL) { + break; + } + dwDataLen = sizeof(DWORD); + dwData = 0; /* Find the certificate that has the private key */ if((TRUE == CertGetCertificateContextProperty(pCert, CERT_KEY_SPEC_PROP_ID, &dwData, &dwDataLen)) && (dwData > 0)) { tmpcert = CertDuplicateCertificateContext(pCert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); goto done; } keyData = xmlSecMSCryptoCertAdopt(tmpcert, xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); if(keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoCertAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoCertAdopt", + xmlSecKeyDataGetName(x509Data)); goto done; } - tmpcert = NULL; + tmpcert = NULL; tmpcert = CertDuplicateCertificateContext(pCert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, tmpcert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); goto done; } tmpcert = NULL; @@ -698,55 +579,39 @@ xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data, /* load certificate in the x509 key data */ tmpcert = CertDuplicateCertificateContext(pCert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, tmpcert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); goto done; } tmpcert = NULL; } if (keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoAppPkcs12Load", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "private key not found in PKCS12 file"); + /* private key not found in PKCS12 file */ + xmlSecInternalError2("xmlSecMSCryptoAppPkcs12Load", + xmlSecKeyDataGetName(x509Data), + "private key not found in PKCS12 file", NULL); goto done; } key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecKeySetValue(key, keyData); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(x509Data)); xmlSecKeyDestroy(key); key = NULL; goto done; @@ -755,12 +620,8 @@ xmlSecMSCryptoAppPkcs12LoadMemory(const xmlSecByte* data, ret = xmlSecKeyAdoptData(key, x509Data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); xmlSecKeyDestroy(key); key = NULL; goto done; @@ -812,22 +673,14 @@ xmlSecMSCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, ret = xmlSecBufferInitialize(&buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(-1); } ret = xmlSecBufferReadFile(&buffer, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferReadFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecBufferReadFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return (-1); } @@ -835,12 +688,8 @@ xmlSecMSCryptoAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, ret = xmlSecMSCryptoAppKeysMngrCertLoadMemory(mngr, xmlSecBufferGetData(&buffer), xmlSecBufferGetSize(&buffer), format, type); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoAppKeysMngrCertLoadMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecMSCryptoAppKeysMngrCertLoadMemory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); xmlSecBufferFinalize(&buffer); return(-1); } @@ -878,11 +727,7 @@ xmlSecMSCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecMSCryptoX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoX509StoreId"); + xmlSecInternalError("xmlSecKeysMngrGetDataStore(xmlSecMSCryptoX509StoreId)", NULL); return(-1); } @@ -892,31 +737,20 @@ xmlSecMSCryptoAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte pCert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, data, dataSize); if (NULL == pCert) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertCreateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertCreateCertificateContext", NULL); return (-1); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(-1); } xmlSecAssert2(pCert != NULL, -1); ret = xmlSecMSCryptoX509StoreAdoptCert(x509Store, pCert, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509StoreAdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509StoreAdoptCert", NULL); CertFreeCertificateContext(pCert); return(-1); } @@ -943,21 +777,14 @@ xmlSecMSCryptoAppDefaultKeysMngrAdoptKeyStore(xmlSecKeysMngrPtr mngr, HCERTSTORE x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId) ; if( x509Store == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecKeysMngrGetDataStore" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1) ; + xmlSecInternalError("xmlSecKeysMngrGetDataStore(xmlSecMSCryptoX509StoreId)", NULL); + return(-1) ; } if( xmlSecMSCryptoX509StoreAdoptKeyStore( x509Store, keyStore ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , - "xmlSecMSCryptoX509StoreAdoptKeyStore" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1) ; + xmlSecInternalError("xmlSecMSCryptoX509StoreAdoptKeyStore", + xmlSecKeyDataStoreGetName(x509Store)); + return(-1) ; } return (0) ; @@ -982,21 +809,14 @@ xmlSecMSCryptoAppDefaultKeysMngrAdoptTrustedStore(xmlSecKeysMngrPtr mngr, HCERTS x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId ) ; if( x509Store == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecKeysMngrGetDataStore" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1) ; + xmlSecInternalError("xmlSecKeysMngrGetDataStore", NULL); + return(-1) ; } if( xmlSecMSCryptoX509StoreAdoptTrustedStore( x509Store, trustedStore ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , - "xmlSecMSCryptoX509StoreAdoptKeyStore" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1) ; + xmlSecInternalError("xmlSecMSCryptoX509StoreAdoptKeyStore", + xmlSecKeyDataStoreGetName(x509Store)); + return(-1) ; } return(0); @@ -1020,25 +840,18 @@ xmlSecMSCryptoAppDefaultKeysMngrAdoptUntrustedStore(xmlSecKeysMngrPtr mngr, HCER xmlSecAssert2( untrustedStore != NULL, -1 ) ; x509Store = xmlSecKeysMngrGetDataStore( mngr, xmlSecMSCryptoX509StoreId); - if( x509Store == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecKeysMngrGetDataStore" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + if(x509Store == NULL) { + xmlSecInternalError("xmlSecKeysMngrGetDataStore", NULL); + return(-1); + } - if( xmlSecMSCryptoX509StoreAdoptUntrustedStore( x509Store, untrustedStore ) < 0) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataStoreGetName( x509Store ) ) , - "xmlSecMSCryptoX509StoreAdoptKeyStore" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + if(xmlSecMSCryptoX509StoreAdoptUntrustedStore(x509Store, untrustedStore) < 0) { + xmlSecInternalError("xmlSecMSCryptoX509StoreAdoptKeyStore", + xmlSecKeyDataStoreGetName(x509Store)); + return(-1); + } - return(0) ; + return(0) ; } #endif /* XMLSEC_NO_X509 */ @@ -1064,21 +877,13 @@ xmlSecMSCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { keysStore = xmlSecKeyStoreCreate(xmlSecMSCryptoKeysStoreId); if(keysStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecMSCryptoX509StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptKeysStore", NULL); xmlSecKeyStoreDestroy(keysStore); return(-1); } @@ -1086,11 +891,7 @@ xmlSecMSCryptoAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { ret = xmlSecMSCryptoKeysMngrInit(mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeysMngrInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeysMngrInit", NULL); return(-1); } @@ -1118,21 +919,13 @@ xmlSecMSCryptoAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr ke store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeysStoreAdoptKey", NULL); return(-1); } @@ -1159,21 +952,14 @@ xmlSecMSCryptoAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecMSCryptoKeysStoreLoad(store, uri, mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeysStoreLoad", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecMSCryptoKeysStoreLoad", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -1200,21 +986,14 @@ xmlSecMSCryptoAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filenam store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecMSCryptoKeysStoreSave(store, filename, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeysStoreSave", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename%s", xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecMSCryptoKeysStoreSave", NULL, + "filename%s", xmlSecErrorsSafeString(filename)); return(-1); } diff --git a/src/mscrypto/certkeys.c b/src/mscrypto/certkeys.c index 1cf0e554..226e9c80 100644 --- a/src/mscrypto/certkeys.c +++ b/src/mscrypto/certkeys.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:certkeys + * @Short_description: Certificate keys support functions for Microsoft Crypto API. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -50,7 +58,7 @@ typedef struct _xmlSecMSCryptoKeyDataCtx xmlSecMSCryptoKeyDataCtx, #ifdef XMLSEC_MSCRYPTO_NT4 /*- - * A wrapper of HCRYPTKEY, a reference countor is introduced, the function is + * A wrapper of HCRYPTKEY, a reference counter is introduced, the function is * the same as CryptDuplicateKey. Because the CryptDuplicateKey is not support * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 */ @@ -60,7 +68,7 @@ struct _mscrypt_key { } ; /*- - * A wrapper of HCRYPTPROV, a reference countor is introduced, the function is + * A wrapper of HCRYPTPROV, a reference counter is introduced, the function is * the same as CryptContextAddRef. Because the CryptContextAddRef is not support * by WINNT 4.0, the wrapper will enable the library work on WINNT 4.0 */ @@ -98,12 +106,13 @@ struct _xmlSecMSCryptoKeyDataCtx { /******************************** Provider *****************************************/ #define xmlSecMSCryptoKeyDataCtxGetProvider(ctx) (ctx)->hProv -static void +static int xmlSecMSCryptoKeyDataCtxCreateProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) { - xmlSecAssert(ctx != NULL); + xmlSecAssert2(ctx != NULL, -1); - ctx->hProv = 0; - ctx->fCallerFreeProv = FALSE; + ctx->hProv = 0; + ctx->fCallerFreeProv = FALSE; + return(0); } static void @@ -111,20 +120,21 @@ xmlSecMSCryptoKeyDataCtxDestroyProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); if ((ctx->hProv != 0) && (ctx->fCallerFreeProv)) { - CryptReleaseContext(ctx->hProv, 0); + CryptReleaseContext(ctx->hProv, 0); } - ctx->hProv = 0; - ctx->fCallerFreeProv = FALSE; + ctx->hProv = 0; + ctx->fCallerFreeProv = FALSE; } -static void +static int xmlSecMSCryptoKeyDataCtxSetProvider(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTPROV hProv, BOOL fCallerFreeProv) { - xmlSecAssert(ctx != NULL); + xmlSecAssert2(ctx != NULL, -1); xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx); ctx->hProv = hProv; ctx->fCallerFreeProv = fCallerFreeProv; + return(0); } static int @@ -136,11 +146,7 @@ xmlSecMSCryptoKeyDataCtxDuplicateProvider(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xm if(ctxSrc->hProv != 0) { if(!CryptContextAddRef(ctxSrc->hProv, NULL, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptContextAddRef", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptContextAddRef", NULL); return(-1); } @@ -154,11 +160,12 @@ xmlSecMSCryptoKeyDataCtxDuplicateProvider(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xm /******************************** Key *****************************************/ #define xmlSecMSCryptoKeyDataCtxGetKey(ctx) ((ctx)->hKey) -static void +static int xmlSecMSCryptoKeyDataCtxCreateKey(xmlSecMSCryptoKeyDataCtxPtr ctx) { - xmlSecAssert(ctx != NULL); + xmlSecAssert2(ctx != NULL, -1); ctx->hKey = 0; + return(0); } static void @@ -171,12 +178,13 @@ xmlSecMSCryptoKeyDataCtxDestroyKey(xmlSecMSCryptoKeyDataCtxPtr ctx) { ctx->hKey = 0; } -static void +static int xmlSecMSCryptoKeyDataCtxSetKey(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTKEY hKey) { - xmlSecAssert(ctx != NULL); + xmlSecAssert2(ctx != NULL, -1); xmlSecMSCryptoKeyDataCtxDestroyKey(ctx); ctx->hKey = hKey; + return(0); } static int @@ -187,11 +195,7 @@ xmlSecMSCryptoKeyDataCtxDuplicateKey(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecM xmlSecMSCryptoKeyDataCtxDestroyKey(ctxDst); if (ctxSrc->hKey != 0) { if (!CryptDuplicateKey(ctxSrc->hKey, NULL, 0, &(ctxDst->hKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptDuplicateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptDuplicateKey", NULL); return(-1); } } @@ -204,58 +208,62 @@ xmlSecMSCryptoKeyDataCtxDuplicateKey(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSecM /******************************** Provider *****************************************/ #define xmlSecMSCryptoKeyDataCtxGetProvider(ctx) (((ctx)->p_prov) ? ((ctx)->p_prov->hProv) : 0) -static void +static int xmlSecMSCryptoKeyDataCtxCreateProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) { - xmlSecAssert(ctx != NULL); + xmlSecAssert2(ctx != NULL, -1); - ctx->p_prov = (struct _mscrypt_prov*)xmlMalloc(sizeof(struct _mscrypt_prov)); - if(ctx->p_prov == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE, - "mscrypt_create_prov" , - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE - ); - } + ctx->p_prov = (struct _mscrypt_prov*)xmlMalloc(sizeof(struct _mscrypt_prov)); + if(ctx->p_prov == NULL) { + xmlSecMallocError(sizeof(struct _mscrypt_prov), NULL); + return(-1); + } memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov)); + return(0); } static void xmlSecMSCryptoKeyDataCtxDestroyProvider(xmlSecMSCryptoKeyDataCtxPtr ctx) { xmlSecAssert(ctx != NULL); - if(ctx->p_prov != NULL) { - if(InterlockedDecrement(&(ctx->p_prov->refcnt)) <= 0) { - if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) { - CryptReleaseContext(ctx->p_prov->hProv, 0) ; - } + if(ctx->p_prov != NULL) { + if(InterlockedDecrement(&(ctx->p_prov->refcnt)) <= 0) { + if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) { + CryptReleaseContext(ctx->p_prov->hProv, 0) ; + } memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov)); - xmlFree(ctx->p_prov) ; - } - ctx->p_prov = NULL; + xmlFree(ctx->p_prov) ; } + ctx->p_prov = NULL; + } } -static void +static int xmlSecMSCryptoKeyDataCtxSetProvider(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTPROV hProv, BOOL fCallerFreeProv) { - xmlSecAssert(ctx != NULL); + int ret; + + xmlSecAssert2(ctx != NULL, -1); xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx); if((ctx->p_prov != NULL) && (ctx->p_prov->refcnt == 1)) { - if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) { - CryptReleaseContext(ctx->p_prov->hProv, 0) ; - } + if((ctx->p_prov->hProv != 0) && (ctx->p_prov->fCallerFreeProv)) { + CryptReleaseContext(ctx->p_prov->hProv, 0) ; + } memset(ctx->p_prov, 0, sizeof(struct _mscrypt_prov)); } else { xmlSecMSCryptoKeyDataCtxDestroyProvider(ctx); - xmlSecMSCryptoKeyDataCtxCreateProvider(ctx); + ret = xmlSecMSCryptoKeyDataCtxCreateProvider(ctx); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxCreateProvider", NULL); + return(-1); + } } ctx->p_prov->hProv = hProv; ctx->p_prov->fCallerFreeProv = fCallerFreeProv; ctx->p_prov->refcnt = 1; + return(0); } static int @@ -276,20 +284,17 @@ xmlSecMSCryptoKeyDataCtxDuplicateProvider(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xm /******************************** Key *****************************************/ #define xmlSecMSCryptoKeyDataCtxGetKey(ctx) (((ctx)->p_key) ? ((ctx)->p_key->hKey) : 0) -static void +static int xmlSecMSCryptoKeyDataCtxCreateKey(xmlSecMSCryptoKeyDataCtxPtr ctx) { - xmlSecAssert(ctx != NULL); + xmlSecAssert2(ctx != NULL, -1); - ctx->p_key = (struct _mscrypt_key*)xmlMalloc(sizeof(struct _mscrypt_key)); - if(ctx->p_key == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE, - "mscrypt_create_key" , - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE - ); - } + ctx->p_key = (struct _mscrypt_key*)xmlMalloc(sizeof(struct _mscrypt_key)); + if(ctx->p_key == NULL ) { + xmlSecMallocError(sizeof(struct _mscrypt_key), NULL); + return(-1); + } memset(ctx->p_key, 0, sizeof(struct _mscrypt_key)); + return(0); } static void @@ -308,21 +313,27 @@ xmlSecMSCryptoKeyDataCtxDestroyKey(xmlSecMSCryptoKeyDataCtxPtr ctx) { } } -static void +static int xmlSecMSCryptoKeyDataCtxSetKey(xmlSecMSCryptoKeyDataCtxPtr ctx, HCRYPTKEY hKey) { - xmlSecAssert(ctx != NULL); + int ret; + xmlSecAssert2(ctx != NULL, -1); if((ctx->p_key != NULL) && (ctx->p_key->refcnt == 1)) { - if(ctx->p_key->hKey != 0) { - CryptDestroyKey(ctx->p_key->hKey) ; - } + if(ctx->p_key->hKey != 0) { + CryptDestroyKey(ctx->p_key->hKey) ; + } memset(ctx->p_key, 0, sizeof(struct _mscrypt_key)); } else { xmlSecMSCryptoKeyDataCtxDestroyKey(ctx); - xmlSecMSCryptoKeyDataCtxCreateKey(ctx); + ret = xmlSecMSCryptoKeyDataCtxCreateKey(ctx); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxCreateKey", NULL); + return(-1); + } } ctx->p_key->hKey = hKey; ctx->p_key->refcnt = 1; + return(0); } static int @@ -361,12 +372,13 @@ xmlSecMSCryptoKeyDataCtxDestroyCert(xmlSecMSCryptoKeyDataCtxPtr ctx) { ctx->pCert = NULL; } -static void +static int xmlSecMSCryptoKeyDataCtxSetCert(xmlSecMSCryptoKeyDataCtxPtr ctx, PCCERT_CONTEXT pCert) { - xmlSecAssert(ctx != NULL); + xmlSecAssert2(ctx != NULL, -1); xmlSecMSCryptoKeyDataCtxDestroyCert(ctx); ctx->pCert = pCert; + return(0); } static int @@ -378,11 +390,7 @@ xmlSecMSCryptoKeyDataCtxDuplicateCert(xmlSecMSCryptoKeyDataCtxPtr ctxDst, xmlSec if(ctxSrc->pCert != NULL) { ctxDst->pCert = xmlSecMSCryptoCertDup(ctxSrc->pCert); if(ctxDst->pCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoPCCDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoPCCDup", NULL); return(-1); } } @@ -416,6 +424,7 @@ static int xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { xmlSecMSCryptoKeyDataCtxPtr ctx; HCRYPTKEY hKey = 0; + int ret; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), -1); @@ -445,34 +454,30 @@ xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlS &hProv, &(ctx->dwKeySpec), &fCallerFreeProv)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptAcquireCertificatePrivateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptAcquireCertificatePrivateKey", NULL); return(-1); } - xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv); + ret = xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxSetProvider", NULL); + return(-1); + } } else if((type & xmlSecKeyDataTypePublic) != 0){ HCRYPTPROV hProv; hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, FALSE); if (hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoFindProvider", NULL); + return(-1); + } + ret = xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, TRUE); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxSetProvider", NULL); return(-1); } - xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, TRUE); ctx->dwKeySpec = 0; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Unsupported keytype"); + xmlSecInvalidIntegerTypeError("keytype", type, "supported keytype", NULL); return(-1); } @@ -480,23 +485,27 @@ xmlSecMSCryptoKeyDataAdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT pCert, xmlS * is needed. The key handle is needed for de/encrypting and for * verifying of a signature, *not* for signing. We could call * CryptImportPublicKeyInfo in xmlSecMSCryptoKeyDataGetKey instead - * so no unnessecary calls to CryptImportPublicKeyInfo are being + * so no unnecessary calls to CryptImportPublicKeyInfo are being * made. WK */ if(!CryptImportPublicKeyInfo(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, &(pCert->pCertInfo->SubjectPublicKeyInfo), &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptImportPublicKeyInfo", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptImportPublicKeyInfo", NULL); return(-1); } - xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey); - xmlSecMSCryptoKeyDataCtxSetCert(ctx, pCert); + ret = xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxSetKey", NULL); + return(-1); + } + ret = xmlSecMSCryptoKeyDataCtxSetCert(ctx, pCert); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxSetCert", NULL); + return(-1); + } return(0); } @@ -508,6 +517,7 @@ xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data, DWORD dwKeySpec, xmlSecKeyDataType type) { xmlSecMSCryptoKeyDataCtxPtr ctx; + int ret; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), -1); @@ -517,9 +527,21 @@ xmlSecMSCryptoKeyDataAdoptKey(xmlSecKeyDataPtr data, ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); - xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv); - xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey); - xmlSecMSCryptoKeyDataCtxSetCert(ctx, NULL); + ret = xmlSecMSCryptoKeyDataCtxSetProvider(ctx, hProv, fCallerFreeProv); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxSetProvider", NULL); + return(-1); + } + ret = xmlSecMSCryptoKeyDataCtxSetKey(ctx, hKey); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxSetKey", NULL); + return(-1); + } + ret = xmlSecMSCryptoKeyDataCtxSetCert(ctx, NULL); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxSetCert", NULL); + return(-1); + } ctx->dwKeySpec = dwKeySpec; ctx->type = type; @@ -546,6 +568,7 @@ xmlSecMSCryptoKeyDataGetKey(xmlSecKeyDataPtr data, xmlSecKeyDataType type) { ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, 0); + UNREFERENCED_PARAMETER(type); return(xmlSecMSCryptoKeyDataCtxGetKey(ctx)); } @@ -571,11 +594,7 @@ xmlSecMSCryptoKeyDataGetDecryptKey(xmlSecKeyDataPtr data) { xmlSecAssert2(ctx != NULL, 0); if( !CryptGetUserKey(xmlSecMSCryptoKeyDataCtxGetProvider(ctx), AT_KEYEXCHANGE, &(hKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetUserKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGetUserKey", NULL); return(0); } return (hKey); @@ -645,6 +664,44 @@ xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(xmlSecKeyDataPtr data) { return(ctx->dwKeySpec); } +/** + * xmlSecMSCryptoKeyDataGetMSCryptoProviderInfo: + * @data: the key data + * + * Gets key provider info. + * + * Returns: the key provider info. + */ +PCRYPT_KEY_PROV_INFO +xmlSecMSCryptoKeyDataGetMSCryptoProviderInfo(xmlSecKeyDataPtr data) { + xmlSecMSCryptoKeyDataCtxPtr ctx; + LPBYTE pInfoData = NULL; + DWORD dwInfoDataLength = 0; + + xmlSecAssert2(data != NULL, NULL); + + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, NULL); + xmlSecAssert2(ctx->pCert != NULL, NULL); + + if(!CertGetCertificateContextProperty(ctx->pCert, CERT_KEY_PROV_INFO_PROP_ID, NULL, &dwInfoDataLength)) { + xmlSecMSCryptoError("CertGetCertificateContextProperty", NULL); + return NULL; + } + + if(dwInfoDataLength > 0) { + pInfoData = malloc(dwInfoDataLength * sizeof(BYTE)); + + if(!CertGetCertificateContextProperty(ctx->pCert, CERT_KEY_PROV_INFO_PROP_ID, pInfoData, &dwInfoDataLength)) { + xmlSecMSCryptoError("CertGetCertificateContextProperty", NULL); + free(pInfoData); + return NULL; + } + } + + return (PCRYPT_KEY_PROV_INFO)pInfoData; +} + static int xmlSecMSCryptoKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecMSCryptoKeyDataCtxPtr ctxDst; @@ -662,29 +719,20 @@ xmlSecMSCryptoKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(ctxSrc != NULL, -1); if(xmlSecMSCryptoKeyDataCtxDuplicateProvider(ctxDst, ctxSrc) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataCtxDuplicateProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxDuplicateProvider", + xmlSecKeyDataGetName(dst)); return(-1); } if(xmlSecMSCryptoKeyDataCtxDuplicateKey(ctxDst, ctxSrc) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataCtxDuplicateKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxDuplicateKey", + xmlSecKeyDataGetName(dst)); return(-1); } if(xmlSecMSCryptoKeyDataCtxDuplicateCert(ctxDst, ctxSrc) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataCtxDuplicateCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxDuplicateCert", + xmlSecKeyDataGetName(dst)); return(-1); } @@ -695,21 +743,31 @@ xmlSecMSCryptoKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { return(0); } -static void +static int xmlSecMSCryptoKeyDataInitialize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; + int ret; - xmlSecAssert(xmlSecKeyDataIsValid(data)); - xmlSecAssert(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize)); + xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); + xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), -1); ctx = xmlSecMSCryptoKeyDataGetCtx(data); - xmlSecAssert(ctx != NULL); + xmlSecAssert2(ctx != NULL, -1); memset(ctx, 0, sizeof(xmlSecMSCryptoKeyDataCtx)); - xmlSecMSCryptoKeyDataCtxCreateProvider(ctx); - xmlSecMSCryptoKeyDataCtxCreateKey(ctx); + ret = xmlSecMSCryptoKeyDataCtxCreateProvider(ctx); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxCreateProvider", NULL); + return(-1); + } + ret = xmlSecMSCryptoKeyDataCtxCreateKey(ctx); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataCtxCreateKey", NULL); + return(-1); + } xmlSecMSCryptoKeyDataCtxCreateCert(ctx); + return(0); } static void @@ -748,11 +806,7 @@ xmlSecMSCryptoKeyDataGetSize(xmlSecKeyDataPtr data) { DWORD lenlen = sizeof(DWORD); if (!CryptGetKeyParam(xmlSecMSCryptoKeyDataCtxGetKey(ctx), KP_KEYLEN, (BYTE *)&length, &lenlen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertDuplicateCertificateContext", NULL); return(0); } return(length); @@ -795,11 +849,7 @@ PCCERT_CONTEXT xmlSecMSCryptoCertDup(PCCERT_CONTEXT pCert) { ret = CertDuplicateCertificateContext(pCert); if(ret == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertDuplicateCertificateContext", NULL); return(NULL); } @@ -829,11 +879,7 @@ xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_RSA_RSA)) { data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataRsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataRsaId)", NULL); return(NULL); } } @@ -843,11 +889,7 @@ xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_X957_DSA /*szOID_DSALG_SIGN*/)) { data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataDsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataDsaId)", NULL); return(NULL); } } @@ -859,22 +901,34 @@ xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_MAGPRO_PUBKEY_SIGN_R3410_94_CP)) { data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2001Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoKeyDataGost2001Id"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataGost2001Id)", NULL); return(NULL); } } #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_CP_GOST_R3410_12_256) || + !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_CP_GOST_R3411_12_256_R3410)) { + data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2012_256Id); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataGost2012_256Id)", NULL); + return(NULL); + } + } + if (!strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_CP_GOST_R3410_12_512) || + !strcmp(pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, szOID_CP_GOST_R3411_12_512_R3410)) { + data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataGost2012_512Id); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataGost2012_512Id)", NULL); + return(NULL); + } + } +#endif /* XMLSEC_NO_GOST2012 */ if (NULL == data) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "PCCERT_CONTEXT key type %s not supported", pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId); + xmlSecInvalidStringTypeError("PCCERT_CONTEXT key type", + pCert->pCertInfo->SubjectPublicKeyInfo.Algorithm.pszObjId, + "unsupported keytype", NULL); return(NULL); } @@ -882,11 +936,7 @@ xmlSecMSCryptoCertAdopt(PCCERT_CONTEXT pCert, xmlSecKeyDataType type) { ret = xmlSecMSCryptoKeyDataAdoptCert(data, pCert, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoPCCDataAdoptPCC", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoPCCDataAdoptPCC", NULL); xmlSecKeyDataDestroy(data); return(NULL); } @@ -1023,10 +1073,15 @@ xmlSecMSCryptoKeyDataRsaGetKlass(void) { static int xmlSecMSCryptoKeyDataRsaInitialize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; + int ret; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), xmlSecKeyDataTypeUnknown); - xmlSecMSCryptoKeyDataInitialize(data); + ret = xmlSecMSCryptoKeyDataInitialize(data); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataInitialize", NULL); + return(-1); + } ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); @@ -1072,43 +1127,32 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); return(-1); } /* initialize buffers */ ret = xmlSecBnInitialize(&modulus, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "modulus"); + xmlSecInternalError("xmlSecBnInitialize(modulus)", + xmlSecKeyDataKlassGetName(id));; return(-1); } ret = xmlSecBnInitialize(&exponent, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "exponent"); + xmlSecInternalError("xmlSecBnInitialize(exponent)", + xmlSecKeyDataKlassGetName(id)); xmlSecBnFinalize(&modulus); return(-1); } ret = xmlSecBufferInitialize(&blob, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "blob"); + xmlSecInternalError("xmlSecBufferInitialize(blob)", + xmlSecKeyDataKlassGetName(id)); xmlSecBnFinalize(&modulus); xmlSecBnFinalize(&exponent); return(-1); @@ -1119,45 +1163,28 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAModulus, + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecBnGetNodeValue(&modulus, cur, xmlSecBnBase64, 1); - if((ret < 0) || (xmlSecBnGetSize(&modulus) == 0)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + if((ret < 0) || (xmlSecBnGetSize(&modulus) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue(modulus)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/ - if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { + xmlSecInvalidNodeError(cur, xmlSecNodeRSAExponent, xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecBnGetNodeValue(&exponent, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&exponent) == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecBnGetNodeValue(exponent)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); @@ -1169,11 +1196,7 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); goto done; } @@ -1181,11 +1204,9 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + xmlSecBnGetSize(&modulus); ret = xmlSecBufferSetSize(&blob, blobBufferLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blobBufferLen); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecKeyDataKlassGetName(id), + "size=%d", blobBufferLen); goto done; } @@ -1202,12 +1223,9 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, pubKey->bitlen = xmlSecBnGetSize(&modulus) * 8; /* Number of bits in prime modulus */ pubKey->pubexp = 0; if(sizeof(pubKey->pubexp) < xmlSecBnGetSize(&exponent)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "exponent size=%d", - xmlSecBnGetSize(&exponent)); + xmlSecInvalidSizeLessThanError("exponent size", + sizeof(pubKey->pubexp), xmlSecBnGetSize(&exponent), + NULL); goto done; } xmlSecAssert2(xmlSecBnGetData(&exponent) != NULL, -1); @@ -1220,40 +1238,28 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* Now that we have the blob, import */ hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Rsa, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoFindProvider", + xmlSecKeyDataKlassGetName(id)); goto done; } if (!CryptImportKey(hProv, xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0, 0, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptImportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptImportKey", + xmlSecKeyDataKlassGetName(id)); goto done; } data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, 0, xmlSecKeyDataTypePublic); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataAdoptKey", + xmlSecKeyDataKlassGetName(id)); goto done; } hProv = 0; @@ -1261,11 +1267,8 @@ xmlSecMSCryptoKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); goto done; } @@ -1315,40 +1318,29 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0, -1); if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptExportKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecBufferInitialize(&buf, dwBlobLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%ld", dwBlobLen); + xmlSecInternalError2("xmlSecBufferInitialize", + xmlSecKeyDataKlassGetName(id), + "size=%ld", dwBlobLen); return(-1); } blob = xmlSecBufferGetData(&buf); if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptExportKey", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "blobLen=%ld", dwBlobLen); + xmlSecInvalidSizeLessThanError("Key blob", dwBlobLen, sizeof(PUBLICKEYSTRUC), + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -1356,20 +1348,18 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* check PUBLICKEYSTRUC */ pubKeyStruc = (PUBLICKEYSTRUC*)blob; if(pubKeyStruc->bVersion != 0x02) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion); + xmlSecMSCryptoError2("CryptExportKey", + xmlSecKeyDataKlassGetName(id), + "pubKeyStruc->bVersion=%ld", + (long int)pubKeyStruc->bVersion); xmlSecBufferFinalize(&buf); return(-1); } if(pubKeyStruc->bType != PUBLICKEYBLOB) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType); + xmlSecMSCryptoError2("CryptExportKey", + xmlSecKeyDataKlassGetName(id), + "pubKeyStruc->bType=%ld", + (long int)pubKeyStruc->bType); xmlSecBufferFinalize(&buf); return(-1); } @@ -1377,22 +1367,19 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* check RSAPUBKEY */ pubKey = (RSAPUBKEY *)(blob + sizeof(PUBLICKEYSTRUC)); if(pubKey->magic != 0x31415352) { /* RSA public key magic */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKey->magic=0x%08lx", pubKey->magic); + xmlSecMSCryptoError2("CryptExportKey", + xmlSecKeyDataKlassGetName(id), + "pubKey->magic=0x%08lx", + (long int)pubKey->magic); xmlSecBufferFinalize(&buf); return(-1); } modulusLen = pubKey->bitlen / 8; if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + modulusLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "blobLen=%ld; modulusLen=%d", dwBlobLen, modulusLen); + xmlSecInvalidSizeLessThanError("Key blob", + dwBlobLen, sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + modulusLen, + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -1401,24 +1388,16 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node */ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecAddChild(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } ret = xmlSecBnBlobSetNodeValue(blob, modulusLen, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecBnBlobSetNodeValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -1426,12 +1405,8 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Exponent node. */ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecAddChild(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -1445,18 +1420,15 @@ xmlSecMSCryptoKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBnBlobSetNodeValue(blob, exponentLen, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecBnBlobSetNodeValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } /* next is PrivateExponent node: not supported in MSCrypto */ + /* done */ xmlSecBufferFinalize(&buf); return(0); } @@ -1476,6 +1448,7 @@ xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), xmlSecKeyDataTypeUnknown); xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataRsaId), -1); xmlSecAssert2(sizeBits > 0, -1); + UNREFERENCED_PARAMETER(type); ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); @@ -1483,33 +1456,24 @@ xmlSecMSCryptoKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, /* get provider */ hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoFindProvider", + xmlSecKeyDataGetName(data)); goto done; } dwKeySpec = AT_KEYEXCHANGE | AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_RSA_SIGN, dwSize, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGenKey", + xmlSecKeyDataGetName(data)); goto done; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } hProv = 0; @@ -1723,10 +1687,15 @@ xmlSecMSCryptoKeyDataDsaGetKlass(void) { static int xmlSecMSCryptoKeyDataDsaInitialize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; + int ret; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId), xmlSecKeyDataTypeUnknown); - xmlSecMSCryptoKeyDataInitialize(data); + ret = xmlSecMSCryptoKeyDataInitialize(data); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataInitialize", NULL); + return(-1); + } ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); @@ -1774,43 +1743,32 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); return(-1); } /* initialize buffers */ ret = xmlSecBnInitialize(&p, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "p"); + xmlSecInternalError("xmlSecBnInitialize(p)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecBnInitialize(&q, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "q"); + xmlSecInternalError("xmlSecBnInitialize(q)", + xmlSecKeyDataKlassGetName(id)); xmlSecBnFinalize(&p); return(-1); } ret = xmlSecBnInitialize(&g, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "g"); + xmlSecInternalError("xmlSecBnInitialize(g)", + xmlSecKeyDataKlassGetName(id)); xmlSecBnFinalize(&p); xmlSecBnFinalize(&q); return(-1); @@ -1818,11 +1776,8 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBnInitialize(&y, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "y"); + xmlSecInternalError("xmlSecBnInitialize(y)", + xmlSecKeyDataKlassGetName(id)); xmlSecBnFinalize(&p); xmlSecBnFinalize(&q); xmlSecBnFinalize(&g); @@ -1831,11 +1786,8 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBufferInitialize(&blob, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "blob"); + xmlSecInternalError("xmlSecBufferInitialize(blob)", + xmlSecKeyDataKlassGetName(id)); xmlSecBnFinalize(&p); xmlSecBnFinalize(&q); xmlSecBnFinalize(&g); @@ -1848,67 +1800,40 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAP, xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecBnGetNodeValue(&p, cur, xmlSecBnBase64, 1); - if((ret < 0) || (xmlSecBnGetSize(&p) == 0)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + if((ret < 0) || (xmlSecBnGetSize(&p) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue(p)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAQ, xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecBnGetNodeValue(&q, cur, xmlSecBnBase64, 1); - if((ret < 0) || (xmlSecBnGetSize(&q) == 0)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + if((ret < 0) || (xmlSecBnGetSize(&q) == 0)) { + xmlSecInternalError("xmlSecBnGetNodeValue(q)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAG, xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecBnGetNodeValue(&g, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&q) == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecBnGetNodeValue(g)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); @@ -1922,21 +1847,13 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAY, xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecBnGetNodeValue(&y, cur, xmlSecBnBase64, 1); if((ret < 0) || (xmlSecBnGetSize(&y) == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnGetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecBnGetNodeValue(y)", + xmlSecKeyDataKlassGetName(id)); goto done; } cur = xmlSecGetNextElementNode(cur->next); @@ -1957,11 +1874,7 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)) goto done; } @@ -1969,11 +1882,7 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, blobBufferLen = sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * xmlSecBnGetSize(&p) + 0x14 + sizeof(DSSSEED); ret = xmlSecBufferSetSize(&blob, blobBufferLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blobBufferLen); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", blobBufferLen); goto done; } @@ -1999,11 +1908,8 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* set q */ if(xmlSecBnGetSize(&q) > 0x14) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "q", - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d > 0x14", xmlSecBnGetSize(&q)); + xmlSecInvalidSizeLessThanError("DSA key q", + xmlSecBnGetSize(&q), 0x14, NULL); goto done; } xmlSecAssert2(xmlSecBnGetData(&q) != NULL, -1); @@ -2017,13 +1923,10 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* set generator */ if(xmlSecBnGetSize(&g) > xmlSecBnGetSize(&p)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "g", - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d > %d", - xmlSecBnGetSize(&g), - xmlSecBnGetSize(&p)); + xmlSecInvalidSizeMoreThanError("DSA key g", + xmlSecBnGetSize(&g), + xmlSecBnGetSize(&p), + NULL); goto done; } xmlSecAssert2(xmlSecBnGetData(&g) != NULL, -1); @@ -2036,13 +1939,10 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* Public key */ if(xmlSecBnGetSize(&y) > xmlSecBnGetSize(&p)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "y", - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d > %d", - xmlSecBnGetSize(&y), - xmlSecBnGetSize(&p)); + xmlSecInvalidSizeMoreThanError("DSA key y", + xmlSecBnGetSize(&y), + xmlSecBnGetSize(&p), + NULL); goto done; } xmlSecAssert2(xmlSecBnGetData(&y) != NULL, -1); @@ -2060,41 +1960,29 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Dss, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoFindProvider", + xmlSecKeyDataKlassGetName(id)); goto done; } /* import the key blob */ if (!CryptImportKey(hProv, xmlSecBufferGetData(&blob), xmlSecBufferGetSize(&blob), 0, 0, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptImportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptImportKey", + xmlSecKeyDataKlassGetName(id)); goto done; } data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); goto done; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, 0, xmlSecKeyDataTypePublic); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } hProv = 0; @@ -2102,11 +1990,8 @@ xmlSecMSCryptoKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; @@ -2159,40 +2044,29 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(xmlSecMSCryptoKeyDataCtxGetKey(ctx) != 0, -1); if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, NULL, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("CryptExportKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecBufferInitialize(&buf, dwBlobLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%ld", dwBlobLen); + xmlSecInternalError2("xmlSecBufferInitialize", + xmlSecKeyDataKlassGetName(id), + "size=%ld", dwBlobLen); return(-1); } blob = xmlSecBufferGetData(&buf); if (!CryptExportKey(xmlSecMSCryptoKeyDataCtxGetKey(ctx), 0, PUBLICKEYBLOB, 0, blob, &dwBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptExportKey", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } if (dwBlobLen < sizeof(PUBLICKEYSTRUC)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "blobLen=%ld", dwBlobLen); + xmlSecInvalidSizeLessThanError("Key blob", dwBlobLen, sizeof(PUBLICKEYSTRUC), + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2200,20 +2074,18 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* check PUBLICKEYSTRUC */ pubKeyStruc = (PUBLICKEYSTRUC*)blob; if(pubKeyStruc->bVersion != 0x02) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion); + xmlSecMSCryptoError2("CryptExportKey", + xmlSecKeyDataKlassGetName(id), + "pubKeyStruc->bVersion=%ld", + (long int)pubKeyStruc->bVersion); xmlSecBufferFinalize(&buf); return(-1); } if(pubKeyStruc->bType != PUBLICKEYBLOB) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType); + xmlSecMSCryptoError2("CryptExportKey", + xmlSecKeyDataKlassGetName(id), + "pubKeyStruc->bType=%ld", + (long int)pubKeyStruc->bType); xmlSecBufferFinalize(&buf); return(-1); } @@ -2221,11 +2093,10 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* check DSSPUBKEY */ pubKey = (DSSPUBKEY*)(blob + sizeof(PUBLICKEYSTRUC)); if(pubKey->magic != 0x31535344) { /* DSS key magic */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKey->magic=0x%08lx", pubKey->magic); + xmlSecMSCryptoError2("CryptExportKey", + xmlSecKeyDataKlassGetName(id), + "pubKey->magic=0x%08lx", + (long int)pubKey->magic); xmlSecBufferFinalize(&buf); return(-1); } @@ -2233,11 +2104,9 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* we assume that sizeof(q) < 0x14, sizeof(g) <= sizeof(p) and sizeof(y) <= sizeof(p) */ if (dwBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * keyLen + 0x14 + sizeof(DSSSEED)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "blobLen=%ld; keyLen=%d", dwBlobLen, keyLen); + xmlSecInvalidSizeLessThanError("Key blob", + dwBlobLen, sizeof(PUBLICKEYSTRUC) + sizeof(DSSPUBKEY) + 3 * keyLen + 0x14 + sizeof(DSSSEED), + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2246,24 +2115,16 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node */ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecAddChild(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } ret = xmlSecBnBlobSetNodeValue(blob, keyLen, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecBnBlobSetNodeValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2272,12 +2133,8 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Q node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecAddChild(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2287,12 +2144,8 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecBnBlobSetNodeValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2301,12 +2154,8 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is G node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecAddChild(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2316,12 +2165,8 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecBnBlobSetNodeValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2332,12 +2177,8 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecAddChild(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2347,12 +2188,8 @@ xmlSecMSCryptoKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecBnBlobSetNodeValue(blob, len, cur, xmlSecBnBase64, 1, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecBnBlobSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecBnBlobSetNodeValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); xmlSecBufferFinalize(&buf); return(-1); } @@ -2376,38 +2213,30 @@ xmlSecMSCryptoKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xml xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecMSCryptoKeyDataSize), xmlSecKeyDataTypeUnknown); xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataDsaId), -1); xmlSecAssert2(sizeBits > 0, -1); + UNREFERENCED_PARAMETER(type); ctx = xmlSecMSCryptoKeyDataGetCtx(data); hProv = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(hProv == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoFindProvider", + xmlSecKeyDataGetName(data)); return(-1); } dwKeySpec = AT_SIGNATURE; dwSize = ((sizeBits << 16) | CRYPT_EXPORTABLE); if (!CryptGenKey(hProv, CALG_DSS_SIGN, dwSize, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGenKey", + xmlSecKeyDataGetName(data)); goto done; } ret = xmlSecMSCryptoKeyDataAdoptKey(data, hProv, TRUE, hKey, dwKeySpec, xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } hProv = 0; @@ -2555,10 +2384,15 @@ xmlSecMSCryptoKeyDataGost2001GetKlass(void) { static int xmlSecMSCryptoKeyDataGost2001Initialize(xmlSecKeyDataPtr data) { xmlSecMSCryptoKeyDataCtxPtr ctx; + int ret; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2001Id), xmlSecKeyDataTypeUnknown); - xmlSecMSCryptoKeyDataInitialize(data); + ret = xmlSecMSCryptoKeyDataInitialize(data); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataInitialize", NULL); + return(-1); + } ctx = xmlSecMSCryptoKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); @@ -2612,4 +2446,318 @@ xmlSecMSCryptoKeyDataGost2001DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { xmlSecMSCryptoKeyDataGost2001GetSize(data)); } -#endif /* XMLSEC_NO_GOST*/ +#endif /* XMLSEC_NO_GOST */ + + +#ifndef XMLSEC_NO_GOST2012 + +/************************************************************************** + * + * GOST2012 256 xml key representation processing. + * + *************************************************************************/ +static int xmlSecMSCryptoKeyDataGost2012_256Initialize(xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataGost2012_256Duplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecMSCryptoKeyDataGost2012_256Finalize(xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataGost2012_256XmlRead (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecMSCryptoKeyDataGost2012_256XmlWrite(xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecMSCryptoKeyDataGost2012_256Generate(xmlSecKeyDataPtr data, + xmlSecSize sizeBits, + xmlSecKeyDataType type); + +static xmlSecKeyDataType xmlSecMSCryptoKeyDataGost2012_256GetType(xmlSecKeyDataPtr data); +static xmlSecSize xmlSecMSCryptoKeyDataGost2012_256GetSize(xmlSecKeyDataPtr data); +static void xmlSecMSCryptoKeyDataGost2012_256DebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecMSCryptoKeyDataGost2012_256DebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + +static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2012_256Klass = { + sizeof(xmlSecKeyDataKlass), + xmlSecMSCryptoKeyDataSize, + + /* data */ + xmlSecNameGostR3410_2012_256KeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefGostR3410_2012_256KeyValue, /* const xmlChar* href; */ + xmlSecNodeGostR3410_2012_256KeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCryptoKeyDataGost2012_256Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCryptoKeyDataGost2012_256Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCryptoKeyDataGost2012_256Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecMSCryptoKeyDataGost2001Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCryptoKeyDataGost2012_256GetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCryptoKeyDataGost2012_256GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCryptoKeyDataGost2012_256DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCryptoKeyDataGost2012_256DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/* Ordered list of providers to search for algorithm implementation using + * xmlSecMSCryptoFindProvider() function + * + * MUST END with { NULL, 0 } !!! + */ +static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost2012_256[] = { + { CRYPTOPRO_CSP_256, PROV_GOST_2012_256 }, + { NULL, 0 } +}; + +/** + * xmlSecMSCryptoKeyDataGost2001GetKlass: + * + * The GOST2012_256 key data klass. + * + * Returns: pointer to GOST2012_256 key data klass. + */ +xmlSecKeyDataId +xmlSecMSCryptoKeyDataGost2012_256GetKlass(void) { + return(&xmlSecMSCryptoKeyDataGost2012_256Klass); +} + + +static int +xmlSecMSCryptoKeyDataGost2012_256Initialize(xmlSecKeyDataPtr data) { + xmlSecMSCryptoKeyDataCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_256Id), xmlSecKeyDataTypeUnknown); + + ret = xmlSecMSCryptoKeyDataInitialize(data); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataInitialize", NULL); + return(-1); + } + + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + ctx->providers = xmlSecMSCryptoProviderInfo_Gost2012_256; + return(0); +} + +static int +xmlSecMSCryptoKeyDataGost2012_256Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataGost2012_256Id), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataGost2012_256Id), -1); + + return(xmlSecMSCryptoKeyDataDuplicate(dst, src)); +} + +static void +xmlSecMSCryptoKeyDataGost2012_256Finalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_256Id)); + + xmlSecMSCryptoKeyDataFinalize(data); +} + +static xmlSecKeyDataType +xmlSecMSCryptoKeyDataGost2012_256GetType(xmlSecKeyDataPtr data) { + return(xmlSecMSCryptoKeyDataGetType(data)); +} + +static xmlSecSize +xmlSecMSCryptoKeyDataGost2012_256GetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_256Id), 0); + + return xmlSecMSCryptoKeyDataGetSize(data); +} + +static void +xmlSecMSCryptoKeyDataGost2012_256DebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_256Id)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== dsa key: size = %d\n", + xmlSecMSCryptoKeyDataGost2012_256GetSize(data)); +} + +static void +xmlSecMSCryptoKeyDataGost2012_256DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_256Id)); + xmlSecAssert(output != NULL); + + fprintf(output, "<GOST2012_256KeyValue size=\"%d\" />\n", + xmlSecMSCryptoKeyDataGost2012_256GetSize(data)); +} + + +/************************************************************************** + * + * GOST2012 512 xml key representation processing. + * + *************************************************************************/ +static int xmlSecMSCryptoKeyDataGost2012_512Initialize(xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataGost2012_512Duplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecMSCryptoKeyDataGost2012_512Finalize(xmlSecKeyDataPtr data); +static int xmlSecMSCryptoKeyDataGost2012_512XmlRead (xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecMSCryptoKeyDataGost2012_512XmlWrite(xmlSecKeyDataId id, + xmlSecKeyPtr key, + xmlNodePtr node, + xmlSecKeyInfoCtxPtr keyInfoCtx); +static int xmlSecMSCryptoKeyDataGost2012_512Generate(xmlSecKeyDataPtr data, + xmlSecSize sizeBits, + xmlSecKeyDataType type); + +static xmlSecKeyDataType xmlSecMSCryptoKeyDataGost2012_512GetType(xmlSecKeyDataPtr data); +static xmlSecSize xmlSecMSCryptoKeyDataGost2012_512GetSize(xmlSecKeyDataPtr data); +static void xmlSecMSCryptoKeyDataGost2012_512DebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecMSCryptoKeyDataGost2012_512DebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + +static xmlSecKeyDataKlass xmlSecMSCryptoKeyDataGost2012_512Klass = { + sizeof(xmlSecKeyDataKlass), + xmlSecMSCryptoKeyDataSize, + + /* data */ + xmlSecNameGostR3410_2012_512KeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefGostR3410_2012_512KeyValue, /* const xmlChar* href; */ + xmlSecNodeGostR3410_2012_512KeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecMSCryptoKeyDataGost2012_512Initialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecMSCryptoKeyDataGost2012_512Duplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecMSCryptoKeyDataGost2012_512Finalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecMSCryptoKeyDataGost2001Generate,*/ /* xmlSecKeyDataGenerateMethod generate; */ + + /* get info */ + xmlSecMSCryptoKeyDataGost2012_512GetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecMSCryptoKeyDataGost2012_512GetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecMSCryptoKeyDataGost2012_512DebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecMSCryptoKeyDataGost2012_512DebugXmlDump,/* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/* Ordered list of providers to search for algorithm implementation using + * xmlSecMSCryptoFindProvider() function + * + * MUST END with { NULL, 0 } !!! + */ +static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost2012_512[] = { + { CRYPTOPRO_CSP_512, PROV_GOST_2012_512 }, + { NULL, 0 } +}; + +/** + * xmlSecMSCryptoKeyDataGost2001GetKlass: + * + * The GOST2012_512 key data klass. + * + * Returns: pointer to GOST2012_512 key data klass. + */ +xmlSecKeyDataId +xmlSecMSCryptoKeyDataGost2012_512GetKlass(void) { + return(&xmlSecMSCryptoKeyDataGost2012_512Klass); +} + + +static int +xmlSecMSCryptoKeyDataGost2012_512Initialize(xmlSecKeyDataPtr data) { + xmlSecMSCryptoKeyDataCtxPtr ctx; + int ret; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_512Id), xmlSecKeyDataTypeUnknown); + + ret = xmlSecMSCryptoKeyDataInitialize(data); + if(ret != 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataInitialize", NULL); + return(-1); + } + + ctx = xmlSecMSCryptoKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + + ctx->providers = xmlSecMSCryptoProviderInfo_Gost2012_512; + return(0); +} + +static int +xmlSecMSCryptoKeyDataGost2012_512Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecMSCryptoKeyDataGost2012_512Id), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecMSCryptoKeyDataGost2012_512Id), -1); + + return(xmlSecMSCryptoKeyDataDuplicate(dst, src)); +} + +static void +xmlSecMSCryptoKeyDataGost2012_512Finalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_512Id)); + + xmlSecMSCryptoKeyDataFinalize(data); +} + +static xmlSecKeyDataType +xmlSecMSCryptoKeyDataGost2012_512GetType(xmlSecKeyDataPtr data) { + return(xmlSecMSCryptoKeyDataGetType(data)); +} + +static xmlSecSize +xmlSecMSCryptoKeyDataGost2012_512GetSize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_512Id), 0); + + return xmlSecMSCryptoKeyDataGetSize(data); +} + +static void +xmlSecMSCryptoKeyDataGost2012_512DebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_512Id)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== dsa key: size = %d\n", + xmlSecMSCryptoKeyDataGost2012_512GetSize(data)); +} + +static void +xmlSecMSCryptoKeyDataGost2012_512DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecMSCryptoKeyDataGost2012_512Id)); + xmlSecAssert(output != NULL); + + fprintf(output, "<GOST2012_512KeyValue size=\"%d\" />\n", + xmlSecMSCryptoKeyDataGost2012_512GetSize(data)); +} + +#endif /* XMLSEC_NO_GOST2012 */ diff --git a/src/mscrypto/ciphers.c b/src/mscrypto/ciphers.c index 2ac3da03..f4e8c4f8 100644 --- a/src/mscrypto/ciphers.c +++ b/src/mscrypto/ciphers.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:ciphers + * @Short_description: Ciphers transforms implementation for Microsoft Crypto API. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -72,11 +80,7 @@ xmlSecMSCryptoBlockCipherCtxInit(xmlSecMSCryptoBlockCipherCtxPtr ctx, /* iv len == block len */ dwBlockLenLen = sizeof(DWORD); if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptGetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGetKeyParam", cipherName); return(-1); } @@ -84,65 +88,48 @@ xmlSecMSCryptoBlockCipherCtxInit(xmlSecMSCryptoBlockCipherCtxPtr ctx, xmlSecAssert2(blockLen > 0, -1); if(encrypt) { unsigned char* iv; - size_t outSize; + xmlSecSize outSize; /* allocate space for IV */ outSize = xmlSecBufferGetSize(out); ret = xmlSecBufferSetSize(out, outSize + blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + blockLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + blockLen); return(-1); } iv = xmlSecBufferGetData(out) + outSize; /* generate and use random iv */ if(!CryptGenRandom(ctx->cryptProvider, blockLen, iv)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptGenRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "len=%d", blockLen); + xmlSecMSCryptoError2("CryptGenRandom", cipherName, + "len=%d", blockLen); return(-1); } if(!CryptSetKeyParam(ctx->cryptKey, KP_IV, iv, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSetKeyParam", cipherName); return(-1); } } else { /* if we don't have enough data, exit and hope that * we'll have iv next time */ - if(xmlSecBufferGetSize(in) < (size_t)blockLen) { + if(xmlSecBufferGetSize(in) < XMLSEC_SIZE_BAD_CAST(blockLen)) { return(0); } xmlSecAssert2(xmlSecBufferGetData(in) != NULL, -1); /* set iv */ if (!CryptSetKeyParam(ctx->cryptKey, KP_IV, xmlSecBufferGetData(in), 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSetKeyParam", cipherName); return(-1); } /* and remove from input */ ret = xmlSecBufferRemoveHead(in, blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blockLen); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", blockLen); return(-1); } @@ -158,7 +145,7 @@ xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx, int encrypt, const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { - size_t inSize, inBlocks, outSize; + xmlSecSize inSize, inBlocks, outSize; int blockLen; unsigned char* outBuf; unsigned char* inBuf; @@ -173,11 +160,7 @@ xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx, dwBlockLenLen = sizeof(DWORD); if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSetKeyParam", cipherName); return(-1); } blockLen = dwBlockLen / 8; @@ -186,27 +169,24 @@ xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx, inSize = xmlSecBufferGetSize(in); outSize = xmlSecBufferGetSize(out); - if(inSize < (size_t)blockLen) { + if(inSize < XMLSEC_SIZE_BAD_CAST(blockLen)) { return(0); } if(encrypt) { - inBlocks = inSize / ((size_t)blockLen); + inBlocks = inSize / XMLSEC_SIZE_BAD_CAST(blockLen); } else { /* we want to have the last block in the input buffer * for padding check */ - inBlocks = (inSize - 1) / ((size_t)blockLen); + inBlocks = (inSize - 1) / XMLSEC_SIZE_BAD_CAST(blockLen); } - inSize = inBlocks * ((size_t)blockLen); + inSize = inBlocks * XMLSEC_SIZE_BAD_CAST(blockLen); /* we write out the input size plus may be one block */ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + inSize + blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + inSize + blockLen); return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; @@ -217,52 +197,35 @@ xmlSecMSCryptoBlockCipherCtxUpdate(xmlSecMSCryptoBlockCipherCtxPtr ctx, dwCLen = inSize; if(encrypt) { if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptEncrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptEncrypt", cipherName); return(-1); } } else { if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptSetKeyDecrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSetKeyDecrypt", cipherName); return(-1); } } /* Check if we really have de/encrypted the numbers of bytes that we requested */ if (dwCLen != inSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptEn/Decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%ld", dwCLen); + xmlSecInternalError2("CryptEn/Decrypt", cipherName, + "size=%ld", dwCLen); return(-1); } /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + inSize); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + inSize); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } return(0); @@ -275,7 +238,7 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx, int encrypt, const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx) { - size_t inSize, outSize; + xmlSecSize inSize, outSize; int blockLen, outLen = 0; unsigned char* inBuf; unsigned char* outBuf; @@ -290,11 +253,7 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx, dwBlockLenLen = sizeof(DWORD); if (!CryptGetKeyParam(ctx->cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptGetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGetKeyParam", cipherName); return(-1); } blockLen = dwBlockLen / 8; @@ -304,40 +263,29 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx, outSize = xmlSecBufferGetSize(out); if(encrypt != 0) { - xmlSecAssert2(inSize < (size_t)blockLen, -1); + xmlSecAssert2(inSize < XMLSEC_SIZE_BAD_CAST(blockLen), -1); /* create padding */ ret = xmlSecBufferSetMaxSize(in, blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", blockLen); return(-1); } inBuf = xmlSecBufferGetData(in); /* create random padding */ - if((size_t)blockLen > (inSize + 1)) { + if(XMLSEC_SIZE_BAD_CAST(blockLen) > (inSize + 1)) { if (!CryptGenRandom(ctx->cryptProvider, blockLen - inSize - 1, inBuf + inSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptGenRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGenRandom", cipherName); return(-1); } } - inBuf[blockLen - 1] = blockLen - inSize; + inBuf[blockLen - 1] = (unsigned char)(blockLen - inSize); inSize = blockLen; } else { - if(inSize != (size_t)blockLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data=%d;block=%d", inSize, blockLen); + if(inSize != XMLSEC_SIZE_BAD_CAST(blockLen)) { + xmlSecInvalidSizeError("Input data", inSize, blockLen, cipherName); return(-1); } inBuf = xmlSecBufferGetData(in); @@ -346,11 +294,8 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx, /* process last block */ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 2 * blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + 2 * blockLen); return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; @@ -361,43 +306,28 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx, /* Set process last block to false, since we handle padding ourselves, and MSCrypto padding * can be skipped. I hope this will work .... */ if(!CryptEncrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen, inSize + blockLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptEncrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptEncrypt", cipherName); return(-1); } } else { if (!CryptDecrypt(ctx->cryptKey, 0, FALSE, 0, outBuf, &dwCLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptDecrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptDecrypt", cipherName); return(-1); } } /* Check if we really have de/encrypted the numbers of bytes that we requested */ if (dwCLen != inSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "CryptEn/Decrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%ld", dwCLen); + xmlSecInternalError2("CryptEn/Decrypt", cipherName, + "size=%ld", dwCLen); return(-1); } if(encrypt == 0) { /* check padding */ if(inSize < outBuf[blockLen - 1]) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "padding=%d;buffer=%d", - outBuf[blockLen - 1], inSize); + xmlSecInvalidSizeLessThanError("Input data padding", + inSize, outBuf[blockLen - 1], cipherName); return(-1); } outLen = inSize - outBuf[blockLen - 1]; @@ -408,22 +338,16 @@ xmlSecMSCryptoBlockCipherCtxFinal(xmlSecMSCryptoBlockCipherCtxPtr ctx, /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + outLen); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } @@ -499,7 +423,6 @@ xmlSecMSCryptoBlockCipherCheckId(xmlSecTransformPtr transform) { static int xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) { xmlSecMSCryptoBlockCipherCtxPtr ctx; - int ret; xmlSecAssert2(xmlSecMSCryptoBlockCipherCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecMSCryptoBlockCipherSize), -1); @@ -538,33 +461,21 @@ xmlSecMSCryptoBlockCipherInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_AES */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(ctx->cryptProvider == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecInternalError("xmlSecMSCryptoFindProvider", + xmlSecTransformGetName(transform)); return(-1); } /* Create dummy key to be able to import plain session keys */ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->cryptProvider, &(ctx->pubPrivKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoCreatePrivateExponentOneKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecMSCryptoError("xmlSecMSCryptoCreatePrivateExponentOneKey", + xmlSecTransformGetName(transform)); return(-1); } @@ -643,12 +554,8 @@ xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) < ctx->keySize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "keySize=%d;expected=%d", - xmlSecBufferGetSize(buffer), ctx->keySize); + xmlSecInvalidKeyDataSizeError(xmlSecBufferGetSize(buffer), ctx->keySize, + xmlSecTransformGetName(transform)); return(-1); } @@ -664,11 +571,8 @@ xmlSecMSCryptoBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) TRUE, &(ctx->cryptKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoImportPlainSessionBlob", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoImportPlainSessionBlob", + xmlSecTransformGetName(transform)); return(-1); } @@ -706,20 +610,14 @@ xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecT transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoBlockCipherCtxInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoBlockCipherCtxInit", + xmlSecTransformGetName(transform)); return(-1); } } if((ctx->ctxInitialized == 0) && (last != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "not enough data to initialize transform"); + xmlSecInvalidDataError("not enough data to initialize transform", + xmlSecTransformGetName(transform)); return(-1); } if(ctx->ctxInitialized != 0) { @@ -727,11 +625,8 @@ xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecT (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoBlockCipherCtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoBlockCipherCtxUpdate", + xmlSecTransformGetName(transform)); return(-1); } } @@ -742,11 +637,8 @@ xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecT xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoBlockCipherCtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoBlockCipherCtxFinal", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -758,11 +650,7 @@ xmlSecMSCryptoBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecT /* the only way we can get here is if there is no enough data in the input */ xmlSecAssert2(last == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/mscrypto/crypto.c b/src/mscrypto/crypto.c index aea9685e..72473a4b 100644 --- a/src/mscrypto/crypto.c +++ b/src/mscrypto/crypto.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -8,6 +9,13 @@ * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru). */ +/** + * SECTION:crypto + * @Short_description: Crypto transforms implementation for Microsoft Crypto API. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -25,36 +33,14 @@ #include <xmlsec/mscrypto/x509.h> #include "private.h" -#if defined(__MINGW32__) -/* NOTE mingw.org project don't define any xxx_s function and may - * be never will define them. - * - * In this file is save to use non _s function as into destination - * buffer program code copy empty string and the size of source buffer - * (XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE=4096) is enough for any - * encoding. Also program code don't check result of _s functions. - */ - -static int -strcpy_s(char *dest, size_t n, const char *src) { - strcpy(dest, src); - return(0); -} - -static int -wcscpy_s(wchar_t *dest, size_t n, const wchar_t *src) { - wcscpy(dest, src); - return(0); -} -#endif #define XMLSEC_CONTAINER_NAME_A "xmlsec-key-container" #define XMLSEC_CONTAINER_NAME_W L"xmlsec-key-container" #ifdef UNICODE #define XMLSEC_CONTAINER_NAME XMLSEC_CONTAINER_NAME_W -#else +#else /* UNICODE */ #define XMLSEC_CONTAINER_NAME XMLSEC_CONTAINER_NAME_A -#endif +#endif /* UNICODE */ static xmlSecCryptoDLFunctionsPtr gXmlSecMSCryptoFunctions = NULL; @@ -115,6 +101,11 @@ xmlSecCryptoGetFunctions_mscrypto(void) { gXmlSecMSCryptoFunctions->keyDataGost2001GetKlass = xmlSecMSCryptoKeyDataGost2001GetKlass; #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + gXmlSecMSCryptoFunctions->keyDataGostR3410_2012_256GetKlass = xmlSecMSCryptoKeyDataGost2012_256GetKlass; + gXmlSecMSCryptoFunctions->keyDataGostR3410_2012_512GetKlass = xmlSecMSCryptoKeyDataGost2012_512GetKlass; +#endif /* XMLSEC_NO_GOST2012*/ + #ifndef XMLSEC_NO_X509 gXmlSecMSCryptoFunctions->keyDataX509GetKlass = xmlSecMSCryptoKeyDataX509GetKlass; gXmlSecMSCryptoFunctions->keyDataRawX509CertGetKlass = xmlSecMSCryptoKeyDataRawX509CertGetKlass; @@ -161,6 +152,14 @@ xmlSecCryptoGetFunctions_mscrypto(void) { gXmlSecMSCryptoFunctions->transformGost2001GostR3411_94GetKlass = xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass; #endif /* XMLSEC_NO_GOST */ +#ifndef XMLSEC_NO_GOST2012 + gXmlSecMSCryptoFunctions->transformGostR3411_2012_256GetKlass = xmlSecMSCryptoTransformGostR3411_2012_256GetKlass; + gXmlSecMSCryptoFunctions->transformGostR3410_2012GostR3411_2012_256GetKlass = xmlSecMSCryptoTransformGost2012_256GetKlass; + + gXmlSecMSCryptoFunctions->transformGostR3411_2012_512GetKlass = xmlSecMSCryptoTransformGostR3411_2012_512GetKlass; + gXmlSecMSCryptoFunctions->transformGostR3410_2012GostR3411_2012_512GetKlass = xmlSecMSCryptoTransformGost2012_512GetKlass; +#endif /* XMLSEC_NO_GOST2012 */ + #ifndef XMLSEC_NO_GOST gXmlSecMSCryptoFunctions->transformGostR3411_94GetKlass = xmlSecMSCryptoTransformGostR3411_94GetKlass; #endif /* XMLSEC_NO_GOST */ @@ -273,11 +272,7 @@ int xmlSecMSCryptoInit (void) { /* Check loaded xmlsec library version */ if(xmlSecCheckVersionExact() != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCheckVersionExact", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCheckVersionExact", NULL); return(-1); } @@ -286,11 +281,7 @@ xmlSecMSCryptoInit (void) { /* register our klasses */ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_mscrypto()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL); return(-1); } return(0); @@ -330,21 +321,13 @@ xmlSecMSCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) { x509Store = xmlSecKeyDataStoreCreate(xmlSecMSCryptoX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecMSCryptoX509StoreId"); + xmlSecInternalError("xmlSecKeyDataStoreCreate(xmlSecMSCryptoX509StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptDataStore", NULL); xmlSecKeyDataStoreDestroy(x509Store); return(-1); } @@ -354,7 +337,6 @@ xmlSecMSCryptoKeysMngrInit(xmlSecKeysMngrPtr mngr) { return(0); } - static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Random[] = { { MS_STRONG_PROV, PROV_RSA_FULL }, { MS_ENHANCED_PROV, PROV_RSA_FULL }, @@ -372,7 +354,7 @@ static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Random[] = { * Returns: 0 on success or a negative value otherwise. */ int -xmlSecMSCryptoGenerateRandom(xmlSecBufferPtr buffer, size_t size) { +xmlSecMSCryptoGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { HCRYPTPROV hProv = 0; int ret; @@ -381,29 +363,18 @@ xmlSecMSCryptoGenerateRandom(xmlSecBufferPtr buffer, size_t size) { ret = xmlSecBufferSetSize(buffer, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%d", size); return(-1); } hProv = xmlSecMSCryptoFindProvider(xmlSecMSCryptoProviderInfo_Random, NULL, CRYPT_VERIFYCONTEXT, FALSE); if (0 == hProv) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoFindProvider", NULL); return(-1); } if (FALSE == CryptGenRandom(hProv, (DWORD)size, xmlSecBufferGetData(buffer))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGenRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGenRandom", NULL); CryptReleaseContext(hProv,0); return(-1); } @@ -412,71 +383,85 @@ xmlSecMSCryptoGenerateRandom(xmlSecBufferPtr buffer, size_t size) { return(0); } -#define XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE 4096 - /** - * xmlSecMSCryptoErrorsDefaultCallback: - * @file: the error location file name (__FILE__ macro). - * @line: the error location line number (__LINE__ macro). - * @func: the error location function name (__FUNCTION__ macro). - * @errorObject: the error specific error object - * @errorSubject: the error specific error subject. - * @reason: the error code. - * @msg: the additional error message. + * xmlSecMSCryptoGetErrorMessage: + * @dwError: the error code. + * @out: the output buffer. + * $outSize: the output buffer size. * - * The default errors reporting callback function. + * Returns the system error message for the give error code. */ void -xmlSecMSCryptoErrorsDefaultCallback(const char* file, int line, const char* func, - const char* errorObject, const char* errorSubject, - int reason, const char* msg) { - DWORD dwError; - TCHAR errorT[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE]; - WCHAR errorW[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE]; - CHAR errorUTF8[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE]; - xmlChar buf[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE]; - DWORD rc; - int ret; +xmlSecMSCryptoGetErrorMessage(DWORD dwError, xmlChar * out, xmlSecSize outSize) { + LPTSTR errorText = NULL; + DWORD ret; +#ifndef UNICODE + WCHAR errorTextW[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE]; +#endif /* UNICODE */ - dwError = GetLastError(); - rc = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, - NULL, - dwError, - MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ - errorT, - XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, - NULL); - -#ifdef UNICODE - if(rc <= 0) { - wcscpy_s(errorT, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, L""); + xmlSecAssert(out != NULL); + xmlSecAssert(outSize > 0); + + /* Use system message tables to retrieve error text, allocate buffer on local + heap for error text, don't use any inserts/parameters */ + ret = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM + | FORMAT_MESSAGE_ALLOCATE_BUFFER + | FORMAT_MESSAGE_IGNORE_INSERTS, + NULL, + dwError, + MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), /* Default language */ + (LPTSTR)&errorText, + 0, + NULL); + if((ret <= 0) || (errorText == NULL)) { + out[0] = '\0'; + goto done; } - ret = WideCharToMultiByte(CP_UTF8, 0, errorT, -1, errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, NULL, NULL); + +#ifdef UNICODE + ret = WideCharToMultiByte(CP_UTF8, 0, errorText, -1, (LPSTR)out, outSize, NULL, NULL); if(ret <= 0) { - strcpy_s(errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, ""); + out[0] = '\0'; + goto done; } #else /* UNICODE */ - if(rc <= 0) { - strcpy_s(errorT, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, ""); - } - ret = MultiByteToWideChar(CP_ACP, 0, errorT, -1, errorW, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE); + ret = MultiByteToWideChar(CP_ACP, 0, errorText, -1, errorTextW, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE); if(ret <= 0) { - wcscpy_s(errorW, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, L""); + out[0] = '\0'; + goto done; } - ret = WideCharToMultiByte(CP_UTF8, 0, errorW, -1, errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, NULL, NULL); + ret = WideCharToMultiByte(CP_UTF8, 0, errorTextW, -1, (LPSTR)out, outSize, NULL, NULL); if(ret <= 0) { - strcpy_s(errorUTF8, XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE, ""); + out[0] = '\0'; + goto done; } #endif /* UNICODE */ - if((msg != NULL) && ((*msg) != '\0')) { - xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "%s;last error=%d (0x%08x);last error msg=%s", msg, dwError, dwError, errorUTF8); - } else { - xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "last error=%d (0x%08x);last error msg=%s", dwError, dwError, errorUTF8); +done: + if(errorText != NULL) { + LocalFree(errorText); } - xmlSecErrorsDefaultCallback(file, line, func, - errorObject, errorSubject, - reason, (char*)buf); + return; +} + + +/** + * xmlSecMSCryptoErrorsDefaultCallback: + * @file: the error location file name (__FILE__ macro). + * @line: the error location line number (__LINE__ macro). + * @func: the error location function name (__FUNCTION__ macro). + * @errorObject: the error specific error object + * @errorSubject: the error specific error subject. + * @reason: the error code. + * @msg: the additional error message. + * + * The default errors reporting callback function. Just a pass through to the default callback. + */ +void +xmlSecMSCryptoErrorsDefaultCallback(const char* file, int line, const char* func, + const char* errorObject, const char* errorSubject, + int reason, const char* msg) { + xmlSecErrorsDefaultCallback(file, line, func, errorObject, errorSubject, reason, msg); } /** @@ -489,39 +474,7 @@ xmlSecMSCryptoErrorsDefaultCallback(const char* file, int line, const char* func */ LPWSTR xmlSecMSCryptoConvertUtf8ToUnicode(const xmlChar* str) { - LPWSTR res = NULL; - int len; - int ret; - - xmlSecAssert2(str != NULL, NULL); - - /* call MultiByteToWideChar first to get the buffer size */ - ret = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0); - if(ret <= 0) { - return(NULL); - } - len = ret + 1; - - /* allocate buffer */ - res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(WCHAR) * len); - return(NULL); - } - - /* convert */ - ret = MultiByteToWideChar(CP_UTF8, 0, str, -1, res, len); - if(ret <= 0) { - xmlFree(res); - return(NULL); - } - - /* done */ - return(res); + return(xmlSecWin32ConvertUtf8ToUnicode(str)); } /** @@ -532,41 +485,9 @@ xmlSecMSCryptoConvertUtf8ToUnicode(const xmlChar* str) { * * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. */ -xmlChar* +xmlChar* xmlSecMSCryptoConvertUnicodeToUtf8(LPCWSTR str) { - xmlChar * res = NULL; - int len; - int ret; - - xmlSecAssert2(str != NULL, NULL); - - /* call WideCharToMultiByte first to get the buffer size */ - ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, NULL, 0, NULL, NULL); - if(ret <= 0) { - return(NULL); - } - len = ret + 1; - - /* allocate buffer */ - res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlChar) * len); - return(NULL); - } - - /* convert */ - ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, res, len, NULL, NULL); - if(ret <= 0) { - xmlFree(res); - return(NULL); - } - - /* done */ - return(res); + return(xmlSecWin32ConvertUnicodeToUtf8(str)); } /** @@ -579,39 +500,7 @@ xmlSecMSCryptoConvertUnicodeToUtf8(LPCWSTR str) { */ LPWSTR xmlSecMSCryptoConvertLocaleToUnicode(const char* str) { - LPWSTR res = NULL; - int len; - int ret; - - xmlSecAssert2(str != NULL, NULL); - - /* call MultiByteToWideChar first to get the buffer size */ - ret = MultiByteToWideChar(CP_ACP, 0, str, -1, NULL, 0); - if(ret <= 0) { - return(NULL); - } - len = ret; - - /* allocate buffer */ - res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - - /* convert */ - ret = MultiByteToWideChar(CP_ACP, 0, str, -1, res, len); - if(ret <= 0) { - xmlFree(res); - return(NULL); - } - - /* done */ - return(res); + return(xmlSecWin32ConvertLocaleToUnicode(str)); } /** @@ -624,49 +513,7 @@ xmlSecMSCryptoConvertLocaleToUnicode(const char* str) { */ xmlChar* xmlSecMSCryptoConvertLocaleToUtf8(const char * str) { - LPWSTR strW = NULL; - xmlChar * res = NULL; - int len; - int ret; - - xmlSecAssert2(str != NULL, NULL); - - strW = xmlSecMSCryptoConvertLocaleToUnicode(str); - if(strW == NULL) { - return(NULL); - } - - /* call WideCharToMultiByte first to get the buffer size */ - ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, NULL, 0, NULL, NULL); - if(ret <= 0) { - xmlFree(strW); - return(NULL); - } - len = ret + 1; - - /* allocate buffer */ - res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlChar) * len); - xmlFree(strW); - return(NULL); - } - - /* convert */ - ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, res, len, NULL, NULL); - if(ret <= 0) { - xmlFree(strW); - xmlFree(res); - return(NULL); - } - - /* done */ - xmlFree(strW); - return(res); + return(xmlSecWin32ConvertLocaleToUtf8(str)); } /** @@ -679,49 +526,7 @@ xmlSecMSCryptoConvertLocaleToUtf8(const char * str) { */ char * xmlSecMSCryptoConvertUtf8ToLocale(const xmlChar* str) { - LPWSTR strW = NULL; - char * res = NULL; - int len; - int ret; - - xmlSecAssert2(str != NULL, NULL); - - strW = xmlSecMSCryptoConvertUtf8ToUnicode(str); - if(strW == NULL) { - return(NULL); - } - - /* call WideCharToMultiByte first to get the buffer size */ - ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, NULL, 0, NULL, NULL); - if(ret <= 0) { - xmlFree(strW); - return(NULL); - } - len = ret + 1; - - /* allocate buffer */ - res = (char*)xmlMalloc(sizeof(char) * len); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlChar) * len); - xmlFree(strW); - return(NULL); - } - - /* convert */ - ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, res, len, NULL, NULL); - if(ret <= 0) { - xmlFree(strW); - xmlFree(res); - return(NULL); - } - - /* done */ - xmlFree(strW); - return(res); + return(xmlSecWin32ConvertUtf8ToLocale(str)); } /** @@ -734,11 +539,7 @@ xmlSecMSCryptoConvertUtf8ToLocale(const xmlChar* str) { */ xmlChar* xmlSecMSCryptoConvertTstrToUtf8(LPCTSTR str) { -#ifdef UNICODE - return xmlSecMSCryptoConvertUnicodeToUtf8(str); -#else /* UNICODE */ - return xmlSecMSCryptoConvertLocaleToUtf8(str); -#endif /* UNICODE */ + return(xmlSecWin32ConvertTstrToUtf8(str)); } /** @@ -751,11 +552,7 @@ xmlSecMSCryptoConvertTstrToUtf8(LPCTSTR str) { */ LPTSTR xmlSecMSCryptoConvertUtf8ToTstr(const xmlChar* str) { -#ifdef UNICODE - return xmlSecMSCryptoConvertUtf8ToUnicode(str); -#else /* UNICODE */ - return xmlSecMSCryptoConvertUtf8ToLocale(str); -#endif /* UNICODE */ + return(xmlSecWin32ConvertUtf8ToTstr(str)); } /******************************************************************** diff --git a/src/mscrypto/csp_calg.h b/src/mscrypto/csp_calg.h index 984fe347..80fd7cab 100644 --- a/src/mscrypto/csp_calg.h +++ b/src/mscrypto/csp_calg.h @@ -1,5 +1,5 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -20,6 +20,9 @@ #define ALG_SID_GR3411 30 #define ALG_SID_G28147 30 +#define ALG_SID_GR3411_2012_256 33 +#define ALG_SID_GR3411_2012_512 34 + #define ALG_SID_GR3410 30 #define ALG_SID_DH_EX_SF 30 #define ALG_SID_DH_EX_EPHEM 31 @@ -52,6 +55,9 @@ #define CALG_MAGPRO_HASH_28147_89 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_MAGPRO_28147_89) +#define CALG_GR3411_2012_256 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_GR3411_2012_256) +#define CALG_GR3411_2012_512 (ALG_CLASS_HASH | ALG_TYPE_ANY | ALG_SID_GR3411_2012_512) + #define CALG_MAGPRO_ENCR_28147_89 (ALG_CLASS_DATA_ENCRYPT | ALG_TYPE_BLOCK | ALG_SID_G28147) #define CALG_GR3410 (ALG_CLASS_SIGNATURE | ALG_TYPE_GR3410 | ALG_SID_GR3410) @@ -82,12 +88,22 @@ #endif #define PROV_CRYPTOPRO_GOST 75 -#define CRYPTOPRO_CSP_A "CryptoPro CSP" -#define CRYPTOPRO_CSP_W L"CryptoPro CSP" +#define PROV_GOST_2012_256 80 +#define PROV_GOST_2012_512 81 +#define CRYPTOPRO_CSP_A "Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider" +#define CRYPTOPRO_CSP_W L"Crypto-Pro GOST R 34.10-2001 Cryptographic Service Provider" +#define CRYPTOPRO_CSP_256_A "Crypto-Pro GOST R 34.10-2012 Cryptographic Service Provider" +#define CRYPTOPRO_CSP_256_W L"Crypto-Pro GOST R 34.10-2012 Cryptographic Service Provider" +#define CRYPTOPRO_CSP_512_A "Crypto-Pro GOST R 34.10-2012 Strong Cryptographic Service Provider" +#define CRYPTOPRO_CSP_512_W L"Crypto-Pro GOST R 34.10-2012 Strong Cryptographic Service Provider" #ifdef UNICODE #define CRYPTOPRO_CSP CRYPTOPRO_CSP_W +#define CRYPTOPRO_CSP_256 CRYPTOPRO_CSP_256_W +#define CRYPTOPRO_CSP_512 CRYPTOPRO_CSP_512_W #else #define CRYPTOPRO_CSP CRYPTOPRO_CSP_A +#define CRYPTOPRO_CSP_256 CRYPTOPRO_CSP_256_A +#define CRYPTOPRO_CSP_512 CRYPTOPRO_CSP_512_A #endif /*! @} */ diff --git a/src/mscrypto/csp_oid.h b/src/mscrypto/csp_oid.h index e5636741..a42bd0f0 100644 --- a/src/mscrypto/csp_oid.h +++ b/src/mscrypto/csp_oid.h @@ -1,5 +1,5 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -108,6 +108,16 @@ #define szOID_CP_PARAM_PK_R3410_2001_E0 "1.2.643.2.2.36.0" #define szOID_CP_PARAM_PK_R3410_2001_E1 "1.2.643.2.2.36.1" +/* CRYPT_PUBKEY_ALG_OID_GROUP_ID */ +#define szOID_CP_GOST_R3410_12_256 "1.2.643.7.1.1.1.1" +#define szOID_CP_GOST_R3410_12_512 "1.2.643.7.1.1.1.2" +#define szOID_CP_DH_12_256 "1.2.643.7.1.1.6.1" +#define szOID_CP_DH_12_512 "1.2.643.7.1.1.6.2" + +/* CRYPT_SIGN_ALG_OID_GROUP_ID */ +#define szOID_CP_GOST_R3411_12_256_R3410 "1.2.643.7.1.1.3.2" +#define szOID_CP_GOST_R3411_12_512_R3410 "1.2.643.7.1.1.3.3" + /*! @} */ diff --git a/src/mscrypto/digests.c b/src/mscrypto/digests.c index 9394afdc..98251d1b 100644 --- a/src/mscrypto/digests.c +++ b/src/mscrypto/digests.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru). */ +/** + * SECTION:digests + * @Short_description: Digests transforms implementation for Microsoft Crypto API. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -33,7 +41,7 @@ struct _xmlSecMSCryptoDigestCtx { const xmlSecMSCryptoProviderInfo * providers; HCRYPTHASH mscHash; unsigned char dgst[MSCRYPTO_MAX_HASH_SIZE]; - size_t dgstSize; /* dgst size in bytes */ + xmlSecSize dgstSize; /* dgst size in bytes */ }; /****************************************************************************** @@ -94,7 +102,19 @@ static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost[] = { { CRYPTOPRO_CSP, PROV_CRYPTOPRO_GOST }, { NULL, 0 } }; -#endif /*ndef XMLSEC_NO_GOST*/ +#endif /* XMLSEC_NO_GOST*/ + +#ifndef XMLSEC_NO_GOST2012 +static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost2012_256[] = { + { CRYPTOPRO_CSP_256, PROV_GOST_2012_256 }, + { NULL, 0 } +}; + +static xmlSecMSCryptoProviderInfo xmlSecMSCryptoProviderInfo_Gost2012_512[] = { + { CRYPTOPRO_CSP_512, PROV_GOST_2012_512 }, + { NULL, 0 } +}; +#endif /* XMLSEC_NO_GOST2012*/ static int xmlSecMSCryptoDigestCheckId(xmlSecTransformPtr transform) { @@ -135,6 +155,15 @@ xmlSecMSCryptoDigestCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_2012_256Id)) { + return(1); + } + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_2012_512Id)) { + return(1); + } +#endif /* XMLSEC_NO_GOST2012*/ + return(0); } @@ -193,22 +222,26 @@ xmlSecMSCryptoDigestInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_2012_256Id)) { + ctx->alg_id = CALG_GR3411_2012_256; + ctx->providers = xmlSecMSCryptoProviderInfo_Gost2012_256; + } else + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGostR3411_2012_512Id)) { + ctx->alg_id = CALG_GR3411_2012_512; + ctx->providers = xmlSecMSCryptoProviderInfo_Gost2012_512; + } else +#endif /* XMLSEC_NO_GOST2012*/ + { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ctx->provider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(ctx->provider == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoFindProvider", + xmlSecTransformGetName(transform)); return(-1); } @@ -253,22 +286,15 @@ xmlSecMSCryptoDigestVerify(xmlSecTransformPtr transform, xmlSecAssert2(ctx->dgstSize > 0, -1); if(dataSize != ctx->dgstSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data_size=%d;dgst_size=%d", - dataSize, ctx->dgstSize); + xmlSecInvalidSizeError("Digest", dataSize, ctx->dgstSize, + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data and digest do not match"); + xmlSecInvalidDataError("data and digest do not match", + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } @@ -307,11 +333,7 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform, &(ctx->mscHash)); if((ret == 0) || (ctx->mscHash == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptCreateHash", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptCreateHash", xmlSecTransformGetName(transform)); return(-1); } @@ -329,21 +351,17 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform, 0); if(ret == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptHashData", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", inSize); + xmlSecMSCryptoError2("CryptHashData", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -354,21 +372,18 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform, retLen = MSCRYPTO_MAX_HASH_SIZE; ret = CryptGetHashParam(ctx->mscHash, - HP_HASHVAL, - ctx->dgst, - &retLen, - 0); - + HP_HASHVAL, + ctx->dgst, + &retLen, + 0); if (ret == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptGetHashParam(HP_HASHVAL)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", MSCRYPTO_MAX_HASH_SIZE); + xmlSecMSCryptoError2("CryptGetHashParam(HP_HASHVAL)", + xmlSecTransformGetName(transform), + "size=%d", MSCRYPTO_MAX_HASH_SIZE); return(-1); } - ctx->dgstSize = (size_t)retLen; + ctx->dgstSize = XMLSEC_SIZE_BAD_CAST(retLen); xmlSecAssert2(ctx->dgstSize > 0, -1); @@ -376,11 +391,9 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform, if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ctx->dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", ctx->dgstSize); return(-1); } } @@ -390,11 +403,7 @@ xmlSecMSCryptoDigestExecute(xmlSecTransformPtr transform, /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -664,5 +673,90 @@ xmlSecTransformId xmlSecMSCryptoTransformGostR3411_94GetKlass(void) { return(&xmlSecMSCryptoGostR3411_94Klass); } + +/****************************************************************************** + * + * GOSTR3411-2012/256 + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecMSCryptoGostR3411_2012_256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCryptoDigestSize, /* size_t objSize */ + + xmlSecNameGostR3411_2012_256, /* const xmlChar* name; */ + xmlSecHrefGostR3411_2012_256, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCryptoTransformGostR3411_2012_256GetKlass: + * + * GOSTR3411_2012_256 digest transform klass. + * + * Returns: pointer to GOSTR3411_2012_256 digest transform klass. + */ +xmlSecTransformId +xmlSecMSCryptoTransformGostR3411_2012_256GetKlass(void) { + return(&xmlSecMSCryptoGostR3411_2012_256Klass); +} + + +/****************************************************************************** + * + * GOSTR3411-2012/512 + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecMSCryptoGostR3411_2012_512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* size_t klassSize */ + xmlSecMSCryptoDigestSize, /* size_t objSize */ + + xmlSecNameGostR3411_2012_512, /* const xmlChar* name; */ + xmlSecHrefGostR3411_2012_512, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + xmlSecMSCryptoDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCryptoDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCryptoDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCryptoDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCryptoTransformGostR3411_2012_512GetKlass: + * + * GOSTR3411_2012_512 digest transform klass. + * + * Returns: pointer to GOSTR3411_2012_512 digest transform klass. + */ +xmlSecTransformId +xmlSecMSCryptoTransformGostR3411_2012_512GetKlass(void) { + return(&xmlSecMSCryptoGostR3411_2012_512Klass); +} #endif /* XMLSEC_NO_GOST*/ diff --git a/src/mscrypto/globals.h b/src/mscrypto/globals.h index 35cbf242..1916cea3 100644 --- a/src/mscrypto/globals.h +++ b/src/mscrypto/globals.h @@ -22,5 +22,62 @@ #define IN_XMLSEC_CRYPTO #define XMLSEC_PRIVATE +#include <windows.h> +#include <xmlsec/xmlsec.h> + +/* Include common error helper macros. */ +#include "../errors_helpers.h" + +#define XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE 4096 + +void xmlSecMSCryptoGetErrorMessage (DWORD dwError, + xmlChar * out, + xmlSecSize outSize); + + +/** + * xmlSecMSCryptoError: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting MSCrypto crypro errors. + */ +#define xmlSecMSCryptoError(errorFunction, errorObject) \ + { \ + DWORD dwLastError = GetLastError(); \ + xmlChar errBuf[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE]; \ + xmlSecMSCryptoGetErrorMessage(dwLastError, errBuf, sizeof(errBuf)); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "MSCrypto error: %ld: 0x%08lx: %s", \ + (long int)dwLastError, (long int)dwLastError, errBuf \ + ); \ + } + +/** + * xmlSecMSCryptoError2: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting MSCrypto crypro errors. + */ +#define xmlSecMSCryptoError2(errorFunction, errorObject, msg, param) \ + { \ + DWORD dwLastError = GetLastError(); \ + xmlChar errBuf[XMLSEC_MSCRYPTO_ERROR_MSG_BUFFER_SIZE]; \ + xmlSecMSCryptoGetErrorMessage(dwLastError, errBuf, sizeof(errBuf)); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + msg "MSCrypto error: %ld: 0x%08lx: %s", \ + (param), \ + (long int)dwLastError, (long int)dwLastError, errBuf \ + ); \ + } #endif /* ! __XMLSEC_GLOBALS_H__ */ diff --git a/src/mscrypto/hmac.c b/src/mscrypto/hmac.c index 36370247..17381439 100644 --- a/src/mscrypto/hmac.c +++ b/src/mscrypto/hmac.c @@ -1,20 +1,30 @@ -/** +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * XMLSec library * - * HMAC Algorithm support (http://www.w3.org/TR/xmldsig-core/#sec-HMAC): + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for Microsoft Crypto API. + * @Stability: Private + * + * [HMAC Algorithm support](http://www.w3.org/TR/xmldsig-core/#sec-HMAC): * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits * as a parameter; if the parameter is not specified then all the bits of the * hash are output. An example of an HMAC SignatureMethod element: + * + * |[<!-- language="XML" --> * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> * <HMACOutputLength>128</HMACOutputLength> * </SignatureMethod> - * - * This is free software; see Copyright file in the source - * distribution for preciese wording. - * - * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + * |] */ + + #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -82,7 +92,7 @@ struct _xmlSecMSCryptoHmacCtx { const xmlSecMSCryptoProviderInfo * providers; HCRYPTHASH mscHash; unsigned char dgst[XMLSEC_MSCRYPTO_MAX_HMAC_SIZE]; - size_t dgstSize; /* dgst size in bytes */ + xmlSecSize dgstSize; /* dgst size in bytes */ int ctxInitialized; }; @@ -167,8 +177,6 @@ xmlSecMSCryptoHmacCheckId(xmlSecTransformPtr transform) { { return(0); } - - return(0); } static int @@ -221,31 +229,21 @@ xmlSecMSCryptoHmacInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ctx->provider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(ctx->provider == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoFindProvider", + xmlSecTransformGetName(transform)); return(-1); } /* Create dummy key to be able to import plain session keys */ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->provider, &(ctx->pubPrivKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoCreatePrivateExponentOneKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("xmlSecMSCryptoCreatePrivateExponentOneKey", + xmlSecTransformGetName(transform)); return(-1); } @@ -307,23 +305,16 @@ xmlSecMSCryptoHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSec small value */ if((int)ctx->dgstSize < xmlSecMSCryptoHmacGetMinOutputLength()) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "HMAC output length is too small"); - return(-1); + xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), + "HMAC output length is too small"); + return(-1); } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -375,11 +366,7 @@ xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "keySize=0"); + xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform)); return(-1); } @@ -400,11 +387,8 @@ xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { &(ctx->cryptKey) ) || (ctx->cryptKey == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoImportPlainSessionBlob", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoImportPlainSessionBlob", + xmlSecTransformGetName(transform)); return(-1); } @@ -415,11 +399,8 @@ xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { 0, &(ctx->mscHash)); if((ret == 0) || (ctx->mscHash == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptCreateHash", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptCreateHash", + xmlSecTransformGetName(transform)); return(-1); } @@ -428,11 +409,8 @@ xmlSecMSCryptoHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { hmacInfo.HashAlgid = ctx->alg_id; ret = CryptSetHashParam(ctx->mscHash, HP_HMAC_INFO, (BYTE*)&hmacInfo, 0); if(ret == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptSetHashParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSetHashParam", + xmlSecTransformGetName(transform)); return(-1); } @@ -464,44 +442,29 @@ xmlSecMSCryptoHmacVerify(xmlSecTransformPtr transform, /* compare the digest size in bytes */ if(dataSize != ((ctx->dgstSize + 7) / 8)){ - /* NO COMMIT */ - xmlChar* a; - mask = last_byte_masks[ctx->dgstSize % 8]; - ctx->dgst[dataSize - 1] &= mask; - a = xmlSecBase64Encode(ctx->dgst, (ctx->dgstSize + 7) / 8, -1); - fprintf(stderr, "%s\n", a); - xmlFree(a); - - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data=%d;dgst=%d", - dataSize, ((ctx->dgstSize + 7) / 8)); + xmlSecInvalidSizeError("HMAC digest", + dataSize, ((ctx->dgstSize + 7) / 8), + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } - /* we check the last byte separatelly */ + /* we check the last byte separately */ xmlSecAssert2(dataSize > 0, -1); mask = last_byte_masks[ctx->dgstSize % 8]; if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match (last byte)"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match (last byte)"); transform->status = xmlSecTransformStatusFail; return(0); } /* now check the rest of the digest */ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -544,21 +507,17 @@ xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor 0); if(ret == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptHashData", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", inSize); + xmlSecMSCryptoError2("CryptHashData", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -576,11 +535,9 @@ xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor 0); if (ret == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptGetHashParam", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("CryptGetHashParam", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } xmlSecAssert2(retLen > 0, -1); @@ -591,12 +548,9 @@ xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor } else if(ctx->dgstSize <= 8 * retLen) { retLen = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "result-bits=%d;required-bits=%d", - 8 * retLen, ctx->dgstSize); + xmlSecInvalidSizeLessThanError("HMAC digest (bits)", + 8 * retLen, ctx->dgstSize, + xmlSecTransformGetName(transform)); return(-1); } @@ -604,11 +558,9 @@ xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, retLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ctx->dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", ctx->dgstSize); return(-1); } } @@ -618,11 +570,7 @@ xmlSecMSCryptoHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/mscrypto/keysstore.c b/src/mscrypto/keysstore.c index 8ead554c..afc4b33f 100644 --- a/src/mscrypto/keysstore.c +++ b/src/mscrypto/keysstore.c @@ -1,5 +1,17 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for precise wording. + * + * Copyright (C) 2003 Cordys R&D BV, All rights reserved. + * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ /** - * XMLSec library + * SECTION:keysstore + * @Short_description: Keys store implementation for Microsoft Crypto API. + * @Stability: Private * * MSCrypto keys store that uses Simple Keys Store under the hood. Uses the * MS Certificate store as a backing store for the finding keys, but the @@ -7,14 +19,9 @@ * So, if store->findkey is done and the key is not found in the simple * keys store, the MS Certificate store is looked up. * Thus, the MS Certificate store can be used to pre-load keys and becomes - * an alternate source of keys for xmlsec - * - * This is free software; see Copyright file in the source - * distribution for precise wording. - * - * Copyright (C) 2003 Cordys R&D BV, All rights reserved. - * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + * an alternate source of keys for xmlsec. */ + #include "globals.h" #include <stdlib.h> @@ -143,25 +150,18 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, xmlSecAssert2(xmlSecKeyStoreCheckId(store, xmlSecMSCryptoKeysStoreId), -1); xmlSecAssert2((uri != NULL), -1); + UNREFERENCED_PARAMETER(keysMngr); doc = xmlParseFile(uri); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlParseFile", - XMLSEC_ERRORS_R_XML_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecXmlError2("xmlParseFile", xmlSecKeyStoreGetName(store), + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } root = xmlDocGetRootElement(doc); if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(root)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=<xmlsec:Keys>"); + xmlSecInvalidNodeError(root, BAD_CAST "Keys", xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -170,30 +170,23 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } keyInfoCtx.mode = xmlSecKeyInfoModeRead; - keyInfoCtx.keysMngr = keysMngr; + keyInfoCtx.keysMngr = NULL; keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND | XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; @@ -202,11 +195,8 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoNodeRead", + xmlSecKeyStoreGetName(store)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlSecKeyDestroy(key); xmlFreeDoc(doc); @@ -217,11 +207,8 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, if(xmlSecKeyIsValid(key)) { ret = xmlSecMSCryptoKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecMSCryptoKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeysStoreAdoptKey", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); @@ -234,11 +221,7 @@ xmlSecMSCryptoKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -282,11 +265,8 @@ xmlSecMSCryptoKeysStoreInitialize(xmlSecKeyStorePtr store) { *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(*ss == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)", + xmlSecKeyStoreGetName(store)); return(-1); } @@ -324,23 +304,18 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name, hStoreHandle = CertOpenSystemStore(0, storeName); if (NULL == hStoreHandle) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertOpenSystemStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "storeName=%s", - xmlSecErrorsSafeString(storeName)); + xmlSecMSCryptoError2("CertOpenSystemStore", + xmlSecKeyStoreGetName(store), + "storeName=%s", + xmlSecErrorsSafeString(storeName)); return(NULL); } /* convert name to unicode */ - wcName = xmlSecMSCryptoConvertUtf8ToTstr(name); + wcName = xmlSecWin32ConvertUtf8ToTstr(name); if(wcName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecMSCryptoConvertUtf8ToUnicode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "wcName"); + xmlSecInternalError("xmlSecWin32ConvertUtf8ToTstr(name)", + xmlSecKeyStoreGetName(store)); CertCloseStore(hStoreHandle, 0); return(NULL); } @@ -362,7 +337,12 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name, PCCERT_CONTEXT pCertCtxIter = NULL; - while (pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter)) { + while (1) { + pCertCtxIter = CertEnumCertificatesInStore(hStoreHandle, pCertCtxIter); + if(pCertCtxIter == NULL) { + break; + } + if (TRUE != CertGetCertificateContextProperty(pCertCtxIter, CERT_FRIENDLY_NAME_PROP_ID, NULL, @@ -372,11 +352,7 @@ xmlSecMSCryptoKeysStoreFindCert(xmlSecKeyStorePtr store, const xmlChar* name, pbFriendlyName = xmlMalloc(dwPropSize); if(pbFriendlyName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(dwPropSize, xmlSecKeyStoreGetName(store)); xmlFree(wcName); CertCloseStore(hStoreHandle, 0); return(NULL); @@ -478,57 +454,37 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, /* set cert in x509 data */ x509Data = xmlSecKeyDataCreate(xmlSecMSCryptoKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataGetName(x509Data)); goto done; } pCertContext2 = CertDuplicateCertificateContext(pCertContext); if (NULL == pCertContext2) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptCert(x509Data, pCertContext2); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); goto done; } pCertContext2 = NULL; pCertContext2 = CertDuplicateCertificateContext(pCertContext); if (NULL == pCertContext2) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(x509Data, pCertContext2); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); goto done; } pCertContext2 = NULL; @@ -536,11 +492,7 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, /* set cert in key data */ data = xmlSecMSCryptoCertAdopt(pCertContext, keyReq->keyType); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoCertAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoCertAdopt", NULL); goto done; } pCertContext = NULL; @@ -548,34 +500,22 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, /* create key and add key data and x509 data to it */ key = xmlSecKeyCreate(); if (key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } ret = xmlSecKeySetValue(key, data); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); goto done; } x509Data = NULL; @@ -583,11 +523,8 @@ xmlSecMSCryptoKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, /* Set the name of the key to the given name */ ret = xmlSecKeySetName(key, name); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeySetName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetName", + xmlSecKeyStoreGetName(store)); goto done; } diff --git a/src/mscrypto/kt_rsa.c b/src/mscrypto/kt_rsa.c index 9b4908fa..26f5639c 100644 --- a/src/mscrypto/kt_rsa.c +++ b/src/mscrypto/kt_rsa.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * RSA Algorithms support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. */ +/** + * SECTION:kt_rsa + * @Short_description: RSA Key Transport transforms implementation for Microsoft Crypto API. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_RSA @@ -85,9 +90,6 @@ xmlSecMSCryptoRsaPkcs1OaepCheckId(xmlSecTransformPtr transform) { { return(0); } - - /* just in case */ - return(0); } static int @@ -106,11 +108,8 @@ xmlSecMSCryptoRsaPkcs1OaepInitialize(xmlSecTransformPtr transform) { ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } @@ -124,11 +123,7 @@ xmlSecMSCryptoRsaPkcs1OaepInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } @@ -194,11 +189,8 @@ xmlSecMSCryptoRsaPkcs1OaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) ctx->data = xmlSecKeyDataDuplicate(xmlSecKeyGetValue(key)); if(ctx->data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKeyDataDuplicate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataDuplicate", + xmlSecTransformGetName(transform)); return(-1); } @@ -227,11 +219,8 @@ xmlSecMSCryptoRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, xmlSec } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { ret = xmlSecMSCryptoRsaPkcs1OaepProcess(transform, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoRsaPkcs1OaepProcess", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoRsaPkcs1OaepProcess", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -239,11 +228,7 @@ xmlSecMSCryptoRsaPkcs1OaepExecute(xmlSecTransformPtr transform, int last, xmlSec /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -262,7 +247,6 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC DWORD dwOutLen; xmlSecByte * outBuf; xmlSecByte * inBuf; - int i; xmlSecAssert2(xmlSecMSCryptoRsaPkcs1OaepCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); @@ -286,61 +270,44 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC /* the encoded size is equal to the keys size so we could not * process more than that */ if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d when expected less than %d", inSize, keySize); + xmlSecInvalidSizeLessThanError("Input data", inSize, keySize, + xmlSecTransformGetName(transform)); return(-1); } else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d when expected %d", inSize, keySize); + xmlSecInvalidSizeError("Input data", inSize, keySize, + xmlSecTransformGetName(transform)); return(-1); } outSize = keySize; ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } if(transform->operation == xmlSecTransformOperationEncrypt) { if(inSize > outSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "inSize=%d;outSize=%d", - inSize, outSize); + xmlSecInvalidSizeLessThanError("Output data", outSize, inSize, + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferSetData(out, xmlSecBufferGetData(in), inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } dwInLen = inSize; dwBufLen = outSize; if (0 == (hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataGetKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataGetKey", + xmlSecTransformGetName(transform)); return (-1); } @@ -360,22 +327,16 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC oaepParams.cbData = xmlSecBufferGetSize(&(ctx->oaepParams)); if (!CryptSetKeyParam(hKey, KP_OAEP_PARAMS, (const BYTE*)&oaepParams, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSetKeyParam", + xmlSecTransformGetName(transform)); return (-1); } } /* encrypt */ if (!CryptEncrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwInLen, dwBufLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptEncrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptEncrypt", + xmlSecTransformGetName(transform)); return (-1); } @@ -393,12 +354,10 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC outBuf = xmlSecBufferGetData(out); ConvertEndian(inBuf, outBuf, inSize); - if (0 == (hKey = xmlSecMSCryptoKeyDataGetDecryptKey(ctx->data))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoKeyDataGetKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + hKey = xmlSecMSCryptoKeyDataGetDecryptKey(ctx->data); + if (0 == hKey) { + xmlSecInternalError("xmlSecMSCryptoKeyDataGetKey", + xmlSecTransformGetName(transform)); return (-1); } @@ -415,22 +374,16 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC oaepParams.cbData = xmlSecBufferGetSize(&(ctx->oaepParams)); if (!CryptSetKeyParam(hKey, KP_OAEP_PARAMS, (const BYTE*)&oaepParams, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSetKeyParam", + xmlSecTransformGetName(transform)); return (-1); } } /* decrypt */ if (!CryptDecrypt(hKey, 0, TRUE, ctx->dwFlags, outBuf, &dwOutLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptDecrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptDecrypt", + xmlSecTransformGetName(transform)); return(-1); } @@ -439,21 +392,17 @@ xmlSecMSCryptoRsaPkcs1OaepProcess(xmlSecTransformPtr transform, xmlSecTransformC ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -577,11 +526,8 @@ xmlSecMSCryptoRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) { ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", + xmlSecTransformGetName(transform)); return(-1); } } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) { @@ -590,33 +536,24 @@ xmlSecMSCryptoRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml /* Algorithm attribute is required */ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm); if(algorithm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeAttributeError(cur, xmlSecAttrAlgorithm, + xmlSecTransformGetName(transform), + "empty"); return(-1); } /* for now we support only sha1 */ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(algorithm), - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - "digest algorithm is not supported for rsa/oaep"); + xmlSecInvalidTransfromError2(transform, + "digest algorithm=\"%s\" is not supported for rsa/oaep", + xmlSecErrorsSafeString(algorithm)); xmlFree(algorithm); return(-1); } xmlFree(algorithm); } else { - /* not found */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + /* node not recognized */ + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } diff --git a/src/mscrypto/kw_aes.c b/src/mscrypto/kw_aes.c index 71ac447d..369f6ba6 100644 --- a/src/mscrypto/kw_aes.c +++ b/src/mscrypto/kw_aes.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_aes + * @Short_description: AES Key Transport transforms implementation for Microsoft Crypto API. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -151,44 +159,29 @@ xmlSecMSCryptoKWAesInitialize(xmlSecTransformPtr transform) { ctx->providers = xmlSecMSCryptoProviderInfo_Aes; ctx->keySize = XMLSEC_KW_AES256_KEY_SIZE; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ret = xmlSecBufferInitialize(&ctx->keyBuffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } /* find provider */ ctx->cryptProvider = xmlSecMSCryptoFindProvider(ctx->providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(ctx->cryptProvider == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoFindProvider", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecInternalError("xmlSecMSCryptoFindProvider", + xmlSecTransformGetName(transform)); return(-1); } /* Create dummy key to be able to import plain session keys */ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->cryptProvider, &(ctx->pubPrivKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoCreatePrivateExponentOneKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecInternalError("xmlSecMSCryptoCreatePrivateExponentOneKey", + xmlSecTransformGetName(transform)); return(-1); } @@ -265,12 +258,8 @@ xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < ctx->keySize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key=%d;expected=%d", - keySize, ctx->keySize); + xmlSecInvalidKeyDataSizeError(keySize, ctx->keySize, + xmlSecTransformGetName(transform)); return(-1); } @@ -278,12 +267,9 @@ xmlSecMSCryptoKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecBufferGetData(buffer), ctx->keySize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "expected-size=%d", - ctx->keySize); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", ctx->keySize); return(-1); } @@ -319,11 +305,8 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % 8) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d(not 8 bytes aligned)", inSize); + xmlSecInvalidSizeNotMultipleOfError("Input data", inSize, 8, + xmlSecTransformGetName(transform)); return(-1); } @@ -337,11 +320,9 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } @@ -350,11 +331,8 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKWAesEncode", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; @@ -363,11 +341,8 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKWAesEncode", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; @@ -375,21 +350,17 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "inSize%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -398,11 +369,7 @@ xmlSecMSCryptoKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfo /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -440,11 +407,7 @@ xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize, TRUE, &cryptKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoImportPlainSessionBlob", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoImportPlainSessionBlob", NULL); return(-1); } xmlSecAssert2(cryptKey != 0, -1); @@ -456,11 +419,7 @@ xmlSecMSCryptoKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize, } dwCLen = inSize; if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptEncrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptEncrypt", NULL); CryptDestroyKey(cryptKey); return(-1); } @@ -496,11 +455,7 @@ xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, TRUE, &cryptKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoImportPlainSessionBlob", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoImportPlainSessionBlob", NULL); return(-1); } xmlSecAssert2(cryptKey != 0, -1); @@ -512,11 +467,7 @@ xmlSecMSCryptoKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, } dwCLen = inSize; if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptEncrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptDecrypt", NULL); CryptDestroyKey(cryptKey); return(-1); } diff --git a/src/mscrypto/kw_des.c b/src/mscrypto/kw_des.c index 227e76d5..285cfecd 100644 --- a/src/mscrypto/kw_des.c +++ b/src/mscrypto/kw_des.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_des + * @Short_description: DES Key Transport transforms implementation for Microsoft Crypto API. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_DES #include "globals.h" @@ -187,55 +192,36 @@ xmlSecMSCryptoKWDes3Initialize(xmlSecTransformPtr transform) { ctx->keyId = xmlSecMSCryptoKeyDataDesId; ctx->keySize = XMLSEC_KW_DES3_KEY_LENGTH; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } /* find providers */ ctx->desCryptProvider = xmlSecMSCryptoFindProvider(ctx->desProviders, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(ctx->desCryptProvider == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoFindProvider(des)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecInternalError("xmlSecMSCryptoFindProvider(des)", + xmlSecTransformGetName(transform)); return(-1); } ctx->sha1CryptProvider = xmlSecMSCryptoFindProvider(ctx->sha1Providers, NULL, CRYPT_VERIFYCONTEXT, TRUE); if(ctx->sha1CryptProvider == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoFindProvider(sha1)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecInternalError("xmlSecMSCryptoFindProvider(sha1)", + xmlSecTransformGetName(transform)); return(-1); } /* Create dummy key to be able to import plain session keys */ if (!xmlSecMSCryptoCreatePrivateExponentOneKey(ctx->desCryptProvider, &(ctx->pubPrivKey))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoCreatePrivateExponentOneKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecMSCryptoError("xmlSecMSCryptoCreatePrivateExponentOneKey", + xmlSecTransformGetName(transform)); return(-1); } @@ -311,22 +297,16 @@ xmlSecMSCryptoKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key length %d is not enough (%d expected)", - keySize, XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInvalidKeyDataSizeError(keySize, XMLSEC_KW_DES3_KEY_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); return(-1); } @@ -365,12 +345,9 @@ xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransf /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d bytes - not %d bytes aligned", - inSize, XMLSEC_KW_DES3_BLOCK_LENGTH); + xmlSecInvalidSizeNotMultipleOfError("Input data", + inSize, XMLSEC_KW_DES3_BLOCK_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } @@ -386,11 +363,9 @@ xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransf ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } @@ -399,12 +374,9 @@ xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransf xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Encode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", + keySize, inSize, outSize); return(-1); } outSize = ret; @@ -413,12 +385,9 @@ xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransf xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Decode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", + keySize, inSize, outSize); return(-1); } outSize = ret; @@ -426,21 +395,17 @@ xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransf ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -449,11 +414,7 @@ xmlSecMSCryptoKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransf /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -488,11 +449,7 @@ xmlSecMSCryptoKWDes3Sha1(void * context, 0, &mscHash); if((ret == 0) || (mscHash == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptCreateHash", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptCreateHash", NULL); return(-1); } @@ -502,11 +459,8 @@ xmlSecMSCryptoKWDes3Sha1(void * context, inSize, 0); if(ret == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptHashData", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", inSize); + xmlSecMSCryptoError2("CryptHashData", NULL, + "size=%d", inSize); CryptDestroyHash(mscHash); return(-1); } @@ -519,11 +473,8 @@ xmlSecMSCryptoKWDes3Sha1(void * context, &retLen, 0); if (ret == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetHashParam(HP_HASHVAL)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecMSCryptoError2("CryptGetHashParam(HP_HASHVAL)", NULL, + "size=%d", outSize); CryptDestroyHash(mscHash); return(-1); } @@ -538,7 +489,6 @@ xmlSecMSCryptoKWDes3GenerateRandom(void * context, xmlSecByte * out, xmlSecSize outSize) { xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context; - int ret; xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->desCryptProvider != 0, -1); @@ -546,11 +496,8 @@ xmlSecMSCryptoKWDes3GenerateRandom(void * context, xmlSecAssert2(outSize > 0, -1); if(!CryptGenRandom(ctx->desCryptProvider, outSize, out)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGenRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "len=%d", outSize); + xmlSecMSCryptoError2("CryptGenRandom", NULL, + "len=%d", outSize); return(-1); } @@ -565,7 +512,6 @@ xmlSecMSCryptoKWDes3BlockEncrypt(void * context, xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context; DWORD dwBlockLen, dwBlockLenLen, dwCLen; HCRYPTKEY cryptKey = 0; - int ret; xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1); @@ -587,11 +533,7 @@ xmlSecMSCryptoKWDes3BlockEncrypt(void * context, TRUE, &cryptKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoImportPlainSessionBlob", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoImportPlainSessionBlob", NULL); return(-1); } xmlSecAssert2(cryptKey != 0, -1); @@ -599,23 +541,20 @@ xmlSecMSCryptoKWDes3BlockEncrypt(void * context, /* iv len == block len */ dwBlockLenLen = sizeof(DWORD); if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGetKeyParam", NULL); CryptDestroyKey(cryptKey); return(-1); } /* set IV */ - if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "ivSize=%d, dwBlockLen=%d", - ivSize, dwBlockLen / 8); + if(ivSize < dwBlockLen / 8) { + xmlSecInvalidSizeLessThanError("ivSize", ivSize, dwBlockLen / 8, NULL); + CryptDestroyKey(cryptKey); + return(-1); + } + + if(!CryptSetKeyParam(cryptKey, KP_IV, iv, 0)) { + xmlSecMSCryptoError("CryptSetKeyParam", NULL); CryptDestroyKey(cryptKey); return(-1); } @@ -627,11 +566,7 @@ xmlSecMSCryptoKWDes3BlockEncrypt(void * context, } dwCLen = inSize; if(!CryptEncrypt(cryptKey, 0, FALSE, 0, out, &dwCLen, outSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptEncrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptEncrypt", NULL); CryptDestroyKey(cryptKey); return(-1); } @@ -649,7 +584,6 @@ xmlSecMSCryptoKWDes3BlockDecrypt(void * context, xmlSecMSCryptoKWDes3CtxPtr ctx = (xmlSecMSCryptoKWDes3CtxPtr)context; DWORD dwBlockLen, dwBlockLenLen, dwCLen; HCRYPTKEY cryptKey = 0; - int ret; xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(xmlSecBufferGetData(&(ctx->keyBuffer)) != NULL, -1); @@ -671,11 +605,7 @@ xmlSecMSCryptoKWDes3BlockDecrypt(void * context, TRUE, &cryptKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoImportPlainSessionBlob", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoImportPlainSessionBlob", NULL); return(-1); } xmlSecAssert2(cryptKey != 0, -1); @@ -683,23 +613,19 @@ xmlSecMSCryptoKWDes3BlockDecrypt(void * context, /* iv len == block len */ dwBlockLenLen = sizeof(DWORD); if (!CryptGetKeyParam(cryptKey, KP_BLOCKLEN, (BYTE *)&dwBlockLen, &dwBlockLenLen, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGetKeyParam", NULL); CryptDestroyKey(cryptKey); return(-1); } /* set IV */ - if((ivSize < dwBlockLen / 8) || (!CryptSetKeyParam(cryptKey, KP_IV, iv, 0))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptSetKeyParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "ivSize=%d, dwBlockLen=%d", - ivSize, dwBlockLen / 8); + if(ivSize < dwBlockLen / 8) { + xmlSecInvalidSizeLessThanError("ivSize", ivSize, dwBlockLen / 8, NULL); + CryptDestroyKey(cryptKey); + return(-1); + } + if(!CryptSetKeyParam(cryptKey, KP_IV, iv, 0)) { + xmlSecMSCryptoError("CryptSetKeyParam", NULL); CryptDestroyKey(cryptKey); return(-1); } @@ -711,11 +637,7 @@ xmlSecMSCryptoKWDes3BlockDecrypt(void * context, } dwCLen = inSize; if(!CryptDecrypt(cryptKey, 0, FALSE, 0, out, &dwCLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptEncrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptEncrypt", NULL); CryptDestroyKey(cryptKey); return(-1); } diff --git a/src/mscrypto/private.h b/src/mscrypto/private.h index 37e7b9a4..cd18c0bc 100644 --- a/src/mscrypto/private.h +++ b/src/mscrypto/private.h @@ -1,5 +1,5 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * THIS IS A PRIVATE XMLSEC HEADER FILE * DON'T USE IT IN YOUR APPLICATION @@ -16,7 +16,7 @@ #error "private.h file contains private xmlsec definitions and should not be used outside xmlsec or xmlsec-$crypto libraries" #endif /* XMLSEC_PRIVATE */ -#if defined(__MINGW32__) +#if defined(__MINGW32__) && defined(XMLSEC_CUSTOM_CRYPT32) # include "xmlsec-mingw.h" #endif diff --git a/src/mscrypto/signatures.c b/src/mscrypto/signatures.c index 1806dd22..424804eb 100644 --- a/src/mscrypto/signatures.c +++ b/src/mscrypto/signatures.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -8,6 +9,13 @@ * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2005-2006 Cryptocom LTD (http://www.cryptocom.ru). */ +/** + * SECTION:signatures + * @Short_description: Signatures implementation for Microsoft Crypto API. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -121,13 +129,20 @@ static int xmlSecMSCryptoSignatureCheckId(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2012_256Id)) { + return(1); + } else + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2012_512Id)) { + return(1); + } else +#endif /* XMLSEC_NO_GOST2012*/ + /* not found */ { return(0); } - - return(0); } static int xmlSecMSCryptoSignatureInitialize(xmlSecTransformPtr transform) { @@ -195,13 +210,20 @@ static int xmlSecMSCryptoSignatureInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2012_256Id)) { + ctx->digestAlgId = CALG_GR3411_2012_256; + ctx->keyId = xmlSecMSCryptoKeyDataGost2012_256Id; + } else + if(xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2012_512Id)) { + ctx->digestAlgId = CALG_GR3411_2012_512; + ctx->keyId = xmlSecMSCryptoKeyDataGost2012_512Id; + } else +#endif /* XMLSEC_NO_GOST2012*/ + /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } @@ -249,11 +271,8 @@ static int xmlSecMSCryptoSignatureSetKey(xmlSecTransformPtr transform, xmlSecKey ctx->data = xmlSecKeyDataDuplicate(value); if(ctx->data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKeyDataDuplicate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataDuplicate", + xmlSecTransformGetName(transform)); return(-1); } @@ -307,11 +326,9 @@ static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform, ret = xmlSecBufferInitialize(&tmp, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "dataSize=%d", dataSize); + xmlSecInternalError2("xmlSecBufferInitialize", + xmlSecTransformGetName(transform), + "dataSize=%d", dataSize); return(-1); } @@ -367,23 +384,23 @@ static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform, } else #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2012_256Id) || + xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2012_512Id)) { + ConvertEndian(data, tmpBuf, dataSize); + } else +#endif /* XMLSEC_NO_GOST2012*/ + { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Invalid algo"); + xmlSecInvalidTypeError("Invalid signature algorithm", xmlSecTransformGetName(transform)); xmlSecBufferFinalize(&tmp); return(-1); } hKey = xmlSecMSCryptoKeyDataGetKey(ctx->data, xmlSecKeyDataTypePublic); if (hKey == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoKeyDataGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataGetKey", + xmlSecTransformGetName(transform)); xmlSecBufferFinalize(&tmp); return(-1); } @@ -395,20 +412,15 @@ static int xmlSecMSCryptoSignatureVerify(xmlSecTransformPtr transform, 0)) { dwError = GetLastError(); if (NTE_BAD_SIGNATURE == dwError) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptVerifySignature", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "CryptVerifySignature: signature does not verify"); transform->status = xmlSecTransformStatusFail; xmlSecBufferFinalize(&tmp); return(0); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "CryptVerifySignature", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptVerifySignature", + xmlSecTransformGetName(transform)); xmlSecBufferFinalize(&tmp); return (-1); } @@ -430,6 +442,8 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra int ret; DWORD dwSigLen; BYTE *tmpBuf, *outBuf; + int bOk; + PCRYPT_KEY_PROV_INFO pProviderInfo = NULL; xmlSecAssert2(xmlSecMSCryptoSignatureCheckId(transform), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); @@ -452,20 +466,68 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra xmlSecAssert2(outSize == 0, -1); if (0 == (hProv = xmlSecMSCryptoKeyDataGetMSCryptoProvider(ctx->data))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecMSCryptoKeyDataGetMSCryptoProvider", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("xmlSecMSCryptoKeyDataGetMSCryptoProvider", + xmlSecTransformGetName(transform)); return (-1); } - if (!CryptCreateHash(hProv, ctx->digestAlgId, 0, 0, &(ctx->mscHash))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptCreateHash", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + //First try create hash with provider acquired in function xmlSecMSCryptoKeyDataAdoptCert. + bOk = CryptCreateHash(hProv, ctx->digestAlgId, 0, 0, &(ctx->mscHash)); + + //Then try it with container name, provider name and type acquired from certificate context. + if(!bOk) { + pProviderInfo = xmlSecMSCryptoKeyDataGetMSCryptoProviderInfo(ctx->data); + + if(pProviderInfo == NULL) { + xmlSecInternalError("xmlSecMSCryptoKeyDataGetMSCryptoProviderInfo", NULL); + return(-1); + } + + if(!CryptReleaseContext(hProv, 0)) { + xmlSecMSCryptoError("CryptReleaseContext", NULL); + return(-1); + } + hProv = (HCRYPTPROV)0; + + if(!CryptAcquireContextW(&hProv, + pProviderInfo->pwszContainerName, + pProviderInfo->pwszProvName, + pProviderInfo->dwProvType, + 0)) { + + xmlSecMSCryptoError("CryptAcquireContext", NULL); + return(-1); + } + + bOk = CryptCreateHash(hProv, ctx->digestAlgId, 0, 0, &(ctx->mscHash)); + } + + //Last try it with PROV_RSA_AES provider type. + if(!bOk) { + if (!CryptReleaseContext(hProv, 0)) { + xmlSecMSCryptoError("CryptReleaseContext", NULL); + return(-1); + } + hProv = (HCRYPTPROV)0; + + if(!CryptAcquireContextW(&hProv, + pProviderInfo->pwszContainerName, + NULL, + PROV_RSA_AES, + 0)) { + xmlSecMSCryptoError("CryptAcquireContext", NULL); + return(-1); + } + + bOk = CryptCreateHash(hProv, ctx->digestAlgId, 0, 0, &(ctx->mscHash)); + } + + if(pProviderInfo != NULL) { + free(pProviderInfo); + } + + if(!bOk) { + xmlSecMSCryptoError("CryptCreateHash", NULL); return(-1); } @@ -476,21 +538,14 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra xmlSecAssert2(outSize == 0, -1); if (!CryptHashData(ctx->mscHash, xmlSecBufferGetData(in), inSize, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptHashData", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptHashData", NULL); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); return(-1); } } @@ -503,33 +558,23 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra if(transform->operation == xmlSecTransformOperationSign) { dwKeySpec = xmlSecMSCryptoKeyDataGetMSCryptoKeySpec(ctx->data); if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, NULL, &dwSigLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptSignHash", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSignHash", NULL); return(-1); } outSize = (xmlSecSize)dwSigLen; ret = xmlSecBufferInitialize(&tmp, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } tmpBuf = xmlSecBufferGetData(&tmp); xmlSecAssert2(tmpBuf != NULL, -1); if (!CryptSignHash(ctx->mscHash, dwKeySpec, NULL, 0, tmpBuf, &dwSigLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptSignHash", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptSignHash", NULL); xmlSecBufferFinalize(&tmp); return(-1); } @@ -537,11 +582,9 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); xmlSecBufferFinalize(&tmp); return(-1); } @@ -597,13 +640,16 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra } else #endif /* XMLSEC_NO_GOST*/ +#ifndef XMLSEC_NO_GOST2012 + if (xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2012_256Id) || + xmlSecTransformCheckId(transform, xmlSecMSCryptoTransformGost2012_512Id)) { + ConvertEndian(tmpBuf, outBuf, outSize); + } else +#endif /* XMLSEC_NO_GOST2012*/ + { /* We shouldn't get at this place */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Invalid algo"); + xmlSecInvalidTypeError("Invalid signature algorithm", xmlSecTransformGetName(transform)); xmlSecBufferFinalize(&tmp); return(-1); } @@ -616,11 +662,7 @@ xmlSecMSCryptoSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTra /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -958,3 +1000,98 @@ xmlSecMSCryptoTransformGost2001GostR3411_94GetKlass(void) { #endif /* XMLSEC_NO_GOST*/ + +#ifndef XMLSEC_NO_GOST2012 + +/**************************************************************************** + * + * GOST R 34.10-2012 256 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecMSCryptoGost2012_256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameGostR3410_2012GostR3411_2012_256, /* const xmlChar* name; */ + xmlSecHrefGostR3410_2012GostR3411_2012_256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCryptoTransformGost2012GostR3411_94GetKlass: + * + * The GOST R 34.10-2012 signature transform klass. + * + * Returns: GOST2001-GOST R 34.10-2012 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCryptoTransformGost2012_256GetKlass(void) { + return(&xmlSecMSCryptoGost2012_256Klass); +} + +/**************************************************************************** + * + * GOST R 34.10-2012 512 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecMSCryptoGost2012_512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecMSCryptoSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameGostR3410_2012GostR3411_2012_512, /* const xmlChar* name; */ + xmlSecHrefGostR3410_2012GostR3411_2012_512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecMSCryptoSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecMSCryptoSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecMSCryptoSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecMSCryptoSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecMSCryptoSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecMSCryptoSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecMSCryptoTransformGost2012GostR3411_94GetKlass: + * + * The GOST R 34.10-2012 signature transform klass. + * + * Returns: GOST2001-GOST R 34.10-2012 signature transform klass. + */ +xmlSecTransformId +xmlSecMSCryptoTransformGost2012_512GetKlass(void) { + return(&xmlSecMSCryptoGost2012_512Klass); +} + +#endif /* XMLSEC_NO_GOST2012*/ + diff --git a/src/mscrypto/symkeys.c b/src/mscrypto/symkeys.c index 658a6d49..8d54dc73 100644 --- a/src/mscrypto/symkeys.c +++ b/src/mscrypto/symkeys.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2003 Cordys R&D BV, All rights reserved. */ +/** + * SECTION:symkeys + * @Short_description: Symmetric keys implementation for Microsoft Crypto API. + * @Stability: Private + * + */ + #include "globals.h" #include <stdlib.h> @@ -138,6 +143,7 @@ xmlSecMSCryptoSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xml xmlSecAssert2(xmlSecMSCryptoSymKeyDataCheckId(data), -1); xmlSecAssert2(sizeBits > 0, -1); + UNREFERENCED_PARAMETER(type); buffer = xmlSecKeyDataBinaryValueGetBuffer(data); xmlSecAssert2(buffer != NULL, -1); @@ -202,8 +208,6 @@ xmlSecMSCryptoSymKeyDataKlassCheck(xmlSecKeyDataKlass* klass) { { return(0); } - - return(0); } @@ -225,9 +229,8 @@ xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateK DWORD keyBlobLen; PUBLICKEYSTRUC* pubKeyStruc; RSAPUBKEY* rsaPubKey; - DWORD bitLen; + DWORD bitLen, n; BYTE *ptr; - int n; BOOL res = FALSE; xmlSecAssert2(hProv != 0, FALSE); @@ -238,40 +241,24 @@ xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateK /* Generate the private key */ if(!CryptGenKey(hProv, AT_KEYEXCHANGE, CRYPT_EXPORTABLE, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptGenKey", NULL); goto done; } /* Export the private key, we'll convert it to a private exponent of one key */ if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, NULL, &keyBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptExportKey", NULL); goto done; } keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen); if(keyBlob == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(sizeof(BYTE) * keyBlobLen, NULL); goto done; } if(!CryptExportKey(hKey, 0, PRIVATEKEYBLOB, 0, keyBlob, &keyBlobLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptExportKey", NULL); goto done; } CryptDestroyKey(hKey); @@ -279,28 +266,22 @@ xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateK /* Get the bit length of the key */ if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "len=%ld", keyBlobLen); + xmlSecMSCryptoError2("CryptExportKey", NULL, + "len=%ld", + (long int)keyBlobLen); goto done; } pubKeyStruc = (PUBLICKEYSTRUC*)keyBlob; if(pubKeyStruc->bVersion != 0x02) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bVersion=%d", pubKeyStruc->bVersion); + xmlSecMSCryptoError2("CryptExportKey", NULL, + "pubKeyStruc->bVersion=%ld", + (long int)pubKeyStruc->bVersion); goto done; } if(pubKeyStruc->bType != PRIVATEKEYBLOB) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "pubKeyStruc->bType=%d", (int)pubKeyStruc->bType); + xmlSecMSCryptoError2("CryptExportKey", NULL, + "pubKeyStruc->bType=%ld", + (long int)pubKeyStruc->bType); goto done; } @@ -309,11 +290,9 @@ xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateK /* check that we have RSA private key */ if(rsaPubKey->magic != 0x32415352) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "rsaPubKey->magic=0x%08lx", rsaPubKey->magic); + xmlSecMSCryptoError2("CryptExportKey", NULL, + "rsaPubKey->magic=0x%08lx", + (long int)rsaPubKey->magic); goto done; } bitLen = rsaPubKey->bitlen; @@ -335,11 +314,8 @@ xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateK * BYTE privateExponent[rsapubkey.bitlen/8]; 1/8 */ if(keyBlobLen < sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY) + bitLen / 2 + bitLen / 16) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptExportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "len=%ld", keyBlobLen); + xmlSecMSCryptoError2("CryptExportKey", NULL, + "keBlobLen=%ld", keyBlobLen); goto done; } ptr = (BYTE*)(keyBlob + sizeof(PUBLICKEYSTRUC) + sizeof(RSAPUBKEY)); @@ -374,11 +350,7 @@ xmlSecMSCryptoCreatePrivateExponentOneKey(HCRYPTPROV hProv, HCRYPTKEY *hPrivateK /* Import the exponent-of-one private key. */ if (!CryptImportKey(hProv, keyBlob, keyBlobLen, 0, 0, &hKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptImportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CryptImportKey", NULL); goto done; } (*hPrivateKey) = hKey; @@ -434,11 +406,9 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey, dwFlags = 0; } if(!fFound) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetProvParam", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "algId=%d is not supported", dwAlgId); + xmlSecMSCryptoError2("CryptGetProvParam", NULL, + "algId=%ld is not supported", + (long int)dwAlgId); goto done; } @@ -447,21 +417,16 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey, * PP_ENUMALGS_EX contains the key size without the padding so we can't use it. */ if(!CryptGenKey(hProv, dwAlgId, 0, &hTempKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGenKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "algId=%d", dwAlgId); + xmlSecMSCryptoError2("CryptGenKey", NULL, + "algId=%ld", + (long int)dwAlgId); goto done; } dwSize = sizeof(DWORD); if(!CryptGetKeyParam(hTempKey, KP_KEYLEN, (LPBYTE)&dwProvSessionKeySize, &dwSize, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetKeyParam(KP_KEYLEN)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "algId=%d", dwAlgId); + xmlSecMSCryptoError2("CryptGetKeyParam(KP_KEYLEN)", NULL, + "algId=%ld", (long int)dwAlgId); goto done; } CryptDestroyKey(hTempKey); @@ -469,12 +434,9 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey, /* yell if key is too big */ if ((dwKeyMaterial * 8) > dwProvSessionKeySize) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "dwKeyMaterial=%ld;dwProvSessionKeySize=%ld", - dwKeyMaterial, dwProvSessionKeySize); + xmlSecInvalidSizeMoreThanError("Key value (bits)", + (dwKeyMaterial * 8), dwProvSessionKeySize, + NULL); goto done; } } else { @@ -484,33 +446,24 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey, /* Get private key's algorithm */ dwSize = sizeof(ALG_ID); if(!CryptGetKeyParam(hPrivateKey, KP_ALGID, (LPBYTE)&dwPrivKeyAlg, &dwSize, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetKeyParam(KP_ALGID)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "algId=%d", dwAlgId); + xmlSecMSCryptoError2("CryptGetKeyParam(KP_ALGID)", NULL, + "algId=%ld", + (long int)dwAlgId); goto done; } /* Get private key's length in bits */ dwSize = sizeof(DWORD); if(!CryptGetKeyParam(hPrivateKey, KP_KEYLEN, (LPBYTE)&dwPublicKeySize, &dwSize, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGetKeyParam(KP_KEYLEN)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "algId=%d", dwAlgId); + xmlSecMSCryptoError2("CryptGetKeyParam(KP_KEYLEN)", NULL, + "algId=%ld", + (long int)dwAlgId); goto done; } /* 3 is for the first reserved byte after the key material and the 2 reserved bytes at the end. */ if(dwPublicKeySize / 8 < dwKeyMaterial + 3) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "dwKeyMaterial=%ld;dwPublicKeySize=%ld", - dwKeyMaterial, dwPublicKeySize); + xmlSecInvalidSizeLessThanError("Key value", dwPublicKeySize / 8, dwKeyMaterial + 3, NULL); goto done; } rndBlobSize = dwPublicKeySize / 8 - (dwKeyMaterial + 3); @@ -530,11 +483,7 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey, /* allocate simple blob buffer */ keyBlob = (LPBYTE)xmlMalloc(sizeof(BYTE) * keyBlobLen); if(keyBlob == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(sizeof(BYTE) * keyBlobLen, NULL); goto done; } memset(keyBlob, 0, keyBlobLen); @@ -562,11 +511,9 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey, /* Generate random data for the rest of the buffer */ if((rndBlobSize > 0) && !CryptGenRandom(hProv, rndBlobSize, pbPtr)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptGenRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "rndBlobSize=%ld", rndBlobSize); + xmlSecMSCryptoError2("CryptGenRandom", NULL, + "rndBlobSize=%ld", + (long int)rndBlobSize); goto done; } /* aleksey: why are we doing this? */ @@ -578,11 +525,9 @@ xmlSecMSCryptoImportPlainSessionBlob(HCRYPTPROV hProv, HCRYPTKEY hPrivateKey, keyBlob[keyBlobLen - 2] = 2; if(!CryptImportKey(hProv, keyBlob , keyBlobLen, hPrivateKey, CRYPT_EXPORTABLE, hSessionKey)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CryptImportKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "algId=%d", dwAlgId); + xmlSecMSCryptoError2("CryptImportKey", NULL, + "algId=%ld", + (long int)dwAlgId); goto done; } diff --git a/src/mscrypto/x509.c b/src/mscrypto/x509.c index 0f687695..2abb5509 100644 --- a/src/mscrypto/x509.c +++ b/src/mscrypto/x509.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -10,6 +8,12 @@ * Copyright (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509 + * @Short_description: X509 certificates implementation for Microsoft Crypto API. + * @Stability: Stable + * + */ #include "globals.h" @@ -360,11 +364,8 @@ xmlSecMSCryptoKeyDataX509AdoptCert(xmlSecKeyDataPtr data, PCCERT_CONTEXT cert) { xmlSecAssert2(ctx->hMemStore != 0, -1); if (!CertAddCertificateContextToStore(ctx->hMemStore, cert, CERT_STORE_ADD_ALWAYS, NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CertAddCertificateContextToStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddCertificateContextToStore", + xmlSecKeyDataGetName(data)); return(-1); } CertFreeCertificateContext(cert); @@ -395,8 +396,10 @@ xmlSecMSCryptoKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) { xmlSecAssert2(ctx->hMemStore != 0, NULL); xmlSecAssert2(ctx->numCerts > pos, NULL); - while ((pCert = CertEnumCertificatesInStore(ctx->hMemStore, pCert)) && (pos > 0)) { - pos--; + pCert = CertEnumCertificatesInStore(ctx->hMemStore, pCert); + while ((pCert != NULL) && (pos > 0)) { + pCert = CertEnumCertificatesInStore(ctx->hMemStore, pCert); + pos--; } return(pCert); @@ -443,11 +446,8 @@ xmlSecMSCryptoKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, PCCRL_CONTEXT crl) { xmlSecAssert2(ctx->hMemStore != 0, -1); if (!CertAddCRLContextToStore(ctx->hMemStore, crl, CERT_STORE_ADD_ALWAYS, NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CertAddCRLContextToStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddCRLContextToStore", + xmlSecKeyDataGetName(data)); return(-1); } ctx->numCrls++; @@ -476,8 +476,10 @@ xmlSecMSCryptoKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) { xmlSecAssert2(ctx->hMemStore != 0, NULL); xmlSecAssert2(ctx->numCrls > pos, NULL); - while ((pCRL = CertEnumCRLsInStore(ctx->hMemStore, pCRL)) && (pos > 0)) { - pos--; + pCRL = CertEnumCRLsInStore(ctx->hMemStore, pCRL); + while ((pCRL != NULL) && (pos > 0)) { + pCRL = CertEnumCRLsInStore(ctx->hMemStore, pCRL); + pos--; } return(pCRL); @@ -520,11 +522,8 @@ xmlSecMSCryptoKeyDataX509Initialize(xmlSecKeyDataPtr data) { CERT_STORE_CREATE_NEW_FLAG, NULL); if (ctx->hMemStore == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -549,31 +548,23 @@ xmlSecMSCryptoKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { */ certSrc = xmlSecMSCryptoKeyDataX509GetCert(src, pos); if(certSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecMSCryptoKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoKeyDataX509GetCert", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } certDst = CertDuplicateCertificateContext(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecMSCryptoKeyDataX509AdoptCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(dst)); CertFreeCertificateContext(certDst); return(-1); } @@ -584,31 +575,23 @@ xmlSecMSCryptoKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { for(pos = 0; pos < size; ++pos) { crlSrc = xmlSecMSCryptoKeyDataX509GetCrl(src, pos); if(crlSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecMSCryptoKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoKeyDataX509GetCrl", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } crlDst = CertDuplicateCRLContext(crlSrc); if(crlDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CertDuplicateCRLContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertDuplicateCRLContext", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecMSCryptoKeyDataX509AdoptCrl(dst, crlDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(dst)); CertFreeCRLContext(crlDst); return(-1); } @@ -619,20 +602,14 @@ xmlSecMSCryptoKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(certSrc != NULL) { certDst = CertDuplicateCertificateContext(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecMSCryptoKeyDataX509AdoptKeyCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecMSCryptoKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(dst)); CertFreeCertificateContext(certDst); return(-1); } @@ -656,11 +633,7 @@ xmlSecMSCryptoKeyDataX509Finalize(xmlSecKeyDataPtr data) { if (ctx->hMemStore != 0) { if (!CertCloseStore(ctx->hMemStore, CERT_CLOSE_STORE_FORCE_FLAG)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertCloseStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("CertCloseStore", NULL); return; } } @@ -681,34 +654,23 @@ xmlSecMSCryptoKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyEnsureData(key, id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecMSCryptoX509DataNodeRead(data, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoX509DataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509DataNodeRead", + xmlSecKeyDataKlassGetName(id)); return(-1); } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { - ret = xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ret = xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCryptoKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); } return(0); } @@ -728,13 +690,11 @@ xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); + content = xmlSecX509DataGetNodeContent (node, keyInfoCtx); if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); + xmlSecInternalError2("xmlSecX509DataGetNodeContent", + xmlSecKeyDataKlassGetName(id), + "content=%d", content); return(-1); } else if(content == 0) { /* by default we are writing certificates and crls */ @@ -753,22 +713,18 @@ xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoKeyDataX509GetCert", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ret = xmlSecMSCryptoX509CertificateNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoX509CertificateNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -776,11 +732,9 @@ xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ret = xmlSecMSCryptoX509SubjectNameNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoX509SubjectNameNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -788,11 +742,9 @@ xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ret = xmlSecMSCryptoX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoX509IssuerSerialNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -800,11 +752,9 @@ xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ret = xmlSecMSCryptoX509SKINodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoX509SKINodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -816,21 +766,17 @@ xmlSecMSCryptoKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { crl = xmlSecMSCryptoKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoKeyDataX509GetCrl", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } ret = xmlSecMSCryptoX509CRLNodeWrite(crl, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoX509CRLNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -874,11 +820,9 @@ xmlSecMSCryptoKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Certificate:\n"); @@ -908,11 +852,9 @@ xmlSecMSCryptoKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecMSCryptoKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecMSCryptoKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<Certificate>\n"); @@ -940,29 +882,42 @@ xmlSecMSCryptoX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKey ret = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { ret = xmlSecMSCryptoX509CertificateNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCryptoX509CertificateNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { ret = xmlSecMSCryptoX509SubjectNameNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCryptoX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { ret = xmlSecMSCryptoX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCryptoX509IssuerSerialNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { ret = xmlSecMSCryptoX509SKINodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCryptoX509SKINodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { ret = xmlSecMSCryptoX509CRLNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecMSCryptoX509CRLNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation: ignore unknown nodes */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "read node failed"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); return(-1); } } @@ -985,11 +940,7 @@ xmlSecMSCryptoX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -997,22 +948,16 @@ xmlSecMSCryptoX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm cert = xmlSecMSCryptoX509CertBase64DerRead(content); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509CertBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CertFreeCertificateContext(cert); xmlFree(content); return(-1); @@ -1035,29 +980,20 @@ xmlSecMSCryptoX509CertificateNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, /* set base64 lines size from context */ buf = xmlSecMSCryptoX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509CertBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); return(0); @@ -1077,11 +1013,8 @@ xmlSecMSCryptoX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1091,11 +1024,7 @@ xmlSecMSCryptoX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm xmlFree(subject); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1104,12 +1033,8 @@ xmlSecMSCryptoX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm cert = xmlSecMSCryptoX509StoreFindCert(x509Store, subject, NULL, NULL, NULL, keyInfoCtx); if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "subject=%s", - xmlSecErrorsSafeString(subject)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "subject=%s", xmlSecErrorsSafeString(subject)); xmlFree(subject); return(-1); } @@ -1119,11 +1044,8 @@ xmlSecMSCryptoX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CertFreeCertificateContext(cert); xmlFree(subject); return(-1); @@ -1137,32 +1059,33 @@ static int xmlSecMSCryptoX509SubjectNameNodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar* buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); + UNREFERENCED_PARAMETER(keyInfoCtx); buf = xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Subject)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Subject))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Subject))", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL); + xmlFree(buf); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); + + /* done */ xmlFree(buf); return(0); } @@ -1183,23 +1106,16 @@ xmlSecMSCryptoX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, x x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } cur = xmlSecGetNextElementNode(node->children); if(cur == NULL) { if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); return(-1); } return(0); @@ -1207,56 +1123,32 @@ xmlSecMSCryptoX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, x /* the first is required node X509IssuerName */ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data)); return(-1); } issuerName = xmlNodeGetContent(cur); if(issuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is required node X509SerialNumber */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, xmlSecKeyDataGetName(data)); xmlFree(issuerName); return(-1); } issuerSerial = xmlNodeGetContent(cur); if(issuerSerial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); xmlFree(issuerName); return(-1); } cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1265,13 +1157,10 @@ xmlSecMSCryptoX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, x cert = xmlSecMSCryptoX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx); if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "issuerName=%s;issuerSerial=%s", - xmlSecErrorsSafeString(issuerName), - xmlSecErrorsSafeString(issuerSerial)); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1284,11 +1173,8 @@ xmlSecMSCryptoX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, x ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CertFreeCertificateContext(cert); xmlFree(issuerSerial); xmlFree(issuerName); @@ -1312,61 +1198,46 @@ xmlSecMSCryptoX509IssuerSerialNodeWrite(PCCERT_CONTEXT cert, xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); + UNREFERENCED_PARAMETER(keyInfoCtx); /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL); return(-1); } - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); + issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL); return(-1); } - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL); return(-1); } /* write data */ buf = xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Issuer)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Issuer))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509NameWrite(&(cert->pCertInfo->Issuer))", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL); + xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + xmlFree(buf); ret = xmlSecMSCryptoASN1IntegerWrite(issuerNumberNode, &(cert->pCertInfo->SerialNumber)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoASN1IntegerWrite(&(cert->serialNumber))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoASN1IntegerWrite(&(cert->serialNumber))", NULL); return(-1); } return(0); @@ -1386,11 +1257,8 @@ xmlSecMSCryptoX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1400,12 +1268,7 @@ xmlSecMSCryptoX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI xmlFree(ski); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1416,12 +1279,8 @@ xmlSecMSCryptoX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI xmlFree(ski); if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "ski=%s", xmlSecErrorsSafeString(ski)); return(-1); } return(0); @@ -1429,11 +1288,8 @@ xmlSecMSCryptoX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CertFreeCertificateContext(cert); xmlFree(ski); return(-1); @@ -1447,34 +1303,34 @@ static int xmlSecMSCryptoX509SKINodeWrite(PCCERT_CONTEXT cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar *buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); + UNREFERENCED_PARAMETER(keyInfoCtx); buf = xmlSecMSCryptoX509SKIWrite(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509SKIWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + + /* done */ + xmlFree(buf); return(0); } @@ -1493,11 +1349,7 @@ xmlSecMSCryptoX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1505,21 +1357,15 @@ xmlSecMSCryptoX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI crl = xmlSecMSCryptoX509CrlBase64DerRead(content, keyInfoCtx); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509CrlBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } if (0 != xmlSecMSCryptoKeyDataX509AdoptCrl(data, crl)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(data)); xmlFree(content); CertFreeCRLContext(crl); return(-1); @@ -1541,28 +1387,19 @@ xmlSecMSCryptoX509CRLNodeWrite(PCCRL_CONTEXT crl, xmlNodePtr node, xmlSecKeyInfo /* set base64 lines size from context */ buf = xmlSecMSCryptoX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509CrlBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); @@ -1588,11 +1425,8 @@ xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecMSCryptoX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1606,34 +1440,24 @@ xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr ctx->keyCert = CertDuplicateCertificateContext(cert); if(ctx->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(data)); return(-1); } /* search key according to KeyReq */ pCert = CertDuplicateCertificateContext( ctx->keyCert ) ; if( pCert == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CertDuplicateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - - return(-1); + xmlSecMSCryptoError("CertDuplicateCertificateContext", + xmlSecKeyDataGetName(data)); + return(-1); } if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate ) == xmlSecKeyDataTypePrivate ) { keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePrivate ) ; if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoCertAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoCertAdopt", + xmlSecKeyDataGetName(data)); CertFreeCertificateContext( pCert ) ; return(-1); } @@ -1641,11 +1465,8 @@ xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr } else if( ( keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePublic ) == xmlSecKeyDataTypePublic ) { keyValue = xmlSecMSCryptoCertAdopt( pCert, xmlSecKeyDataTypePublic ) ; if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoCertAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoCertAdopt", + xmlSecKeyDataGetName(data)); CertFreeCertificateContext( pCert ) ; return(-1); } @@ -1654,51 +1475,36 @@ xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } ret = xmlSecKeySetValue(key, keyValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } ret = xmlSecMSCryptoX509CertGetTime(ctx->keyCert->pCertInfo->NotBefore, &(key->notValidBefore)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidBefore"); + xmlSecInternalError("xmlSecMSCryptoX509CertGetTime(notValidBefore)", + xmlSecKeyDataGetName(data)); return(-1); } ret = xmlSecMSCryptoX509CertGetTime(ctx->keyCert->pCertInfo->NotAfter, &(key->notValidAfter)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecMSCryptoX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidAfter"); + xmlSecInternalError("xmlSecMSCryptoX509CertGetTime(notValidAfter)", + xmlSecKeyDataGetName(data)); return(-1); } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, + xmlSecKeyDataGetName(data), NULL); return(-1); } } @@ -1735,11 +1541,7 @@ xmlSecMSCryptoX509CertBase64DerRead(xmlChar* buf) { /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1756,11 +1558,7 @@ xmlSecMSCryptoX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) { cert = CertCreateCertificateContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, size); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertCreateCertificateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertCreateCertificateContext", NULL); return(NULL); } @@ -1778,21 +1576,13 @@ xmlSecMSCryptoX509CertBase64DerWrite(PCCERT_CONTEXT cert, int base64LineWrap) { p = cert->pbCertEncoded; size = cert->cbCertEncoded; if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cert->pbCertEncoded", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("cert->pbCertEncoded", NULL); return(NULL); } res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(NULL); } @@ -1809,11 +1599,7 @@ xmlSecMSCryptoX509CrlBase64DerRead(xmlChar* buf, /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1833,11 +1619,7 @@ xmlSecMSCryptoX509CrlDerRead(xmlSecByte* buf, xmlSecSize size, crl = CertCreateCRLContext(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, buf, size); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertCreateCRLContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertCreateCRLContext", NULL); return(NULL); } @@ -1855,21 +1637,13 @@ xmlSecMSCryptoX509CrlBase64DerWrite(PCCRL_CONTEXT crl, int base64LineWrap) { p = crl->pbCrlEncoded; size = crl->cbCrlEncoded; if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "crl->pbCrlEncoded", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("crl->pbCrlEncoded", NULL); return(NULL); } res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(NULL); } @@ -1888,42 +1662,26 @@ xmlSecMSCryptoX509NameWrite(PCERT_NAME_BLOB nm) { csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, NULL, 0); if(csz <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertNameToStr", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertNameToStr", NULL); return(NULL); } resT = (LPTSTR)xmlMalloc(sizeof(TCHAR) * (csz + 1)); if (NULL == resT) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(WCHAR) * (csz + 1)); + xmlSecMallocError(sizeof(TCHAR) * (csz + 1), NULL); return (NULL); } csz = CertNameToStr(X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, nm, CERT_X500_NAME_STR | CERT_NAME_STR_REVERSE_FLAG, resT, csz + 1); if (csz <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertNameToStr", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertNameToStr", NULL); xmlFree(resT); return(NULL); } - res = xmlSecMSCryptoConvertTstrToUtf8(resT); + res = xmlSecWin32ConvertTstrToUtf8(resT); if (NULL == res) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoConvertTstrToUtf8", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecWin32ConvertTstrToUtf8", NULL); xmlFree(resT); return(NULL); } @@ -1944,21 +1702,14 @@ xmlSecMSCryptoASN1IntegerWrite(xmlNodePtr node, PCRYPT_INTEGER_BLOB num) { ret = xmlSecBnInitialize(&bn, num->cbData + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%ld", num->cbData + 1); + xmlSecInternalError2("xmlSecBnInitialize", NULL, + "size=%ld", num->cbData + 1); return(-1); } ret = xmlSecBnSetData(&bn, num->pbData, num->cbData); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnSetData", NULL); xmlSecBnFinalize(&bn); return(-1); } @@ -1969,11 +1720,7 @@ xmlSecMSCryptoASN1IntegerWrite(xmlNodePtr node, PCRYPT_INTEGER_BLOB num) { */ ret = xmlSecBnSetNodeValue(&bn, node, xmlSecBnDec, 1, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnSetNodeValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnSetNodeValue", NULL); xmlSecBnFinalize(&bn); return(-1); } @@ -1991,44 +1738,28 @@ xmlSecMSCryptoX509SKIWrite(PCCERT_CONTEXT cert) { xmlSecAssert2(cert != NULL, NULL); - /* First check if the SKI extension actually exists, otherwise we get a SHA1 hash o fthe key/cert */ + /* First check if the SKI extension actually exists, otherwise we get a SHA1 hash of the key/cert */ pCertExt = CertFindExtension(szOID_SUBJECT_KEY_IDENTIFIER, cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); if (pCertExt == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertFindExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return (NULL); - } + xmlSecMSCryptoError("CertFindExtension", NULL); + return (NULL); + } if (!CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, NULL, &dwSize) || dwSize < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertGetCertificateContextProperty", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return (NULL); - } + xmlSecMSCryptoError("CertGetCertificateContextProperty", NULL); + return (NULL); + } bSKI = xmlMalloc(dwSize); if (NULL == bSKI) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(dwSize, NULL); return (NULL); } if (!CertGetCertificateContextProperty(cert, CERT_KEY_IDENTIFIER_PROP_ID, bSKI, &dwSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertGetCertificateContextProperty", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(bSKI); - return (NULL); - } + xmlSecMSCryptoError("CertGetCertificateContextProperty", NULL); + xmlFree(bSKI); + return (NULL); + } if (NULL == bSKI) { return(NULL); @@ -2036,11 +1767,7 @@ xmlSecMSCryptoX509SKIWrite(PCCERT_CONTEXT cert) { res = xmlSecBase64Encode(bSKI, dwSize, 0); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); xmlFree(bSKI); return(NULL); } @@ -2065,11 +1792,7 @@ xmlSecMSCryptoX509CertDebugDump(PCCERT_CONTEXT cert, FILE* output) { /* subject */ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL); if(subject == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoX509GetNameString", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "subject"); + xmlSecInternalError("xmlSecMSCryptoX509GetNameString(subject)", NULL); goto done; } fprintf(output, "==== Subject Name: %s\n", subject); @@ -2077,11 +1800,7 @@ xmlSecMSCryptoX509CertDebugDump(PCCERT_CONTEXT cert, FILE* output) { /* issuer */ issuer = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL); if(issuer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoX509GetNameString", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "issuer"); + xmlSecInternalError("xmlSecMSCryptoX509GetNameString(issuer)", NULL); goto done; } fprintf(output, "==== Issuer Name: %s\n", issuer); @@ -2116,11 +1835,7 @@ xmlSecMSCryptoX509CertDebugXmlDump(PCCERT_CONTEXT cert, FILE* output) { /* subject */ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL); if(subject == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoX509GetNameString", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "subject"); + xmlSecInternalError("xmlSecMSCryptoX509GetNameString(subject)", NULL); goto done; } fprintf(output, "<SubjectName>"); @@ -2130,11 +1845,7 @@ xmlSecMSCryptoX509CertDebugXmlDump(PCCERT_CONTEXT cert, FILE* output) { /* issuer */ issuer = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, CERT_NAME_ISSUER_FLAG, NULL); if(issuer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoX509GetNameString", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "issuer"); + xmlSecInternalError("xmlSecMSCryptoX509GetNameString(issuer)", NULL); goto done; } fprintf(output, "<IssuerName>"); @@ -2237,43 +1948,30 @@ xmlSecMSCryptoKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, cert = xmlSecMSCryptoX509CertDerRead(buf, bufSize); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509CertDerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509CertDerRead", NULL); return(-1); } data = xmlSecKeyEnsureData(key, xmlSecMSCryptoKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); CertFreeCertificateContext(cert); return(-1); } ret = xmlSecMSCryptoKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509AdoptCert", + xmlSecKeyDataKlassGetName(id)); CertFreeCertificateContext(cert); return(-1); } ret = xmlSecMSCryptoKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecMSCryptoKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } return(0); diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c index 899cb6e3..fbc5447e 100644 --- a/src/mscrypto/x509vfy.c +++ b/src/mscrypto/x509vfy.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -10,6 +8,13 @@ * Copyright (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509vfy + * @Short_description: X509 certificates verification support functions for Microsoft Crypto API. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -182,11 +187,8 @@ xmlSecMSCryptoCheckRevocation(HCERTSTORE hStore, PCCERT_CONTEXT pCert) { while((pCrl = CertEnumCRLsInStore(hStore, pCrl)) != NULL) { if (CertFindCertificateInCRL(pCert, pCrl, 0, NULL, &pCrlEntry) && (pCrlEntry != NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertFindCertificateInCRL", - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "cert found in crl list"); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, NULL, + "CertFindCertificateInCRL: cert found in crl list"); return(FALSE); } } @@ -197,7 +199,6 @@ xmlSecMSCryptoCheckRevocation(HCERTSTORE hStore, PCCERT_CONTEXT pCert) { static void xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, DWORD flags) { xmlChar * subject = NULL; - DWORD dwSize; xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId)); xmlSecAssert(cert != NULL); @@ -206,47 +207,38 @@ xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cer /* get certs subject */ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL); if(subject == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoX509GetNameString", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509GetNameString", NULL); return; } /* print error */ if (flags & CERT_STORE_SIGNATURE_FLAG) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "signature"); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "signature failed, subject=%s", + xmlSecErrorsSafeString(subject)); } else if (flags & CERT_STORE_TIME_VALIDITY_FLAG) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, + xmlSecKeyDataStoreGetName(store), + "subject=%s", + xmlSecErrorsSafeString(subject)); } else if (flags & CERT_STORE_REVOCATION_FLAG) { if (flags & CERT_STORE_NO_CRL_FLAG) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_REVOKED, - "no crl"); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_REVOKED, + xmlSecKeyDataStoreGetName(store), + "no crl, subject=%s", + xmlSecErrorsSafeString(subject)); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_REVOKED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_REVOKED, + xmlSecKeyDataStoreGetName(store), + "subject=%s", + xmlSecErrorsSafeString(subject)); } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "subject=%s", + xmlSecErrorsSafeString(subject)); } xmlFree(subject); @@ -267,90 +259,66 @@ static BOOL xmlSecBuildChainUsingWinapi (PCCERT_CONTEXT cert, LPFILETIME pfTime, HCERTSTORE store_untrusted, HCERTSTORE store_doc) { - PCCERT_CHAIN_CONTEXT pChainContext = NULL; - CERT_CHAIN_PARA chainPara; - BOOL rc = FALSE; - HCERTSTORE store_add = NULL; + PCCERT_CHAIN_CONTEXT pChainContext = NULL; + CERT_CHAIN_PARA chainPara; + BOOL rc = FALSE; + HCERTSTORE store_add = NULL; /* Initialize data structures. */ - - memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA)); - chainPara.cbSize = sizeof(CERT_CHAIN_PARA); - - /* Create additional store for CertGetCertificateChain() */ - store_add = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL); - if (!store_add) { - xmlSecError(XMLSEC_ERRORS_HERE, - "chain additional collection store", - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; - } - if (!CertAddStoreToCollection(store_add, store_doc, 0, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - "adding document store", - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; - } - if (!CertAddStoreToCollection(store_add, store_untrusted, 0, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - "adding untrusted store", - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; - } + memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA)); + chainPara.cbSize = sizeof(CERT_CHAIN_PARA); + + /* Create additional store for CertGetCertificateChain() */ + store_add = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL); + if (!store_add) { + xmlSecMSCryptoError("CertOpenStore", NULL); + goto end; + } + if (!CertAddStoreToCollection(store_add, store_doc, 0, 0)) { + xmlSecMSCryptoError("CertAddStoreToCollection", NULL); + goto end; + } + if (!CertAddStoreToCollection(store_add, store_untrusted, 0, 0)) { + xmlSecMSCryptoError("CertAddStoreToCollection", NULL); + goto end; + } /* Build a chain using CertGetCertificateChain and the certificate retrieved. */ - if(!CertGetCertificateChain( - NULL, /* use the default chain engine */ + if(!CertGetCertificateChain(NULL, /* use the default chain engine */ cert, - pfTime, + pfTime, store_add, &chainPara, CERT_CHAIN_REVOCATION_CHECK_CHAIN, - NULL, - &pChainContext)) - { - xmlSecError(XMLSEC_ERRORS_HERE, - "building certificate chain, checking root", - "CertGetCertificateChain", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; + NULL, + &pChainContext)) { + xmlSecMSCryptoError("CertGetCertificateChain", NULL); + goto end; + } + if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) { + CertFreeCertificateChain(pChainContext); pChainContext = NULL; + if(!CertGetCertificateChain(NULL, /* use the default chain engine */ + cert, + pfTime, + store_add, + &chainPara, + CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT, + NULL, + &pChainContext)) { + xmlSecMSCryptoError("CertGetCertificateChain", NULL); + goto end; } - if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) { - CertFreeCertificateChain(pChainContext); pChainContext = NULL; - if(!CertGetCertificateChain( - NULL, /* use the default chain engine */ - cert, - pfTime, - store_add, - &chainPara, - CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT, - NULL, - &pChainContext)) - { - xmlSecError(XMLSEC_ERRORS_HERE, - "building certificate chain, excluding root", - "CertGetCertificateChain", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; - } } - if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) - rc = TRUE; + if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) { + rc = TRUE; + } end: - if (pChainContext) CertFreeCertificateChain(pChainContext); - if (store_add) CertCloseStore(store_add, 0); - return (rc); + if (pChainContext) CertFreeCertificateChain(pChainContext); + if (store_add) CertCloseStore(store_add, 0); + return (rc); } /** @@ -560,8 +528,11 @@ xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs, CertFreeCertificateContext(nextCert); } - if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { - return(cert); + if(selected == 1) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) != 0 + || xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { + return(cert); + } } } @@ -596,25 +567,20 @@ xmlSecMSCryptoX509StoreAdoptCert(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT pCe } else if(type == xmlSecKeyDataTypeNone) { certStore = ctx->untrusted; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "type=%d", type); + xmlSecInvalidIntegerTypeError("type", type, + "xmlSecKeyDataTypeTrusted, xmlSecKeyDataTypeNone", + xmlSecKeyDataStoreGetName(store)); return(-1); } /* TODO: The context to be added here is not duplicated first, - * hopefully this will not lead to errors when closing teh store + * hopefully this will not lead to errors when closing the store * and freeing the mem for all the context in the store. */ xmlSecAssert2(certStore != NULL, -1); if (!CertAddCertificateContextToStore(certStore, pCert, CERT_STORE_ADD_ALWAYS, NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddCertificateContextToStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddCertificateContextToStore", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -643,11 +609,8 @@ xmlSecMSCryptoX509StoreAdoptKeyStore (xmlSecKeyDataStorePtr store, HCERTSTORE ke xmlSecAssert2(ctx->trusted != NULL, -1); if(!CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -675,11 +638,8 @@ xmlSecMSCryptoX509StoreAdoptTrustedStore (xmlSecKeyDataStorePtr store, HCERTSTOR xmlSecAssert2(ctx->trusted != NULL, -1); if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -707,11 +667,8 @@ xmlSecMSCryptoX509StoreAdoptUntrustedStore (xmlSecKeyDataStorePtr store, HCERTST xmlSecAssert2(ctx->untrusted != NULL, -1); if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -735,7 +692,7 @@ xmlSecMSCryptoX509StoreEnableSystemTrustedCerts (xmlSecKeyDataStorePtr store, in xmlSecAssert(ctx != NULL); xmlSecAssert(ctx->untrusted != NULL); - /* it is other way around to make default value 0 mimic old behaiviour */ + /* it is other way around to make default value 0 mimic old behaviour */ ctx->dont_use_system_trusted_certs = !val; } @@ -759,11 +716,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { 0, NULL); if(ctx->trusted == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -774,11 +728,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { CERT_STORE_CREATE_NEW_FLAG, NULL); if(hTrustedMemStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ctx->trusted = NULL ; return(-1); @@ -786,11 +737,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { /* add the memory trusted certs store to trusted certs store collection */ if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ctx->trusted = NULL ; @@ -805,11 +753,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { 0, NULL); if(ctx->untrusted == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ctx->trusted = NULL ; return(-1); @@ -822,11 +767,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { CERT_STORE_CREATE_NEW_FLAG, NULL); if(hUntrustedMemStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); ctx->trusted = NULL ; @@ -836,11 +778,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { /* add the memory trusted certs store to untrusted certs store collection */ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); @@ -899,28 +838,19 @@ xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPTSTR pszX500, DWORD dwSt if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, NULL, NULL, len, &ppszError)) { /* this might not be an error, string might just not exist */ - DWORD dw = GetLastError(); return(NULL); } str = (BYTE *)xmlMalloc(sizeof(TCHAR) * ((*len) + 1)); if(str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "len=%ld", (*len)); + xmlSecMallocError(sizeof(TCHAR) * ((*len) + 1), NULL); return(NULL); } memset(str, 0, (*len) + 1); if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, NULL, str, len, NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertStrToName", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertStrToName", NULL); xmlFree(str); return(NULL); } @@ -1163,12 +1093,7 @@ xmlSecMSCryptoX509GetCertName(const xmlChar * name) { */ name2 = xmlStrdup(name); if(name2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "xmlStrlen(name)=%d", - xmlStrlen(name)); + xmlSecStrdupError(name, NULL); return(NULL); } while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) { @@ -1176,13 +1101,9 @@ xmlSecMSCryptoX509GetCertName(const xmlChar * name) { } /* get name */ - res = xmlSecMSCryptoConvertUtf8ToTstr(name2); + res = xmlSecWin32ConvertUtf8ToTstr(name2); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoConvertUtf8ToTstr", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecWin32ConvertUtf8ToTstr", NULL); xmlFree(name2); return(NULL); } @@ -1209,11 +1130,7 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, /* get unicode subject name */ wcSubjectName = xmlSecMSCryptoX509GetCertName(subjectName); if(wcSubjectName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509GetCertName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "wcSubjectName"); + xmlSecInternalError("xmlSecMSCryptoX509GetCertName(subjectName)", NULL); return(NULL); } @@ -1234,21 +1151,13 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, /* get serial number */ ret = xmlSecBnInitialize(&issuerSerialBn, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnInitialize", NULL); return(NULL); } ret = xmlSecBnFromDecString(&issuerSerialBn, issuerSerial); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnInitialize", NULL); xmlSecBnFinalize(&issuerSerialBn); return(NULL); } @@ -1259,11 +1168,7 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, */ ret = xmlSecBnReverse(&issuerSerialBn); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnReverse", NULL); xmlSecBnFinalize(&issuerSerialBn); return(NULL); } @@ -1271,11 +1176,7 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, /* get issuer name */ wcIssuerName = xmlSecMSCryptoX509GetCertName(issuerName); if(wcIssuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509GetCertName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "wcIssuerName"); + xmlSecInternalError("xmlSecMSCryptoX509GetCertName(issuerName)", NULL); xmlSecBnFinalize(&issuerSerialBn); return(NULL); } @@ -1299,23 +1200,14 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, binSki = xmlStrdup(ski); if(binSki == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(ski, NULL); return (NULL); } /* trick: base64 decode "in place" */ binSkiLen = xmlSecBase64Decode(binSki, (xmlSecByte*)binSki, xmlStrlen(binSki)); if(binSkiLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecInternalError("xmlSecBase64Decode", NULL); xmlFree(binSki); return(NULL); } @@ -1357,44 +1249,28 @@ xmlSecMSCryptoX509GetNameString(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD /* get size first */ dwSize = CertGetNameString(pCertContext, dwType, dwFlags, pvTypePara, NULL, 0); if(dwSize <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - "CertGetNameString", - NULL, - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertGetNameString", NULL); return (NULL); } /* allocate buffer */ name = (LPTSTR)xmlMalloc(sizeof(TCHAR) * (dwSize + 1)); if(name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(sizeof(TCHAR) * (dwSize + 1), NULL); return (NULL); } /* actually get the name */ dwSize = CertGetNameString(pCertContext, dwType, dwFlags, pvTypePara, name, dwSize); if(dwSize <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - "CertGetNameString", - NULL, - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertGetNameString", NULL); xmlFree(name); return (NULL); } - res = xmlSecMSCryptoConvertTstrToUtf8(name); + res = xmlSecWin32ConvertTstrToUtf8(name); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoConvertTstrToUtf8", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecWin32ConvertTstrToUtf8", NULL); xmlFree(name); return (NULL); } diff --git a/src/mscrypto/xmlsec-mingw.h b/src/mscrypto/xmlsec-mingw.h index da7d1d0b..e5350348 100644 --- a/src/mscrypto/xmlsec-mingw.h +++ b/src/mscrypto/xmlsec-mingw.h @@ -1,5 +1,5 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * This is free software; see Copyright file in the source * distribution for preciese wording. diff --git a/src/nodeset.c b/src/nodeset.c index 800f1507..be5138ad 100644 --- a/src/nodeset.c +++ b/src/nodeset.c @@ -1,13 +1,19 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Enchanced nodes set * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:nodeset + * @Short_description: XML nodes set functions + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -20,6 +26,7 @@ #include <xmlsec/xmlsec.h> #include <xmlsec/nodeset.h> #include <xmlsec/errors.h> +#include <xmlsec/private.h> #define xmlSecGetParent(node) \ (((node)->type != XML_NAMESPACE_DECL) ? \ @@ -52,12 +59,7 @@ xmlSecNodeSetCreate(xmlDocPtr doc, xmlNodeSetPtr nodes, xmlSecNodeSetType type) nset = (xmlSecNodeSetPtr)xmlMalloc(sizeof(xmlSecNodeSet)); if(nset == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecNodeSet)=%d", - (int)sizeof(xmlSecNodeSet)); + xmlSecMallocError(sizeof(xmlSecNodeSet), NULL); return(NULL); } memset(nset, 0, sizeof(xmlSecNodeSet)); @@ -193,11 +195,8 @@ xmlSecNodeSetOneContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr pare } return(1); default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "type=%d", nset->type); + xmlSecInvalidIntegerTypeError("node set type", nset->type, + "supported nodeset type", NULL); } return(0); @@ -246,11 +245,8 @@ xmlSecNodeSetContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr parent) } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_OPERATION, - "operation=%d", cur->op); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_OPERATION, NULL, + "node set operation=%d", (int)cur->op); return(-1); } cur = cur->next; @@ -261,7 +257,7 @@ xmlSecNodeSetContains(xmlSecNodeSetPtr nset, xmlNodePtr node, xmlNodePtr parent) /** * xmlSecNodeSetAdd: - * @nset: the pointer to currrent nodes set (or NULL). + * @nset: the pointer to current nodes set (or NULL). * @newNSet: the pointer to new nodes set. * @op: the operation type. * @@ -293,7 +289,7 @@ xmlSecNodeSetAdd(xmlSecNodeSetPtr nset, xmlSecNodeSetPtr newNSet, /** * xmlSecNodeSetAddList: - * @nset: the pointer to currrent nodes set (or NULL). + * @nset: the pointer to current nodes set (or NULL). * @newNSet: the pointer to new nodes set. * @op: the operation type. * @@ -310,22 +306,14 @@ xmlSecNodeSetAddList(xmlSecNodeSetPtr nset, xmlSecNodeSetPtr newNSet, xmlSecNode tmp1 = xmlSecNodeSetCreate(newNSet->doc, NULL, xmlSecNodeSetList); if(tmp1 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNodeSetCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNodeSetCreate", NULL); return(NULL); } tmp1->children = newNSet; tmp2 = xmlSecNodeSetAdd(nset, tmp1, op); if(tmp2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNodeSetAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNodeSetAdd", NULL); xmlSecNodeSetDestroy(tmp1); return(NULL); } @@ -477,11 +465,7 @@ xmlSecNodeSetGetChildren(xmlDocPtr doc, const xmlNodePtr parent, int withComment nodes = xmlXPathNodeSetCreate(parent); if(nodes == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlXPathNodeSetCreate", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlXPathNodeSetCreate", NULL); return(NULL); } @@ -512,13 +496,21 @@ static int xmlSecNodeSetDumpTextNodesWalkCallback(xmlSecNodeSetPtr nset, xmlNodePtr cur, xmlNodePtr parent ATTRIBUTE_UNUSED, void* data) { + int ret; xmlSecAssert2(nset != NULL, -1); xmlSecAssert2(cur != NULL, -1); xmlSecAssert2(data != NULL, -1); - if(cur->type == XML_TEXT_NODE) { - xmlOutputBufferWriteString((xmlOutputBufferPtr)data, - (char*)(cur->content)); + UNREFERENCED_PARAMETER(parent); + + if(cur->type != XML_TEXT_NODE) { + return(0); + } + ret = xmlOutputBufferWriteString((xmlOutputBufferPtr)data, + (char*)(cur->content)); + if(ret < 0) { + xmlSecXmlError("xmlOutputBufferWriteString", NULL); + return(-1); } return(0); } @@ -583,11 +575,8 @@ xmlSecNodeSetDebugDump(xmlSecNodeSetPtr nset, FILE *output) { return; default: fprintf(output, "(unknown=%d)\n", nset->type); - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "type=%d", nset->type); + xmlSecInvalidIntegerTypeError("node set type", nset->type, + "supported nodeset type", NULL); } l = xmlXPathNodeSetGetLength(nset->nodes); diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am index 8cd85863..e666f33c 100644 --- a/src/nss/Makefile.am +++ b/src/nss/Makefile.am @@ -37,10 +37,6 @@ libxmlsec1_nss_la_SOURCES =\ globals.h \ $(NULL) -if SHAREDLIB_HACK -libxmlsec1_nss_la_SOURCES += ../strings.c -endif - libxmlsec1_nss_la_LIBADD = \ $(NSS_LIBS) \ $(LIBXSLT_LIBS) \ diff --git a/src/nss/README b/src/nss/README index 65a0f45e..536552ed 100644 --- a/src/nss/README +++ b/src/nss/README @@ -1,6 +1,6 @@ WHAT VERSION OF NSS? ------------------------------------------------------------------------ -NSS 3.9 or greater and NSPR 4.4.1 or greater are required. +NSS 3.11.1 or greater and NSPR 4.4.1 or greater are required. KEYS MANAGER ------------------------------------------------------------------------ diff --git a/src/nss/app.c b/src/nss/app.c index 0a9046fc..57b540a5 100644 --- a/src/nss/app.c +++ b/src/nss/app.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:app + * @Short_description: Application support functions for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -73,22 +81,15 @@ xmlSecNssAppInit(const char* config) { if(config) { rv = NSS_InitReadWrite(config); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "NSS_InitReadWrite", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "config=%s", - xmlSecErrorsSafeString(config)); + xmlSecNssError2("NSS_InitReadWrite", NULL, + "config=%s", + xmlSecErrorsSafeString(config)); return(-1); } } else { rv = NSS_NoDB_Init(NULL); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "NSS_NoDB_Init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("NSS_NoDB_Init", NULL); return(-1); } } @@ -131,11 +132,7 @@ xmlSecNssAppShutdown(void) { PK11_LogoutAll(); rv = NSS_Shutdown(); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "NSS_Shutdown", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("NSS_Shutdown", NULL); return(-1); } return(0); @@ -149,11 +146,7 @@ xmlSecNssAppCreateSECItem(SECItem *contents, const xmlSecByte* data, xmlSecSize contents->data = 0; if (!SECITEM_AllocItem(NULL, contents, dataSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECITEM_AllocItem", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECITEM_AllocItem", NULL); return(-1); } @@ -178,33 +171,21 @@ xmlSecNssAppReadSECItem(SECItem *contents, const char *fn) { file = PR_Open(fn, PR_RDONLY, 00660); if (file == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PR_Open", - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s", - xmlSecErrorsSafeString(fn)); + xmlSecNssError2("PR_Open", NULL, + "filename=%s", xmlSecErrorsSafeString(fn)); goto done; } prStatus = PR_GetOpenFileInfo(file, &info); if (prStatus != PR_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PR_GetOpenFileInfo", - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s", - xmlSecErrorsSafeString(fn)); + xmlSecNssError2("PR_GetOpenFileInfo", NULL, + "filename=%s", xmlSecErrorsSafeString(fn)); goto done; } contents->data = 0; if (!SECITEM_AllocItem(NULL, contents, info.size)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECITEM_AllocItem", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECITEM_AllocItem", NULL); goto done; } @@ -286,21 +267,13 @@ xmlSecNssAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppReadSECItem(&secItem, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppReadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppReadSECItem", NULL); return(NULL); } res = xmlSecNssAppKeyLoadSECItem(&secItem, format, pwd, pwdCallback, pwdCallbackCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(NULL); } @@ -335,21 +308,13 @@ xmlSecNssAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKey memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppCreateSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppCreateSECItem", NULL); return(NULL); } res = xmlSecNssAppKeyLoadSECItem(&secItem, format, pwd, pwdCallback, pwdCallbackCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(NULL); } @@ -385,22 +350,14 @@ xmlSecNssAppKeyLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format, case xmlSecKeyDataFormatPkcs12: key = xmlSecNssAppPkcs12LoadSECItem(secItem, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppPkcs12LoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppPkcs12LoadSECItem", NULL); return(NULL); } break; case xmlSecKeyDataFormatCertDer: key = xmlSecNssAppKeyFromCertLoadSECItem(secItem, format); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyFromCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyFromCertLoadSECItem", NULL); return(NULL); } break; @@ -408,21 +365,14 @@ xmlSecNssAppKeyLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format, case xmlSecKeyDataFormatDer: key = xmlSecNssAppDerKeyLoadSECItem(secItem); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppDerKeyLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppDerKeyLoadSECItem", NULL); return(NULL); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyLoad", - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); - return(NULL); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); + return(NULL); } return(key); @@ -448,11 +398,7 @@ xmlSecNssAppDerKeyLoadSECItem(SECItem* secItem) { */ slot = xmlSecNssGetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetInternalKeySlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssGetInternalKeySlot", NULL); goto done; } @@ -472,31 +418,19 @@ xmlSecNssAppDerKeyLoadSECItem(SECItem* secItem) { /* TRY PUBLIC KEY */ spki = SECKEY_DecodeDERSubjectPublicKeyInfo(secItem); if (spki == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_DecodeDERSubjectPublicKeyInfo", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECKEY_DecodeDERSubjectPublicKeyInfo", NULL); } pubkey = SECKEY_ExtractPublicKey(spki); if (pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECKEY_ExtractPublicKey", NULL); goto done; } } data = xmlSecNssPKIAdoptKey(privkey, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL); goto done; } privkey = NULL; @@ -504,22 +438,14 @@ xmlSecNssAppDerKeyLoadSECItem(SECItem* secItem) { key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } retval = key; @@ -573,21 +499,13 @@ xmlSecNssAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFor memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppReadSECItem(&secItem, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppReadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppReadSECItem", NULL); return(-1); } ret = xmlSecNssAppKeyCertLoadSECItem(key, &secItem, format); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyCertLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(-1); } @@ -620,21 +538,13 @@ xmlSecNssAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSi memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppCreateSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppCreateSECItem", NULL); return(-1); } ret = xmlSecNssAppKeyCertLoadSECItem(key, &secItem, format); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyCertLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(-1); } @@ -665,12 +575,7 @@ xmlSecNssAppKeyCertLoadSECItem(xmlSecKeyPtr key, SECItem* secItem, xmlSecKeyData data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyEnsureData(xmlSecNssKeyDataX509Id)", NULL); return(-1); } @@ -680,32 +585,22 @@ xmlSecNssAppKeyCertLoadSECItem(xmlSecKeyPtr key, SECItem* secItem, xmlSecKeyData cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), secItem, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "format=%d", format); + xmlSecNssError2("__CERT_NewTempCertificate", NULL, + "format=%d", (int)format); return(-1); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(-1); } xmlSecAssert2(cert != NULL, -1); ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); return(-1); } @@ -740,21 +635,13 @@ xmlSecNssAppPkcs12Load(const char *filename, const char *pwd, memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppReadSECItem(&secItem, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppReadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppReadSECItem", NULL); return(NULL); } res = xmlSecNssAppPkcs12LoadSECItem(&secItem, pwd, pwdCallback, pwdCallbackCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppPkcs12LoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppPkcs12LoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(NULL); } @@ -790,21 +677,13 @@ xmlSecNssAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppCreateSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppCreateSECItem", NULL); return(NULL); } res = xmlSecNssAppPkcs12LoadSECItem(&secItem, pwd, pwdCallback, pwdCallbackCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppPkcs12LoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppPkcs12LoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(NULL); } @@ -860,111 +739,69 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, */ slot = xmlSecNssGetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetInternalKeySlot", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssGetInternalKeySlot", NULL); goto done; } pwditem.data = (unsigned char *)pwd; pwditem.len = strlen(pwd)+1; if (!SECITEM_AllocItem(NULL, &uc2_pwditem, 2*pwditem.len)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECITEM_AllocItem", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECITEM_AllocItem", NULL); goto done; } if (PORT_UCS2_ASCIIConversion(PR_TRUE, pwditem.data, pwditem.len, uc2_pwditem.data, 2*pwditem.len, &(uc2_pwditem.len), 0) == PR_FALSE) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_UCS2_ASCIIConversion", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PORT_UCS2_ASCIIConversion", NULL); goto done; } p12ctx = SEC_PKCS12DecoderStart(&uc2_pwditem, slot, NULL, NULL, NULL, NULL, NULL, NULL); if (p12ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderStart", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderStart", NULL); goto done; } rv = SEC_PKCS12DecoderUpdate(p12ctx, secItem->data, secItem->len); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderUpdate", NULL); goto done; } rv = SEC_PKCS12DecoderVerify(p12ctx); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderVerify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderVerify", NULL); goto done; } rv = SEC_PKCS12DecoderValidateBags(p12ctx, xmlSecNssAppNicknameCollisionCallback); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderValidateBags", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderValidateBags", NULL); goto done; } rv = SEC_PKCS12DecoderImportBags(p12ctx); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderImportBags", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderImportBags", NULL); goto done; } certlist = SEC_PKCS12DecoderGetCerts(p12ctx); if (certlist == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderGetCerts", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderGetCerts", NULL); goto done; } x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)); goto done; } - for (head = CERT_LIST_HEAD(certlist); - !CERT_LIST_END(head, certlist); - head = CERT_LIST_NEXT(head)) { + for (head = CERT_LIST_HEAD(certlist); !CERT_LIST_END(head, certlist); head = CERT_LIST_NEXT(head)) { cert = head->cert; privkey = PK11_FindKeyByAnyCert(cert, NULL); @@ -978,20 +815,14 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, } else { pubkey = CERT_ExtractPublicKey(cert); if (pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_ExtractPublicKey", + xmlSecKeyDataGetName(x509Data)); goto done; } data = xmlSecNssPKIAdoptKey(privkey, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", + xmlSecKeyDataGetName(x509Data)); goto done; } @@ -1000,23 +831,15 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, tmpcert = CERT_DupCertificate(cert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, tmpcert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); CERT_DestroyCertificate(tmpcert); goto done; } @@ -1026,22 +849,14 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, tmpcert = CERT_DupCertificate(cert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecNssKeyDataX509AdoptCert(x509Data, tmpcert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); CERT_DestroyCertificate(tmpcert); goto done; } @@ -1049,32 +864,21 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, } /* end for loop */ if (data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppPkcs12Load", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "private key not found in PKCS12 file"); + /* private key not found in PKCS12 file */ + xmlSecInternalError("xmlSecNssAppPkcs12Load(private key)", NULL); goto done; } key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(x509Data)); xmlSecKeyDestroy(key); key = NULL; goto done; @@ -1083,12 +887,8 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, ret = xmlSecKeyAdoptData(key, x509Data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); xmlSecKeyDestroy(key); key = NULL; goto done; @@ -1148,31 +948,21 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), secItem, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "format=%d", format); + xmlSecNssError2("__CERT_NewTempCertificate", NULL, + "format=%d", (int)format); return(NULL); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(NULL); } /* get key value */ keyData = xmlSecNssX509CertGetKey(cert); if(keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertGetKey", NULL); CERT_DestroyCertificate(cert); return(NULL); } @@ -1180,11 +970,7 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) /* create key */ key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); xmlSecKeyDataDestroy(keyData); CERT_DestroyCertificate(cert); return(NULL); @@ -1193,11 +979,7 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) /* set key value */ ret = xmlSecKeySetValue(key, keyData); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", NULL); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(keyData); CERT_DestroyCertificate(cert); @@ -1207,11 +989,7 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) /* create cert data */ certData = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id); if(certData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", NULL); xmlSecKeyDestroy(key); CERT_DestroyCertificate(cert); return(NULL); @@ -1220,11 +998,7 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) /* put cert in the cert data */ ret = xmlSecNssKeyDataX509AdoptCert(certData, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", NULL); xmlSecKeyDestroy(key); CERT_DestroyCertificate(cert); return(NULL); @@ -1261,21 +1035,13 @@ xmlSecNssAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppReadSECItem(&secItem, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppReadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppReadSECItem", NULL); return(-1); } ret = xmlSecNssAppKeysMngrCertLoadSECItem(mngr, &secItem, format, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeysMngrCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeysMngrCertLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(-1); } @@ -1311,21 +1077,13 @@ xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* dat memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppCreateSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppCreateSECItem", NULL); return(-1); } ret = xmlSecNssAppKeysMngrCertLoadSECItem(mngr, &secItem, format, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeysMngrCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeysMngrCertLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(-1); } @@ -1360,11 +1118,7 @@ xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem, x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssX509StoreId"); + xmlSecInternalError("xmlSecKeysMngrGetDataStore(xmlSecNssX509StoreId)", NULL); return(-1); } @@ -1373,30 +1127,20 @@ xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem, cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), secItem, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "format=%d", format); + xmlSecNssError2("__CERT_NewTempCertificate", NULL, + "format=%d", (int)format); return(-1); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(-1); } ret = xmlSecNssX509StoreAdoptCert(x509Store, cert, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509StoreAdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509StoreAdoptCert", NULL); CERT_DestroyCertificate(cert); return(-1); } @@ -1427,21 +1171,13 @@ xmlSecNssAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { keysStore = xmlSecKeyStoreCreate(xmlSecNssKeysStoreId); if(keysStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecNssX509StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptKeysStore", NULL); xmlSecKeyStoreDestroy(keysStore); return(-1); } @@ -1449,11 +1185,7 @@ xmlSecNssAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { ret = xmlSecNssKeysMngrInit(mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeysMngrInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeysMngrInit", NULL); return(-1); } @@ -1481,21 +1213,13 @@ xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecNssKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeysStoreAdoptKey", NULL); return(-1); } @@ -1522,21 +1246,14 @@ xmlSecNssAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecNssKeysStoreLoad(store, uri, mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeysStoreLoad", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecNssKeysStoreLoad", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -1563,21 +1280,14 @@ xmlSecNssAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xm store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecNssKeysStoreSave(store, filename, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeysStoreSave", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename%s", xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecNssKeysStoreSave", NULL, + "filename%s", xmlSecErrorsSafeString(filename)); return(-1); } diff --git a/src/nss/bignum.c b/src/nss/bignum.c index 261155e6..761711ef 100644 --- a/src/nss/bignum.c +++ b/src/nss/bignum.c @@ -1,13 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * Reading/writing bignum values * * This is free software; see Copyright file in the source * distribution for precise wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:bignum + * @Short_description: Big numbers support functions implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -19,6 +25,7 @@ #include <libxml/tree.h> #include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> #include <xmlsec/buffer.h> #include <xmlsec/base64.h> #include <xmlsec/errors.h> @@ -29,7 +36,7 @@ /** * xmlSecNssNodeGetBigNumValue: * @arena: the arena from which to allocate memory - * @cur: the poitner to an XML node. + * @cur: the pointer to an XML node. * @a: a SECItem object to hold the BigNum value * * Converts the node content from CryptoBinary format @@ -53,21 +60,13 @@ xmlSecNssNodeGetBigNumValue(PRArenaPool *arena, const xmlNodePtr cur, ret = xmlSecBufferInitialize(&buf, 128); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferBase64NodeContentRead(&buf, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", NULL); xmlSecBufferFinalize(&buf); return(NULL); } @@ -115,11 +114,7 @@ xmlSecNssNodeSetBigNumValue(xmlNodePtr cur, const SECItem *a, int addLineBreaks) ret = xmlSecBufferInitialize(&buf, a->len + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", a->len + 1); + xmlSecInternalError2("xmlSecBufferInitialize", NULL, "size=%d", a->len + 1); return(-1); } @@ -127,34 +122,26 @@ xmlSecNssNodeSetBigNumValue(xmlNodePtr cur, const SECItem *a, int addLineBreaks) ret = xmlSecBufferSetSize(&buf, a->len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", a->len); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", a->len); xmlSecBufferFinalize(&buf); return(-1); } if(addLineBreaks) { - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); } else { xmlNodeSetContent(cur, xmlSecStringEmpty); } ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize()); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentWrite", NULL); xmlSecBufferFinalize(&buf); return(-1); } if(addLineBreaks) { - xmlNodeAddContent(cur, xmlSecStringCR); + xmlNodeAddContent(cur, xmlSecGetDefaultLineFeed()); } xmlSecBufferFinalize(&buf); diff --git a/src/nss/ciphers.c b/src/nss/ciphers.c index cf679368..1c7d27b9 100644 --- a/src/nss/ciphers.c +++ b/src/nss/ciphers.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:ciphers + * @Short_description: Ciphers transforms implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -43,7 +51,6 @@ struct _xmlSecNssBlockCipherCtx { xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; xmlSecSize keySize; xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; - xmlSecSize ivSize; }; static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, xmlSecBufferPtr in, @@ -65,10 +72,10 @@ static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtx xmlSecTransformCtxPtr transformCtx); static int xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { + xmlSecBufferPtr in, xmlSecBufferPtr out, + int encrypt, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { SECItem keyItem; SECItem ivItem; PK11SlotInfo* slot; @@ -94,22 +101,16 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, /* generate random iv */ rv = PK11_GenerateRandom(ctx->iv, ivLen); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", ivLen); + xmlSecNssError2("PK11_GenerateRandom", cipherName, + "size=%d", ivLen); return(-1); } /* write iv to the output */ ret = xmlSecBufferAppend(out, ctx->iv, ivLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ivLen); + xmlSecInternalError2("xmlSecBufferAppend", cipherName, + "size=%d", ivLen); return(-1); } @@ -127,11 +128,8 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, /* and remove from input */ ret = xmlSecBufferRemoveHead(in, ivLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ivLen); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", ivLen); return(-1); } } @@ -141,26 +139,18 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, keyItem.len = ctx->keySize; memset(&ivItem, 0, sizeof(ivItem)); ivItem.data = ctx->iv; - ivItem.len = ctx->ivSize; + ivItem.len = ivLen; slot = PK11_GetBestSlot(ctx->cipher, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", cipherName); return(-1); } symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, - CKA_SIGN, &keyItem, NULL); + CKA_ENCRYPT, &keyItem, NULL); if(symKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportSymKey", cipherName); PK11_FreeSlot(slot); return(-1); } @@ -169,11 +159,7 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, symKey, &ivItem); if(ctx->cipherCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CreateContextBySymKey", cipherName); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); @@ -228,11 +214,8 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, /* we write out the input size plus may be one block */ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + inSize + blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + inSize + blockLen); return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; @@ -240,11 +223,7 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, xmlSecBufferGetData(in), inSize); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CipherOp", cipherName); return(-1); } xmlSecAssert2((xmlSecSize)outLen == inSize, -1); @@ -252,22 +231,16 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + outLen); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } return(0); @@ -307,11 +280,8 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, /* create padding */ ret = xmlSecBufferSetMaxSize(in, blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", blockLen); return(-1); } inBuf = xmlSecBufferGetData(in); @@ -320,11 +290,8 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, if((xmlSecSize)blockLen > (inSize + 1)) { rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", blockLen - inSize - 1); + xmlSecNssError2("PK11_GenerateRandom", cipherName, + "size=%d", ((int)blockLen - inSize - 1)); return(-1); } } @@ -332,11 +299,7 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, inSize = blockLen; } else { if(inSize != (xmlSecSize)blockLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data=%d;block=%d", inSize, blockLen); + xmlSecInvalidSizeError("Input data", inSize, blockLen, cipherName); return(-1); } } @@ -344,11 +307,8 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, /* process last block */ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 2 * blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + 2 * blockLen); return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; @@ -356,11 +316,7 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, xmlSecBufferGetData(in), inSize); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CipherOp", cipherName); return(-1); } xmlSecAssert2((xmlSecSize)outLen == inSize, -1); @@ -368,12 +324,8 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, if(encrypt == 0) { /* check padding */ if(outLen < outBuf[blockLen - 1]) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "padding=%d;buffer=%d", - outBuf[blockLen - 1], outLen); + xmlSecInvalidSizeLessThanError("Input data padding", + inSize, outBuf[blockLen - 1], cipherName); return(-1); } outLen -= outBuf[blockLen - 1]; @@ -382,22 +334,16 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + outLen); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } @@ -487,11 +433,7 @@ xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_AES */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } @@ -563,12 +505,8 @@ xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) < ctx->keySize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "keySize=%d;expected=%d", - xmlSecBufferGetSize(buffer), ctx->keySize); + xmlSecInvalidKeyDataSizeError(xmlSecBufferGetSize(buffer), ctx->keySize, + xmlSecTransformGetName(transform)); return(-1); } @@ -606,20 +544,14 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssBlockCipherCtxInit", + xmlSecTransformGetName(transform)); return(-1); } } if((ctx->ctxInitialized == 0) && (last != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "not enough data to initialize transform"); + xmlSecInvalidDataError("not enough data to initialize transform", + xmlSecTransformGetName(transform)); return(-1); } @@ -628,11 +560,8 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssBlockCipherCtxUpdate", + xmlSecTransformGetName(transform)); return(-1); } } @@ -642,11 +571,8 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssBlockCipherCtxFinal", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -658,11 +584,7 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf /* the only way we can get here is if there is no enough data in the input */ xmlSecAssert2(last == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/nss/crypto.c b/src/nss/crypto.c index ea79519f..a00824dd 100644 --- a/src/nss/crypto.c +++ b/src/nss/crypto.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:crypto + * @Short_description: Crypto transforms implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -75,6 +83,10 @@ xmlSecCryptoGetFunctions_nss(void) { gXmlSecNssFunctions->keyDataDsaGetKlass = xmlSecNssKeyDataDsaGetKlass; #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA + gXmlSecNssFunctions->keyDataEcdsaGetKlass = xmlSecNssKeyDataEcdsaGetKlass; +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_HMAC gXmlSecNssFunctions->keyDataHmacGetKlass = xmlSecNssKeyDataHmacGetKlass; #endif /* XMLSEC_NO_HMAC */ @@ -121,9 +133,33 @@ xmlSecCryptoGetFunctions_nss(void) { /******************************* DSA ********************************/ #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 gXmlSecNssFunctions->transformDsaSha1GetKlass = xmlSecNssTransformDsaSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + gXmlSecNssFunctions->transformDsaSha256GetKlass = xmlSecNssTransformDsaSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ + /******************************* ECDSA ******************************/ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 + gXmlSecNssFunctions->transformEcdsaSha1GetKlass = xmlSecNssTransformEcdsaSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + gXmlSecNssFunctions->transformEcdsaSha224GetKlass = xmlSecNssTransformEcdsaSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ +#ifndef XMLSEC_NO_SHA256 + gXmlSecNssFunctions->transformEcdsaSha256GetKlass = xmlSecNssTransformEcdsaSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + gXmlSecNssFunctions->transformEcdsaSha384GetKlass = xmlSecNssTransformEcdsaSha384GetKlass; +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + gXmlSecNssFunctions->transformEcdsaSha512GetKlass = xmlSecNssTransformEcdsaSha512GetKlass; +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + /******************************* HMAC ********************************/ #ifndef XMLSEC_NO_HMAC @@ -139,6 +175,10 @@ xmlSecCryptoGetFunctions_nss(void) { gXmlSecNssFunctions->transformHmacSha1GetKlass = xmlSecNssTransformHmacSha1GetKlass; #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + gXmlSecNssFunctions->transformHmacSha224GetKlass = xmlSecNssTransformHmacSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 gXmlSecNssFunctions->transformHmacSha256GetKlass = xmlSecNssTransformHmacSha256GetKlass; #endif /* XMLSEC_NO_SHA256 */ @@ -164,6 +204,10 @@ xmlSecCryptoGetFunctions_nss(void) { gXmlSecNssFunctions->transformRsaSha1GetKlass = xmlSecNssTransformRsaSha1GetKlass; #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + gXmlSecNssFunctions->transformRsaSha224GetKlass = xmlSecNssTransformRsaSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 gXmlSecNssFunctions->transformRsaSha256GetKlass = xmlSecNssTransformRsaSha256GetKlass; #endif /* XMLSEC_NO_SHA256 */ @@ -193,6 +237,9 @@ xmlSecCryptoGetFunctions_nss(void) { #ifndef XMLSEC_NO_SHA1 gXmlSecNssFunctions->transformSha1GetKlass = xmlSecNssTransformSha1GetKlass; #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + gXmlSecNssFunctions->transformSha224GetKlass = xmlSecNssTransformSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 gXmlSecNssFunctions->transformSha256GetKlass = xmlSecNssTransformSha256GetKlass; #endif /* XMLSEC_NO_SHA256 */ @@ -246,11 +293,7 @@ int xmlSecNssInit (void) { /* Check loaded xmlsec library version */ if(xmlSecCheckVersionExact() != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCheckVersionExact", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCheckVersionExact", NULL); return(-1); } @@ -259,11 +302,7 @@ xmlSecNssInit (void) { /* register our klasses */ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL); return(-1); } @@ -303,21 +342,13 @@ xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) { x509Store = xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssX509StoreId"); + xmlSecInternalError("xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptDataStore", NULL); xmlSecKeyDataStoreDestroy(x509Store); return(-1); } @@ -342,22 +373,14 @@ xmlSecNssGetInternalKeySlot() slot = PK11_GetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GetInternalKeySlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_GetInternalKeySlot", NULL); return NULL; } if (PK11_NeedUserInit(slot)) { rv = PK11_InitPin(slot, NULL, NULL); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_Authenticate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_InitPin", NULL); return NULL; } } @@ -365,11 +388,8 @@ xmlSecNssGetInternalKeySlot() if(PK11_IsLoggedIn(slot, NULL) != PR_TRUE) { rv = PK11_Authenticate(slot, PR_TRUE, NULL); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_Authenticate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError2("PK11_Authenticate", NULL, + "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot))); return NULL; } } @@ -396,22 +416,15 @@ xmlSecNssGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { ret = xmlSecBufferSetSize(buffer, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", size); return(-1); } /* get random data */ rv = PK11_GenerateRandom((xmlSecByte*)xmlSecBufferGetData(buffer), size); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", size); + xmlSecNssError2("PK11_GenerateRandom", NULL, + "size=%lu", (unsigned long)size); return(-1); } return(0); @@ -427,18 +440,11 @@ xmlSecNssGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { * @reason: the error code. * @msg: the additional error message. * - * The default errors reporting callback function. + * The errors reporting callback function. Just a pass through to the default callback. */ void xmlSecNssErrorsDefaultCallback(const char* file, int line, const char* func, const char* errorObject, const char* errorSubject, int reason, const char* msg) { - xmlChar buf[500]; - int err; - - err = PORT_GetError(); - xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "%s;last nss error=%d (0x%08X)", msg, err, err); - xmlSecErrorsDefaultCallback(file, line, func, - errorObject, errorSubject, - reason, (char*)buf); + xmlSecErrorsDefaultCallback(file, line, func, errorObject, errorSubject, reason, msg); } diff --git a/src/nss/digests.c b/src/nss/digests.c index 2a81375c..3bcfb04d 100644 --- a/src/nss/digests.c +++ b/src/nss/digests.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:digests + * @Short_description: Digests transforms implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -77,6 +85,12 @@ xmlSecNssDigestCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { return(1); @@ -123,6 +137,11 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha224Id)) { + ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA224); + } else +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { @@ -143,30 +162,18 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_SHA512 */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } if(ctx->digest == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SECOID_FindOIDByTag", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SECOID_FindOIDByTag", xmlSecTransformGetName(transform)); return(-1); } ctx->digestCtx = PK11_CreateDigestContext(ctx->digest->offset); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateDigestContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_CreateDigestContext", xmlSecTransformGetName(transform)); return(-1); } @@ -207,22 +214,16 @@ xmlSecNssDigestVerify(xmlSecTransformPtr transform, xmlSecAssert2(ctx->dgstSize > 0, -1); if(dataSize != ctx->dgstSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data and digest sizes are different (data=%d, dgst=%d)", - dataSize, ctx->dgstSize); + xmlSecInvalidIntegerDataError2("dataSize", dataSize, + "dgstSize", ctx->dgstSize, "dataSize == dgstSize", + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } if(memcmp(ctx->dgst, data, dataSize) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data and digest do not match"); + xmlSecInvalidDataError("data and digest do not match", + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } @@ -253,11 +254,7 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt if(transform->status == xmlSecTransformStatusNone) { rv = PK11_DigestBegin(ctx->digestCtx); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestBegin", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -270,21 +267,15 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt if(inSize > 0) { rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestOp", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -293,11 +284,7 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst)); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestFinal", xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(dgstSize > 0, -1); @@ -306,11 +293,9 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ctx->dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", ctx->dgstSize); return(-1); } } @@ -320,11 +305,7 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -428,6 +409,53 @@ xmlSecNssTransformSha1GetKlass(void) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/****************************************************************************** + * + * SHA224 Digest transforms + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecNssSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssDigestSize, /* xmlSecSize objSize */ + + /* data */ + xmlSecNameSha224, /* const xmlChar* name; */ + xmlSecHrefSha224, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + + /* methods */ + xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformSha224GetKlass: + * + * SHA224 digest transform klass. + * + * Returns: pointer to SHA224 digest transform klass. + */ +xmlSecTransformId +xmlSecNssTransformSha224GetKlass(void) { + return(&xmlSecNssSha224Klass); +} +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 /****************************************************************************** diff --git a/src/nss/globals.h b/src/nss/globals.h index 065c3e8f..c3dec2d8 100644 --- a/src/nss/globals.h +++ b/src/nss/globals.h @@ -21,4 +21,48 @@ #define IN_XMLSEC_CRYPTO #define XMLSEC_PRIVATE +/* Include common error helper macros. */ +#include "../errors_helpers.h" + +/** + * xmlSecNssError: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting NSS crypro errors. + */ +#define xmlSecNssError(errorFunction, errorObject) \ + { \ + PRInt32 error_code = PR_GetError(); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "NSS error: %ld", \ + (long int)error_code \ + ); \ + } + +/** + * xmlSecNssError2: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting NSS crypro errors. + */ +#define xmlSecNssError2(errorFunction, errorObject, msg, param) \ + { \ + PRInt32 error_code = PR_GetError(); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + msg "; NSS error: %ld", \ + (param), \ + (long int)error_code \ + ); \ + } + #endif /* ! __XMLSEC_GLOBALS_H__ */ diff --git a/src/nss/hmac.c b/src/nss/hmac.c index 79fbf40d..e25b1e61 100644 --- a/src/nss/hmac.c +++ b/src/nss/hmac.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for NSS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -125,6 +133,12 @@ xmlSecNssHmacCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) { return(1); @@ -176,6 +190,12 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha224Id)) { + ctx->digestType = CKM_SHA224_HMAC; + } else +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) { ctx->digestType = CKM_SHA256_HMAC; @@ -196,11 +216,7 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } return(0); @@ -272,11 +288,8 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans small value */ if((int)ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "HMAC output length is too small"); + xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), + "HMAC output length is too small"); return(-1); } @@ -284,11 +297,7 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -345,11 +354,7 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key is empty"); + xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform)); return(-1); } @@ -360,33 +365,21 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { slot = PK11_GetBestSlot(ctx->digestType, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform)); return(-1); } symKey = PK11_ImportSymKey(slot, ctx->digestType, PK11_OriginDerive, CKA_SIGN, &keyItem, NULL); if(symKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_ImportSymKey", xmlSecTransformGetName(transform)); PK11_FreeSlot(slot); return(-1); } ctx->digestCtx = PK11_CreateContextBySymKey(ctx->digestType, CKA_SIGN, symKey, &ignore); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_CreateContextBySymKey", xmlSecTransformGetName(transform)); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); @@ -421,36 +414,29 @@ xmlSecNssHmacVerify(xmlSecTransformPtr transform, /* compare the digest size in bytes */ if(dataSize != ((ctx->dgstSize + 7) / 8)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data=%d;dgst=%d", - dataSize, ((ctx->dgstSize + 7) / 8)); + xmlSecInvalidSizeError("HMAC digest", + dataSize, ((ctx->dgstSize + 7) / 8), + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } - /* we check the last byte separatelly */ + /* we check the last byte separately */ xmlSecAssert2(dataSize > 0, -1); mask = last_byte_masks[ctx->dgstSize % 8]; if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match (last byte)"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match (last byte)"); transform->status = xmlSecTransformStatusFail; return(0); } /* now check the rest of the digest */ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -481,11 +467,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP if(transform->status == xmlSecTransformStatusNone) { rv = PK11_DigestBegin(ctx->digestCtx); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestBegin", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -498,21 +480,15 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP if(inSize > 0) { rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestOp", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -521,11 +497,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst)); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestFinal", xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(dgstSize > 0, -1); @@ -536,23 +508,18 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP } else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) { dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "result-bits=%d;required-bits=%d", - 8 * dgstSize, ctx->dgstSize); + xmlSecInvalidSizeLessThanError("HMAC digest (bits)", + 8 * dgstSize, ctx->dgstSize, + xmlSecTransformGetName(transform)); return(-1); } if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", dgstSize); return(-1); } } @@ -562,11 +529,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "size=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -712,6 +675,52 @@ xmlSecNssTransformHmacSha1GetKlass(void) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/****************************************************************************** + * + * HMAC SHA224 + * + ******************************************************************************/ +static xmlSecTransformKlass xmlSecNssHmacSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ + + xmlSecNameHmacSha224, /* const xmlChar* name; */ + xmlSecHrefHmacSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformHmacSha224GetKlass: + * + * The HMAC-SHA224 transform klass. + * + * Returns: the HMAC-SHA224 transform klass. + */ +xmlSecTransformId +xmlSecNssTransformHmacSha224GetKlass(void) { + return(&xmlSecNssHmacSha224Klass); +} +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 /****************************************************************************** * diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c index 057fc454..6dbf6b74 100644 --- a/src/nss/keysstore.c +++ b/src/nss/keysstore.c @@ -1,5 +1,16 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for precise wording. + * + * Copyright (c) 2003 America Online, Inc. All rights reserved. + */ /** - * XMLSec library + * SECTION:keysstore + * @Short_description: Keys store implementation for NSS. + * @Stability: Stable * * Nss keys store that uses Simple Keys Store under the hood. Uses the * Nss DB as a backing store for the finding keys, but the NSS DB is @@ -10,11 +21,6 @@ * DB. * Thus, the NSS DB can be used to pre-load keys and becomes an alternate * source of keys for xmlsec - * - * This is free software; see Copyright file in the source - * distribution for precise wording. - * - * Copyright (c) 2003 America Online, Inc. All rights reserved. */ #include "globals.h" @@ -126,7 +132,7 @@ xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { */ int xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, - xmlSecKeysMngrPtr keysMngr) { + xmlSecKeysMngrPtr keysMngr ATTRIBUTE_UNUSED) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; @@ -139,22 +145,14 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, doc = xmlParseFile(uri); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlParseFile", - XMLSEC_ERRORS_R_XML_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecXmlError2("xmlParseFile", xmlSecKeyStoreGetName(store), + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } root = xmlDocGetRootElement(doc); if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(root)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=<xmlsec:Keys>"); + xmlSecInvalidNodeError(root, BAD_CAST "Keys", xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -163,30 +161,23 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } keyInfoCtx.mode = xmlSecKeyInfoModeRead; - keyInfoCtx.keysMngr = keysMngr; + keyInfoCtx.keysMngr = NULL; keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND | XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; @@ -195,11 +186,8 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoNodeRead", + xmlSecKeyStoreGetName(store)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlSecKeyDestroy(key); xmlFreeDoc(doc); @@ -210,11 +198,8 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, if(xmlSecKeyIsValid(key)) { ret = xmlSecNssKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecNssKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeysStoreAdoptKey", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); @@ -227,11 +212,7 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -275,11 +256,8 @@ xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(*ss == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)", + xmlSecKeyStoreGetName(store)); return(-1); } @@ -346,11 +324,7 @@ xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, if (keyReq->keyType & xmlSecKeyDataTypePublic) { pubkey = CERT_ExtractPublicKey(cert); if (pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_ExtractPublicKey", NULL); goto done; } } @@ -358,22 +332,14 @@ xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, if (keyReq->keyType & xmlSecKeyDataTypePrivate) { privkey = PK11_FindKeyByAnyCert(cert, NULL); if (privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_FindKeyByAnyCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_FindKeyByAnyCert", NULL); goto done; } } data = xmlSecNssPKIAdoptKey(privkey, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL); goto done; } privkey = NULL; @@ -381,78 +347,50 @@ xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, key = xmlSecKeyCreate(); if (key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); return (NULL); } x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)); goto done; } ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); goto done; } cert = CERT_DupCertificate(cert); if (cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); goto done; } cert = NULL; ret = xmlSecKeySetValue(key, data); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); goto done; } x509Data = NULL; diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c index d84593b9..1772de85 100644 --- a/src/nss/keytrans.c +++ b/src/nss/keytrans.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * AES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright ................................. + * Copyright (c) 2003 America Online, Inc. All rights reserved. + */ +/** + * SECTION:keytrans + * @Short_description: RSA Key Transport transforms implementation for NSS. + * @Stability: Private + * */ + #include "globals.h" #include <stdlib.h> @@ -39,17 +44,17 @@ typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTran typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr; #define xmlSecNssKeyTransportSize \ - ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) -#define xmlSecNssKeyTransportGetCtx( transform ) \ - ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) + (sizeof(xmlSecTransform) + sizeof(xmlSecNssKeyTransportCtx)) +#define xmlSecNssKeyTransportGetCtx(transform) \ + ((xmlSecNssKeyTransportCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) struct _xmlSecNssKeyTransportCtx { - CK_MECHANISM_TYPE cipher ; - SECKEYPublicKey* pubkey ; - SECKEYPrivateKey* prikey ; - xmlSecKeyDataId keyId ; - xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ -} ; + CK_MECHANISM_TYPE cipher; + SECKEYPublicKey* pubkey; + SECKEYPrivateKey* prikey; + xmlSecKeyDataId keyId; + xmlSecBufferPtr material; /* to be encrypted/decrypted material */ +}; static int xmlSecNssKeyTransportInitialize (xmlSecTransformPtr transform); static void xmlSecNssKeyTransportFinalize (xmlSecTransformPtr transform); @@ -89,12 +94,12 @@ xmlSecNssKeyTransportCheckId(xmlSecTransformPtr transform) { static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { - xmlSecNssKeyTransportCtxPtr context ; + xmlSecNssKeyTransportCtxPtr context; xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert2( context != NULL , -1 ) ; + context = xmlSecNssKeyTransportGetCtx(transform); + xmlSecAssert2(context != NULL, -1); /* initialize context */ memset(context, 0, sizeof(xmlSecNssKeyTransportCtx)); @@ -122,11 +127,7 @@ xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNotImplementedError(xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); return(-1); } @@ -135,43 +136,43 @@ xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { - xmlSecNssKeyTransportCtxPtr context ; + xmlSecNssKeyTransportCtxPtr context; xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert( context != NULL ) ; + context = xmlSecNssKeyTransportGetCtx(transform); + xmlSecAssert(context != NULL); - if( context->pubkey != NULL ) { - SECKEY_DestroyPublicKey( context->pubkey ) ; - context->pubkey = NULL ; + if(context->pubkey != NULL) { + SECKEY_DestroyPublicKey(context->pubkey); + context->pubkey = NULL; } - if( context->prikey != NULL ) { - SECKEY_DestroyPrivateKey( context->prikey ) ; - context->prikey = NULL ; + if(context->prikey != NULL) { + SECKEY_DestroyPrivateKey(context->prikey); + context->prikey = NULL; } - if( context->material != NULL ) { + if(context->material != NULL) { xmlSecBufferDestroy(context->material); - context->material = NULL ; + context->material = NULL; } } static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecNssKeyTransportCtxPtr context ; + xmlSecNssKeyTransportCtxPtr context; xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(keyReq != NULL, -1); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert2( context != NULL , -1 ) ; + context = xmlSecNssKeyTransportGetCtx(transform); + xmlSecAssert2(context != NULL, -1); - keyReq->keyId = context->keyId; + keyReq->keyId = context->keyId; if(transform->operation == xmlSecTransformOperationEncrypt) { keyReq->keyUsage = xmlSecKeyUsageEncrypt; keyReq->keyType = xmlSecKeyDataTypePublic; @@ -185,480 +186,373 @@ xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr ke static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { - xmlSecNssKeyTransportCtxPtr context = NULL ; - xmlSecKeyDataPtr keyData = NULL ; - SECKEYPublicKey* pubkey = NULL ; - SECKEYPrivateKey* prikey = NULL ; + xmlSecNssKeyTransportCtxPtr context = NULL; + xmlSecKeyDataPtr keyData = NULL; + SECKEYPublicKey* pubkey = NULL; + SECKEYPrivateKey* prikey = NULL; xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(key != NULL, -1); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - if( (context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL) ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportGetCtx" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + context = xmlSecNssKeyTransportGetCtx(transform); + if((context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL)) { + xmlSecInternalError("xmlSecNssKeyTransportGetCtx", xmlSecTransformGetName(transform)); return(-1); } - xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; - - keyData = xmlSecKeyGetValue( key ) ; - if( keyData == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , - "xmlSecKeyGetValue" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecAssert2(xmlSecKeyCheckId(key, context->keyId), -1); + + keyData = xmlSecKeyGetValue(key); + if(keyData == NULL) { + xmlSecInternalError("xmlSecKeyGetValue", xmlSecTransformGetName(transform)); return(-1); } if(transform->operation == xmlSecTransformOperationEncrypt) { - if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , - "xmlSecNssPKIKeyDataGetPubKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + pubkey = xmlSecNssPKIKeyDataGetPubKey(keyData); + if(pubkey == NULL) { + xmlSecInternalError("xmlSecNssPKIKeyDataGetPubKey", xmlSecKeyDataGetName(keyData)); + return(-1); } - - context->pubkey = pubkey ; + context->pubkey = pubkey; } else { - if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , - "xmlSecNssPKIKeyDataGetPrivKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + prikey = xmlSecNssPKIKeyDataGetPrivKey(keyData); + if(prikey == NULL) { + xmlSecInternalError("xmlSecNssPKIKeyDataGetPrivKey", xmlSecKeyDataGetName(keyData)); + return(-1); } - - context->prikey = prikey ; + context->prikey = prikey; } - return(0) ; + /* done */ + return(0); } static int -xmlSecNssKeyTransportCtxInit( - xmlSecNssKeyTransportCtxPtr ctx , - xmlSecBufferPtr in , - xmlSecBufferPtr out , - int encrypt , - xmlSecTransformCtxPtr transformCtx -) { - int blockSize ; - - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - if( ctx->material != NULL ) { - xmlSecBufferDestroy( ctx->material ) ; - ctx->material = NULL ; - } +xmlSecNssKeyTransportCtxInit(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, + int encrypt, xmlSecTransformCtxPtr transformCtx) { + int blockSize; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != CKM_INVALID_MECHANISM, -1); + xmlSecAssert2((ctx->pubkey != NULL && encrypt) || (ctx->prikey != NULL && !encrypt), -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + if(ctx->material != NULL) { + xmlSecBufferDestroy(ctx->material); + ctx->material = NULL; + } - if( ctx->pubkey != NULL ) { - blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; - } else if( ctx->prikey != NULL ) { - blockSize = PK11_SignatureLen( ctx->prikey ) ; - } else { - blockSize = -1 ; + if(ctx->pubkey != NULL) { + blockSize = SECKEY_PublicKeyStrength(ctx->pubkey); + if(blockSize <= 0) { + xmlSecNssError("SECKEY_PublicKeyStrength", NULL); + return(-1); } - - if( blockSize < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + } else if(ctx->prikey != NULL) { + blockSize = PK11_SignatureLen(ctx->prikey); + if(blockSize <= 0) { + xmlSecNssError("PK11_SignatureLen", NULL); + return(-1); } + } else { + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_NOT_FOUND, NULL, + "neither public or private keys are set"); + return(-1); + } - ctx->material = xmlSecBufferCreate( blockSize ) ; - if( ctx->material == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferCreate" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + ctx->material = xmlSecBufferCreate(blockSize); + if(ctx->material == NULL) { + xmlSecInternalError2("xmlSecBufferSetData", NULL, + "size=%lu", (long unsigned)blockSize); + return(-1); + } - /* read raw key material into context */ - if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferSetData" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + /* read raw key material into context */ + if(xmlSecBufferSetData(ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferSetData", NULL, + "size=%lu", (long unsigned)xmlSecBufferGetSize(in)); + return(-1); + } - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + if(xmlSecBufferRemoveHead(in, xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", NULL, + "size=%lu", (long unsigned)xmlSecBufferGetSize(in)); + return(-1); + } - return(0); + return(0); } static int -xmlSecNssKeyTransportCtxUpdate( - xmlSecNssKeyTransportCtxPtr ctx , - xmlSecBufferPtr in , - xmlSecBufferPtr out , - int encrypt , - xmlSecTransformCtxPtr transformCtx -) { - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( ctx->material != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - /* read raw key material and append into context */ - if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } +xmlSecNssKeyTransportCtxUpdate(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, + int encrypt, xmlSecTransformCtxPtr transformCtx) { + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != CKM_INVALID_MECHANISM, -1); + xmlSecAssert2((ctx->pubkey != NULL && encrypt) || (ctx->prikey != NULL && !encrypt), -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(ctx->material != NULL, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + /* read raw key material and append into context */ + if(xmlSecBufferAppend(ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferAppend", NULL, + "size=%lu", (long unsigned)xmlSecBufferGetSize(in)); + return(-1); + } - return(0); + if(xmlSecBufferRemoveHead(in, xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", NULL, + "size=%lu", (long unsigned)xmlSecBufferGetSize(in)); + return(-1); + } + return(0); } static int -xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, +xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, xmlSecTransformCtxPtr transformCtx) { - PK11SymKey* symKey ; - PK11SlotInfo* slot ; - SECItem oriskv ; - int blockSize ; - xmlSecBufferPtr result ; - - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( ctx->material != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - /* read raw key material and append into context */ - if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + PK11SymKey* symKey; + PK11SlotInfo* slot; + SECItem oriskv; + int blockSize; + xmlSecBufferPtr result; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != CKM_INVALID_MECHANISM, -1); + xmlSecAssert2((ctx->pubkey != NULL && encrypt) || (ctx->prikey != NULL && !encrypt), -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(ctx->material != NULL, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + /* read raw key material and append into context */ + if(xmlSecBufferAppend(ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferAppend", NULL, + "size=%lu", (unsigned long)xmlSecBufferGetSize(in)); + return(-1); + } + + if(xmlSecBufferRemoveHead(in, xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", NULL, + "size=%lu", (unsigned long)xmlSecBufferGetSize(in)); + return(-1); + } + + /* Now we get all of the key material */ + /* from now on we will wrap or unwrap the key */ + if(ctx->pubkey != NULL) { + blockSize = SECKEY_PublicKeyStrength(ctx->pubkey); + if(blockSize <= 0) { + xmlSecNssError("SECKEY_PublicKeyStrength", NULL); + return(-1); + } + } else if(ctx->prikey != NULL) { + blockSize = PK11_SignatureLen(ctx->prikey); + if(blockSize <= 0) { + xmlSecNssError("PK11_SignatureLen", NULL); + return(-1); } + } else { + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_NOT_FOUND, NULL, + "neither public or private keys are set"); + return(-1); + } + + result = xmlSecBufferCreate(blockSize * 2); + if(result == NULL) { + xmlSecInternalError("xmlSecBufferCreate", NULL); + return(-1); + } + + oriskv.type = siBuffer; + oriskv.data = xmlSecBufferGetData(ctx->material); + oriskv.len = xmlSecBufferGetSize(ctx->material); + + if(encrypt != 0) { + CK_OBJECT_HANDLE id; + SECItem wrpskv; + + /* Create template symmetric key from material */ + slot = ctx->pubkey->pkcs11Slot; + if(slot == NULL) { + slot = PK11_GetBestSlot(ctx->cipher, NULL); + if(slot == NULL) { + xmlSecNssError("PK11_GetBestSlot", NULL); + xmlSecBufferDestroy(result); + return(-1); + } - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + id = PK11_ImportPublicKey(slot, ctx->pubkey, PR_FALSE); + if(id == CK_INVALID_HANDLE) { + xmlSecNssError("PK11_ImportPublicKey", NULL); + xmlSecBufferDestroy(result); + PK11_FreeSlot(slot); return(-1); + } } - /* Now we get all of the key materail */ - /* from now on we will wrap or unwrap the key */ - if( ctx->pubkey != NULL ) { - blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; - } else if( ctx->prikey != NULL ) { - blockSize = PK11_SignatureLen( ctx->prikey ) ; - } else { - blockSize = -1 ; + /* pay attention to mechanism */ + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL); + if(symKey == NULL) { + xmlSecNssError("PK11_ImportSymKey", NULL); + xmlSecBufferDestroy(result); + PK11_FreeSlot(slot); + return(-1); } - if( blockSize < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_GetBlockSize" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + wrpskv.type = siBuffer; + wrpskv.data = xmlSecBufferGetData(result); + wrpskv.len = xmlSecBufferGetMaxSize(result); + + if(PK11_PubWrapSymKey(ctx->cipher, ctx->pubkey, symKey, &wrpskv) != SECSuccess) { + xmlSecNssError("PK11_PubWrapSymKey", NULL); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + PK11_FreeSlot(slot); + return(-1); } - result = xmlSecBufferCreate( blockSize * 2 ) ; - if( result == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL, - "xmlSecBufferCreate" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE) ; - return(-1); + if(xmlSecBufferSetSize(result, wrpskv.len) < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%lu", (unsigned long)wrpskv.len); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + PK11_FreeSlot(slot); + return(-1); + } + PK11_FreeSymKey(symKey); + PK11_FreeSlot(slot); + } else { + SECItem* keyItem; + + /* pay attention to mechanism */ + symKey = PK11_PubUnwrapSymKey(ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0); + if(symKey == NULL) { + xmlSecNssError("PK11_PubUnwrapSymKey", NULL); + xmlSecBufferDestroy(result); + return(-1); } - oriskv.type = siBuffer ; - oriskv.data = xmlSecBufferGetData( ctx->material ) ; - oriskv.len = xmlSecBufferGetSize( ctx->material ) ; - - if( encrypt != 0 ) { - CK_OBJECT_HANDLE id ; - SECItem wrpskv ; - - /* Create template symmetric key from material */ - slot = ctx->pubkey->pkcs11Slot; - if( slot == NULL ) { - slot = PK11_GetBestSlot( ctx->cipher, NULL ) ; - if( slot == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecNssSlotGet" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; - if( id == CK_INVALID_HANDLE ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ImportPublicKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - } - - /* pay attention to mechanism */ - symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; - if( symKey == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ImportSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - - wrpskv.type = siBuffer ; - wrpskv.data = xmlSecBufferGetData( result ) ; - wrpskv.len = xmlSecBufferGetMaxSize( result ) ; - - if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubWrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - - if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferSetSize" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - PK11_FreeSymKey( symKey ) ; - PK11_FreeSlot( slot ) ; - } else { - SECItem* keyItem ; - - /* pay attention to mechanism */ - symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ); - if( symKey == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubUnwrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - /* Extract raw data from symmetric key */ - if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ExtractKeyValue" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - keyItem = PK11_GetKeyData( symKey ); - if( keyItem == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_GetKeyData" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubUnwrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - PK11_FreeSymKey( symKey ) ; + /* Extract raw data from symmetric key */ + if(PK11_ExtractKeyValue(symKey) != SECSuccess) { + xmlSecNssError("PK11_ExtractKeyValue", NULL); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + return(-1); } - /* Write output */ - if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); + keyItem = PK11_GetKeyData(symKey); + if(keyItem == NULL) { + xmlSecNssError("PK11_GetKeyData", NULL); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + return(-1); + } + + if(xmlSecBufferSetData(result, keyItem->data, keyItem->len) < 0) { + xmlSecInternalError2("xmlSecBufferSetData", NULL, + "size=%lu", (unsigned long)keyItem->len); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + return(-1); } + PK11_FreeSymKey(symKey); + } + + /* Write output */ + if(xmlSecBufferAppend(out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result)) < 0) { + xmlSecInternalError2("xmlSecBufferAppend", NULL, + "size=%lu", (unsigned long)xmlSecBufferGetSize(result)); xmlSecBufferDestroy(result); + return(-1); + } - return(0); + /* done */ + xmlSecBufferDestroy(result); + return(0); } static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecNssKeyTransportCtxPtr context = NULL ; - xmlSecBufferPtr inBuf, outBuf ; - int operation ; - int rtv ; - - xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; - xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; - xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - context = xmlSecNssKeyTransportGetCtx( transform ) ; - if( context == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportGetCtx" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNssKeyTransportCtxPtr context = NULL; + xmlSecBufferPtr inBuf, outBuf; + int operation; + int rtv; + + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + context = xmlSecNssKeyTransportGetCtx(transform); + if(context == NULL) { + xmlSecInternalError("xmlSecNssKeyTransportGetCtx", + xmlSecTransformGetName(transform)); + return(-1); + } + + inBuf = &(transform->inBuf); + outBuf = &(transform->outBuf); + + if(transform->status == xmlSecTransformStatusNone) { + transform->status = xmlSecTransformStatusWorking; + } + + operation = (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0; + if(transform->status == xmlSecTransformStatusWorking) { + if(context->material == NULL) { + rtv = xmlSecNssKeyTransportCtxInit(context, inBuf, outBuf, operation, transformCtx); + if(rtv < 0) { + xmlSecInternalError("xmlSecNssKeyTransportCtxInit", + xmlSecTransformGetName(transform)); return(-1); + } } - inBuf = &( transform->inBuf ) ; - outBuf = &( transform->outBuf ) ; + if((context->material == NULL) && (last != 0)) { + xmlSecInvalidTransfromStatusError2(transform, + "No enough data to initialize transform"); + return(-1); + } - if( transform->status == xmlSecTransformStatusNone ) { - transform->status = xmlSecTransformStatusWorking ; + if(context->material != NULL) { + rtv = xmlSecNssKeyTransportCtxUpdate(context, inBuf, outBuf, operation, transformCtx); + if(rtv < 0) { + xmlSecInternalError("xmlSecNssKeyTransportCtxUpdate", + xmlSecTransformGetName(transform)); + return(-1); + } } - operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; - if( transform->status == xmlSecTransformStatusWorking ) { - if( context->material == NULL ) { - rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxInit" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - } - - if( (context->material == NULL) && (last != 0) ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "No enough data to intialize transform" ) ; - return(-1); - } - - if( context->material != NULL ) { - rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxUpdate" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - } - - if( last ) { - rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxFinal" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - transform->status = xmlSecTransformStatusFinished ; - } - } else if( transform->status == xmlSecTransformStatusFinished ) { - if( xmlSecBufferGetSize( inBuf ) != 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "status=%d", transform->status ) ; - return(-1); - } - } else { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "status=%d", transform->status ) ; + if(last) { + rtv = xmlSecNssKeyTransportCtxFinal(context, inBuf, outBuf, operation, transformCtx); + if(rtv < 0) { + xmlSecInternalError("xmlSecNssKeyTransportCtxFinal", + xmlSecTransformGetName(transform)); return(-1); + } + transform->status = xmlSecTransformStatusFinished; } + } else if(transform->status == xmlSecTransformStatusFinished) { + if(xmlSecBufferGetSize(inBuf) != 0) { + xmlSecInvalidTransfromStatusError2(transform, + "More data available in the input buffer"); + return(-1); + } + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } - return(0); + return(0); } diff --git a/src/nss/kw_aes.c b/src/nss/kw_aes.c index cea884eb..fceacb06 100644 --- a/src/nss/kw_aes.c +++ b/src/nss/kw_aes.c @@ -1,8 +1,6 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * AES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -10,6 +8,13 @@ * Copyright (c) 2003 America Online, Inc. All rights reserved. * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_aes + * @Short_description: AES Key Transport transforms implementation for NSS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_AES #include "globals.h" @@ -242,21 +247,14 @@ xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) { } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } @@ -321,12 +319,8 @@ xmlSecNssKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < ctx->keyExpectedSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key=%d;expected=%d", - keySize, ctx->keyExpectedSize); + xmlSecInvalidKeyDataSizeError(keySize, ctx->keyExpectedSize, + xmlSecTransformGetName(transform)); return(-1); } @@ -334,12 +328,9 @@ xmlSecNssKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecBufferGetData(buffer), ctx->keyExpectedSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "expected-size=%d", - ctx->keyExpectedSize); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "expected-size=%d", ctx->keyExpectedSize); return(-1); } @@ -378,11 +369,9 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % 8) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d(not 8 bytes aligned)", inSize); + xmlSecInvalidSizeNotMultipleOfError("Input data", + inSize, 8, + xmlSecTransformGetName(transform)); return(-1); } @@ -396,11 +385,9 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "outSize=%d", outSize); return(-1); } @@ -410,11 +397,9 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx /* create key */ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 1); /* encrypt */ if(aeskey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssMakeAesKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError2("xmlSecNssMakeAesKey", + xmlSecTransformGetName(transform), + "keySize=%lu", (unsigned long)keySize); return(-1); } @@ -424,11 +409,11 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError3("xmlSecKWAesEncode", + xmlSecTransformGetName(transform), + "inSize=%lu; outSize=%lu", + (unsigned long)inSize, + (unsigned long)outSize); PK11_FreeSymKey(aeskey); return(-1); } @@ -441,11 +426,9 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx /* create key */ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 0); /* decrypt */ if(aeskey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssMakeAesKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError2("xmlSecNssMakeAesKey", + xmlSecTransformGetName(transform), + "keySize=%lu", (unsigned long)keySize); return(-1); } @@ -454,11 +437,11 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesDecode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError3("xmlSecKWAesDecode", + xmlSecTransformGetName(transform), + "inSize=%lu; outSize=%lu", + (unsigned long)inSize, + (unsigned long)outSize); PK11_FreeSymKey(aeskey); return(-1); } @@ -469,21 +452,17 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "outSize=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "inSize%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "inSize%d", inSize); return(-1); } @@ -492,11 +471,7 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -523,11 +498,7 @@ xmlSecNSSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize, /* one block */ ret = xmlSecNssAesOp(aeskey, in, out, 1); /* encrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAesOp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAesOp", NULL); return(-1); } return(XMLSEC_KW_AES_BLOCK_SIZE); @@ -549,11 +520,7 @@ xmlSecNSSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, /* one block */ ret = xmlSecNssAesOp(aeskey, in, out, 0); /* decrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAesOp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAesOp", NULL); return(-1); } return(XMLSEC_KW_AES_BLOCK_SIZE); @@ -572,11 +539,7 @@ xmlSecNssMakeAesKey(const xmlSecByte *key, xmlSecSize keySize, int enc) { cipherMech = CKM_AES_ECB; slot = PK11_GetBestSlot(cipherMech, NULL); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", NULL); goto done; } @@ -585,11 +548,7 @@ xmlSecNssMakeAesKey(const xmlSecByte *key, xmlSecSize keySize, int enc) { aeskey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL); if (aeskey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportSymKey", NULL); goto done; } @@ -619,11 +578,7 @@ xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int en cipherMech = CKM_AES_ECB; SecParam = PK11_ParamFromIV(cipherMech, NULL); if (SecParam == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ParamFromIV", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ParamFromIV", NULL); goto done; } @@ -631,11 +586,7 @@ xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int en enc ? CKA_ENCRYPT : CKA_DECRYPT, aeskey, SecParam); if (EncContext == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CreateContextBySymKey", NULL); goto done; } @@ -644,22 +595,14 @@ xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int en XMLSEC_KW_AES_BLOCK_SIZE, (unsigned char *)in, XMLSEC_KW_AES_BLOCK_SIZE); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CipherOp", NULL); goto done; } rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, &tmp2_outlen, XMLSEC_KW_AES_BLOCK_SIZE-tmp1_outlen); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestFinal", NULL); goto done; } diff --git a/src/nss/kw_des.c b/src/nss/kw_des.c index 4025d35e..7c6b00b1 100644 --- a/src/nss/kw_des.c +++ b/src/nss/kw_des.c @@ -1,8 +1,6 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES KW Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -10,6 +8,13 @@ * Copyright (c) 2003 America Online, Inc. All rights reserved. * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_des + * @Short_description: DES Key Transport transforms implementation for NSS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_DES #include "globals.h" @@ -160,11 +165,8 @@ xmlSecNssKWDes3Initialize(xmlSecTransformPtr transform) { ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } @@ -228,22 +230,16 @@ xmlSecNssKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key length %d is not enough (%d expected)", - keySize, XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInvalidKeyDataSizeError(keySize, XMLSEC_KW_DES3_KEY_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); return(-1); } @@ -282,12 +278,9 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d bytes - not %d bytes aligned", - inSize, XMLSEC_KW_DES3_BLOCK_LENGTH); + xmlSecInvalidSizeNotMultipleOfError("Input data", + inSize, XMLSEC_KW_DES3_BLOCK_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } @@ -303,11 +296,9 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } @@ -316,12 +307,9 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Encode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", + keySize, inSize, outSize); return(-1); } outSize = ret; @@ -330,12 +318,9 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Decode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", + keySize, inSize, outSize); return(-1); } outSize = ret; @@ -343,21 +328,17 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -366,11 +347,7 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -399,43 +376,27 @@ xmlSecNssKWDes3Sha1(void * context, /* Create a pk11ctx for hashing (digesting) */ pk11ctx = PK11_CreateDigestContext(SEC_OID_SHA1); if (pk11ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CreateDigestContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CreateDigestContext", NULL); return(-1); } status = PK11_DigestBegin(pk11ctx); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestBegin", NULL); PK11_DestroyContext(pk11ctx, PR_TRUE); return(-1); } status = PK11_DigestOp(pk11ctx, in, inSize); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestOp", NULL); PK11_DestroyContext(pk11ctx, PR_TRUE); return(-1); } status = PK11_DigestFinal(pk11ctx, out, &outLen, outSize); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestFinal", NULL); PK11_DestroyContext(pk11ctx, PR_TRUE); return(-1); } @@ -458,11 +419,7 @@ xmlSecNssKWDes3GenerateRandom(void * context, status = PK11_GenerateRandom(out, outSize); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GenerateRandom", NULL); return(-1); } @@ -493,11 +450,7 @@ xmlSecNssKWDes3BlockEncrypt(void * context, out, outSize, 1); /* encrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKWDes3Encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKWDes3Encrypt", NULL); return(-1); } @@ -528,11 +481,7 @@ xmlSecNssKWDes3BlockDecrypt(void * context, out, outSize, 0); /* decrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKWDes3Encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKWDes3Encrypt", NULL); return(-1); } @@ -570,11 +519,7 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, cipherMech = CKM_DES3_CBC; slot = PK11_GetBestSlot(cipherMech, NULL); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", NULL); goto done; } @@ -583,11 +528,7 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, symKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL); if (symKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportSymKey", NULL); goto done; } @@ -596,11 +537,7 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, param = PK11_ParamFromIV(cipherMech, &ivItem); if (param == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ParamFromIV", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ParamFromIV", NULL); goto done; } @@ -608,11 +545,7 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, enc ? CKA_ENCRYPT : CKA_DECRYPT, symKey, param); if (pk11ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CreateContextBySymKey", NULL); goto done; } @@ -620,22 +553,14 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, status = PK11_CipherOp(pk11ctx, out, &tmp1_outlen, outSize, (unsigned char *)in, inSize); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CipherOp", NULL); goto done; } status = PK11_DigestFinal(pk11ctx, out+tmp1_outlen, &tmp2_outlen, outSize-tmp1_outlen); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestFinal", NULL); goto done; } diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c index 5ede4ccb..1b8ea2db 100644 --- a/src/nss/pkikeys.c +++ b/src/nss/pkikeys.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:pkikeys + * @Short_description: Private/public keys implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -118,11 +126,7 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst, if (ctxSrc->privkey != NULL) { ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); if(ctxDst->privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_CopyPrivateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SECKEY_CopyPrivateKey", NULL); return(-1); } } @@ -130,11 +134,7 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst, if (ctxSrc->pubkey != NULL) { ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); if(ctxDst->pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_CopyPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SECKEY_CopyPublicKey", NULL); return(-1); } } @@ -147,30 +147,27 @@ xmlSecNssPKIKeyDataAdoptKey(xmlSecKeyDataPtr data, SECKEYPublicKey *pubkey) { xmlSecNssPKIKeyDataCtxPtr ctx; - KeyType pubType = nullKey ; - KeyType priType = nullKey ; + KeyType pubType = nullKey; + KeyType priType = nullKey; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); - if( privkey != NULL ) { - priType = SECKEY_GetPrivateKeyType( privkey ) ; - } + if(privkey != NULL) { + priType = SECKEY_GetPrivateKeyType(privkey); + } - if( pubkey != NULL ) { - pubType = SECKEY_GetPublicKeyType( pubkey ) ; - } + if(pubkey != NULL) { + pubType = SECKEY_GetPublicKeyType(pubkey); + } - if( priType != nullKey && pubType != nullKey ) { - if( pubType != priType ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - "different type of private and public key" ) ; - return -1 ; - } + if(priType != nullKey && pubType != nullKey) { + if(pubType != priType) { + xmlSecInvalidIntegerTypeError2("pubType", pubType, "priType", priType, + "pubType == priType", NULL); + return -1; } + } ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); @@ -204,39 +201,32 @@ xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey, { xmlSecKeyDataPtr data = NULL; int ret; - KeyType pubType = nullKey ; - KeyType priType = nullKey ; + KeyType pubType = nullKey; + KeyType priType = nullKey; - if( privkey != NULL ) { - priType = SECKEY_GetPrivateKeyType( privkey ) ; - } + if(privkey != NULL) { + priType = SECKEY_GetPrivateKeyType(privkey); + } - if( pubkey != NULL ) { - pubType = SECKEY_GetPublicKeyType( pubkey ) ; - } + if(pubkey != NULL) { + pubType = SECKEY_GetPublicKeyType(pubkey); + } - if( priType != nullKey && pubType != nullKey ) { - if( pubType != priType ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - "different type of private and public key" ) ; - return( NULL ) ; - } + if(priType != nullKey && pubType != nullKey) { + if(pubType != priType) { + xmlSecInvalidIntegerTypeError2("pubType", pubType, "priType", priType, + "pubType == priType", NULL); + return(NULL); } + } - pubType = priType != nullKey ? priType : pubType ; + pubType = (priType != nullKey) ? priType : pubType; switch(pubType) { #ifndef XMLSEC_NO_RSA case rsaKey: data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataRsaId)", NULL); return(NULL); } break; @@ -245,32 +235,30 @@ xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey, case dsaKey: data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate", NULL); return(NULL); } break; #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA + case ecKey: + data = xmlSecKeyDataCreate(xmlSecNssKeyDataEcdsaId); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", NULL); + return(NULL); + } + break; +#endif /* XMLSEC_NO_ECDSA */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "PKI key type %d not supported", pubType); + xmlSecInvalidIntegerTypeError("pubType", pubType, + "supported PKI key type", NULL); return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", NULL); xmlSecKeyDataDestroy(data); return(NULL); } @@ -380,11 +368,8 @@ xmlSecNssPKIKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(ctxSrc != NULL, -1); if (xmlSecNSSPKIKeyDataCtxDup(ctxDst, ctxSrc) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssPKIKeydataCtxDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeydataCtxDup", + xmlSecKeyDataGetName(dst)); return(-1); } @@ -579,45 +564,31 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); ret = -1; goto done; } slot = PK11_GetBestSlot(CKM_DSA, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if(arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PORT_NewArena", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } - pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, - sizeof(SECKEYPublicKey)); - if(pubkey == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); + if(pubkey == NULL) { + xmlSecNssError2("PORT_ArenaZAlloc", xmlSecKeyDataKlassGetName(id), + "size=%lu", (unsigned long)sizeof(SECKEYPublicKey)); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; @@ -630,22 +601,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAP, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.prime)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -653,22 +615,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAQ, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.subPrime)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -676,22 +629,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAG, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.base)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -706,21 +650,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAY, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.publicValue)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -742,55 +678,39 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)) ret = -1; goto done; } handle = PK11_ImportPublicKey(slot, pubkey, PR_FALSE); if(handle == CK_INVALID_HANDLE) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_ImportPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportPublicKey", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } data = xmlSecKeyDataCreate(id); - if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } pubkey = NULL; ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; @@ -837,66 +757,42 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node */ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecAddChild(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.prime), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is Q node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecAddChild(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.subPrime), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is G node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecAddChild(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.base), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); return(-1); } @@ -905,25 +801,18 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecAddChild(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.publicValue), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); return(-1); } + /* done */ return(0); } @@ -945,46 +834,43 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe j = PQG_PBITS_TO_INDEX(sizeBits); rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_ParamGen", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + xmlSecNssError2("PK11_PQG_ParamGen", xmlSecKeyDataGetName(data), + "size=%lu", (unsigned long)sizeBits); goto done; } rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res); if (rv != SECSuccess || res != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_VerifyParams", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + xmlSecNssError2("PK11_PQG_VerifyParams", xmlSecKeyDataGetName(data), + "size=%lu", (unsigned long)sizeBits); goto done; } slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if(slot == NULL) { + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data)); + goto done; + } + + rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if (rv != SECSuccess) { + xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data), + "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot))); + goto done; + } + privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); if((privkey == NULL) || (pubkey == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data)); goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } @@ -1216,45 +1102,31 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); ret = -1; goto done; } slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if(arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PORT_NewArena", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); - if(pubkey == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + if(pubkey == NULL) { + xmlSecNssError("PORT_ArenaZAlloc", xmlSecKeyDataKlassGetName(id)); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; @@ -1266,22 +1138,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAModulus, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.modulus)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -1289,22 +1152,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAExponent, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.publicExponent)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -1317,33 +1171,23 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } data = xmlSecKeyDataCreate(id); - if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); goto done; } @@ -1351,11 +1195,8 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); goto done; } @@ -1404,44 +1245,28 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node */ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecAddChild(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.modulus), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is Exponent node. */ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecAddChild(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.publicExponent), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); return(-1); } @@ -1456,7 +1281,8 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe PK11SlotInfo *slot = NULL; SECKEYPrivateKey *privkey = NULL; SECKEYPublicKey *pubkey = NULL; - int ret = -1; + SECStatus rv; + int ret = -1; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId), -1); xmlSecAssert2(sizeBits > 0, -1); @@ -1465,27 +1291,29 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe params.pe = 65537; slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if(slot == NULL) { + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data)); + goto done; + } + + rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if (rv != SECSuccess) { + xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data), + "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot))); + goto done; + } + privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, &pubkey, PR_FALSE, PR_TRUE, NULL); - if(privkey == NULL || pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - + xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data)); goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } @@ -1559,5 +1387,133 @@ xmlSecNssKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { #endif /* XMLSEC_NO_RSA */ +#ifndef XMLSEC_NO_ECDSA +static int xmlSecNssKeyDataEcdsaInitialize(xmlSecKeyDataPtr data); +static int xmlSecNssKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecNssKeyDataEcdsaFinalize(xmlSecKeyDataPtr data); + +static xmlSecKeyDataType xmlSecNssKeyDataEcdsaGetType(xmlSecKeyDataPtr data); +static xmlSecSize xmlSecNssKeyDataEcdsaGetSize(xmlSecKeyDataPtr data); +static void xmlSecNssKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecNssKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + +static xmlSecKeyDataKlass xmlSecNssKeyDataEcdsaKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecNssPKIKeyDataSize, + + /* data */ + xmlSecNameECDSAKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefECDSAKeyValue, /* const xmlChar* href; */ + xmlSecNodeECDSAKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecNssKeyDataEcdsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecNssKeyDataEcdsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecNssKeyDataEcdsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecKeyDataGenerateMethod generate; */ + /* get info */ + xmlSecNssKeyDataEcdsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecNssKeyDataEcdsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecNssKeyDataEcdsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecNssKeyDataEcdsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssKeyDataEcdsaGetKlass: + * + * The ECDSA key data klass. + * + * Returns: pointer to ECDSA key data klass. + */ +xmlSecKeyDataId +xmlSecNssKeyDataEcdsaGetKlass(void) { + return(&xmlSecNssKeyDataEcdsaKlass); +} + +static int +xmlSecNssKeyDataEcdsaInitialize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), -1); + + return(xmlSecNssPKIKeyDataInitialize(data)); +} + +static int +xmlSecNssKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecNssKeyDataEcdsaId), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecNssKeyDataEcdsaId), -1); + + return(xmlSecNssPKIKeyDataDuplicate(dst, src)); +} + +static void +xmlSecNssKeyDataEcdsaFinalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + + xmlSecNssPKIKeyDataFinalize(data); +} + +static xmlSecKeyDataType +xmlSecNssKeyDataEcdsaGetType(xmlSecKeyDataPtr data) { + xmlSecNssPKIKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), xmlSecKeyDataTypeUnknown); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pubkey == NULL || SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1); + if (ctx->privkey != NULL) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } else { + return(xmlSecKeyDataTypePublic); + } +} + +static xmlSecSize +xmlSecNssKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) { + xmlSecNssPKIKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), 0); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1); + + return(SECKEY_SignatureLen(ctx->pubkey)); +} + +static void +xmlSecNssKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== ecdsa key: size = %d\n", + xmlSecNssKeyDataEcdsaGetSize(data)); +} + +static void +xmlSecNssKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "<ECDSAKeyValue size=\"%d\" />\n", + xmlSecNssKeyDataEcdsaGetSize(data)); +} +#endif /* XMLSEC_NO_ECDSA */ diff --git a/src/nss/signatures.c b/src/nss/signatures.c index 4f54170e..35ac4598 100644 --- a/src/nss/signatures.c +++ b/src/nss/signatures.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:signatures + * @Short_description: Signatures implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -78,11 +86,46 @@ static int xmlSecNssSignatureExecute (xmlSecTransformPtr tran static int xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) { return(1); } +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha256Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha1Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha256Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha384Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha512Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -97,6 +140,12 @@ xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) { return(1); @@ -132,13 +181,60 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { memset(ctx, 0, sizeof(xmlSecNssSignatureCtx)); #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) { ctx->keyId = xmlSecNssKeyDataDsaId; /* This creates a signature which is ASN1 encoded */ ctx->alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; } else +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha256Id)) { + ctx->keyId = xmlSecNssKeyDataDsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; + } else +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha1Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha224Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA24 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha256Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha384Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha512Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -156,6 +252,13 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha224Id)) { + ctx->keyId = xmlSecNssKeyDataRsaId; + ctx->alg = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; + } else +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) { ctx->keyId = xmlSecNssKeyDataRsaId; @@ -180,11 +283,7 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_RSA */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } @@ -236,48 +335,38 @@ xmlSecNssSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(value != NULL, -1); if (transform->operation == xmlSecTransformOperationSign) { - if (ctx->u.sig.privkey) + if (ctx->u.sig.privkey) { SECKEY_DestroyPrivateKey(ctx->u.sig.privkey); + } ctx->u.sig.privkey = xmlSecNssPKIKeyDataGetPrivKey(value); if(ctx->u.sig.privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssPKIKeyDataGetPrivKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataGetPrivKey", + xmlSecTransformGetName(transform)); return(-1); } ctx->u.sig.sigctx = SGN_NewContext(ctx->alg, ctx->u.sig.privkey); if (ctx->u.sig.sigctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_NewContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_NewContext", + xmlSecTransformGetName(transform)); return(-1); } } else { - if (ctx->u.vfy.pubkey) + if (ctx->u.vfy.pubkey) { SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey); + } ctx->u.vfy.pubkey = xmlSecNssPKIKeyDataGetPubKey(value); if(ctx->u.vfy.pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssPKIKeyDataGetPubKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataGetPubKey", + xmlSecTransformGetName(transform)); return(-1); } ctx->u.vfy.vfyctx = VFY_CreateContext(ctx->u.vfy.pubkey, NULL, ctx->alg, NULL); if (ctx->u.vfy.vfyctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_CreateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_CreateContext", + xmlSecTransformGetName(transform)); return(-1); } } @@ -309,6 +398,26 @@ xmlSecNssSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyRe return(0); } +/** + * xmlSecNssSignatureAlgorithmEncoded: + * + * Determines if the given algorithm requires a signature which is ASN1 encoded. + */ +static int +xmlSecNssSignatureAlgorithmEncoded(SECOidTag alg) { + switch(alg) { + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + return(1); + default: + return(0); + } +} static int xmlSecNssSignatureVerify(xmlSecTransformPtr transform, @@ -331,19 +440,16 @@ xmlSecNssSignatureVerify(xmlSecTransformPtr transform, signature.data = (unsigned char *)data; signature.len = dataSize; - if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + if(xmlSecNssSignatureAlgorithmEncoded(ctx->alg)) { /* This creates a signature which is ASN1 encoded */ SECItem signatureDer; SECStatus statusDer; - statusDer = DSAU_EncodeDerSig(&signatureDer, &signature); + memset(&signatureDer, 0, sizeof(signatureDer)); + statusDer = DSAU_EncodeDerSigWithLen(&signatureDer, &signature, signature.len); if(statusDer != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "DSAU_EncodeDerSig", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); + xmlSecNssError("DSAU_EncodeDerSigWithLen", + xmlSecTransformGetName(transform)); return(-1); } status = VFY_EndWithSignature(ctx->u.vfy.vfyctx, &signatureDer); @@ -353,20 +459,14 @@ xmlSecNssSignatureVerify(xmlSecTransformPtr transform, } if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_EndWithSignature", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); - if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_EndWithSignature", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature does not verify"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "VFY_EndWithSignature: signature does not verify"); transform->status = xmlSecTransformStatusFail; + } else { + xmlSecNssError("VFY_EndWithSignature", + xmlSecTransformGetName(transform)); } return(-1); } @@ -413,21 +513,15 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor if(transform->operation == xmlSecTransformOperationSign) { status = SGN_Begin(ctx->u.sig.sigctx); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_Begin", + xmlSecTransformGetName(transform)); return(-1); } } else { status = VFY_Begin(ctx->u.vfy.vfyctx); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_Begin", + xmlSecTransformGetName(transform)); return(-1); } } @@ -440,32 +534,23 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor if(transform->operation == xmlSecTransformOperationSign) { status = SGN_Update(ctx->u.sig.sigctx, xmlSecBufferGetData(in), inSize); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_Update", + xmlSecTransformGetName(transform)); return(-1); } } else { status = VFY_Update(ctx->u.vfy.vfyctx, xmlSecBufferGetData(in), inSize); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_Update", + xmlSecTransformGetName(transform)); return(-1); } } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); return(-1); } } @@ -476,38 +561,48 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor memset(&signature, 0, sizeof(signature)); status = SGN_End(ctx->u.sig.sigctx, &signature); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_End", + xmlSecTransformGetName(transform)); return(-1); } - if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + if(xmlSecNssSignatureAlgorithmEncoded(ctx->alg)) { /* This creates a signature which is ASN1 encoded */ SECItem * signatureClr; - signatureClr = DSAU_DecodeDerSig(&signature); - if(signatureClr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "DSAU_EncodeDerSig", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); - SECITEM_FreeItem(&signature, PR_FALSE); - return(-1); + if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + signatureClr = DSAU_DecodeDerSig(&signature); + if(signatureClr == NULL) { + xmlSecNssError("DSAU_DecodeDerSig", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } + } else { + /* In the ECDSA case the signature length depends on the + * key parameters. */ + int signatureSize = PK11_SignatureLen(ctx->u.sig.privkey); + if(signatureSize < 1) { + xmlSecNssError("PK11_SignatureLen", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } + + signatureClr = DSAU_DecodeDerSigToLen(&signature, signatureSize); + if(signatureClr == NULL) { + xmlSecNssError("DSAU_DecodeDerSigToLen", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } } ret = xmlSecBufferSetData(out, signatureClr->data, signatureClr->len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - signatureClr->len); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", signatureClr->len); SECITEM_FreeItem(&signature, PR_FALSE); return(-1); } @@ -517,12 +612,9 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* This signature is used as-is */ ret = xmlSecBufferSetData(out, signature.data, signature.len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - signature.len); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", signature.len); SECITEM_FreeItem(&signature, PR_FALSE); return(-1); } @@ -539,11 +631,7 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -551,6 +639,7 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor } #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 /**************************************************************************** * * DSA-SHA1 signature transform @@ -595,9 +684,295 @@ xmlSecTransformId xmlSecNssTransformDsaSha1GetKlass(void) { return(&xmlSecNssDsaSha1Klass); } +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * DSA-SHA256 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssDsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameDsaSha256, /* const xmlChar* name; */ + xmlSecHrefDsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformDsaSha256GetKlass: + * + * The DSA-SHA256 signature transform klass. + * + * Returns: DSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformDsaSha256GetKlass(void) { + return(&xmlSecNssDsaSha256Klass); +} +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 +/**************************************************************************** + * + * ECDSA-SHA1 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha1, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha1, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha1GetKlass: + * + * The ECDSA-SHA1 signature transform klass. + * + * Returns: ECDSA-SHA1 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha1GetKlass(void) { + return(&xmlSecNssEcdsaSha1Klass); +} + +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/**************************************************************************** + * + * ECDSA-SHA224 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha224, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha224GetKlass: + * + * The ECDSA-SHA224 signature transform klass. + * + * Returns: ECDSA-SHA224 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha224GetKlass(void) { + return(&xmlSecNssEcdsaSha224Klass); +} + +#endif /* XMLSEC_NO_SHA224 */ +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * ECDSA-SHA256 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha256, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha256GetKlass: + * + * The ECDSA-SHA256 signature transform klass. + * + * Returns: ECDSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha256GetKlass(void) { + return(&xmlSecNssEcdsaSha256Klass); +} + +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 +/**************************************************************************** + * + * ECDSA-SHA384 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha384Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha384, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha384, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha384GetKlass: + * + * The ECDSA-SHA384 signature transform klass. + * + * Returns: ECDSA-SHA384 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha384GetKlass(void) { + return(&xmlSecNssEcdsaSha384Klass); +} + +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 +/**************************************************************************** + * + * ECDSA-SHA512 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha512, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha512GetKlass: + * + * The ECDSA-SHA512 signature transform klass. + * + * Returns: ECDSA-SHA512 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha512GetKlass(void) { + return(&xmlSecNssEcdsaSha512Klass); +} + +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -695,6 +1070,52 @@ xmlSecNssTransformRsaSha1GetKlass(void) { #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/**************************************************************************** + * + * RSA-SHA224 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecNssRsaSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha224, /* const xmlChar* name; */ + xmlSecHrefRsaSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformRsaSha224GetKlass: + * + * The RSA-SHA224 signature transform klass. + * + * Returns: RSA-SHA224 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformRsaSha224GetKlass(void) { + return(&xmlSecNssRsaSha224Klass); +} + +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 /**************************************************************************** * diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c index b98dd493..2fd3e4e7 100644 --- a/src/nss/symkeys.c +++ b/src/nss/symkeys.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:symkeys + * @Short_description: Symmetric keys implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <stdlib.h> diff --git a/src/nss/x509.c b/src/nss/x509.c index 887c77cf..933e5bfe 100644 --- a/src/nss/x509.c +++ b/src/nss/x509.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +7,13 @@ * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:x509 + * @Short_description: X509 certificates implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -374,22 +379,14 @@ xmlSecNssKeyDataX509AdoptCert(xmlSecKeyDataPtr data, CERTCertificate* cert) { if(ctx->certsList == NULL) { ctx->certsList = CERT_NewCertList(); if(ctx->certsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_NewCertList", xmlSecKeyDataGetName(data)); return(-1); } } ret = CERT_AddCertToListTail(ctx->certsList, cert); if(ret != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_AddCertToListTail", xmlSecKeyDataGetName(data)); return(-1); } ctx->numCerts++; @@ -470,13 +467,8 @@ xmlSecNssKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, CERTSignedCrl* crl) { xmlSecAssert2(ctx != NULL, -1); crlnode = (xmlSecNssX509CrlNodePtr)PR_Malloc(sizeof(xmlSecNssX509CrlNode)); - if(crlnode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PR_Malloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PR_Malloc", xmlSecKeyDataGetName(data)); return(-1); } @@ -574,31 +566,22 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { */ certSrc = xmlSecNssKeyDataX509GetCert(src, pos); if(certSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } certDst = CERT_DupCertificate(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_DupCertificate", xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(dst)); CERT_DestroyCertificate(certDst); return(-1); } @@ -609,31 +592,22 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { for(pos = 0; pos < size; ++pos) { crlSrc = xmlSecNssKeyDataX509GetCrl(src, pos); if(crlSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecNssKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } crlDst = SEC_DupCrl(crlSrc); if(crlDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "SEC_DupCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SEC_DupCrl", xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptCrl(dst, crlDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(dst)); SEC_DestroyCrl(crlDst); return(-1); } @@ -644,20 +618,14 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(certSrc != NULL) { certDst = CERT_DupCertificate(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(dst)); CERT_DestroyCertificate(certDst); return(-1); } @@ -701,7 +669,7 @@ xmlSecNssKeyDataX509Finalize(xmlSecKeyDataPtr data) { static int xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; int ret; @@ -712,34 +680,23 @@ xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyEnsureData(key, id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssX509DataNodeRead(data, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509DataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509DataNodeRead", + xmlSecKeyDataKlassGetName(id)); return(-1); } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { - ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); } return(0); } @@ -759,13 +716,11 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); + content = xmlSecX509DataGetNodeContent (node, keyInfoCtx); if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); + xmlSecInternalError2("xmlSecX509DataGetNodeContent", + xmlSecKeyDataKlassGetName(id), + "content=%d", content); return(-1); } else if(content == 0) { /* by default we are writing certificates and crls */ @@ -784,22 +739,18 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509CertificateNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -807,11 +758,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509SubjectNameNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -819,11 +768,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509IssuerSerialNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -831,11 +778,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509SKINodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -847,21 +792,17 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { crl = xmlSecNssKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509CRLNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -905,11 +846,9 @@ xmlSecNssKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Certificate:\n"); @@ -939,11 +878,9 @@ xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<Certificate>\n"); @@ -968,32 +905,44 @@ xmlSecNssX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoC cur != NULL; cur = xmlSecGetNextElementNode(cur->next)) { - ret = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { ret = xmlSecNssX509CertificateNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509CertificateNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { ret = xmlSecNssX509SubjectNameNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { ret = xmlSecNssX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509IssuerSerialNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { ret = xmlSecNssX509SKINodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509SKINodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { ret = xmlSecNssX509CRLNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509CRLNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation: ignore unknown nodes */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "read node failed"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); return(-1); } } @@ -1016,11 +965,7 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1028,22 +973,16 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK cert = xmlSecNssX509CertBase64DerRead(content); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(content); return(-1); @@ -1065,29 +1004,20 @@ xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSec /* set base64 lines size from context */ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); return(0); @@ -1107,11 +1037,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1121,11 +1048,7 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK xmlFree(subject); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1135,12 +1058,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "subject=%s", - xmlSecErrorsSafeString(subject)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "subject=%s", xmlSecErrorsSafeString(subject)); xmlFree(subject); return(-1); } @@ -1151,11 +1070,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(subject); return(-1); @@ -1169,32 +1085,32 @@ static int xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar* buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); buf = xmlSecNssX509NameWrite(&(cert->subject)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->subject))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->subject))", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL); + xmlFree(buf); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); + + /* done */ xmlFree(buf); return(0); } @@ -1215,23 +1131,16 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } cur = xmlSecGetNextElementNode(node->children); if(cur == NULL) { if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); return(-1); } return(0); @@ -1239,56 +1148,32 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec /* the first is required node X509IssuerName */ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data)); return(-1); } issuerName = xmlNodeGetContent(cur); if(issuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is required node X509SerialNumber */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, xmlSecKeyDataGetName(data)); xmlFree(issuerName); return(-1); } issuerSerial = xmlNodeGetContent(cur); if(issuerSerial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); xmlFree(issuerName); return(-1); } cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1297,13 +1182,10 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec cert = xmlSecNssX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx); if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "issuerName=%s;issuerSerial=%s", - xmlSecErrorsSafeString(issuerName), - xmlSecErrorsSafeString(issuerSerial)); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1316,11 +1198,8 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(issuerSerial); xmlFree(issuerName); @@ -1338,64 +1217,48 @@ xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSe xmlNodePtr issuerNameNode; xmlNodePtr issuerNumberNode; xmlChar* buf; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL); return(-1); } - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); + issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL); return(-1); } - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL); return(-1); } /* write data */ buf = xmlSecNssX509NameWrite(&(cert->issuer)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->issuer))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->issuer))", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL); + xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); xmlFree(buf); buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", NULL); return(-1); } xmlNodeSetContent(issuerNumberNode, buf); @@ -1418,11 +1281,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1432,12 +1292,7 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(ski); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1448,12 +1303,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(ski); if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "ski=%s", xmlSecErrorsSafeString(ski)); return(-1); } return(0); @@ -1461,11 +1312,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(ski); return(-1); @@ -1479,34 +1327,33 @@ static int xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar *buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); buf = xmlSecNssX509SKIWrite(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509SKIWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + + /* done */ + xmlFree(buf); return(0); } @@ -1525,11 +1372,7 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1537,11 +1380,8 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CrlBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } @@ -1563,28 +1403,19 @@ xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxP /* set base64 lines size from context */ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CrlBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); @@ -1611,11 +1442,8 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1628,42 +1456,30 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, ctx->keyCert = CERT_DupCertificate(cert); if(ctx->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(data)); return(-1); } keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertGetKey", + xmlSecKeyDataGetName(data)); return(-1); } /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } ret = xmlSecKeySetValue(key, keyValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } @@ -1672,31 +1488,21 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, if (status == SECSuccess) { ret = xmlSecNssX509CertGetTime(¬Before, &(key->notValidBefore)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidBefore"); + xmlSecInternalError("xmlSecNssX509CertGetTime(notValidBefore)", + xmlSecKeyDataGetName(data)); return(-1); } ret = xmlSecNssX509CertGetTime(¬After, &(key->notValidAfter)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidAfter"); + xmlSecInternalError("xmlSecNssX509CertGetTime(notValidAfter)", + xmlSecKeyDataGetName(data)); return(-1); } } else { key->notValidBefore = key->notValidAfter = 0; } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), NULL); return(-1); } } @@ -1742,21 +1548,13 @@ xmlSecNssX509CertGetKey(CERTCertificate* cert) { pubkey = CERT_ExtractPublicKey(cert); if(pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_ExtractPublicKey", NULL); return(NULL); } data = xmlSecNssPKIAdoptKey(NULL, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL); SECKEY_DestroyPublicKey(pubkey); return(NULL); } @@ -1773,11 +1571,7 @@ xmlSecNssX509CertBase64DerRead(xmlChar* buf) { /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1800,11 +1594,7 @@ xmlSecNssX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) { cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("__CERT_NewTempCertificate", NULL); return(NULL); } @@ -1821,23 +1611,14 @@ xmlSecNssX509CertBase64DerWrite(CERTCertificate* cert, int base64LineWrap) { xmlSecAssert2(cert != NULL, NULL); p = cert->derCert.data; + xmlSecAssert2(p != NULL, NULL); + size = cert->derCert.len; - if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cert->derCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - return(NULL); - } + xmlSecAssert2(size > 0, NULL); res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(NULL); } @@ -1854,11 +1635,7 @@ xmlSecNssX509CrlBase64DerRead(xmlChar* buf, /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1886,26 +1663,19 @@ xmlSecNssX509CrlDerRead(xmlSecByte* buf, xmlSecSize size, */ slot = xmlSecNssGetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetInternalKeySlot", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssGetInternalKeySlot", NULL); return NULL; } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) { importOptions |= CRL_IMPORT_BYPASS_CHECKS; + } crl = PK11_ImportCRL(slot, &derCrl, NULL, SEC_CRL_TYPE, NULL, importOptions, NULL, CRL_DECODE_DEFAULT_OPTIONS); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ImportCRL", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_ImportCRL", NULL); PK11_FreeSlot(slot); return(NULL); } @@ -1923,23 +1693,14 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) { xmlSecAssert2(crl != NULL && crl->derCrl != NULL, NULL); p = crl->derCrl->data; + xmlSecAssert2(p != NULL, NULL); + size = crl->derCrl->len; - if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "crl->derCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - return(NULL); - } + xmlSecAssert2(size > 0, NULL); res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(NULL); } @@ -1955,21 +1716,13 @@ xmlSecNssX509NameWrite(CERTName* nm) { str = CERT_NameToAscii(nm); if (str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_NameToAscii", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_NameToAscii", NULL); return(NULL); } res = xmlStrdup(BAD_CAST str); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(BAD_CAST str, NULL); PORT_Free(str); return(NULL); } @@ -1987,23 +1740,21 @@ xmlSecNssASN1IntegerWrite(SECItem *num) { xmlSecAssert2(num != NULL, NULL); xmlSecAssert2(num->type == siBuffer, NULL); - xmlSecAssert2(num->len <= 9, NULL); xmlSecAssert2(num->data != NULL, NULL); /* HACK : to be fixed after * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed */ for(ii = num->len; ii > 0; --ii, shift += 8) { - val |= ((PRUint64)num->data[ii - 1]) << shift; + xmlSecAssert2(shift < 64 || num->data[ii - 1] == 0, NULL); + if(num->data[ii - 1] != 0) { + val |= ((PRUint64)num->data[ii - 1]) << shift; + } } res = (xmlChar*)xmlMalloc(resLen + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(resLen + 1, NULL); return (NULL); } @@ -2023,22 +1774,14 @@ xmlSecNssX509SKIWrite(CERTCertificate* cert) { rv = CERT_FindSubjectKeyIDExtension(cert, &ski); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_FindSubjectKeyIDExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_FindSubjectKeyIDExtension", NULL); SECITEM_FreeItem(&ski, PR_FALSE); return(NULL); } res = xmlSecBase64Encode(ski.data, ski.len, 0); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); SECITEM_FreeItem(&ski, PR_FALSE); return(NULL); } @@ -2178,43 +1921,30 @@ xmlSecNssKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, cert = xmlSecNssX509CertDerRead(buf, bufSize); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertDerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertDerRead", NULL); return(-1); } data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); CERT_DestroyCertificate(cert); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataKlassGetName(id)); CERT_DestroyCertificate(cert); return(-1); } ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } return(0); diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c index 9e957fea..b5ffc8c4 100644 --- a/src/nss/x509vfy.c +++ b/src/nss/x509vfy.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +7,13 @@ * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:x509vfy + * @Short_description: X509 certificates verification support functions for NSS. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -168,6 +173,7 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, SECStatus status = SECFailure; int64 timeboundary; int64 tmp1, tmp2; + PRErrorCode err; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); xmlSecAssert2(certs != NULL, NULL); @@ -176,19 +182,20 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, ctx = xmlSecNssX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); + if(keyInfoCtx->certsVerificationTime > 0) { + /* convert the time since epoch in seconds to microseconds */ + LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); + tmp1 = (int64)PR_USEC_PER_SEC; + tmp2 = timeboundary; + LL_MUL(timeboundary, tmp1, tmp2); + } else { + timeboundary = PR_Now(); + } + for (head = CERT_LIST_HEAD(certs); !CERT_LIST_END(head, certs); head = CERT_LIST_NEXT(head)) { cert = head->cert; - if(keyInfoCtx->certsVerificationTime > 0) { - /* convert the time since epoch in seconds to microseconds */ - LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); - tmp1 = (int64)PR_USEC_PER_SEC; - tmp2 = timeboundary; - LL_MUL(timeboundary, tmp1, tmp2); - } else { - timeboundary = PR_Now(); - } /* if cert is the issuer of any other cert in the list, then it is * to be skipped */ @@ -211,11 +218,18 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, continue; } - status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), - cert, PR_FALSE, - (SECCertificateUsage)0, - timeboundary , NULL, NULL, NULL); - if (status == SECSuccess) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { + /* it's important to set the usage here, otherwise no real verification + * is performed. */ + status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), + cert, PR_FALSE, + certificateUsageEmailSigner, + timeboundary , NULL, NULL, NULL); + if(status == SECSuccess) { + break; + } + } else { + status = SECSuccess; break; } } @@ -224,44 +238,34 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, return (cert); } - switch(PORT_GetError()) { + err = PORT_GetError(); + switch(err) { case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: case SEC_ERROR_CA_CERT_INVALID: case SEC_ERROR_UNKNOWN_SIGNER: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, - "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", - (cert != NULL) ? cert->subjectName : "(NULL)" - ); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, + xmlSecKeyDataStoreGetName(store), + "subject=\"%s\"; reason=the issuer's cert is expired/invalid or not found", + xmlSecErrorsSafeString(cert->subjectName)); break; case SEC_ERROR_EXPIRED_CERTIFICATE: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, - "cert with subject name %s has expired", - (cert != NULL) ? cert->subjectName : "(NULL)" - ); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, + xmlSecKeyDataStoreGetName(store), + "subject=\"%s\"; reason=expired", + xmlSecErrorsSafeString(cert->subjectName)); break; case SEC_ERROR_REVOKED_CERTIFICATE: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_REVOKED, - "cert with subject name %s has been revoked", - (cert != NULL) ? cert->subjectName : "(NULL)" - ); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_REVOKED, + xmlSecKeyDataStoreGetName(store), + "subject=\"%s\"; reason=revoked", + xmlSecErrorsSafeString(cert->subjectName)); break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "cert with subject name %s could not be verified, errcode %d", - (cert != NULL) ? cert->subjectName : "(NULL)", - PORT_GetError()); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "subject=\"%s\"; reason=%d", + xmlSecErrorsSafeString(cert->subjectName), + (int)err); break; } @@ -279,7 +283,7 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, * Returns: 0 on success or a negative value if an error occurs. */ int -xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type) { xmlSecNssX509StoreCtxPtr ctx; int ret; @@ -292,25 +296,34 @@ xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, if(ctx->certsList == NULL) { ctx->certsList = CERT_NewCertList(); if(ctx->certsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_NewCertList", xmlSecKeyDataStoreGetName(store)); return(-1); } } ret = CERT_AddCertToListTail(ctx->certsList, cert); if(ret != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_AddCertToListTail", xmlSecKeyDataStoreGetName(store)); return(-1); } + if(type == xmlSecKeyDataTypeTrusted) { + SECStatus status; + + /* if requested, mark the certificate as trusted */ + CERTCertTrust trust; + status = CERT_DecodeTrustString(&trust, "TCu,Cu,Tu"); + if(status != SECSuccess) { + xmlSecNssError("CERT_DecodeTrustString", xmlSecKeyDataStoreGetName(store)); + return(-1); + } + CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust); + if(status != SECSuccess) { + xmlSecNssError("CERT_ChangeCertTrust", xmlSecKeyDataStoreGetName(store)); + return(-1); + } + } + return(0); } @@ -364,12 +377,7 @@ xmlSecNssGetCertName(const xmlChar * name) { */ name2 = xmlStrdup(name); if(name2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "xmlStrlen(name)=%d", - xmlStrlen(name)); + xmlSecStrdupError(name, NULL); return(NULL); } while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) { @@ -378,31 +386,23 @@ xmlSecNssGetCertName(const xmlChar * name) { tmp = xmlSecNssX509NameRead(name2, xmlStrlen(name2)); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name2=\"%s\"", - xmlSecErrorsSafeString(name2)); + xmlSecInternalError2("xmlSecNssX509NameRead", NULL, + "name2=\"%s\"", xmlSecErrorsSafeString(name2)); xmlFree(name2); return(NULL); } res = CERT_AsciiToName((char*)tmp); - if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ascii=\"%s\", error code=%d", - xmlSecErrorsSafeString((char*)tmp), - PORT_GetError()); + if (res == NULL) { + xmlSecNssError2("CERT_AsciiToName", NULL, + "ascii=\"%s\"", xmlSecErrorsSafeString((char*)tmp)); PORT_Free(tmp); xmlFree(name2); return(NULL); } PORT_Free(tmp); + xmlFree(name2); return(res); } @@ -422,23 +422,16 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, if ((cert == NULL) && (subjectName != NULL)) { name = xmlSecNssGetCertName(subjectName); if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetCertName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "subject=%s", - xmlSecErrorsSafeString(subjectName)); + xmlSecInternalError2("xmlSecNssGetCertName", NULL, + "subject=%s", + xmlSecErrorsSafeString(subjectName)); goto done; } if(arena == NULL) { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PORT_NewArena", NULL); goto done; } } @@ -446,11 +439,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, SEC_ASN1_GET(CERT_NameTemplate)); if (nameitem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_ASN1EncodeItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SEC_ASN1EncodeItem", NULL); goto done; } @@ -463,23 +452,16 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, name = xmlSecNssGetCertName(issuerName); if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetCertName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "issuer=%s", - xmlSecErrorsSafeString(issuerName)); + xmlSecInternalError2("xmlSecNssGetCertName", NULL, + "issuer=%s", + xmlSecErrorsSafeString(issuerName)); goto done; } if(arena == NULL) { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PORT_NewArena", NULL); goto done; } } @@ -487,11 +469,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, SEC_ASN1_GET(CERT_NameTemplate)); if (nameitem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_ASN1EncodeItem", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SEC_ASN1EncodeItem", NULL); goto done; } @@ -502,22 +480,14 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, /* TBD: serial num can be arbitrarily long */ if(PR_sscanf((char *)issuerSerial, "%llu", &issuerSN) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PR_sscanf", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "error code=%d", PR_GetError()); + xmlSecNssError("PR_sscanf(issuerSerial)", NULL); SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); goto done; } rv = xmlSecNssNumToItem(&issuerAndSN.serialNumber, issuerSN); if(rv <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssNumToItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "error code=%d", PR_GetError()); + xmlSecInternalError("xmlSecNssNumToItem(serialNumber)", NULL); SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); goto done; } @@ -532,12 +502,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); if(len < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecInternalError("xmlSecBase64Decode", NULL); goto done; } @@ -561,11 +526,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, memset(&tmpitem, 0, sizeof(tmpitem)); status = CERT_FindSubjectKeyIDExtension(head->cert, &tmpitem); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_FindSubjectKeyIDExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "ski"); + xmlSecNssError("CERT_FindSubjectKeyIDExtension(ski)", NULL); SECITEM_FreeItem(&tmpitem, PR_FALSE); goto done; } @@ -575,11 +536,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, ) { cert = CERT_DupCertificate(head->cert); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_DupCertificate", NULL); SECITEM_FreeItem(&tmpitem, PR_FALSE); goto done; } @@ -613,11 +570,8 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { /* return string should be no longer than input string */ retval = (xmlSecByte *)PORT_Alloc(len+1); if(retval == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_Alloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError2("PORT_Alloc", NULL, + "size=%d", (len+1)); return(NULL); } p = retval; @@ -630,11 +584,7 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); if(nameLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameStringRead", NULL); goto done; } memcpy(p, name, nameLen); @@ -646,11 +596,7 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { valueLen = xmlSecNssX509NameStringRead(&str, &len, value, sizeof(value), '"', 1); if(valueLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameStringRead", NULL); goto done; } /* skip spaces before comma or semicolon */ @@ -658,11 +604,7 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { ++str; --len; } if((len > 0) && ((*str) != ',')) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "comma is expected"); + xmlSecInvalidIntegerDataError("char", (*str), "comma ','", NULL); goto done; } if(len > 0) { @@ -674,21 +616,13 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { *p++='\"'; } else if((*str) == '#') { /* TODO: read octect values */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "reading octect values is not implemented yet"); + xmlSecNotImplementedError("reading octect values is not implemented yet"); goto done; } else { valueLen = xmlSecNssX509NameStringRead(&str, &len, value, sizeof(value), ',', 1); if(valueLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameStringRead", NULL); goto done; } memcpy(p, value, valueLen); @@ -734,22 +668,14 @@ xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, nonSpace = q; if(xmlSecIsHex((*p))) { if((p - (*str) + 1) >= (*strLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "two hex digits expected"); + xmlSecInvalidDataError("two hex digits expected", NULL); return(-1); } *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); p += 2; } else { if(((++p) - (*str)) >= (*strLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "escaped symbol missed"); + xmlSecInvalidDataError("escaped symbol missed", NULL); return(-1); } *(q++) = *(p++); @@ -757,11 +683,7 @@ xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, } } if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "buffer is too small"); + xmlSecInvalidSizeOtherError("buffer is too small", NULL); return(-1); } (*strLen) -= (p - (*str)); @@ -793,7 +715,8 @@ xmlSecNssNumToItem(SECItem *it, PRUint64 ui) ** require progressively more space. Start from 1 because byte at ** position 0 is zero */ - for(zeros_len = 1; (zeros_len < sizeof(bb)) && (bb[zeros_len] == 0); ++zeros_len); + for(zeros_len = 1; (zeros_len < sizeof(bb)) && (bb[zeros_len] == 0); ++zeros_len) { + } it->len = sizeof(bb) - (zeros_len - 1); it->data = (unsigned char *)PORT_Alloc(it->len); diff --git a/src/openssl/Makefile.am b/src/openssl/Makefile.am index 309a44b2..df014c84 100644 --- a/src/openssl/Makefile.am +++ b/src/openssl/Makefile.am @@ -35,12 +35,9 @@ libxmlsec1_openssl_la_SOURCES =\ x509.c \ x509vfy.c \ globals.h \ + openssl_compat.h \ $(NULL) -if SHAREDLIB_HACK -libxmlsec1_openssl_la_SOURCES += ../strings.c -endif - libxmlsec1_openssl_la_LIBADD = \ $(OPENSSL_LIBS) \ $(LIBXSLT_LIBS) \ diff --git a/src/openssl/README b/src/openssl/README index e33b0b0a..b3808a65 100644 --- a/src/openssl/README +++ b/src/openssl/README @@ -1,6 +1,6 @@ WHAT VERSION OF OPENSSL? ------------------------------------------------------------------------ -OpenSSL 0.9.8 or later is required +OpenSSL 1.0.0 or later is required KEYS MANAGER ------------------------------------------------------------------------ diff --git a/src/openssl/app.c b/src/openssl/app.c index d7bb79ef..aa92b6f9 100644 --- a/src/openssl/app.c +++ b/src/openssl/app.c @@ -1,11 +1,18 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:app + * @Short_description: Application support functions for OpenSSL. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -33,8 +40,10 @@ #include <xmlsec/openssl/evp.h> #include <xmlsec/openssl/x509.h> -static int xmlSecOpenSSLAppLoadRANDFile (const char *file); -static int xmlSecOpenSSLAppSaveRANDFile (const char *file); +#include "openssl_compat.h" + +static int xmlSecOpenSSLAppLoadRANDFile (const char *filename); +static int xmlSecOpenSSLAppSaveRANDFile (const char *filename); static int xmlSecOpenSSLDefaultPasswordCallback (char *buf, int bufsiz, int verify, @@ -46,6 +55,7 @@ static int xmlSecOpenSSLDummyPasswordCallback (char *buf, /* conversion from ptr to func "the right way" */ XMLSEC_PTR_TO_FUNC_IMPL(pem_password_cb) +XMLSEC_FUNC_TO_PTR_IMPL(pem_password_cb) /** @@ -60,25 +70,36 @@ XMLSEC_PTR_TO_FUNC_IMPL(pem_password_cb) */ int xmlSecOpenSSLAppInit(const char* config) { +#if !defined(XMLSEC_OPENSSL_API_110) + ERR_load_crypto_strings(); OPENSSL_config(NULL); OpenSSL_add_all_algorithms(); +#else /* !defined(XMLSEC_OPENSSL_API_110) */ + int ret; + uint64_t opts = OPENSSL_INIT_LOAD_CRYPTO_STRINGS | + OPENSSL_INIT_ADD_ALL_CIPHERS | + OPENSSL_INIT_ADD_ALL_DIGESTS | + OPENSSL_INIT_LOAD_CONFIG; +#ifndef OPENSSL_IS_BORINGSSL + opts |= OPENSSL_INIT_ASYNC | OPENSSL_INIT_ENGINE_ALL_BUILTIN; +#endif /* OPENSSL_IS_BORINGSSL */ + + ret = OPENSSL_init_crypto(opts, NULL); + if(ret != 1) { + xmlSecOpenSSLError("OPENSSL_init_crypto", NULL); + return(-1); + } +#endif /* !defined(XMLSEC_OPENSSL_API_110) */ + if((RAND_status() != 1) && (xmlSecOpenSSLAppLoadRANDFile(NULL) != 1)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppLoadRANDFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppLoadRANDFile", NULL); return(-1); } if((config != NULL) && (xmlSecOpenSSLSetDefaultTrustedCertsFolder(BAD_CAST config) < 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLSetDefaultTrustedCertsFolder", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLSetDefaultTrustedCertsFolder", NULL); return(-1); } @@ -98,26 +119,23 @@ int xmlSecOpenSSLAppShutdown(void) { xmlSecOpenSSLAppSaveRANDFile(NULL); - RAND_cleanup(); - EVP_cleanup(); + /* OpenSSL 1.1.0+ does not require explicit cleanup */ +#if !defined(XMLSEC_OPENSSL_API_110) #ifndef XMLSEC_NO_X509 X509_TRUST_cleanup(); #endif /* XMLSEC_NO_X509 */ + RAND_cleanup(); + EVP_cleanup(); + ENGINE_cleanup(); CONF_modules_unload(1); CRYPTO_cleanup_all_ex_data(); - - /* finally cleanup errors */ -#if defined(XMLSEC_OPENSSL_100) || defined(XMLSEC_OPENSSL_110) ERR_remove_thread_state(NULL); -#else - ERR_remove_state(0); -#endif /* defined(XMLSEC_OPENSSL_100) || defined(XMLSEC_OPENSSL_110) */ - ERR_free_strings(); +#endif /* !defined(XMLSEC_OPENSSL_API_110) */ /* done */ return(0); @@ -147,25 +165,15 @@ xmlSecOpenSSLAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, bio = BIO_new_file(filename, "rb"); if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_file", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecOpenSSLError2("BIO_new_file", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(NULL); } key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppKeyLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecInternalError2("xmlSecOpenSSLAppKeyLoadBIO", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); BIO_free(bio); return(NULL); } @@ -200,22 +208,14 @@ xmlSecOpenSSLAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* this would be a read only BIO, cast from const is ok */ bio = BIO_new_mem_buf((void*)data, dataSize); if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_mem_buf", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "errno=%d", - errno); + xmlSecOpenSSLError2("BIO_new_mem_buf", NULL, + "dataSize=%lu", (unsigned long)dataSize); return(NULL); } key = xmlSecOpenSSLAppKeyLoadBIO (bio, format, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppKeyLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppKeyLoadBIO", NULL); BIO_free(bio); return(NULL); } @@ -269,11 +269,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("PEM_read_bio_PrivateKey and PEM_read_bio_PUBKEY", NULL); return(NULL); } } @@ -286,11 +282,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, (void)BIO_reset(bio); pKey = d2i_PUBKEY_bio(bio, NULL); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_PrivateKey_bio and d2i_PUBKEY_bio", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("d2i_PrivateKey_bio and d2i_PUBKEY_bio", NULL); return(NULL); } } @@ -301,11 +293,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PEM_read_bio_PrivateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("PEM_read_bio_PrivateKey", NULL); return(NULL); } break; @@ -315,11 +303,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, XMLSEC_PTR_TO_FUNC(pem_password_cb, pwdCallback), pwdCallbackCtx); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_PrivateKey_bio and d2i_PUBKEY_bio", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("d2i_PrivateKey_bio and d2i_PUBKEY_bio", NULL); return(NULL); } break; @@ -327,11 +311,7 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, case xmlSecKeyDataFormatPkcs12: key = xmlSecOpenSSLAppPkcs12LoadBIO(bio, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppPkcs12LoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppPkcs12LoadBIO", NULL); return(NULL); } return(key); @@ -340,55 +320,37 @@ xmlSecOpenSSLAppKeyLoadBIO(BIO* bio, xmlSecKeyDataFormat format, case xmlSecKeyDataFormatCertDer: key = xmlSecOpenSSLAppKeyFromCertLoadBIO(bio, format); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppKeyFromCertLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppKeyFromCertLoadBIO", NULL); return(NULL); } return(key); #endif /* XMLSEC_NO_X509 */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(NULL); } data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLEvpKeyAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyAdopt", NULL); EVP_PKEY_free(pKey); return(NULL); } key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(data); return(NULL); } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(data); return(NULL); @@ -422,25 +384,15 @@ xmlSecOpenSSLAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDat bio = BIO_new_file(filename, "rb"); if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_file", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecOpenSSLError2("BIO_new_file", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(-1); } ret = xmlSecOpenSSLAppKeyCertLoadBIO (key, bio, format); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppKeyCertLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecInternalError2("xmlSecOpenSSLAppKeyCertLoadBIO", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); BIO_free(bio); return(-1); } @@ -473,22 +425,14 @@ xmlSecOpenSSLAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlS /* this would be a read only BIO, cast from const is ok */ bio = BIO_new_mem_buf((void*)data, dataSize); if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_mem_buf", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "errno=%d", - errno); + xmlSecOpenSSLError2("BIO_new_mem_buf", NULL, + "dataSize=%lu", (unsigned long)dataSize); return(-1); } ret = xmlSecOpenSSLAppKeyCertLoadBIO (key, bio, format); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppKeyCertLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppKeyCertLoadBIO", NULL); BIO_free(bio); return(-1); } @@ -521,12 +465,8 @@ xmlSecOpenSSLAppKeyCertLoadBIO(xmlSecKeyPtr key, BIO* bio, xmlSecKeyDataFormat f data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)); return(-1); } @@ -544,22 +484,15 @@ xmlSecOpenSSLAppKeyCertLoadBIO(xmlSecKeyPtr key, BIO* bio, xmlSecKeyDataFormat f cert = xmlSecOpenSSLAppCertLoadBIO(bio, certFormat); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppCertLoad", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppCertLoad", + xmlSecKeyDataGetName(data)); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); X509_free(cert); return(-1); } @@ -590,25 +523,15 @@ xmlSecOpenSSLAppPkcs12Load(const char *filename, const char *pwd, bio = BIO_new_file(filename, "rb"); if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_file", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecOpenSSLError2("BIO_new_file", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(NULL); } key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppPkcs12LoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecInternalError2("xmlSecOpenSSLAppPkcs12LoadBIO", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); BIO_free(bio); return(NULL); } @@ -643,22 +566,14 @@ xmlSecOpenSSLAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, /* this would be a read only BIO, cast from const is ok */ bio = BIO_new_mem_buf((void*)data, dataSize); if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_mem_buf", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "errno=%d", - errno); + xmlSecOpenSSLError2("BIO_new_mem_buf", NULL, + "dataSize=%lu", (unsigned long)dataSize); return(NULL); } key = xmlSecOpenSSLAppPkcs12LoadBIO (bio, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppPkcs12LoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppPkcs12LoadBIO", NULL); BIO_free(bio); return(NULL); } @@ -698,56 +613,38 @@ xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd, int ret; xmlSecAssert2(bio != NULL, NULL); + UNREFERENCED_PARAMETER(pwdCallback); + UNREFERENCED_PARAMETER(pwdCallbackCtx); p12 = d2i_PKCS12_bio(bio, NULL); if(p12 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_PKCS12_fp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("d2i_PKCS12_fp", NULL); goto done; } - ret = PKCS12_verify_mac(p12, pwd, (pwd != NULL) ? strlen(pwd) : 0); + ret = PKCS12_verify_mac(p12, pwd, (pwd != NULL) ? (int)strlen(pwd) : 0); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PKCS12_verify_mac", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("PKCS12_verify_mac", NULL); goto done; } ret = PKCS12_parse(p12, pwd, &pKey, &cert, &chain); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PKCS12_parse", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("PKCS12_parse", NULL); goto done; } data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLEvpKeyAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyAdopt", NULL); EVP_PKEY_free(pKey); goto done; } x509Data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecTransformKlassGetName(xmlSecOpenSSLKeyDataX509Id)); goto done; } @@ -757,11 +654,7 @@ xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd, if(chain == NULL) { chain = sk_X509_new_null(); if(chain == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "sk_X509_new_null", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_new_null", NULL); goto done; } } @@ -789,23 +682,15 @@ xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd, if(has_cert == 0) { tmpcert = X509_dup(cert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecOpenSSLError("X509_dup", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = sk_X509_push(chain, tmpcert); if(ret < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "sk_X509_push", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecOpenSSLError("sk_X509_push", + xmlSecKeyDataGetName(x509Data)); X509_free(tmpcert); goto done; } @@ -813,12 +698,8 @@ xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd, ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(x509Data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); goto done; } cert = NULL; @@ -828,46 +709,30 @@ xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd, tmpcert = X509_dup(sk_X509_value(chain, i)); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecOpenSSLError("X509_dup", + xmlSecKeyDataGetName(x509Data)); X509_free(tmpcert); goto done; } ret = xmlSecOpenSSLKeyDataX509AdoptCert(x509Data, tmpcert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); goto done; } } key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(x509Data)); xmlSecKeyDestroy(key); key = NULL; goto done; @@ -876,12 +741,8 @@ xmlSecOpenSSLAppPkcs12LoadBIO(BIO* bio, const char *pwd, ret = xmlSecKeyAdoptData(key, x509Data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); xmlSecKeyDestroy(key); key = NULL; goto done; @@ -930,22 +791,14 @@ xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) { /* load cert */ cert = xmlSecOpenSSLAppCertLoadBIO(bio, format); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppCertLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppCertLoadBIO", NULL); return(NULL); } /* get key value */ keyData = xmlSecOpenSSLX509CertGetKey(cert); if(keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509CertGetKey", NULL); X509_free(cert); return(NULL); } @@ -953,11 +806,7 @@ xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) { /* create key */ key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); xmlSecKeyDataDestroy(keyData); X509_free(cert); return(NULL); @@ -966,11 +815,7 @@ xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) { /* set key value */ ret = xmlSecKeySetValue(key, keyData); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", NULL); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(keyData); X509_free(cert); @@ -980,11 +825,7 @@ xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) { /* create cert data */ certData = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id); if(certData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", NULL); xmlSecKeyDestroy(key); X509_free(cert); return(NULL); @@ -993,11 +834,7 @@ xmlSecOpenSSLAppKeyFromCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) { /* put cert in the cert data */ ret = xmlSecOpenSSLKeyDataX509AdoptCert(certData, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", NULL); xmlSecKeyDestroy(key); X509_free(cert); return(NULL); @@ -1032,25 +869,15 @@ xmlSecOpenSSLAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, bio = BIO_new_file(filename, "rb"); if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_file", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecOpenSSLError2("BIO_new_file", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(-1); } ret = xmlSecOpenSSLAppKeysMngrCertLoadBIO(mngr, bio, format, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppKeysMngrCertLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s;errno=%d", - xmlSecErrorsSafeString(filename), - errno); + xmlSecInternalError2("xmlSecOpenSSLAppKeysMngrCertLoadBIO", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); BIO_free(bio); return(-1); } @@ -1086,22 +913,14 @@ xmlSecOpenSSLAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* /* this would be a read only BIO, cast from const is ok */ bio = BIO_new_mem_buf((void*)data, dataSize); if(bio == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new_mem_buf", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "errno=%d", - errno); + xmlSecOpenSSLError2("BIO_new_mem_buf", NULL, + "dataSize=%lu", (unsigned long)dataSize); return(-1); } ret = xmlSecOpenSSLAppKeysMngrCertLoadBIO(mngr, bio, format, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppKeysMngrCertLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppKeysMngrCertLoadBIO", NULL); BIO_free(bio); return(-1); } @@ -1135,31 +954,19 @@ xmlSecOpenSSLAppKeysMngrCertLoadBIO(xmlSecKeysMngrPtr mngr, BIO* bio, x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLX509StoreId"); + xmlSecInternalError("xmlSecKeysMngrGetDataStore(xmlSecOpenSSLX509StoreId)", NULL); return(-1); } cert = xmlSecOpenSSLAppCertLoadBIO(bio, format); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLAppCertLoadBIO", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLAppCertLoadBIO", NULL); return(-1); } ret = xmlSecOpenSSLX509StoreAdoptCert(x509Store, cert, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509StoreAdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509StoreAdoptCert", NULL); X509_free(cert); return(-1); } @@ -1186,21 +993,14 @@ xmlSecOpenSSLAppKeysMngrAddCertsPath(xmlSecKeysMngrPtr mngr, const char *path) { x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLX509StoreId"); + xmlSecInternalError("xmlSecKeysMngrGetDataStore(xmlSecOpenSSLX509StoreId)", NULL); return(-1); } ret = xmlSecOpenSSLX509StoreAddCertsPath(x509Store, path); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509StoreAddCertsPath", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "path=%s", xmlSecErrorsSafeString(path)); + xmlSecInternalError2("xmlSecOpenSSLX509StoreAddCertsPath", NULL, + "path=%s", xmlSecErrorsSafeString(path)); return(-1); } @@ -1210,7 +1010,7 @@ xmlSecOpenSSLAppKeysMngrAddCertsPath(xmlSecKeysMngrPtr mngr, const char *path) { /** * xmlSecOpenSSLAppKeysMngrAddCertsFile: * @mngr: the keys manager. - * @file: the file containing trusted certificates. + * @filename: the file containing trusted certificates. * * Reads certs from @file and adds to the list of trusted certificates. * It is possible for @file to contain multiple certs. @@ -1218,30 +1018,23 @@ xmlSecOpenSSLAppKeysMngrAddCertsPath(xmlSecKeysMngrPtr mngr, const char *path) { * Returns: 0 on success or a negative value otherwise. */ int -xmlSecOpenSSLAppKeysMngrAddCertsFile(xmlSecKeysMngrPtr mngr, const char *file) { +xmlSecOpenSSLAppKeysMngrAddCertsFile(xmlSecKeysMngrPtr mngr, const char *filename) { xmlSecKeyDataStorePtr x509Store; int ret; xmlSecAssert2(mngr != NULL, -1); - xmlSecAssert2(file != NULL, -1); + xmlSecAssert2(filename != NULL, -1); x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLX509StoreId"); + xmlSecInternalError("xmlSecKeysMngrGetDataStore(xmlSecOpenSSLX509StoreId)", NULL); return(-1); } - ret = xmlSecOpenSSLX509StoreAddCertsFile(x509Store, file); + ret = xmlSecOpenSSLX509StoreAddCertsFile(x509Store, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509StoreAddCertsFile", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "file=%s", xmlSecErrorsSafeString(file)); + xmlSecInternalError2("xmlSecOpenSSLX509StoreAddCertsFile", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(-1); } @@ -1260,11 +1053,7 @@ xmlSecOpenSSLAppCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) { case xmlSecKeyDataFormatCertPem: cert = PEM_read_bio_X509_AUX(bio, NULL, NULL, NULL); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PEM_read_bio_X509_AUX", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("PEM_read_bio_X509_AUX", NULL); return(NULL); } break; @@ -1272,20 +1061,13 @@ xmlSecOpenSSLAppCertLoadBIO(BIO* bio, xmlSecKeyDataFormat format) { case xmlSecKeyDataFormatCertDer: cert = d2i_X509_bio(bio, NULL); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_X509_bio", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("d2i_X509_bio", NULL); return(NULL); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(NULL); } @@ -1315,21 +1097,13 @@ xmlSecOpenSSLAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(keysStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptKeysStore", NULL); xmlSecKeyStoreDestroy(keysStore); return(-1); } @@ -1337,11 +1111,7 @@ xmlSecOpenSSLAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { ret = xmlSecOpenSSLKeysMngrInit(mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLKeysMngrInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeysMngrInit", NULL); return(-1); } @@ -1370,21 +1140,13 @@ xmlSecOpenSSLAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSimpleKeysStoreAdoptKey", NULL); return(-1); } @@ -1411,21 +1173,14 @@ xmlSecOpenSSLAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreLoad", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecSimpleKeysStoreLoad", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -1453,21 +1208,14 @@ xmlSecOpenSSLAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreSave(store, filename, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreSave", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename%s", xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecSimpleKeysStoreSave", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(-1); } @@ -1482,25 +1230,25 @@ static int seeded = 0; static int egdsocket = 0; static int -xmlSecOpenSSLAppLoadRANDFile(const char *file) { +xmlSecOpenSSLAppLoadRANDFile(const char *filename) { char buffer[1024]; - if(file == NULL) { - file = RAND_file_name(buffer, sizeof(buffer)); - }else if(RAND_egd(file) > 0) { + if(filename == NULL) { + filename = RAND_file_name(buffer, sizeof(buffer)); +#ifndef OPENSSL_NO_EGD + }else if(RAND_egd(filename) > 0) { /* we try if the given filename is an EGD socket. * if it is, we don't write anything back to the file. */ egdsocket = 1; return 1; +#endif } - if((file == NULL) || !RAND_load_file(file, -1)) { + if((filename == NULL) || !RAND_load_file(filename, -1)) { if(RAND_status() == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "RAND_load_file", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "file=%s", xmlSecErrorsSafeString(file)); + xmlSecOpenSSLError2("RAND_load_file", NULL, + "filename=%s", + xmlSecErrorsSafeString(filename)); return 0; } } @@ -1509,7 +1257,7 @@ xmlSecOpenSSLAppLoadRANDFile(const char *file) { } static int -xmlSecOpenSSLAppSaveRANDFile(const char *file) { +xmlSecOpenSSLAppSaveRANDFile(const char *filename) { char buffer[1024]; if(egdsocket || !seeded) { @@ -1520,16 +1268,12 @@ xmlSecOpenSSLAppSaveRANDFile(const char *file) { return 0; } - if(file == NULL) { - file = RAND_file_name(buffer, sizeof(buffer)); + if(filename == NULL) { + filename = RAND_file_name(buffer, sizeof(buffer)); } - if((file == NULL) || !RAND_write_file(file)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "RAND_write_file", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "file=%s", - xmlSecErrorsSafeString(file)); + if((filename == NULL) || !RAND_write_file(filename)) { + xmlSecOpenSSLError2("RAND_write_file", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return 0; } @@ -1560,47 +1304,44 @@ xmlSecOpenSSLDefaultPasswordCallback(char *buf, int bufsize, int verify, void *u /* try 3 times */ for(i = 0; i < 3; i++) { if(filename != NULL) { - xmlSecStrPrintf(prompt, sizeof(prompt), "Enter password for \"%s\" file: ", filename); + ret = xmlStrPrintf(prompt, sizeof(prompt), "Enter password for \"%s\" file: ", filename); } else { - xmlSecStrPrintf(prompt, sizeof(prompt), "Enter password: "); + ret = xmlStrPrintf(prompt, sizeof(prompt), "Enter password: "); + } + if(ret < 0) { + xmlSecXmlError("xmlStrPrintf", NULL); + return(-1); } + ret = EVP_read_pw_string(buf, bufsize, (char*)prompt, 0); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_read_pw_string", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_read_pw_string", NULL); return(-1); } /* if we don't need to verify password then we are done */ if(verify == 0) { - return(strlen(buf)); + return((int)strlen(buf)); } if(filename != NULL) { - xmlSecStrPrintf(prompt, sizeof(prompt), "Enter password for \"%s\" file again: ", filename); + ret = xmlStrPrintf(prompt, sizeof(prompt), "Enter password for \"%s\" file again: ", filename); } else { - xmlSecStrPrintf(prompt, sizeof(prompt), "Enter password again: "); + ret = xmlStrPrintf(prompt, sizeof(prompt), "Enter password again: "); + } + if(ret < 0) { + xmlSecXmlError("xmlStrPrintf", NULL); + return(-1); } buf2 = (char*)xmlMalloc(bufsize); if(buf2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", bufsize); + xmlSecMallocError(bufsize, NULL); return(-1); } ret = EVP_read_pw_string(buf2, bufsize, (char*)prompt, 0); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_read_pw_string", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_read_pw_string", NULL); memset(buf2, 0, bufsize); xmlFree(buf2); return(-1); @@ -1609,8 +1350,8 @@ xmlSecOpenSSLDefaultPasswordCallback(char *buf, int bufsize, int verify, void *u /* check if passwords match */ if(strcmp(buf, buf2) == 0) { memset(buf2, 0, bufsize); - xmlFree(buf2); - return(strlen(buf)); + xmlFree(buf2); + return((int)strlen(buf)); } /* try again */ @@ -1625,14 +1366,25 @@ static int xmlSecOpenSSLDummyPasswordCallback(char *buf, int bufsize, int verify ATTRIBUTE_UNUSED, void *userdata) { - char* password = (char*)userdata; + char* password; + int passwordlen; + UNREFERENCED_PARAMETER(verify); - if((password == NULL) || ((int)strlen(password) + 1 > bufsize)) { + password = (char*)userdata; + if(password == NULL) { + return(-1); + } + passwordlen = (int)strlen(password); + if(passwordlen + 1 > bufsize) { return(-1); } - strncpy(buf, password, strlen(password) + 1); +#ifdef WIN32 + strcpy_s(buf, bufsize, password); +#else /* WIN32 */ + strcpy(buf, password); +#endif /* WIN32 */ - return (strlen(buf)); + return (passwordlen); } diff --git a/src/openssl/bn.c b/src/openssl/bn.c index db186d11..f0f5eb45 100644 --- a/src/openssl/bn.c +++ b/src/openssl/bn.c @@ -1,21 +1,29 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * Reading/writing BIGNUM values * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:bn + * @Short_description: Big numbers (BIGNUM) support functions implementation for OpenSSL. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> #include <string.h> +#include <openssl/bn.h> #include <libxml/tree.h> #include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> #include <xmlsec/buffer.h> #include <xmlsec/base64.h> #include <xmlsec/errors.h> @@ -25,7 +33,7 @@ /** * xmlSecOpenSSLNodeGetBNValue: - * @cur: the poitner to an XML node. + * @cur: the pointer to an XML node. * @a: the BIGNUM buffer. * * Converts the node content from CryptoBinary format @@ -45,32 +53,21 @@ xmlSecOpenSSLNodeGetBNValue(const xmlNodePtr cur, BIGNUM **a) { ret = xmlSecBufferInitialize(&buf, 128); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferBase64NodeContentRead(&buf, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", NULL); xmlSecBufferFinalize(&buf); return(NULL); } (*a) = BN_bin2bn(xmlSecBufferGetData(&buf), xmlSecBufferGetSize(&buf), (*a)); if( (*a) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_bin2bn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError2("BN_bin2bn", NULL, + "size=%lu", (unsigned long)(xmlSecBufferGetSize(&buf))); xmlSecBufferFinalize(&buf); return(NULL); } @@ -105,21 +102,14 @@ xmlSecOpenSSLNodeSetBNValue(xmlNodePtr cur, const BIGNUM *a, int addLineBreaks) ret = xmlSecBufferInitialize(&buf, BN_num_bytes(a) + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", BN_num_bytes(a) + 1); + xmlSecInternalError2("xmlSecBufferInitialize", NULL, + "size=%d", BN_num_bytes(a) + 1); return(-1); } ret = BN_bn2bin(a, xmlSecBufferGetData(&buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_bn2bin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_bn2bin", NULL); xmlSecBufferFinalize(&buf); return(-1); } @@ -127,34 +117,27 @@ xmlSecOpenSSLNodeSetBNValue(xmlNodePtr cur, const BIGNUM *a, int addLineBreaks) ret = xmlSecBufferSetSize(&buf, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%d", size); xmlSecBufferFinalize(&buf); return(-1); } if(addLineBreaks) { - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); } else { xmlNodeSetContent(cur, xmlSecStringEmpty); } ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize()); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentWrite", NULL); xmlSecBufferFinalize(&buf); return(-1); } if(addLineBreaks) { - xmlNodeAddContent(cur, xmlSecStringCR); + xmlNodeAddContent(cur, xmlSecGetDefaultLineFeed()); } xmlSecBufferFinalize(&buf); diff --git a/src/openssl/ciphers.c b/src/openssl/ciphers.c index c93f06b9..35163b33 100644 --- a/src/openssl/ciphers.c +++ b/src/openssl/ciphers.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:ciphers + * @Short_description: Ciphers transforms implementation for OpenSSL. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -20,12 +28,10 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> +#include "openssl_compat.h" -/* new API from OpenSSL 1.1.0 */ -#if !defined(XMLSEC_OPENSSL_110) -#define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) -#endif /* !defined(XMLSEC_OPENSSL_110) */ - +#define xmlSecOpenSSLAesGcmNonceLengthInBytes 12 +#define xmlSecOpenSSLAesGcmTagLengthInBytes 16 /************************************************************************** * @@ -40,6 +46,7 @@ struct _xmlSecOpenSSLEvpBlockCipherCtx { EVP_CIPHER_CTX* cipherCtx; int keyInitialized; int ctxInitialized; + int cbcMode; xmlSecByte key[EVP_MAX_KEY_LENGTH]; xmlSecByte iv[EVP_MAX_IV_LENGTH]; xmlSecByte pad[2*EVP_MAX_BLOCK_LENGTH]; @@ -56,7 +63,8 @@ static int xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(xmlSecOpenSSLEvpBlockC int inSize, xmlSecBufferPtr out, const xmlChar* cipherName, - int final); + int final, + xmlSecByte *tag); static int xmlSecOpenSSLEvpBlockCipherCtxUpdate (xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, @@ -67,6 +75,7 @@ static int xmlSecOpenSSLEvpBlockCipherCtxFinal (xmlSecOpenSSLEvpBlockCi xmlSecBufferPtr out, const xmlChar* cipherName, xmlSecTransformCtxPtr transformCtx); + static int xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, @@ -85,7 +94,13 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecAssert2(out != NULL, -1); xmlSecAssert2(transformCtx != NULL, -1); - ivLen = EVP_CIPHER_iv_length(ctx->cipher); + if(ctx->cbcMode) { + ivLen = EVP_CIPHER_iv_length(ctx->cipher); + } else { + /* This is the nonce length for GCM mode rather than an IV */ + ivLen = xmlSecOpenSSLAesGcmNonceLengthInBytes; + } + xmlSecAssert2(ivLen > 0, -1); xmlSecAssert2((xmlSecSize)ivLen <= sizeof(ctx->iv), -1); @@ -93,22 +108,15 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, /* generate random iv */ ret = RAND_bytes(ctx->iv, ivLen); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "RAND_bytes", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", ivLen); + xmlSecOpenSSLError2("RAND_bytes", cipherName, + "size=%lu", (unsigned long)ivLen); return(-1); } /* write iv to the output */ ret = xmlSecBufferAppend(out, ctx->iv, ivLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ivLen); + xmlSecInternalError2("xmlSecBufferAppend", cipherName, "size=%d", ivLen); return(-1); } @@ -126,11 +134,7 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, /* and remove from input */ ret = xmlSecBufferRemoveHead(in, ivLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ivLen); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, "size=%d", ivLen); return(-1); } } @@ -138,11 +142,7 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, /* set iv */ ret = EVP_CipherInit(ctx->cipherCtx, ctx->cipher, ctx->key, ctx->iv, encrypt); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "EVP_CipherInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_CipherIn", cipherName); return(-1); } @@ -155,18 +155,21 @@ xmlSecOpenSSLEvpBlockCipherCtxInit(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, * * https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Alg-Block */ - EVP_CIPHER_CTX_set_padding(ctx->cipherCtx, 0); + if(ctx->cbcMode) { + EVP_CIPHER_CTX_set_padding(ctx->cipherCtx, 0); + } return(0); } static int xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, - const xmlSecByte * in, - int inSize, - xmlSecBufferPtr out, - const xmlChar* cipherName, - int final) { + const xmlSecByte * in, + int inSize, + xmlSecBufferPtr out, + const xmlChar* cipherName, + int final, + xmlSecByte *tagData) { xmlSecByte* outBuf; xmlSecSize outSize; int blockLen, outLen = 0; @@ -178,9 +181,16 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecAssert2(ctx->keyInitialized != 0, -1); xmlSecAssert2(ctx->ctxInitialized != 0, -1); xmlSecAssert2(in != NULL, -1); - xmlSecAssert2(inSize > 0, -1); xmlSecAssert2(out != NULL, -1); + if (ctx->cbcMode) { + xmlSecAssert2(inSize > 0, -1); + } else { + if (final != 0) { + xmlSecAssert2(tagData != NULL, -1); + } + } + /* OpenSSL docs: If the pad parameter is zero then no padding is performed, the total amount of * data encrypted or decrypted must then be a multiple of the block size or an error will occur. */ @@ -188,27 +198,34 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecAssert2(blockLen > 0, -1); xmlSecAssert2((inSize % blockLen) == 0, -1); - /* prepare: ensure we have enough space (+blockLen for final) */ outSize = xmlSecBufferGetSize(out); - ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)(outSize + inSize + blockLen)); - return(-1); + + if(ctx->cbcMode) { + /* prepare: ensure we have enough space (+blockLen for final) */ + ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecErrorsSafeString(cipherName), + "size=%d", (int)(outSize + inSize + blockLen)); + return(-1); + } + } else { + /* prepare: ensure we have enough space */ + ret = xmlSecBufferSetMaxSize(out, outSize + inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecErrorsSafeString(cipherName), + "size=%d", (int)(outSize + inSize + blockLen)); + return(-1); + } } + outBuf = xmlSecBufferGetData(out) + outSize; /* encrypt/decrypt */ ret = EVP_CipherUpdate(ctx->cipherCtx, outBuf, &outLen, in, inSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "EVP_CipherUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_CipherUpdate", cipherName); return(-1); } xmlSecAssert2(outLen == inSize, -1); @@ -217,27 +234,42 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, if(final != 0) { int outLen2 = 0; + if(ctx->cbcMode == 0) { + if(!EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { + ret = EVP_CIPHER_CTX_ctrl(ctx->cipherCtx, EVP_CTRL_GCM_SET_TAG, + xmlSecOpenSSLAesGcmTagLengthInBytes, tagData); + if(ret != 1) { + xmlSecOpenSSLError("EVP_CIPHER_CTX_ctrl", cipherName); + return(-1); + } + } + } + ret = EVP_CipherFinal(ctx->cipherCtx, outBuf + outLen, &outLen2); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "EVP_CipherFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_CipherFinal", cipherName); return(-1); } + if(ctx->cbcMode == 0) { + if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { + ret = EVP_CIPHER_CTX_ctrl(ctx->cipherCtx, EVP_CTRL_GCM_GET_TAG, + xmlSecOpenSSLAesGcmTagLengthInBytes, tagData); + if(ret != 1) { + xmlSecOpenSSLError("EVP_CIPHER_CTX_ctrl", cipherName); + return(-1); + } + } + } + outLen += outLen2; } /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)(outSize + outLen)); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", (int)(outSize + outLen)); return(-1); } @@ -247,9 +279,9 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, static int xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { + xmlSecBufferPtr in, xmlSecBufferPtr out, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { xmlSecSize inSize, blockLen, inBlocksLen; xmlSecByte* inBuf; int ret; @@ -266,11 +298,21 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecAssert2(blockLen > 0, -1); inSize = xmlSecBufferGetSize(in); - if(inSize <= blockLen) { - /* wait for more data: we want to make sure we keep the last chunk in tmp buffer for - * padding check/removal on decryption - */ - return(0); + + if(ctx->cbcMode) { + if(inSize <= blockLen) { + /* wait for more data: we want to make sure we keep the last chunk in tmp buffer for + * padding check/removal on decryption + */ + return(0); + } + } else { + if(inSize <= xmlSecOpenSSLAesGcmTagLengthInBytes) { + /* In GCM mode during decryption the last 16 bytes of the buffer are the tag. + * Make sure there are always at least 16 bytes left over until we know we're + * processing the last buffer */ + return(0); + } } /* OpenSSL docs: If the pad parameter is zero then no padding is performed, the total amount of @@ -278,54 +320,65 @@ xmlSecOpenSSLEvpBlockCipherCtxUpdate(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, * * We process all complete blocks from the input */ - inBlocksLen = blockLen * (inSize / blockLen); + if(ctx->cbcMode) { + inBlocksLen = blockLen * (inSize / blockLen); + } else { + /* ensure we keep the last 16 bytes around until the Final() call */ + inBlocksLen = blockLen * ((inSize - xmlSecOpenSSLAesGcmTagLengthInBytes) / blockLen); + if(inBlocksLen == 0) { + return(0); + } + } + if(inBlocksLen == inSize) { - inBlocksLen -= blockLen; /* ensure we keep the last block around for Final() call to add/check/remove padding */ + if(ctx->cbcMode) { + inBlocksLen -= blockLen; /* ensure we keep the last block around for Final() call to add/check/remove padding */ + } } xmlSecAssert2(inBlocksLen > 0, -1); inBuf = xmlSecBufferGetData(in); - ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, inBuf, inBlocksLen, out, cipherName, 0); /* not final */ + ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, inBuf, (int)inBlocksLen, out, cipherName, 0, + NULL); /* not final */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - NULL); + xmlSecInternalError("xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", cipherName); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inBlocksLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, "size=%d", (int)inSize); return(-1); } /* just a double check */ inSize = xmlSecBufferGetSize(in); xmlSecAssert2(inSize > 0, -1); - xmlSecAssert2(inSize <= blockLen, -1); + + if(ctx->cbcMode) { + xmlSecAssert2(inSize <= blockLen, -1); + } /* done */ return(0); } static int -xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, - xmlSecBufferPtr out, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { +xmlSecOpenSSLEvpBlockCipherCBCCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, + xmlSecBufferPtr out, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) +{ xmlSecSize inSize, outSize, blockLen; xmlSecByte* inBuf; xmlSecByte* outBuf; int ret; + /* unreferenced parameter */ + (void)transformCtx; + xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->cipher != NULL, -1); xmlSecAssert2(ctx->cipherCtx != NULL, -1); @@ -345,12 +398,12 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, xmlSecAssert2(inSize <= blockLen, -1); /* - * The padding used in XML Enc does not follow RFC 1423 - * and is not supported by OpenSSL. However, it is possible - * to disable padding and do it by yourself - * - * https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Alg-Block - */ + * The padding used in XML Enc does not follow RFC 1423 + * and is not supported by OpenSSL. However, it is possible + * to disable padding and do it by yourself + * + * https://www.w3.org/TR/2002/REC-xmlenc-core-20021210/Overview.html#sec-Alg-Block + */ if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { xmlSecSize padLen; @@ -369,41 +422,30 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, /* generate random padding */ if(padLen > 1) { - ret = RAND_bytes(ctx->pad + inSize, padLen - 1); - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "RAND_bytes", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", (int)(padLen - 1)); + ret = RAND_bytes(ctx->pad + inSize, (int)(padLen - 1)); + if (ret != 1) { + xmlSecOpenSSLError("RAND_bytes", cipherName); return(-1); } } /* set the last byte to the pad length */ - ctx->pad[inSize + padLen - 1] = padLen; + ctx->pad[inSize + padLen - 1] = (xmlSecByte)padLen; /* update the last 1 or 2 blocks with padding */ - ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, ctx->pad, inSize + padLen, out, cipherName, 1); /* final */ + ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, ctx->pad, (int)(inSize + padLen), out, + cipherName, 1, NULL); /* final */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - NULL); + xmlSecInternalError("xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", cipherName); return(-1); } } else { xmlSecSize padLen; /* update the last one block with padding */ - ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, inBuf, inSize, out, cipherName, 1); /* final */ + ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, inBuf, (int)inSize, out, cipherName, 1, NULL); /* final */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - NULL); + xmlSecInternalError("xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", cipherName); return(-1); } @@ -411,24 +453,16 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, outBuf = xmlSecBufferGetData(out); outSize = xmlSecBufferGetSize(out); if(outSize < blockLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "outSize=%d;blockLen=%d", - (int)outSize, (int)blockLen); + xmlSecInvalidIntegerDataError2("outSize", outSize, "blockLen", blockLen, + "outSize >= blockLen", cipherName); return(-1); } /* get the pad length from the last byte */ padLen = (xmlSecSize)(outBuf[outSize - 1]); if(padLen > blockLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "padLen=%d;blockLen=%d", - (int)padLen, (int)blockLen); + xmlSecInvalidIntegerDataError2("padLen", padLen, "blockLen", blockLen, + "padLen <= blockLen", cipherName); return(-1); } xmlSecAssert2(padLen <= outSize, -1); @@ -436,11 +470,7 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, /* remove the padding */ ret = xmlSecBufferRemoveTail(out, padLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveTail", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)padLen); + xmlSecInternalError2("xmlSecBufferRemoveTail", cipherName, "size=%d", (int)padLen); return(-1); } } @@ -448,17 +478,114 @@ xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, "size=%d", (int)inSize); + return(-1); + } + + /* done */ + return(0); + +} + +#ifndef XMLSEC_NO_AES +static int +xmlSecOpenSSLEvpBlockCipherGCMCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, + xmlSecBufferPtr out, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) +{ + xmlSecSize inSize, outSize; + xmlSecByte* inBuf; + xmlSecByte* outBuf; + xmlSecByte tag[xmlSecOpenSSLAesGcmTagLengthInBytes]; + int ret; + + /* unreferenced parameter */ + (void)transformCtx; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != NULL, -1); + xmlSecAssert2(ctx->cipherCtx != NULL, -1); + xmlSecAssert2(ctx->keyInitialized != 0, -1); + xmlSecAssert2(ctx->ctxInitialized != 0, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + inSize = xmlSecBufferGetSize(in); + inBuf = xmlSecBufferGetData(in); + + if(EVP_CIPHER_CTX_encrypting(ctx->cipherCtx)) { + ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, inBuf, (int)inSize, out, cipherName, + 1, tag); /* final */ + if(ret < 0) { + xmlSecInternalError("xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", cipherName); + return(-1); + } + + /* get the tag and add to the output */ + outSize = xmlSecBufferGetSize(out); + ret = xmlSecBufferSetMaxSize(out, outSize + xmlSecOpenSSLAesGcmTagLengthInBytes); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferSetMaxSize", cipherName); + return(-1); + } + outBuf = xmlSecBufferGetData(out) + outSize; + memcpy(outBuf, tag, xmlSecOpenSSLAesGcmTagLengthInBytes); + ret = xmlSecBufferSetSize(out, outSize + xmlSecOpenSSLAesGcmTagLengthInBytes); + if(ret < 0) { + xmlSecInternalError("xmlSecBufferSetSize", cipherName); + return(-1); + } + } else { + /* There must be at least 16 bytes in the buffer - the tag and anything left over */ + xmlSecAssert2(inSize >= xmlSecOpenSSLAesGcmTagLengthInBytes, -1); + + /* extract the tag */ + memcpy(tag, inBuf + inSize - xmlSecOpenSSLAesGcmTagLengthInBytes, + xmlSecOpenSSLAesGcmTagLengthInBytes); + xmlSecBufferRemoveTail(in, xmlSecOpenSSLAesGcmTagLengthInBytes); + + inBuf = xmlSecBufferGetData(in); + inSize = xmlSecBufferGetSize(in); + + /* Decrypt anything remaining and verify the tag */ + ret = xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock(ctx, inBuf, (int)inSize, out, cipherName, + 1, tag); /* final */ + if(ret < 0) { + xmlSecInternalError("xmlSecOpenSSLEvpBlockCipherCtxUpdateBlock", cipherName); + return(-1); + } + } + + /* remove the processed data from input */ + ret = xmlSecBufferRemoveHead(in, inSize); + if(ret < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, "size=%d", (int)inSize); return(-1); } /* done */ return(0); } +#endif + +static int +xmlSecOpenSSLEvpBlockCipherCtxFinal(xmlSecOpenSSLEvpBlockCipherCtxPtr ctx, + xmlSecBufferPtr in, + xmlSecBufferPtr out, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) +{ + xmlSecAssert2(ctx != NULL, -1); + + if (ctx->cbcMode) { + return xmlSecOpenSSLEvpBlockCipherCBCCtxFinal(ctx, in, out, cipherName, transformCtx); + } else { + return xmlSecOpenSSLEvpBlockCipherGCMCtxFinal(ctx, in, out, cipherName, transformCtx); + } +} /****************************************************************************** @@ -497,7 +624,10 @@ xmlSecOpenSSLEvpBlockCipherCheckId(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_AES if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes128CbcId) || xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes192CbcId) || - xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes256CbcId)) { + xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes256CbcId) || + xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes128GcmId) || + xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes192GcmId) || + xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformAes256GcmId)) { return(1); } @@ -522,6 +652,7 @@ xmlSecOpenSSLEvpBlockCipherInitialize(xmlSecTransformPtr transform) { if(transform->id == xmlSecOpenSSLTransformDes3CbcId) { ctx->cipher = EVP_des_ede3_cbc(); ctx->keyId = xmlSecOpenSSLKeyDataDesId; + ctx->cbcMode = 1; } else #endif /* XMLSEC_NO_DES */ @@ -529,32 +660,40 @@ xmlSecOpenSSLEvpBlockCipherInitialize(xmlSecTransformPtr transform) { if(transform->id == xmlSecOpenSSLTransformAes128CbcId) { ctx->cipher = EVP_aes_128_cbc(); ctx->keyId = xmlSecOpenSSLKeyDataAesId; + ctx->cbcMode = 1; } else if(transform->id == xmlSecOpenSSLTransformAes192CbcId) { ctx->cipher = EVP_aes_192_cbc(); ctx->keyId = xmlSecOpenSSLKeyDataAesId; + ctx->cbcMode = 1; } else if(transform->id == xmlSecOpenSSLTransformAes256CbcId) { ctx->cipher = EVP_aes_256_cbc(); ctx->keyId = xmlSecOpenSSLKeyDataAesId; + ctx->cbcMode = 1; + } else if(transform->id == xmlSecOpenSSLTransformAes128GcmId) { + ctx->cipher = EVP_aes_128_gcm(); + ctx->keyId = xmlSecOpenSSLKeyDataAesId; + ctx->cbcMode = 0; + } else if(transform->id == xmlSecOpenSSLTransformAes192GcmId) { + ctx->cipher = EVP_aes_192_gcm(); + ctx->keyId = xmlSecOpenSSLKeyDataAesId; + ctx->cbcMode = 0; + } else if(transform->id == xmlSecOpenSSLTransformAes256GcmId) { + ctx->cipher = EVP_aes_256_gcm(); + ctx->keyId = xmlSecOpenSSLKeyDataAesId; + ctx->cbcMode = 0; } else #endif /* XMLSEC_NO_AES */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* create cipher ctx */ ctx->cipherCtx = EVP_CIPHER_CTX_new(); if(ctx->cipherCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_CIPHER_CTX_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_CIPHER_CTX_new", + xmlSecTransformGetName(transform)); return(-1); } @@ -595,7 +734,7 @@ xmlSecOpenSSLEvpBlockCipherSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReq xmlSecAssert2(ctx->keyId != NULL, -1); keyReq->keyId = ctx->keyId; - keyReq->keyType = xmlSecKeyDataTypeSymmetric; + keyReq->keyType = xmlSecKeyDataTypeSymmetric; if(transform->operation == xmlSecTransformOperationEncrypt) { keyReq->keyUsage = xmlSecKeyUsageEncrypt; } else { @@ -635,12 +774,8 @@ xmlSecOpenSSLEvpBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) < (xmlSecSize)cipherKeyLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "keySize=%d;expected=%d", - (int)xmlSecBufferGetSize(buffer), (int)cipherKeyLen); + xmlSecInvalidKeyDataSizeError(xmlSecBufferGetSize(buffer), cipherKeyLen, + xmlSecTransformGetName(transform)); return(-1); } @@ -678,47 +813,35 @@ xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSe (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpBlockCipherCtxInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpBlockCipherCtxInit", + xmlSecTransformGetName(transform)); return(-1); } } if((ctx->ctxInitialized == 0) && (last != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "not enough data to initialize transform"); + xmlSecInvalidDataError("not enough data to initialize transform", + xmlSecTransformGetName(transform)); return(-1); } if(ctx->ctxInitialized != 0) { ret = xmlSecOpenSSLEvpBlockCipherCtxUpdate(ctx, in, out, - xmlSecTransformGetName(transform), - transformCtx); + xmlSecTransformGetName(transform), + transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpBlockCipherCtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpBlockCipherCtxUpdate", + xmlSecTransformGetName(transform)); return(-1); } } if(last != 0) { ret = xmlSecOpenSSLEvpBlockCipherCtxFinal(ctx, in, out, - xmlSecTransformGetName(transform), - transformCtx); + xmlSecTransformGetName(transform), + transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpBlockCipherCtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpBlockCipherCtxFinal", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -733,11 +856,7 @@ xmlSecOpenSSLEvpBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSe /* the only way we can get here is if there is no enough data in the input */ xmlSecAssert2(last == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", (int)(transform->status)); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -868,6 +987,126 @@ xmlSecOpenSSLTransformAes256CbcGetKlass(void) { return(&xmlSecOpenSSLAes256CbcKlass); } +static xmlSecTransformKlass xmlSecOpenSSLAes128GcmKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes128Gcm, /* const xmlChar* name; */ + xmlSecHrefAes128Gcm, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** +* xmlSecOpenSSLTransformAes128GcmGetKlass: +* +* AES 128 GCM encryption transform klass. +* +* Returns: pointer to AES 128 GCM encryption transform. +*/ +xmlSecTransformId +xmlSecOpenSSLTransformAes128GcmGetKlass(void) +{ + return(&xmlSecOpenSSLAes128GcmKlass); +} + +static xmlSecTransformKlass xmlSecOpenSSLAes192GcmKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes192Gcm, /* const xmlChar* name; */ + xmlSecHrefAes192Gcm, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** +* xmlSecOpenSSLTransformAes192GcmGetKlass: +* +* AES 192 GCM encryption transform klass. +* +* Returns: pointer to AES 192 GCM encryption transform. +*/ +xmlSecTransformId +xmlSecOpenSSLTransformAes192GcmGetKlass(void) +{ + return(&xmlSecOpenSSLAes192GcmKlass); +} + +static xmlSecTransformKlass xmlSecOpenSSLAes256GcmKlass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecOpenSSLEvpBlockCipherSize, /* xmlSecSize objSize */ + + xmlSecNameAes256Gcm, /* const xmlChar* name; */ + xmlSecHrefAes256Gcm, /* const xmlChar* href; */ + xmlSecTransformUsageEncryptionMethod, /* xmlSecAlgorithmUsage usage; */ + + xmlSecOpenSSLEvpBlockCipherInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecOpenSSLEvpBlockCipherFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecOpenSSLEvpBlockCipherSetKeyReq, /* xmlSecTransformSetKeyMethod setKeyReq; */ + xmlSecOpenSSLEvpBlockCipherSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + NULL, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecOpenSSLEvpBlockCipherExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** +* xmlSecOpenSSLTransformAes256GcmGetKlass: +* +* AES 256 GCM encryption transform klass. +* +* Returns: pointer to AES 256 GCM encryption transform. +*/ +xmlSecTransformId +xmlSecOpenSSLTransformAes256GcmGetKlass(void) +{ + return(&xmlSecOpenSSLAes256GcmKlass); +} + #endif /* XMLSEC_NO_AES */ #ifndef XMLSEC_NO_DES diff --git a/src/openssl/crypto.c b/src/openssl/crypto.c index b70eb731..5be249fa 100644 --- a/src/openssl/crypto.c +++ b/src/openssl/crypto.c @@ -1,18 +1,23 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:crypto + * @Short_description: Crypto transforms implementation for OpenSSL. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> -#include <openssl/evp.h> -#include <openssl/rand.h> - #include <xmlsec/xmlsec.h> #include <xmlsec/keys.h> #include <xmlsec/keysmngr.h> @@ -21,6 +26,9 @@ #include <xmlsec/dl.h> #include <xmlsec/private.h> +#include <openssl/x509.h> +#include <openssl/evp.h> +#include <openssl/rand.h> #include <xmlsec/openssl/app.h> #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/x509.h> @@ -120,6 +128,9 @@ xmlSecCryptoGetFunctions_openssl(void) { gXmlSecOpenSSLFunctions->transformAes128CbcGetKlass = xmlSecOpenSSLTransformAes128CbcGetKlass; gXmlSecOpenSSLFunctions->transformAes192CbcGetKlass = xmlSecOpenSSLTransformAes192CbcGetKlass; gXmlSecOpenSSLFunctions->transformAes256CbcGetKlass = xmlSecOpenSSLTransformAes256CbcGetKlass; + gXmlSecOpenSSLFunctions->transformAes128GcmGetKlass = xmlSecOpenSSLTransformAes128GcmGetKlass; + gXmlSecOpenSSLFunctions->transformAes192GcmGetKlass = xmlSecOpenSSLTransformAes192GcmGetKlass; + gXmlSecOpenSSLFunctions->transformAes256GcmGetKlass = xmlSecOpenSSLTransformAes256GcmGetKlass; gXmlSecOpenSSLFunctions->transformKWAes128GetKlass = xmlSecOpenSSLTransformKWAes128GetKlass; gXmlSecOpenSSLFunctions->transformKWAes192GetKlass = xmlSecOpenSSLTransformKWAes192GetKlass; gXmlSecOpenSSLFunctions->transformKWAes256GetKlass = xmlSecOpenSSLTransformKWAes256GetKlass; @@ -318,30 +329,18 @@ int xmlSecOpenSSLInit (void) { /* Check loaded xmlsec library version */ if(xmlSecCheckVersionExact() != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCheckVersionExact", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCheckVersionExact", NULL); return(-1); } if(xmlSecOpenSSLErrorsInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLErrorsInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLErrorsInit", NULL); return(-1); } /* register our klasses */ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_openssl()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL); return(-1); } @@ -382,21 +381,13 @@ xmlSecOpenSSLKeysMngrInit(xmlSecKeysMngrPtr mngr) { x509Store = xmlSecKeyDataStoreCreate(xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLX509StoreId"); + xmlSecInternalError("xmlSecKeyDataStoreCreate(xmlSecOpenSSLX509StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptDataStore", NULL); xmlSecKeyDataStoreDestroy(x509Store); return(-1); } @@ -423,22 +414,15 @@ xmlSecOpenSSLGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { ret = xmlSecBufferSetSize(buffer, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", size); return(-1); } /* get random data */ ret = RAND_bytes((xmlSecByte*)xmlSecBufferGetData(buffer), size); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "RAND_bytes", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", size); + xmlSecOpenSSLError2("RAND_bytes", NULL, + "size=%lu", (unsigned long)size); return(-1); } return(0); @@ -454,13 +438,12 @@ xmlSecOpenSSLGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { * @reason: the error code. * @msg: the additional error message. * - * The default OpenSSL errors reporting callback function. + * The errors reporting callback function. */ void xmlSecOpenSSLErrorsDefaultCallback(const char* file, int line, const char* func, const char* errorObject, const char* errorSubject, int reason, const char* msg) { - ERR_put_error(XMLSEC_OPENSSL_ERRORS_LIB, XMLSEC_OPENSSL_ERRORS_FUNCTION, reason, file, line); @@ -471,6 +454,7 @@ xmlSecOpenSSLErrorsDefaultCallback(const char* file, int line, const char* func, static int xmlSecOpenSSLErrorsInit(void) { +#ifndef OPENSSL_IS_BORINGSSL static ERR_STRING_DATA xmlSecOpenSSLStrReasons[XMLSEC_ERRORS_MAX_NUMBER + 1]; static ERR_STRING_DATA xmlSecOpenSSLStrLib[]= { { ERR_PACK(XMLSEC_OPENSSL_ERRORS_LIB,0,0), "xmlsec routines"}, @@ -493,6 +477,7 @@ xmlSecOpenSSLErrorsInit(void) { ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrLib); /* define xmlsec lib name */ ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrDefReason); /* define default reason */ ERR_load_strings(XMLSEC_OPENSSL_ERRORS_LIB, xmlSecOpenSSLStrReasons); +#endif /* OPENSSL_IS_BORINGSSL */ /* and set default errors callback for xmlsec to us */ xmlSecErrorsSetCallback(xmlSecOpenSSLErrorsDefaultCallback); @@ -518,11 +503,7 @@ xmlSecOpenSSLSetDefaultTrustedCertsFolder(const xmlChar* path) { if(path != NULL) { gXmlSecOpenSSLTrustedCertsFolder = xmlStrdup(BAD_CAST path); if(gXmlSecOpenSSLTrustedCertsFolder == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(BAD_CAST path, NULL); return(-1); } } @@ -541,6 +522,3 @@ const xmlChar* xmlSecOpenSSLGetDefaultTrustedCertsFolder(void) { return(gXmlSecOpenSSLTrustedCertsFolder); } - - - diff --git a/src/openssl/digests.c b/src/openssl/digests.c index 5ec5299a..537a7399 100644 --- a/src/openssl/digests.c +++ b/src/openssl/digests.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:digests + * @Short_description: Digests transforms implementation for OpenSSL. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -19,16 +27,7 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> - -/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html): - * - * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. - */ -#if !defined(XMLSEC_OPENSSL_110) -#define EVP_MD_CTX_new() EVP_MD_CTX_create() -#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) -#endif /* !defined(XMLSEC_OPENSSL_110) */ - +#include "openssl_compat.h" /************************************************************************** * @@ -131,8 +130,6 @@ xmlSecOpenSSLEvpDigestCheckId(xmlSecTransformPtr transform) { { return(0); } - - return(0); } static int @@ -194,11 +191,7 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) { if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformGostR3411_94Id)) { ctx->digest = EVP_get_digestbyname("md_gost94"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else @@ -209,11 +202,7 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) { ctx->digest = EVP_get_digestbyname("md_gost12_256"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else @@ -222,33 +211,22 @@ xmlSecOpenSSLEvpDigestInitialize(xmlSecTransformPtr transform) { ctx->digest = EVP_get_digestbyname("md_gost12_512"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else #endif /* XMLSEC_NO_GOST2012 */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* create digest CTX */ ctx->digestCtx = EVP_MD_CTX_new(); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_MD_CTX_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_MD_CTX_new", + xmlSecTransformGetName(transform)); return(-1); } @@ -291,24 +269,17 @@ xmlSecOpenSSLEvpDigestVerify(xmlSecTransformPtr transform, xmlSecAssert2(ctx->dgstSize > 0, -1); if(dataSize != ctx->dgstSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data_size=%d;dgst_size=%d", - dataSize, ctx->dgstSize); + xmlSecInvalidSizeError("Digest", dataSize, ctx->dgstSize, + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; - return -1; + return(0); } if(memcmp(ctx->dgst, data, ctx->dgstSize) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data and digest do not match"); + xmlSecInvalidDataError("data and digest do not match", + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; - return -1; + return(0); } transform->status = xmlSecTransformStatusOk; @@ -340,11 +311,8 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran if(transform->status == xmlSecTransformStatusNone) { ret = EVP_DigestInit(ctx->digestCtx, ctx->digest); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_DigestInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_DigestInit", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -357,21 +325,17 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran if(inSize > 0) { ret = EVP_DigestUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_DigestUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", inSize); + xmlSecOpenSSLError2("EVP_DigestUpdate", + xmlSecTransformGetName(transform), + "size=%lu", (unsigned long)inSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -382,11 +346,8 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran ret = EVP_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_DigestFinal", + xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(dgstSize > 0, -1); @@ -396,11 +357,9 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ctx->dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", ctx->dgstSize); return(-1); } } @@ -410,11 +369,7 @@ xmlSecOpenSSLEvpDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTran /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/openssl/evp.c b/src/openssl/evp.c index 328602bc..7c008bf7 100644 --- a/src/openssl/evp.c +++ b/src/openssl/evp.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:evp + * @Short_description: Private/public (EVP) keys implementation for OpenSSL. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -19,10 +27,149 @@ #include <xmlsec/keyinfo.h> #include <xmlsec/transforms.h> #include <xmlsec/errors.h> +#include <xmlsec/private.h> #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/bn.h> #include <xmlsec/openssl/evp.h> +#include "openssl_compat.h" + +/****************************************************************************** + * + * OpenSSL 1.1.0 compatibility + * + *****************************************************************************/ +#if !defined(XMLSEC_OPENSSL_API_110) + +#ifndef XMLSEC_NO_RSA + +static inline void RSA_get0_key(const RSA *r, const BIGNUM **n, const BIGNUM **e, const BIGNUM **d) { + xmlSecAssert(r != NULL); + + if(n != NULL) { + (*n) = r->n; + } + if(e != NULL) { + (*e) = r->e; + } + if(d != NULL) { + (*d) = r->d; + } +} + +static inline int RSA_test_flags(const RSA *r, int flags) { + xmlSecAssert2(r != NULL, 0); + return(r->flags & flags); +} + +static inline int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d) { + xmlSecAssert2(r != NULL, 0); + + if(((r->n == NULL) && (n == NULL)) || ((r->e == NULL) && (e == NULL))) { + return(0); + } + if(n != NULL) { + BN_free(r->n); + r->n = n; + } + if(e != NULL) { + BN_free(r->e); + r->e = e; + } + if(d != NULL) { + BN_free(r->d); + r->d = d; + } + return(1); +} +#endif /* XMLSEC_NO_RSA */ + + +#ifndef XMLSEC_NO_DSA + +static inline void DSA_get0_pqg(const DSA *d, const BIGNUM **p, const BIGNUM **q, const BIGNUM **g) { + xmlSecAssert(d != NULL); + + if(p != NULL) { + (*p) = d->p; + } + if(q != NULL) { + (*q) = d->q; + } + if(g != NULL) { + (*g) = d->g; + } +} + +static inline void DSA_get0_key(const DSA *d, const BIGNUM **pub_key, const BIGNUM **priv_key) { + xmlSecAssert(d != NULL); + + if(pub_key != NULL) { + (*pub_key) = d->pub_key; + } + if(priv_key != NULL) { + (*priv_key) = d->priv_key; + } +} + +static inline ENGINE *DSA_get0_engine(DSA *d) { + xmlSecAssert2(d != NULL, NULL); + return(d->engine); +} + +static inline int DSA_set0_pqg(DSA *d, BIGNUM *p, BIGNUM *q, BIGNUM *g) { + xmlSecAssert2(d != NULL, 0); + + if(((d->p == NULL) && (p == NULL)) || ((d->q == NULL) && (q == NULL)) || ((d->g == NULL) && (g == NULL))) { + return(0); + } + + if(p != NULL) { + BN_free(d->p); + d->p = p; + } + if(q != NULL) { + BN_free(d->q); + d->q = q; + } + if(g != NULL) { + BN_free(d->g); + d->g = g; + } + return(1); +} + +static inline int DSA_set0_key(DSA *d, BIGNUM *pub_key, BIGNUM *priv_key) { + xmlSecAssert2(d != NULL, 0); + + if((d->pub_key == NULL) && (pub_key == NULL)) { + return(0); + } + + if(pub_key != NULL) { + BN_free(d->pub_key); + d->pub_key = pub_key; + } + if(priv_key != NULL) { + BN_free(d->priv_key); + d->priv_key = priv_key; + } + return(1); +} +#endif /* XMLSEC_NO_DSA */ + +#endif /* !defined(XMLSEC_OPENSSL_API_110) */ + +#ifdef OPENSSL_IS_BORINGSSL +#ifndef XMLSEC_NO_RSA +static inline int RSA_test_flags(const RSA *r, int flags) { + xmlSecAssert2(r != NULL, 0); + return(r->flags & flags); +} +#endif /* XMLSEC_NO_RSA */ + +#endif /* OPENSSL_IS_BORINGSSL */ + /************************************************************************** * @@ -135,11 +282,8 @@ xmlSecOpenSSLEvpKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(ctxSrc->pKey != NULL) { ctxDst->pKey = xmlSecOpenSSLEvpKeyDup(ctxSrc->pKey); if(ctxDst->pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecOpenSSLEvpKeyDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDup", + xmlSecKeyDataGetName(dst)); return(-1); } } @@ -182,13 +326,9 @@ xmlSecOpenSSLEvpKeyDup(EVP_PKEY* pKey) { xmlSecAssert2(pKey != NULL, NULL); - ret = CRYPTO_add(&pKey->references,1,CRYPTO_LOCK_EVP_PKEY); + ret = EVP_PKEY_up_ref(pKey); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CRYPTO_add", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_up_ref", NULL); return(NULL); } @@ -210,16 +350,12 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) { xmlSecAssert2(pKey != NULL, NULL); - switch(pKey->type) { + switch(EVP_PKEY_base_id(pKey)) { #ifndef XMLSEC_NO_RSA case EVP_PKEY_RSA: data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataRsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataRsaId)", NULL); return(NULL); } break; @@ -228,11 +364,7 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) { case EVP_PKEY_DSA: data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataDsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataDsaId)", NULL); return(NULL); } break; @@ -241,11 +373,7 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) { case EVP_PKEY_EC: data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataEcdsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLKeyDataEcdsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataEcdsaId)", NULL); return(NULL); } break; @@ -255,11 +383,7 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) { case NID_id_GostR3410_2001: data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGost2001Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLKeyDataGost2001Id"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGost2001Id)", NULL); return(NULL); } break; @@ -269,11 +393,7 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) { case NID_id_GostR3410_2012_256: data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGostR3410_2012_256Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLKeyDataGostR3410_2012_256Id"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGostR3410_2012_256Id)", NULL); return(NULL); } break; @@ -281,33 +401,22 @@ xmlSecOpenSSLEvpKeyAdopt(EVP_PKEY *pKey) { case NID_id_GostR3410_2012_512: data = xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGostR3410_2012_512Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecOpenSSLKeyDataGostR3410_2012_512Id"); + xmlSecInternalError("xmlSecKeyDataCreate(xmlSecOpenSSLKeyDataGostR3410_2012_512Id)", NULL); return(NULL); } break; #endif /* XMLSEC_NO_GOST2012 */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "evp key type %d not supported", pKey->type); + xmlSecInvalidIntegerTypeError("evp key type", EVP_PKEY_base_id(pKey), + "supported evp key type", NULL); return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLEvpKeyDataAdoptEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDataAdoptEvp", NULL); xmlSecKeyDataDestroy(data); return(NULL); } @@ -481,32 +590,24 @@ xmlSecOpenSSLKeyDataDsaAdoptDsa(xmlSecKeyDataPtr data, DSA* dsa) { if(dsa != NULL) { pKey = EVP_PKEY_new(); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "EVP_PKEY_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_new", + xmlSecKeyDataGetName(data)); return(-1); } ret = EVP_PKEY_assign_DSA(pKey, dsa); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "EVP_PKEY_assign_DSA", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_assign_DSA", + xmlSecKeyDataGetName(data)); + EVP_PKEY_free(pKey); return(-1); } } ret = xmlSecOpenSSLKeyDataDsaAdoptEvp(data, pKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataDsaAdoptEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataDsaAdoptEvp", + xmlSecKeyDataGetName(data)); if(pKey != NULL) { EVP_PKEY_free(pKey); } @@ -530,9 +631,9 @@ xmlSecOpenSSLKeyDataDsaGetDsa(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), NULL); pKey = xmlSecOpenSSLKeyDataDsaGetEvp(data); - xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_DSA), NULL); + xmlSecAssert2((pKey == NULL) || (EVP_PKEY_base_id(pKey) == EVP_PKEY_DSA), NULL); - return((pKey != NULL) ? pKey->pkey.dsa : (DSA*)NULL); + return((pKey != NULL) ? EVP_PKEY_get0_DSA(pKey) : NULL); } /** @@ -548,7 +649,7 @@ int xmlSecOpenSSLKeyDataDsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1); xmlSecAssert2(pKey != NULL, -1); - xmlSecAssert2(pKey->type == EVP_PKEY_DSA, -1); + xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_DSA, -1); return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey)); } @@ -593,9 +694,11 @@ xmlSecOpenSSLKeyDataDsaFinalize(xmlSecKeyDataPtr data) { static int xmlSecOpenSSLKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataPtr data; + xmlSecKeyDataPtr data = NULL; xmlNodePtr cur; - DSA *dsa; + DSA *dsa = NULL; + BIGNUM *p = NULL, *q = NULL, *g = NULL; + BIGNUM *priv_key = NULL, *pub_key = NULL; int ret; xmlSecAssert2(id == xmlSecOpenSSLKeyDataDsaId, -1); @@ -604,130 +707,83 @@ xmlSecOpenSSLKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "Key data value is already set"); return(-1); } dsa = DSA_new(); if(dsa == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "DSA_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecOpenSSLError("DSA_new", + xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(node->children); /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); - DSA_free(dsa); - return(-1); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAP, xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } - if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->p)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeGetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); - DSA_free(dsa); - return(-1); + + if(xmlSecOpenSSLNodeGetBNValue(cur, &p) == NULL) { + xmlSecInternalError2("xmlSecOpenSSLNodeGetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAP)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(cur->next); /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); - DSA_free(dsa); - return(-1); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAQ, xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } - if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->q)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeGetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); - DSA_free(dsa); - return(-1); + if(xmlSecOpenSSLNodeGetBNValue(cur, &q) == NULL) { + xmlSecInternalError2("xmlSecOpenSSLNodeGetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(cur->next); /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); - DSA_free(dsa); - return(-1); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAG, xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } - if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->g)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeGetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); - DSA_free(dsa); - return(-1); + if(xmlSecOpenSSLNodeGetBNValue(cur, &g) == NULL) { + xmlSecInternalError2("xmlSecOpenSSLNodeGetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAG)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(cur->next); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeDSAX, xmlSecNs))) { /* next is X node. It is REQUIRED for private key but * we are not sure exactly what do we read */ - if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->priv_key)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeGetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAX)); - DSA_free(dsa); - return(-1); + if(xmlSecOpenSSLNodeGetBNValue(cur, &priv_key) == NULL) { + xmlSecInternalError2("xmlSecOpenSSLNodeGetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAX)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(cur->next); } /* next is Y node. */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); - DSA_free(dsa); - return(-1); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAY, xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } - if(xmlSecOpenSSLNodeGetBNValue(cur, &(dsa->pub_key)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeGetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); - DSA_free(dsa); - return(-1); + if(xmlSecOpenSSLNodeGetBNValue(cur, &pub_key) == NULL) { + xmlSecInternalError2("xmlSecOpenSSLNodeGetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(cur->next); @@ -747,50 +803,65 @@ xmlSecOpenSSLKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - DSA_free(dsa); - return(-1); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - DSA_free(dsa); - return(-1); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; + } + + ret = DSA_set0_pqg(dsa, p, q, g); + if(ret != 1) { + xmlSecOpenSSLError("DSA_set0_pqg", + xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } + p = NULL; + q = NULL; + g = NULL; + + ret = DSA_set0_key(dsa, pub_key, priv_key); + if(ret != 1) { + xmlSecOpenSSLError("DSA_set0_key", + xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; + } + pub_key = NULL; + priv_key = NULL; ret = xmlSecOpenSSLKeyDataDsaAdoptDsa(data, dsa); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataDsaAdoptDsa", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(data); - DSA_free(dsa); - return(-1); + xmlSecInternalError("xmlSecOpenSSLKeyDataDsaAdoptDsa", + xmlSecKeyDataGetName(data)); + goto err_cleanup; } + dsa = NULL; ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(data); - return(-1); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); + data = NULL; + goto err_cleanup; } return(0); + +err_cleanup: + DSA_free(dsa); + BN_free(p); + BN_free(q); + BN_free(g); + BN_free(priv_key); + BN_free(pub_key); + if(data != NULL) { + xmlSecKeyDataDestroy(data); + } + return(-1); } static int @@ -799,6 +870,8 @@ xmlSecOpenSSLKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr cur; DSA* dsa; int ret; + const BIGNUM *p = NULL, *q = NULL, *g = NULL; + const BIGNUM *priv_key = NULL, *pub_key = NULL; xmlSecAssert2(id == xmlSecOpenSSLKeyDataDsaId, -1); xmlSecAssert2(key != NULL, -1); @@ -814,119 +887,93 @@ xmlSecOpenSSLKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, return(0); } + DSA_get0_pqg(dsa, &p, &q, &g); + /* first is P node */ - xmlSecAssert2(dsa->p != NULL, -1); + xmlSecAssert2(p != NULL, -1); cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAP)); return(-1); } - ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->p, 1); + ret = xmlSecOpenSSLNodeSetBNValue(cur, p, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeSetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError2("xmlSecOpenSSLNodeSetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAP)); return(-1); } /* next is Q node. */ - xmlSecAssert2(dsa->q != NULL, -1); + xmlSecAssert2(q != NULL, -1); cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAQ)); return(-1); } - ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->q, 1); + ret = xmlSecOpenSSLNodeSetBNValue(cur, q, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeSetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError2("xmlSecOpenSSLNodeSetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAQ)); return(-1); } /* next is G node. */ - xmlSecAssert2(dsa->g != NULL, -1); + xmlSecAssert2(g != NULL, -1); cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAG)); return(-1); } - ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->g, 1); + ret = xmlSecOpenSSLNodeSetBNValue(cur, g, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeSetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError2("xmlSecOpenSSLNodeSetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAG)); return(-1); } + DSA_get0_key(dsa, &pub_key, &priv_key); + /* next is X node: write it ONLY for private keys and ONLY if it is requested */ - if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (dsa->priv_key != NULL)) { + if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (priv_key != NULL)) { cur = xmlSecAddChild(node, xmlSecNodeDSAX, xmlSecNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAX)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAX)); return(-1); } - ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->priv_key, 1); + ret = xmlSecOpenSSLNodeSetBNValue(cur, priv_key, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeSetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAX)); + xmlSecInternalError2("xmlSecOpenSSLNodeSetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAX)); return(-1); } } /* next is Y node. */ - xmlSecAssert2(dsa->pub_key != NULL, -1); + xmlSecAssert2(pub_key != NULL, -1); cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); return(-1); } - ret = xmlSecOpenSSLNodeSetBNValue(cur, dsa->pub_key, 1); + ret = xmlSecOpenSSLNodeSetBNValue(cur, pub_key, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeSetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError2("xmlSecOpenSSLNodeSetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); return(-1); } return(0); @@ -941,46 +988,36 @@ xmlSecOpenSSLKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), -1); xmlSecAssert2(sizeBits > 0, -1); + UNREFERENCED_PARAMETER(type); dsa = DSA_new(); if(dsa == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "DSA_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + xmlSecOpenSSLError("DSA_new", + xmlSecKeyDataGetName(data)); return(-1); } ret = DSA_generate_parameters_ex(dsa, sizeBits, NULL, 0, &counter_ret, &h_ret, NULL); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "DSA_generate_parameters_ex", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + xmlSecOpenSSLError2("DSA_generate_parameters_ex", + xmlSecKeyDataGetName(data), + "sizeBits=%lu", (unsigned long)sizeBits); DSA_free(dsa); return(-1); } ret = DSA_generate_key(dsa); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "DSA_generate_key", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("DSA_generate_key", + xmlSecKeyDataGetName(data)); DSA_free(dsa); return(-1); } ret = xmlSecOpenSSLKeyDataDsaAdoptDsa(data, dsa); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataDsaAdoptDsa", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataDsaAdoptDsa", + xmlSecKeyDataGetName(data)); DSA_free(dsa); return(-1); } @@ -991,16 +1028,25 @@ xmlSecOpenSSLKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS static xmlSecKeyDataType xmlSecOpenSSLKeyDataDsaGetType(xmlSecKeyDataPtr data) { DSA* dsa; + const BIGNUM *p = NULL, *q = NULL, *g = NULL; + const BIGNUM *priv_key = NULL, *pub_key = NULL; + const ENGINE *dsa_eng = NULL; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), xmlSecKeyDataTypeUnknown); dsa = xmlSecOpenSSLKeyDataDsaGetDsa(data); - if((dsa != NULL) && (dsa->p != NULL) && (dsa->q != NULL) && - (dsa->g != NULL) && (dsa->pub_key != NULL)) { + if(dsa == NULL) { + return(xmlSecKeyDataTypeUnknown); + } - if(dsa->priv_key != NULL) { + DSA_get0_pqg(dsa, &p, &q, &g); + DSA_get0_key(dsa, &pub_key, &priv_key); + dsa_eng = DSA_get0_engine(dsa); + + if(p != NULL && q != NULL && g != NULL && pub_key != NULL) { + if(priv_key != NULL) { return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); - } else if(dsa->engine != NULL) { + } else if(dsa_eng != NULL) { /* * !!! HACK !!! Also see RSA key * We assume here that engine *always* has private key. @@ -1019,14 +1065,20 @@ xmlSecOpenSSLKeyDataDsaGetType(xmlSecKeyDataPtr data) { static xmlSecSize xmlSecOpenSSLKeyDataDsaGetSize(xmlSecKeyDataPtr data) { DSA* dsa; + const BIGNUM *p; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataDsaId), 0); dsa = xmlSecOpenSSLKeyDataDsaGetDsa(data); - if((dsa != NULL) && (dsa->p != NULL)) { - return(BN_num_bits(dsa->p)); + if(dsa == NULL) { + return(0); } - return(0); + + DSA_get0_pqg(dsa, &p, NULL, NULL); + if(p == NULL) { + return(0); + } + return(BN_num_bits(p)); } static void @@ -1145,32 +1197,24 @@ xmlSecOpenSSLKeyDataEcdsaAdoptEcdsa(xmlSecKeyDataPtr data, EC_KEY* ecdsa) { if(ecdsa != NULL) { pKey = EVP_PKEY_new(); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "EVP_PKEY_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_new", + xmlSecKeyDataGetName(data)); return(-1); } ret = EVP_PKEY_assign_EC_KEY(pKey, ecdsa); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "EVP_PKEY_assign_EC_KEY", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_assign_EC_KEY", + xmlSecKeyDataGetName(data)); + EVP_PKEY_free(pKey); return(-1); } } ret = xmlSecOpenSSLKeyDataEcdsaAdoptEvp(data, pKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataEcdsaAdoptEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataEcdsaAdoptEvp", + xmlSecKeyDataGetName(data)); if(pKey != NULL) { EVP_PKEY_free(pKey); } @@ -1194,9 +1238,9 @@ xmlSecOpenSSLKeyDataEcdsaGetEcdsa(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), NULL); pKey = xmlSecOpenSSLKeyDataEcdsaGetEvp(data); - xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_EC), NULL); + xmlSecAssert2((pKey == NULL) || (EVP_PKEY_base_id(pKey) == EVP_PKEY_EC), NULL); - return((pKey != NULL) ? pKey->pkey.ec : (EC_KEY*)NULL); + return((pKey != NULL) ? EVP_PKEY_get0_EC_KEY(pKey) : NULL); } /** @@ -1212,7 +1256,7 @@ int xmlSecOpenSSLKeyDataEcdsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), -1); xmlSecAssert2(pKey != NULL, -1); - xmlSecAssert2(pKey->type == EVP_PKEY_EC, -1); + xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_EC, -1); return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey)); } @@ -1256,6 +1300,7 @@ xmlSecOpenSSLKeyDataEcdsaFinalize(xmlSecKeyDataPtr data) { static xmlSecKeyDataType xmlSecOpenSSLKeyDataEcdsaGetType(xmlSecKeyDataPtr data ATTRIBUTE_UNUSED) { + UNREFERENCED_PARAMETER(data); /* XXX-MAK: Fix this. */ return(xmlSecKeyDataTypePublic | xmlSecKeyDataTypePrivate); } @@ -1266,40 +1311,30 @@ xmlSecOpenSSLKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) { const EC_KEY *ecdsa; BIGNUM * order; xmlSecSize res; + int ret; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataEcdsaId), 0); ecdsa = xmlSecOpenSSLKeyDataEcdsaGetEcdsa(data); - if((ecdsa == NULL)) { + if(ecdsa == NULL) { return(0); } group = EC_KEY_get0_group(ecdsa); if(group == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EC_KEY_get0_group", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EC_KEY_get0_group", NULL); return(0); } order = BN_new(); if(order == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_new", NULL); return(0); } - if(EC_GROUP_get_order(group, order, NULL) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EC_GROUP_get_order", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + ret = EC_GROUP_get_order(group, order, NULL); + if(ret != 1) { + xmlSecOpenSSLError("EC_GROUP_get_order", NULL); BN_free(order); return(0); } @@ -1466,32 +1501,24 @@ xmlSecOpenSSLKeyDataRsaAdoptRsa(xmlSecKeyDataPtr data, RSA* rsa) { if(rsa != NULL) { pKey = EVP_PKEY_new(); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "EVP_PKEY_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_new", + xmlSecKeyDataGetName(data)); return(-1); } ret = EVP_PKEY_assign_RSA(pKey, rsa); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "EVP_PKEY_assign_RSA", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_assign_RSA", + xmlSecKeyDataGetName(data)); + EVP_PKEY_free(pKey); return(-1); } } ret = xmlSecOpenSSLKeyDataRsaAdoptEvp(data, pKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataRsaAdoptEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataRsaAdoptEvp", + xmlSecKeyDataGetName(data)); if(pKey != NULL) { EVP_PKEY_free(pKey); } @@ -1515,9 +1542,9 @@ xmlSecOpenSSLKeyDataRsaGetRsa(xmlSecKeyDataPtr data) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), NULL); pKey = xmlSecOpenSSLKeyDataRsaGetEvp(data); - xmlSecAssert2((pKey == NULL) || (pKey->type == EVP_PKEY_RSA), NULL); + xmlSecAssert2((pKey == NULL) || (EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA), NULL); - return((pKey != NULL) ? pKey->pkey.rsa : (RSA*)NULL); + return((pKey != NULL) ? EVP_PKEY_get0_RSA(pKey) : NULL); } /** @@ -1533,7 +1560,7 @@ int xmlSecOpenSSLKeyDataRsaAdoptEvp(xmlSecKeyDataPtr data, EVP_PKEY* pKey) { xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1); xmlSecAssert2(pKey != NULL, -1); - xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1); + xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA, -1); return(xmlSecOpenSSLEvpKeyDataAdoptEvp(data, pKey)); } @@ -1578,9 +1605,10 @@ xmlSecOpenSSLKeyDataRsaFinalize(xmlSecKeyDataPtr data) { static int xmlSecOpenSSLKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlSecKeyDataPtr data; + xmlSecKeyDataPtr data = NULL; xmlNodePtr cur; - RSA *rsa; + RSA *rsa = NULL; + BIGNUM *n = NULL, *e = NULL, *d = NULL; int ret; xmlSecAssert2(id == xmlSecOpenSSLKeyDataRsaId, -1); @@ -1589,21 +1617,16 @@ xmlSecOpenSSLKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "Key data value is already set"); return(-1); } rsa = RSA_new(); if(rsa == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "RSA_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("RSA_new", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1611,111 +1634,90 @@ xmlSecOpenSSLKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); - RSA_free(rsa); - return(-1); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAModulus, xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } - if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->n)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeGetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); - RSA_free(rsa); - return(-1); + if(xmlSecOpenSSLNodeGetBNValue(cur, &n) == NULL) { + xmlSecInternalError2("xmlSecOpenSSLNodeGetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(cur->next); /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); - RSA_free(rsa); - return(-1); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAExponent, xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } - if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->e)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeGetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); - RSA_free(rsa); - return(-1); + if(xmlSecOpenSSLNodeGetBNValue(cur, &e) == NULL) { + xmlSecInternalError2("xmlSecOpenSSLNodeGetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(cur->next); if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeRSAPrivateExponent, xmlSecNs))) { /* next is X node. It is REQUIRED for private key but * we are not sure exactly what do we read */ - if(xmlSecOpenSSLNodeGetBNValue(cur, &(rsa->d)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeGetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); - RSA_free(rsa); - return(-1); + if(xmlSecOpenSSLNodeGetBNValue(cur, &d) == NULL) { + xmlSecInternalError2("xmlSecOpenSSLNodeGetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); + goto err_cleanup; } cur = xmlSecGetNextElementNode(cur->next); } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); - RSA_free(rsa); - return(-1); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } + ret = RSA_set0_key(rsa, n, e, d); + if(ret == 0) { + xmlSecOpenSSLError("RSA_set0_key", + xmlSecKeyDataGetName(data)); + goto err_cleanup; + } + n = NULL; + e = NULL; + d = NULL; + data = xmlSecKeyDataCreate(id); if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - RSA_free(rsa); - return(-1); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } ret = xmlSecOpenSSLKeyDataRsaAdoptRsa(data, rsa); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataRsaAdoptRsa", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(data); - RSA_free(rsa); - return(-1); + xmlSecInternalError("xmlSecOpenSSLKeyDataRsaAdoptRsa", + xmlSecKeyDataKlassGetName(id)); + goto err_cleanup; } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecKeyDataDestroy(data); - return(-1); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataKlassGetName(id)); + data = NULL; + goto err_cleanup; } return(0); + +err_cleanup: + RSA_free(rsa); + BN_free(n); + BN_free(e); + BN_free(d); + if(data != NULL) { + xmlSecKeyDataDestroy(data); + } + return(-1); } static int @@ -1723,6 +1725,7 @@ xmlSecOpenSSLKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlNodePtr cur; RSA* rsa; + const BIGNUM *n = NULL, *e = NULL, *d = NULL; int ret; xmlSecAssert2(id == xmlSecOpenSSLKeyDataRsaId, -1); @@ -1738,71 +1741,55 @@ xmlSecOpenSSLKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* we can have only private key or public key */ return(0); } + RSA_get0_key(rsa, &n, &e, &d); /* first is Modulus node */ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); return(-1); } - ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->n, 1); + + ret = xmlSecOpenSSLNodeSetBNValue(cur, n, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeSetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError2("xmlSecOpenSSLNodeSetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); return(-1); } /* next is Exponent node. */ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); return(-1); } - ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->e, 1); + ret = xmlSecOpenSSLNodeSetBNValue(cur, e, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeSetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError2("xmlSecOpenSSLNodeSetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); return(-1); } /* next is PrivateExponent node: write it ONLY for private keys and ONLY if it is requested */ - if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (rsa->d != NULL)) { + if(((keyInfoCtx->keyReq.keyType & xmlSecKeyDataTypePrivate) != 0) && (d != NULL)) { cur = xmlSecAddChild(node, xmlSecNodeRSAPrivateExponent, xmlSecNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); + xmlSecInternalError2("xmlSecAddChild", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); return(-1); } - ret = xmlSecOpenSSLNodeSetBNValue(cur, rsa->d, 1); + ret = xmlSecOpenSSLNodeSetBNValue(cur, d, 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLNodeSetBNValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); + xmlSecInternalError2("xmlSecOpenSSLNodeSetBNValue", + xmlSecKeyDataKlassGetName(id), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeRSAPrivateExponent)); return(-1); } } @@ -1818,47 +1805,37 @@ xmlSecOpenSSLKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), -1); xmlSecAssert2(sizeBits > 0, -1); + UNREFERENCED_PARAMETER(type); /* create exponent */ e = BN_new(); if(e == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "BN_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "sizeBits=%d", sizeBits); + xmlSecOpenSSLError("BN_new", + xmlSecKeyDataGetName(data)); return(-1); } ret = BN_set_word(e, RSA_F4); if(ret != 1){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "BN_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "sizeBits=%d", sizeBits); + xmlSecOpenSSLError("BN_set_word", + xmlSecKeyDataGetName(data)); BN_free(e); return(-1); } rsa = RSA_new(); if(rsa == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "RSA_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "sizeBits=%d", sizeBits); + xmlSecOpenSSLError("RSA_new", + xmlSecKeyDataGetName(data)); BN_free(e); return(-1); } ret = RSA_generate_key_ex(rsa, sizeBits, e, NULL); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "RSA_generate_key", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "sizeBits=%d", sizeBits); + xmlSecOpenSSLError2("RSA_generate_key_ex", + xmlSecKeyDataGetName(data), + "sizeBits=%lu", (unsigned long)sizeBits); RSA_free(rsa); BN_free(e); return(-1); @@ -1866,11 +1843,8 @@ xmlSecOpenSSLKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS ret = xmlSecOpenSSLKeyDataRsaAdoptRsa(data, rsa); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataRsaAdoptRsa", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataRsaAdoptRsa", + xmlSecKeyDataGetName(data)); RSA_free(rsa); BN_free(e); return(-1); @@ -1886,14 +1860,20 @@ xmlSecOpenSSLKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS static xmlSecKeyDataType xmlSecOpenSSLKeyDataRsaGetType(xmlSecKeyDataPtr data) { RSA* rsa; + const BIGNUM *n = NULL, *e = NULL, *d = NULL; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), xmlSecKeyDataTypeUnknown); rsa = xmlSecOpenSSLKeyDataRsaGetRsa(data); - if((rsa != NULL) && (rsa->n != NULL) && (rsa->e != NULL)) { - if(rsa->d != NULL) { + if(rsa == NULL) { + return(xmlSecKeyDataTypeUnknown); + } + + RSA_get0_key(rsa, &n, &e, &d); + if(n != NULL && e != NULL) { + if(d != NULL) { return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); - } else if((rsa->flags & RSA_FLAG_EXT_PKEY) != 0) { + } else if(RSA_test_flags(rsa, (RSA_FLAG_EXT_PKEY)) != 0) { /* * !!! HACK !!! Also see DSA key * We assume here that engine *always* has private key. @@ -1912,12 +1892,17 @@ xmlSecOpenSSLKeyDataRsaGetType(xmlSecKeyDataPtr data) { static xmlSecSize xmlSecOpenSSLKeyDataRsaGetSize(xmlSecKeyDataPtr data) { RSA* rsa; + const BIGNUM *n; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecOpenSSLKeyDataRsaId), 0); rsa = xmlSecOpenSSLKeyDataRsaGetRsa(data); - if((rsa != NULL) && (rsa->n != NULL)) { - return(BN_num_bits(rsa->n)); + if(rsa == NULL) { + return(0); + } + RSA_get0_key(rsa, &n, NULL, NULL); + if(n != NULL) { + return(BN_num_bits(n)); } return(0); } diff --git a/src/openssl/evp_signatures.c b/src/openssl/evp_signatures.c index 4dc493ca..5ed61c97 100644 --- a/src/openssl/evp_signatures.c +++ b/src/openssl/evp_signatures.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:evp_signatures + * @Short_description: Private/public (EVP) signatures implementation for OpenSSL. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -21,17 +29,7 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> - -/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html): - * - * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. - */ -#if !defined(XMLSEC_OPENSSL_110) -#define EVP_MD_CTX_new() EVP_MD_CTX_create() -#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) -#define EVP_MD_CTX_md_data(x) ((x)->md_data) -#endif /* !defined(XMLSEC_OPENSSL_110) */ - +#include "openssl_compat.h" /************************************************************************** * @@ -141,8 +139,6 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { { return(0); } - - return(0); } static int @@ -215,11 +211,7 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { ctx->keyId = xmlSecOpenSSLKeyDataGost2001Id; ctx->digest = EVP_get_digestbyname("md_gost94"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else @@ -230,11 +222,7 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { ctx->keyId = xmlSecOpenSSLKeyDataGostR3410_2012_256Id; ctx->digest = EVP_get_digestbyname("md_gost12_256"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else @@ -243,33 +231,22 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { ctx->keyId = xmlSecOpenSSLKeyDataGostR3410_2012_512Id; ctx->digest = EVP_get_digestbyname("md_gost12_512"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else #endif /* XMLSEC_NO_GOST2012 */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* create digest CTX */ ctx->digestCtx = EVP_MD_CTX_new(); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_MD_CTX_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_MD_CTX_new", + xmlSecTransformGetName(transform)); return(-1); } @@ -320,11 +297,8 @@ xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) pKey = xmlSecOpenSSLEvpKeyDataGetEvp(value); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpKeyDataGetEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDataGetEvp", + xmlSecTransformGetName(transform)); return(-1); } @@ -334,11 +308,8 @@ xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey); if(ctx->pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpKeyDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDup", + xmlSecTransformGetName(transform)); return(-1); } @@ -390,18 +361,13 @@ xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform, ret = EVP_VerifyFinal(ctx->digestCtx, (xmlSecByte*)data, dataSize, ctx->pKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_VerifyFinal", + xmlSecTransformGetName(transform)); return(-1); } else if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyFinal", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "EVP_VerifyFinal: signature does not verify"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -443,21 +409,15 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT if(transform->operation == xmlSecTransformOperationSign) { ret = EVP_SignInit(ctx->digestCtx, ctx->digest); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_SignInit", + xmlSecTransformGetName(transform)); return(-1); } } else { ret = EVP_VerifyInit(ctx->digestCtx, ctx->digest); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_VerifyInit", + xmlSecTransformGetName(transform)); return(-1); } } @@ -470,32 +430,23 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT if(transform->operation == xmlSecTransformOperationSign) { ret = EVP_SignUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_SignUpdate", + xmlSecTransformGetName(transform)); return(-1); } } else { ret = EVP_VerifyUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_VerifyUpdate", + xmlSecTransformGetName(transform)); return(-1); } } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); return(-1); } } @@ -509,31 +460,24 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT signSize = EVP_PKEY_size(ctx->pKey); ret = xmlSecBufferSetMaxSize(out, signSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%u", signSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%u", signSize); return(-1); } ret = EVP_SignFinal(ctx->digestCtx, xmlSecBufferGetData(out), &signSize, ctx->pKey); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_SignFinal", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferSetSize(out, signSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%u", signSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%u", signSize); return(-1); } } @@ -544,11 +488,7 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/openssl/globals.h b/src/openssl/globals.h index 065c3e8f..291a84e0 100644 --- a/src/openssl/globals.h +++ b/src/openssl/globals.h @@ -21,4 +21,79 @@ #define IN_XMLSEC_CRYPTO #define XMLSEC_PRIVATE +/* Include common error helper macros. */ +#include "../errors_helpers.h" + +/************************************************************** + * + * Error constants for OpenSSL + * + *************************************************************/ +/** + * XMLSEC_OPENSSL_ERRORS_LIB: + * + * Macro. The XMLSec library klass for OpenSSL errors reporting functions. + */ +#define XMLSEC_OPENSSL_ERRORS_LIB (ERR_LIB_USER + 57) + +/** + * XMLSEC_OPENSSL_ERRORS_FUNCTION: + * + * Macro. The XMLSec library functions OpenSSL errors reporting functions. + */ +#define XMLSEC_OPENSSL_ERRORS_FUNCTION 0 + +/** + * xmlSecOpenSSLError: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting OpenSSL crypro errors. + */ +#define xmlSecOpenSSLError(errorFunction, errorObject) \ + { \ + unsigned long error_code = ERR_peek_error(); \ + const char* lib = ERR_lib_error_string(error_code); \ + const char* func = ERR_func_error_string(error_code); \ + const char* reason = ERR_reason_error_string(error_code); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "openssl error: %lu: %s: %s %s", \ + error_code, \ + xmlSecErrorsSafeString(lib), \ + xmlSecErrorsSafeString(func), \ + xmlSecErrorsSafeString(reason) \ + ); \ + } + +/** + * xmlSecOpenSSLError2: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting OpenSSL crypro errors. + */ +#define xmlSecOpenSSLError2(errorFunction, errorObject, msg, param) \ + { \ + unsigned long error_code = ERR_peek_error(); \ + const char* lib = ERR_lib_error_string(error_code); \ + const char* func = ERR_func_error_string(error_code); \ + const char* reason = ERR_reason_error_string(error_code); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + msg "; openssl error: %lu: %s: %s %s", \ + (param), \ + error_code, \ + xmlSecErrorsSafeString(lib), \ + xmlSecErrorsSafeString(func), \ + xmlSecErrorsSafeString(reason) \ + ); \ + } + #endif /* ! __XMLSEC_GLOBALS_H__ */ diff --git a/src/openssl/hmac.c b/src/openssl/hmac.c index edfc3af4..d9c60cba 100644 --- a/src/openssl/hmac.c +++ b/src/openssl/hmac.c @@ -1,20 +1,29 @@ -/** +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * - * XMLSec library + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for OpenSSL. + * @Stability: Private * - * HMAC Algorithm support (http://www.w3.org/TR/xmldsig-core/#sec-HMAC): + * [HMAC Algorithm support](http://www.w3.org/TR/xmldsig-core/#sec-HMAC): * The HMAC algorithm (RFC2104 [HMAC]) takes the truncation length in bits * as a parameter; if the parameter is not specified then all the bits of the * hash are output. An example of an HMAC SignatureMethod element: + * + * |[<!-- language="XML" --> * <SignatureMethod Algorithm="http://www.w3.org/2000/09/xmldsig#hmac-sha1"> * <HMACOutputLength>128</HMACOutputLength> * </SignatureMethod> - * - * This is free software; see Copyright file in the source - * distribution for preciese wording. - * - * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + * |] */ + #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -32,16 +41,7 @@ #include <xmlsec/errors.h> #include <xmlsec/openssl/crypto.h> - -/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/hmac.html): - * - * HMAC_CTX_new() and HMAC_CTX_free() are new in OpenSSL version 1.1. - */ -#if !defined(XMLSEC_OPENSSL_110) -#define HMAC_CTX_new() ((HMAC_CTX*)calloc(1, sizeof(HMAC_CTX))) -#define HMAC_CTX_free(x) { HMAC_CTX_cleanup((x)); free((x)); } -#endif /* !defined(XMLSEC_OPENSSL_110) */ - +#include "openssl_compat.h" /* sizes in bits */ #define XMLSEC_OPENSSL_MIN_HMAC_SIZE 80 @@ -171,9 +171,6 @@ xmlSecOpenSSLHmacCheckId(xmlSecTransformPtr transform) { { return(0); } - - /* just in case */ - return(0); } @@ -234,22 +231,15 @@ xmlSecOpenSSLHmacInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_MD5 */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* create hmac CTX */ ctx->hmacCtx = HMAC_CTX_new(); if(ctx->hmacCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "HMAC_CTX_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("HMAC_CTX_new", + xmlSecTransformGetName(transform)); return(-1); } @@ -302,11 +292,8 @@ xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecT small value */ if((int)ctx->dgstSize < xmlSecOpenSSLHmacGetMinOutputLength()) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "HMAC output length is too small"); + xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), + "HMAC output length is too small"); return(-1); } @@ -314,11 +301,7 @@ xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecT } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -327,7 +310,8 @@ xmlSecOpenSSLHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecT static int xmlSecOpenSSLHmacSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { xmlSecAssert2(xmlSecOpenSSLHmacCheckId(transform), -1); - xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) || (transform->operation == xmlSecTransformOperationVerify), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationSign) + || (transform->operation == xmlSecTransformOperationVerify), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecOpenSSLHmacSize), -1); xmlSecAssert2(keyReq != NULL, -1); @@ -367,38 +351,20 @@ xmlSecOpenSSLHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "keySize=0"); + xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(xmlSecBufferGetData(buffer) != NULL, -1); -#if (defined(XMLSEC_OPENSSL_098)) - /* no return value in 0.9.8 */ - HMAC_Init_ex(ctx->hmacCtx, - xmlSecBufferGetData(buffer), - xmlSecBufferGetSize(buffer), - ctx->hmacDgst, - NULL); - ret = 1; -#else /* (defined(XMLSEC_OPENSSL_098)) */ ret = HMAC_Init_ex(ctx->hmacCtx, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), ctx->hmacDgst, NULL); -#endif /* (defined(XMLSEC_OPENSSL_098)) */ - if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "HMAC_Init_ex", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - NULL); + xmlSecOpenSSLError("HMAC_Init_ex", + xmlSecTransformGetName(transform)); return(-1); } @@ -429,44 +395,29 @@ xmlSecOpenSSLHmacVerify(xmlSecTransformPtr transform, /* compare the digest size in bytes */ if(dataSize != ((ctx->dgstSize + 7) / 8)){ - /* NO COMMIT */ - xmlChar* a; - mask = last_byte_masks[ctx->dgstSize % 8]; - ctx->dgst[dataSize - 1] &= mask; - a = xmlSecBase64Encode(ctx->dgst, (ctx->dgstSize + 7) / 8, -1); - fprintf(stderr, "%s\n", a); - xmlFree(a); - - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data=%d;dgst=%d", - dataSize, ((ctx->dgstSize + 7) / 8)); + xmlSecInvalidSizeError("HMAC digest", + dataSize, ((ctx->dgstSize + 7) / 8), + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } - /* we check the last byte separatelly */ + /* we check the last byte separately */ xmlSecAssert2(dataSize > 0, -1); mask = last_byte_masks[ctx->dgstSize % 8]; if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match (last byte)"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match (last byte)"); transform->status = xmlSecTransformStatusFail; return(0); } /* now check the rest of the digest */ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -504,23 +455,31 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform inSize = xmlSecBufferGetSize(in); if(inSize > 0) { - HMAC_Update(ctx->hmacCtx, xmlSecBufferGetData(in), inSize); + ret = HMAC_Update(ctx->hmacCtx, xmlSecBufferGetData(in), inSize); + if(ret != 1) { + xmlSecOpenSSLError("HMAC_Update", + xmlSecTransformGetName(transform)); + return(-1); + } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } if(last) { - unsigned int dgstSize; + unsigned int dgstSize = 0; - HMAC_Final(ctx->hmacCtx, ctx->dgst, &dgstSize); + ret = HMAC_Final(ctx->hmacCtx, ctx->dgst, &dgstSize); + if(ret != 1) { + xmlSecOpenSSLError("HMAC_Final", + xmlSecTransformGetName(transform)); + return(-1); + } xmlSecAssert2(dgstSize > 0, -1); /* check/set the result digest size */ @@ -529,12 +488,9 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform } else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) { dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "result-bits=%d;required-bits=%d", - 8 * dgstSize, ctx->dgstSize); + xmlSecInvalidSizeLessThanError("HMAC digest (bits)", + 8 * dgstSize, ctx->dgstSize, + xmlSecTransformGetName(transform)); return(-1); } @@ -542,11 +498,9 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", dgstSize); return(-1); } } @@ -556,11 +510,7 @@ xmlSecOpenSSLHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransform /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(in) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/openssl/kt_rsa.c b/src/openssl/kt_rsa.c index 8d47e427..8fcb93b6 100644 --- a/src/openssl/kt_rsa.c +++ b/src/openssl/kt_rsa.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * RSA Algorithms support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kt_rsa + * @Short_description: RSA Key Transport transforms implementation for OpenSSL. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_RSA @@ -34,6 +39,41 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> #include <xmlsec/openssl/bn.h> +#include "openssl_compat.h" + +#ifdef OPENSSL_IS_BORINGSSL + +/* defined in boringssl/crypto/fipsmodule/rsa/internal.h */ +int RSA_padding_check_PKCS1_OAEP_mgf1(uint8_t *out, size_t *out_len, size_t max_out, + const uint8_t *from, size_t from_len, + const uint8_t *param, size_t param_len, + const EVP_MD *md, const EVP_MD *mgf1md); + +static int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int to_len, + unsigned char *from, int from_len, + int rsa_len, + unsigned char *param, int param_len) { + size_t out_len = 0; + int ret; + + ret = RSA_padding_check_PKCS1_OAEP_mgf1(to, &out_len, to_len, from, from_len, param, param_len, NULL, NULL); + if(!ret) { + return(-1); + } + return((int)out_len); +} + + +int RSA_padding_add_PKCS1_OAEP(uint8_t *to, size_t to_len, + const uint8_t *from, + size_t from_len, + const uint8_t *param, + size_t param_len) { + return RSA_padding_add_PKCS1_OAEP_mgf1(to, to_len, from, from_len, param, param_len, NULL, NULL); +} +#endif /* OPENSSL_IS_BORINGSSL */ + + /************************************************************************** * @@ -166,6 +206,7 @@ static int xmlSecOpenSSLRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecOpenSSLRsaPkcs1CtxPtr ctx; EVP_PKEY* pKey; + RSA *rsa; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); @@ -179,23 +220,18 @@ xmlSecOpenSSLRsaPkcs1SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key)); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLKeyDataRsaGetEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataRsaGetEvp", + xmlSecTransformGetName(transform)); return(-1); } - xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1); - xmlSecAssert2(pKey->pkey.rsa != NULL, -1); + xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA, -1); + rsa = EVP_PKEY_get0_RSA(pKey); + xmlSecAssert2(rsa != NULL, -1); ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey); if(ctx->pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpKeyDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDup", + xmlSecTransformGetName(transform)); return(-1); } @@ -225,11 +261,8 @@ xmlSecOpenSSLRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTrans } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { ret = xmlSecOpenSSLRsaPkcs1Process(transform, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLRsaPkcs1Process", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLRsaPkcs1Process", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -237,11 +270,7 @@ xmlSecOpenSSLRsaPkcs1Execute(xmlSecTransformPtr transform, int last, xmlSecTrans /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -253,6 +282,7 @@ xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr xmlSecBufferPtr in, out; xmlSecSize inSize, outSize; xmlSecSize keySize; + RSA *rsa; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaPkcs1Id), -1); @@ -263,10 +293,11 @@ xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr ctx = xmlSecOpenSSLRsaPkcs1GetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->pKey != NULL, -1); - xmlSecAssert2(ctx->pKey->type == EVP_PKEY_RSA, -1); - xmlSecAssert2(ctx->pKey->pkey.rsa != NULL, -1); + xmlSecAssert2(EVP_PKEY_base_id(ctx->pKey) == EVP_PKEY_RSA, -1); + rsa = EVP_PKEY_get0_RSA(ctx->pKey); + xmlSecAssert2(rsa != NULL, -1); - keySize = RSA_size(ctx->pKey->pkey.rsa); + keySize = RSA_size(rsa); xmlSecAssert2(keySize > 0, -1); in = &(transform->inBuf); @@ -279,55 +310,43 @@ xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr /* the encoded size is equal to the keys size so we could not * process more than that */ if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d when expected less than %d", inSize, keySize); + xmlSecInvalidSizeLessThanError("Input data", inSize, keySize, + xmlSecTransformGetName(transform)); return(-1); } else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d when expected %d", inSize, keySize); + xmlSecInvalidSizeError("Input data", inSize, keySize, + xmlSecTransformGetName(transform)); return(-1); } outSize = keySize; ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } if(transform->operation == xmlSecTransformOperationEncrypt) { ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in), - xmlSecBufferGetData(out), - ctx->pKey->pkey.rsa, RSA_PKCS1_PADDING); + xmlSecBufferGetData(out), + rsa, RSA_PKCS1_PADDING); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "RSA_public_encrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", inSize); + xmlSecOpenSSLError2("RSA_public_encrypt", + xmlSecTransformGetName(transform), + "size=%lu", (unsigned long)inSize); return(-1); } outSize = ret; } else { ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in), - xmlSecBufferGetData(out), - ctx->pKey->pkey.rsa, RSA_PKCS1_PADDING); + xmlSecBufferGetData(out), + rsa, RSA_PKCS1_PADDING); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "RSA_private_decrypt", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", inSize); + xmlSecOpenSSLError2("RSA_private_decrypt", + xmlSecTransformGetName(transform), + "size=%lu", (unsigned long)inSize); return(-1); } outSize = ret; @@ -335,21 +354,17 @@ xmlSecOpenSSLRsaPkcs1Process(xmlSecTransformPtr transform, xmlSecTransformCtxPtr ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -449,11 +464,8 @@ xmlSecOpenSSLRsaOaepInitialize(xmlSecTransformPtr transform) { ret = xmlSecBufferInitialize(&(ctx->oaepParams), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -496,11 +508,8 @@ xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS if(xmlSecCheckNodeName(cur, xmlSecNodeRsaOAEPparams, xmlSecEncNs)) { ret = xmlSecBufferBase64NodeContentRead(&(ctx->oaepParams), cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", + xmlSecTransformGetName(transform)); return(-1); } } else if(xmlSecCheckNodeName(cur, xmlSecNodeDigestMethod, xmlSecDSigNs)) { @@ -509,33 +518,24 @@ xmlSecOpenSSLRsaOaepNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS /* Algorithm attribute is required */ algorithm = xmlGetProp(cur, xmlSecAttrAlgorithm); if(algorithm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeAttributeError(cur, xmlSecAttrAlgorithm, + xmlSecTransformGetName(transform), + "empty"); return(-1); } /* for now we support only sha1 */ if(xmlStrcmp(algorithm, xmlSecHrefSha1) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(algorithm), - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - "digest algorithm is not supported for rsa/oaep"); + xmlSecInvalidTransfromError2(transform, + "digest algorithm=\"%s\" is not supported for rsa/oaep", + xmlSecErrorsSafeString(algorithm)); xmlFree(algorithm); return(-1); } xmlFree(algorithm); } else { /* not found */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } @@ -574,6 +574,7 @@ static int xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecOpenSSLRsaOaepCtxPtr ctx; EVP_PKEY* pKey; + RSA *rsa; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); @@ -587,23 +588,18 @@ xmlSecOpenSSLRsaOaepSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { pKey = xmlSecOpenSSLKeyDataRsaGetEvp(xmlSecKeyGetValue(key)); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLKeyDataRsaGetEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataRsaGetEvp", + xmlSecTransformGetName(transform)); return(-1); } - xmlSecAssert2(pKey->type == EVP_PKEY_RSA, -1); - xmlSecAssert2(pKey->pkey.rsa != NULL, -1); + xmlSecAssert2(EVP_PKEY_base_id(pKey) == EVP_PKEY_RSA, -1); + rsa = EVP_PKEY_get0_RSA(pKey); + xmlSecAssert2(rsa != NULL, -1); ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey); if(ctx->pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpKeyDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDup", + xmlSecTransformGetName(transform)); return(-1); } @@ -633,11 +629,8 @@ xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransf } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { ret = xmlSecOpenSSLRsaOaepProcess(transform, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLRsaOaepProcess", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLRsaOaepProcess", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -645,11 +638,7 @@ xmlSecOpenSSLRsaOaepExecute(xmlSecTransformPtr transform, int last, xmlSecTransf /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -662,6 +651,7 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr xmlSecBufferPtr in, out; xmlSecSize inSize, outSize; xmlSecSize keySize; + RSA *rsa; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformRsaOaepId), -1); @@ -672,10 +662,11 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr ctx = xmlSecOpenSSLRsaOaepGetCtx(transform); xmlSecAssert2(ctx != NULL, -1); xmlSecAssert2(ctx->pKey != NULL, -1); - xmlSecAssert2(ctx->pKey->type == EVP_PKEY_RSA, -1); - xmlSecAssert2(ctx->pKey->pkey.rsa != NULL, -1); + xmlSecAssert2(EVP_PKEY_base_id(ctx->pKey) == EVP_PKEY_RSA, -1); + rsa = EVP_PKEY_get0_RSA(ctx->pKey); + xmlSecAssert2(rsa != NULL, -1); - keySize = RSA_size(ctx->pKey->pkey.rsa); + keySize = RSA_size(rsa); xmlSecAssert2(keySize > 0, -1); in = &(transform->inBuf); @@ -688,29 +679,21 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr /* the encoded size is equal to the keys size so we could not * process more than that */ if((transform->operation == xmlSecTransformOperationEncrypt) && (inSize >= keySize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d when expected less than %d", inSize, keySize); + xmlSecInvalidSizeLessThanError("Input data", inSize, keySize, + xmlSecTransformGetName(transform)); return(-1); } else if((transform->operation == xmlSecTransformOperationDecrypt) && (inSize != keySize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d when expected %d", inSize, keySize); + xmlSecInvalidSizeError("Input data", inSize, keySize, + xmlSecTransformGetName(transform)); return(-1); } outSize = keySize; ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } @@ -719,125 +702,105 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr /* encode w/o OAEPParams --> simple */ ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in), xmlSecBufferGetData(out), - ctx->pKey->pkey.rsa, RSA_PKCS1_OAEP_PADDING); + rsa, RSA_PKCS1_OAEP_PADDING); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "RSA_public_encrypt(RSA_PKCS1_OAEP_PADDING)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("RSA_public_encrypt(RSA_PKCS1_OAEP_PADDING)", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; } else if((transform->operation == xmlSecTransformOperationEncrypt) && (paramsSize > 0)) { + xmlSecBuffer tmp; + xmlSecAssert2(xmlSecBufferGetData(&(ctx->oaepParams)) != NULL, -1); - /* add space for padding */ - ret = xmlSecBufferSetMaxSize(in, keySize); + /* allocate space for temp buffer */ + ret = xmlSecBufferInitialize(&tmp, keySize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", keySize); + xmlSecInternalError2("xmlSecBufferInitialize", + xmlSecTransformGetName(transform), + "size=%d", keySize); return(-1); } /* add padding */ - ret = RSA_padding_add_PKCS1_OAEP(xmlSecBufferGetData(in), keySize, + ret = RSA_padding_add_PKCS1_OAEP(xmlSecBufferGetData(&tmp), keySize, xmlSecBufferGetData(in), inSize, - xmlSecBufferGetData(&(ctx->oaepParams)), - paramsSize); + xmlSecBufferGetData(&(ctx->oaepParams)), paramsSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "RSA_padding_add_PKCS1_OAEP", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("RSA_padding_add_PKCS1_OAEP", + xmlSecTransformGetName(transform)); + xmlSecBufferFinalize(&tmp); return(-1); } - inSize = keySize; /* encode with OAEPParams */ - ret = RSA_public_encrypt(inSize, xmlSecBufferGetData(in), + ret = RSA_public_encrypt(keySize, xmlSecBufferGetData(&tmp), xmlSecBufferGetData(out), - ctx->pKey->pkey.rsa, RSA_NO_PADDING); + rsa, RSA_NO_PADDING); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "RSA_public_encrypt(RSA_NO_PADDING)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("RSA_public_encrypt(RSA_NO_PADDING)", + xmlSecTransformGetName(transform)); + xmlSecBufferFinalize(&tmp); return(-1); } outSize = ret; + xmlSecBufferFinalize(&tmp); } else if((transform->operation == xmlSecTransformOperationDecrypt) && (paramsSize == 0)) { ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in), xmlSecBufferGetData(out), - ctx->pKey->pkey.rsa, RSA_PKCS1_OAEP_PADDING); + rsa, RSA_PKCS1_OAEP_PADDING); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "RSA_private_decrypt(RSA_PKCS1_OAEP_PADDING)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("RSA_private_decrypt(RSA_PKCS1_OAEP_PADDING)", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; } else if((transform->operation == xmlSecTransformOperationDecrypt) && (paramsSize != 0)) { BIGNUM * bn; - bn = BN_new(); - if(bn == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "BN_new()", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } ret = RSA_private_decrypt(inSize, xmlSecBufferGetData(in), xmlSecBufferGetData(out), - ctx->pKey->pkey.rsa, RSA_NO_PADDING); + rsa, RSA_NO_PADDING); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "RSA_private_decrypt(RSA_NO_PADDING)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - BN_free(bn); + xmlSecOpenSSLError("RSA_private_decrypt(RSA_NO_PADDING)", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; +#ifndef OPENSSL_IS_BORINGSSL /* - * the private decrypt w/o padding adds '0's at the begginning. + * the private decrypt w/o padding adds '0's at the beginning. * it's not clear for me can I simply skip all '0's from the * beggining so I have to do decode it back to BIGNUM and dump * buffer again */ + bn = BN_new(); + if(bn == NULL) { + xmlSecOpenSSLError("BN_new()", + xmlSecTransformGetName(transform)); + return(-1); + } + if(BN_bin2bn(xmlSecBufferGetData(out), outSize, bn) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "BN_bin2bn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", outSize); + xmlSecOpenSSLError2("BN_bin2bn", + xmlSecTransformGetName(transform), + "size=%lu", (unsigned long)outSize); BN_free(bn); return(-1); } ret = BN_bn2bin(bn, xmlSecBufferGetData(out)); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "BN_bn2bin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_bn2bin", + xmlSecTransformGetName(transform)); BN_free(bn); return(-1); } BN_free(bn); outSize = ret; +#endif /* OPENSSL_IS_BORINGSSL */ ret = RSA_padding_check_PKCS1_OAEP(xmlSecBufferGetData(out), outSize, xmlSecBufferGetData(out), outSize, @@ -845,41 +808,32 @@ xmlSecOpenSSLRsaOaepProcess(xmlSecTransformPtr transform, xmlSecTransformCtxPtr xmlSecBufferGetData(&(ctx->oaepParams)), paramsSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "RSA_padding_check_PKCS1_OAEP", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("RSA_padding_check_PKCS1_OAEP", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "Unexpected trasnform operation: %d; paramsSize: %d", - (int)transform->operation, (int)paramsSize); + xmlSecOtherError3(XMLSEC_ERRORS_R_INVALID_OPERATION, + xmlSecTransformGetName(transform), + "Unexpected transform operation: %ld; paramsSize: %ld", + (long int)transform->operation, (long int)paramsSize); return(-1); } ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } diff --git a/src/openssl/kw_aes.c b/src/openssl/kw_aes.c index 8e71148e..fe0640d0 100644 --- a/src/openssl/kw_aes.c +++ b/src/openssl/kw_aes.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * AES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_aes + * @Short_description: AES Key Transport transforms implementation for OpenSSL. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_AES #include "globals.h" @@ -104,21 +109,14 @@ xmlSecOpenSSLKWAesInitialize(xmlSecTransformPtr transform) { } else if(xmlSecTransformCheckId(transform, xmlSecOpenSSLTransformKWAes256Id)) { ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLKWAesGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKWAesGetKey", + xmlSecTransformGetName(transform)); return(-1); } @@ -183,12 +181,8 @@ xmlSecOpenSSLKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < ctx->keyExpectedSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key=%d;expected=%d", - keySize, ctx->keyExpectedSize); + xmlSecInvalidKeyDataSizeError(keySize, ctx->keyExpectedSize, + xmlSecTransformGetName(transform)); return(-1); } @@ -196,12 +190,9 @@ xmlSecOpenSSLKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecBufferGetData(buffer), ctx->keyExpectedSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "expected-size=%d", - ctx->keyExpectedSize); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", ctx->keyExpectedSize); return(-1); } @@ -241,11 +232,8 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % 8) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d(not 8 bytes aligned)", inSize); + xmlSecInvalidSizeNotMultipleOfError("Input data", + inSize, 8, xmlSecTransformGetName(transform)); return(-1); } @@ -259,11 +247,9 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } @@ -273,11 +259,8 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor 8 * keySize, &aesKey); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "AES_set_decrypt_key", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("AES_set_decrypt_key", + xmlSecTransformGetName(transform)); return(-1); } @@ -285,11 +268,8 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKWAesEncode", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; @@ -299,11 +279,8 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor 8 * keySize, &aesKey); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "AES_set_decrypt_key", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("AES_set_decrypt_key", + xmlSecTransformGetName(transform)); return(-1); } @@ -311,11 +288,8 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKWAesEncode", + xmlSecTransformGetName(transform)); return(-1); } outSize = ret; @@ -323,21 +297,17 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "inSize%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -346,11 +316,7 @@ xmlSecOpenSSLKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); diff --git a/src/openssl/kw_des.c b/src/openssl/kw_des.c index c9642579..e20a86df 100644 --- a/src/openssl/kw_des.c +++ b/src/openssl/kw_des.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_des + * @Short_description: DES Key Transport transforms implementation for OpenSSL. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_DES #include "globals.h" @@ -29,6 +34,7 @@ #include <xmlsec/openssl/crypto.h> #include "../kw_aes_des.h" +#include "openssl_compat.h" /********************************************************************* * @@ -159,11 +165,8 @@ xmlSecOpenSSLKWDes3Initialize(xmlSecTransformPtr transform) { ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } @@ -227,22 +230,16 @@ xmlSecOpenSSLKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key length %d is not enough (%d expected)", - keySize, XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInvalidKeyDataSizeError(keySize, XMLSEC_KW_DES3_KEY_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); return(-1); } @@ -281,12 +278,9 @@ xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfo /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d bytes - not %d bytes aligned", - inSize, XMLSEC_KW_DES3_BLOCK_LENGTH); + xmlSecInvalidSizeNotMultipleOfError("Input data", + inSize, XMLSEC_KW_DES3_BLOCK_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } @@ -302,11 +296,9 @@ xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfo ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } @@ -315,12 +307,8 @@ xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfo xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Encode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", keySize, inSize, outSize); return(-1); } outSize = ret; @@ -329,12 +317,8 @@ xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfo xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Decode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", keySize, inSize, outSize); return(-1); } outSize = ret; @@ -342,21 +326,17 @@ xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfo ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -365,11 +345,7 @@ xmlSecOpenSSLKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransfo /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -394,11 +370,7 @@ xmlSecOpenSSLKWDes3Sha1(void * context, xmlSecAssert2(outSize >= SHA_DIGEST_LENGTH, -1); if(SHA1(in, inSize, out) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SHA1", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("SHA1", NULL); return(-1); } return(SHA_DIGEST_LENGTH); @@ -416,11 +388,8 @@ xmlSecOpenSSLKWDes3GenerateRandom(void * context, ret = RAND_bytes(out, outSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "RAND_bytes", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "ret=%d", ret); + xmlSecOpenSSLError2("RAND_bytes", NULL, + "size=%lu", (unsigned long)outSize); return(-1); } @@ -451,11 +420,7 @@ xmlSecOpenSSLKWDes3BlockEncrypt(void * context, out, outSize, 1); /* encrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLKWDes3Encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKWDes3Encrypt", NULL); return(-1); } @@ -486,11 +451,7 @@ xmlSecOpenSSLKWDes3BlockDecrypt(void * context, out, outSize, 0); /* decrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLKWDes3Encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKWDes3Encrypt", NULL); return(-1); } @@ -521,21 +482,13 @@ xmlSecOpenSSLKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, cipherCtx = EVP_CIPHER_CTX_new(); if(cipherCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_CIPHER_CTX_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_CIPHER_CTX_new", NULL); return(-1); } ret = EVP_CipherInit(cipherCtx, EVP_des_ede3_cbc(), key, iv, enc); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_CipherInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_CipherInit", NULL); EVP_CIPHER_CTX_free(cipherCtx); return(-1); } @@ -544,22 +497,14 @@ xmlSecOpenSSLKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, ret = EVP_CipherUpdate(cipherCtx, out, &updateLen, in, inSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_CipherUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_CipherUpdate", NULL); EVP_CIPHER_CTX_free(cipherCtx); return(-1); } ret = EVP_CipherFinal(cipherCtx, out + updateLen, &finalLen); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_CipherFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_CipherFinal", NULL); EVP_CIPHER_CTX_free(cipherCtx); return(-1); } diff --git a/src/openssl/openssl_compat.h b/src/openssl/openssl_compat.h new file mode 100644 index 00000000..9d5b01cf --- /dev/null +++ b/src/openssl/openssl_compat.h @@ -0,0 +1,88 @@ +#ifndef __XMLSEC_OPENSSL_OPENSSL_COMPAT_H__ +#define __XMLSEC_OPENSSL_OPENSSL_COMPAT_H__ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * This file provides a compatibility layer for pre-OpenSSL 1.1.0 versions. + * + * The functions here provide accessors for structs which were made opaque in + * 1.0.0 and 1.1.0 so they an be accessed in earlier versions of the library + * using the same syntax. This file won't be required once OpenSSL 1.1.0 is + * the minimum supported version. Note that LibreSSL "forked" at OpenSSL 1.0.0. + */ + +/****************************************************************************** + * + * OpenSSL 1.1.0 compatibility + * + *****************************************************************************/ +#if !defined(XMLSEC_OPENSSL_API_110) + +/* EVP_PKEY stuff */ +#define EVP_PKEY_up_ref(pKey) CRYPTO_add(&((pKey)->references), 1, CRYPTO_LOCK_EVP_PKEY) +#define EVP_PKEY_get0_DSA(pKey) (((pKey) != NULL) ? ((pKey)->pkey.dsa) : (DSA*)NULL) +#define EVP_PKEY_get0_RSA(pKey) (((pKey) != NULL) ? ((pKey)->pkey.rsa) : (RSA*)NULL) +#define EVP_PKEY_get0_EC_KEY(pKey) (((pKey) != NULL) ? ((pKey)->pkey.ec) : (EC_KEY*)NULL) + +/* EVP_MD stuff */ +#define EVP_MD_CTX_new() EVP_MD_CTX_create() +#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) +#define EVP_MD_CTX_md_data(x) ((x)->md_data) + +/* EVP_CIPHER_CTX stuff */ +#define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) + +/* HMAC_CTX stuff */ +#define HMAC_CTX_new() ((HMAC_CTX*)calloc(1, sizeof(HMAC_CTX))) +#define HMAC_CTX_free(x) { HMAC_CTX_cleanup((x)); free((x)); } + +/* X509 stuff */ +#define ASN1_STRING_get0_data(data) ASN1_STRING_data((data)) +#define X509_CRL_get0_nextUpdate(crl) X509_CRL_get_nextUpdate((crl)) +#define X509_get0_notBefore(x509) X509_get_notBefore((x509)) +#define X509_get0_notAfter(x509) X509_get_notAfter((x509)) +#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject +#define X509_REVOKED_get0_serialNumber(r) (((r) != NULL) ? ((r)->serialNumber) : (ASN1_INTEGER *)NULL) +#define X509_OBJECT_new() (calloc(1, sizeof(X509_OBJECT))) +#define X509_OBJECT_free(x) { X509_OBJECT_free_contents(x); free(x); } +#define X509_OBJECT_get0_X509(x) (((x) != NULL) ? ((x)->data.x509) : (X509 *)NULL) + +#endif /* !defined(XMLSEC_OPENSSL_API_110) */ + +/****************************************************************************** + * + * boringssl compatibility + * + *****************************************************************************/ +#ifdef OPENSSL_IS_BORINGSSL + +#define ENGINE_cleanup(...) {} +#define CONF_modules_unload(...) {} +#define RAND_write_file(file) (0) + +#define EVP_PKEY_base_id(pkey) EVP_PKEY_id(pkey) +#define EVP_CipherFinal(ctx, out, out_len) EVP_CipherFinal_ex(ctx, out, out_len) +#define EVP_read_pw_string(...) (-1) + +#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject +#define X509_OBJECT_new() (calloc(1, sizeof(X509_OBJECT))) +#define X509_OBJECT_free(x) { X509_OBJECT_free_contents(x); free(x); } + +#endif /* OPENSSL_IS_BORINGSSL */ + +/****************************************************************************** + * + * LibreSSL 2.7 compatibility (implements most of OpenSSL 1.1 API) + * + *****************************************************************************/ +#if defined(LIBRESSL_VERSION_NUMBER) && defined(XMLSEC_OPENSSL_API_110) +/* EVP_CIPHER_CTX stuff */ +#define EVP_CIPHER_CTX_encrypting(x) ((x)->encrypt) + +/* X509 stuff */ +#define X509_STORE_CTX_get_by_subject X509_STORE_get_by_subject +#define X509_OBJECT_new() (calloc(1, sizeof(X509_OBJECT))) +#define X509_OBJECT_free(x) { X509_OBJECT_free_contents(x); free(x); } +#endif /* defined(LIBRESSL_VERSION_NUMBER) && defined(XMLSEC_OPENSSL_API_110) */ + +#endif /* __XMLSEC_OPENSSL_OPENSSL_COMPAT_H__ */ diff --git a/src/openssl/signatures.c b/src/openssl/signatures.c index d10204de..bc695f42 100644 --- a/src/openssl/signatures.c +++ b/src/openssl/signatures.c @@ -1,15 +1,24 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:signatures + * @Short_description: Signatures implementation for OpenSSL. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> +#include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/rand.h> #include <openssl/sha.h> @@ -21,55 +30,72 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> +#include "openssl_compat.h" -/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html): +/****************************************************************************** * - * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. - */ -#if !defined(XMLSEC_OPENSSL_110) -#define EVP_MD_CTX_new() EVP_MD_CTX_create() -#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) -#define EVP_MD_CTX_md_data(x) ((x)->md_data) + * OpenSSL 1.1.0 compatibility + * + *****************************************************************************/ +#if !defined(XMLSEC_OPENSSL_API_110) -#ifndef XMLSEC_NO_DSA -/* we expect the r/s to be NOT NULL */ -static void ECDSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, ECDSA_SIG *sig) { - if (pr != NULL) { - if(sig->r == NULL) { - sig->r = BN_new(); - } - *pr = sig->r; +#ifndef XMLSEC_NO_ECDSA + +static inline void ECDSA_SIG_get0(const ECDSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { + xmlSecAssert(sig != NULL); + + if(pr != NULL) { + (*pr) = sig->r; } - if (ps != NULL) { - if(sig->s == NULL) { - sig->s = BN_new(); - } - *ps = sig->s; + if(ps != NULL) { + (*ps) = sig->s; } } -#endif /* XMLSEC_NO_ECDSA */ -#endif /* !defined(XMLSEC_OPENSSL_110) */ +static inline int ECDSA_SIG_set0(ECDSA_SIG *sig, BIGNUM *r, BIGNUM *s) { + xmlSecAssert2(sig != NULL, 0); + + if((r == NULL) || (s == NULL)) { + return(0); + } + BN_clear_free(sig->r); + BN_clear_free(sig->s); + sig->r = r; + sig->s = s; + return(1); +} +#endif /* XMLSEC_NO_ECDSA */ -/* Preparation for OpenSSL 1.1.0 compatibility: we expect the r/s to be NOT NULL */ #ifndef XMLSEC_NO_DSA -static void DSA_SIG_get0(BIGNUM **pr, BIGNUM **ps, DSA_SIG *sig) { - if (pr != NULL) { - if(sig->r == NULL) { - sig->r = BN_new(); - } - *pr = sig->r; + +static inline void DSA_SIG_get0(const DSA_SIG *sig, const BIGNUM **pr, const BIGNUM **ps) { + xmlSecAssert(sig != NULL); + + if(pr != NULL) { + (*pr) = sig->r; } - if (ps != NULL) { - if(sig->s == NULL) { - sig->s = BN_new(); - } - *ps = sig->s; + if(ps != NULL) { + (*ps) = sig->s; } } -#endif /* XMLSEC_NO_DSA */ +static inline int DSA_SIG_set0(DSA_SIG *sig, BIGNUM *r, BIGNUM *s) { + xmlSecAssert2(sig != NULL, 0); + + if(r == NULL || s == NULL) { + return(0); + } + BN_clear_free(sig->r); + BN_clear_free(sig->s); + + sig->r = r; + sig->s = s; + return(1); +} +#endif /* XMLSEC_NO_DSA */ + +#endif /* !defined(XMLSEC_OPENSSL_API_110) */ /************************************************************************** @@ -214,8 +240,6 @@ xmlSecOpenSSLSignatureCheckId(xmlSecTransformPtr transform) { { return(0); } - - return(0); } static int @@ -303,32 +327,22 @@ xmlSecOpenSSLSignatureInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_ECDSA */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* create/init digest CTX */ ctx->digestCtx = EVP_MD_CTX_new(); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_MD_CTX_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_MD_CTX_new", + xmlSecTransformGetName(transform)); return(-1); } ret = EVP_DigestInit(ctx->digestCtx, ctx->digest); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_DigestInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_DigestInit", + xmlSecTransformGetName(transform)); return(-1); } @@ -379,11 +393,8 @@ xmlSecOpenSSLSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { pKey = xmlSecOpenSSLEvpKeyDataGetEvp(value); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpKeyDataGetEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDataGetEvp", + xmlSecTransformGetName(transform)); return(-1); } @@ -393,11 +404,8 @@ xmlSecOpenSSLSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey); if(ctx->pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpKeyDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDup", + xmlSecTransformGetName(transform)); return(-1); } @@ -450,11 +458,8 @@ xmlSecOpenSSLSignatureVerify(xmlSecTransformPtr transform, ret = (ctx->verifyCallback)(ctx, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "verifyCallback", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("verifyCallback", + xmlSecTransformGetName(transform)); return(-1); } @@ -462,11 +467,9 @@ xmlSecOpenSSLSignatureVerify(xmlSecTransformPtr transform, if(ret == 1) { transform->status = xmlSecTransformStatusOk; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "verifyCallback", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "ctx->verifyCallback: signature does not verify"); transform->status = xmlSecTransformStatusFail; } @@ -513,21 +516,15 @@ xmlSecOpenSSLSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTran ret = EVP_DigestUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_DigestUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_DigestUpdate", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); return(-1); } } @@ -537,11 +534,8 @@ xmlSecOpenSSLSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTran ret = EVP_DigestFinal(ctx->digestCtx, ctx->dgst, &ctx->dgstSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_DigestFinal", + xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(ctx->dgstSize > 0, -1); @@ -550,11 +544,8 @@ xmlSecOpenSSLSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTran if(transform->operation == xmlSecTransformOperationSign) { ret = (ctx->signCallback)(ctx, out); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "signCallback", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("signCallback", + xmlSecTransformGetName(transform)); return(-1); } } @@ -567,11 +558,7 @@ xmlSecOpenSSLSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTran /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -610,7 +597,7 @@ static int xmlSecOpenSSLSignatureDsaSign(xmlSecOpenSSLSignatureCtxPtr ctx, xmlSecBufferPtr out) { DSA * dsaKey = NULL; DSA_SIG *sig = NULL; - BIGNUM *rr = NULL, *ss = NULL; + const BIGNUM *rr = NULL, *ss = NULL; xmlSecByte *outData; xmlSecSize dsaSignSize, signHalfSize, rSize, sSize; int res = -1; @@ -625,85 +612,54 @@ xmlSecOpenSSLSignatureDsaSign(xmlSecOpenSSLSignatureCtxPtr ctx, xmlSecBufferPtr /* get key */ dsaKey = EVP_PKEY_get1_DSA(ctx->pKey); if(dsaKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_PKEY_get1_DSA", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_get1_DSA", NULL); goto done; } /* signature size = r + s + 8 bytes, we just need r+s */ dsaSignSize = DSA_size(dsaKey); if(dsaSignSize < 8) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "DSA_size", - XMLSEC_ERRORS_R_INVALID_SIZE, - "dsaSignSize=%d", (int)dsaSignSize); + xmlSecInvalidSizeLessThanError("DSA signature", dsaSignSize, 8, NULL); goto done; } signHalfSize = (dsaSignSize - 8) / 2; if(signHalfSize < 4) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "signHalfSize", - XMLSEC_ERRORS_R_INVALID_SIZE, - "signHalfSize=%d", (int)signHalfSize); + xmlSecInvalidSizeLessThanError("DSA signature (half)", signHalfSize, 4, NULL); goto done; } /* calculate signature */ sig = DSA_do_sign(ctx->dgst, ctx->dgstSize, dsaKey); if(sig == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "DSA_do_sign", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("DSA_do_sign", NULL); goto done; } /* get signature components */ - DSA_SIG_get0(&rr, &ss, sig); + DSA_SIG_get0(sig, &rr, &ss); if((rr == NULL) || (ss == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "DSA_SIG_get0", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("DSA_SIG_get0", NULL); goto done; } rSize = BN_num_bytes(rr); if(rSize > signHalfSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "rSize=%d > %d", - rSize, signHalfSize); + xmlSecInvalidSizeMoreThanError("DSA signature r", + rSize, signHalfSize, NULL); goto done; } sSize = BN_num_bytes(ss); if(sSize > signHalfSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "sSize=%d > %d", - sSize, signHalfSize); + xmlSecInvalidSizeMoreThanError("DSA signature s", + sSize, signHalfSize, NULL); goto done; } /* allocate buffer */ ret = xmlSecBufferSetSize(out, 2 * signHalfSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)(2 * signHalfSize)); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%d", (int)(2 * signHalfSize)); goto done; } outData = xmlSecBufferGetData(out); @@ -726,12 +682,6 @@ done: if(dsaKey != NULL) { DSA_free(dsaKey); } - if(rr != NULL) { - BN_free(rr); - } - if(ss != NULL) { - BN_free(ss); - } /* done */ return(res); @@ -754,95 +704,63 @@ xmlSecOpenSSLSignatureDsaVerify(xmlSecOpenSSLSignatureCtxPtr ctx, const xmlSecBy /* get key */ dsaKey = EVP_PKEY_get1_DSA(ctx->pKey); if(dsaKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_PKEY_get1_DSA", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_get1_DSA", NULL); goto done; } /* signature size = r + s + 8 bytes, we just need r+s */ dsaSignSize = DSA_size(dsaKey); if(dsaSignSize < 8) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "DSA_size", - XMLSEC_ERRORS_R_INVALID_SIZE, - "dsaSignSize=%d", (int)dsaSignSize); + xmlSecInvalidSizeLessThanError("DSA signatue", + dsaSignSize, 8, NULL); goto done; } signHalfSize = (dsaSignSize - 8) / 2; if(signHalfSize < 4) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "signHalfSize", - XMLSEC_ERRORS_R_INVALID_SIZE, - "signHalfSize=%d", (int)signHalfSize); + xmlSecInvalidSizeLessThanError("DSA signatue (half size)", + signHalfSize, 4, NULL); goto done; } /* check size */ if(signSize != 2 * signHalfSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "invalid length %d (%d expected)", - (int)signSize, (int)(2 * signHalfSize)); + xmlSecInvalidSizeError("DSA signature", signSize, 2 * signHalfSize, + NULL); goto done; } /* create/read signature */ sig = DSA_SIG_new(); if (sig == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "DSA_SIG_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("DSA_SIG_new", NULL); goto done; } - /* get signature components */ - DSA_SIG_get0(&rr, &ss, sig); - if((rr == NULL) || (ss == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "DSA_SIG_get0", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - rr = BN_bin2bn(signData, signHalfSize, rr); + rr = BN_bin2bn(signData, signHalfSize, NULL); if(rr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_bin2bn(sig->r)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_bin2bn(sig->r)", NULL); goto done; } - ss = BN_bin2bn(signData + signHalfSize, signHalfSize, ss); + ss = BN_bin2bn(signData + signHalfSize, signHalfSize, NULL); if(ss == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_bin2bn(sig->s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_bin2bn(sig->s)", NULL); + goto done; + } + + ret = DSA_SIG_set0(sig, rr, ss); + if(ret == 0) { + xmlSecOpenSSLError("DSA_SIG_set0", NULL); goto done; } + rr = NULL; + ss = NULL; + /* verify signature */ ret = DSA_do_verify(ctx->dgst, ctx->dgstSize, sig, dsaKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "DSA_do_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("DSA_do_verify", NULL); goto done; } @@ -855,19 +773,10 @@ xmlSecOpenSSLSignatureDsaVerify(xmlSecOpenSSLSignatureCtxPtr ctx, const xmlSecBy done: /* cleanup */ - if(sig != NULL) { - DSA_SIG_free(sig); - } - if(dsaKey != NULL) { - DSA_free(dsaKey); - } - if(rr != NULL) { - BN_free(rr); - } - if(ss != NULL) { - BN_free(ss); - } - + DSA_SIG_free(sig); + DSA_free(dsaKey); + BN_clear_free(rr); + BN_clear_free(ss); /* done */ return(res); } @@ -1000,30 +909,18 @@ xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(EC_KEY * ecKey) { group = EC_KEY_get0_group(ecKey); if(group == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EC_KEY_get0_group", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EC_KEY_get0_group", NULL); goto done; } order = BN_new(); if(order == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_new", NULL); goto done; } if(EC_GROUP_get_order(group, order, NULL) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EC_GROUP_get_order", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EC_GROUP_get_order", NULL); goto done; } @@ -1045,7 +942,7 @@ static int xmlSecOpenSSLSignatureEcdsaSign(xmlSecOpenSSLSignatureCtxPtr ctx, xmlSecBufferPtr out) { EC_KEY * ecKey = NULL; ECDSA_SIG *sig = NULL; - BIGNUM *rr = NULL, *ss = NULL; + const BIGNUM *rr = NULL, *ss = NULL; xmlSecByte *outData; xmlSecSize signHalfSize, rSize, sSize; int res = -1; @@ -1060,78 +957,51 @@ xmlSecOpenSSLSignatureEcdsaSign(xmlSecOpenSSLSignatureCtxPtr ctx, xmlSecBufferPt /* get key */ ecKey = EVP_PKEY_get1_EC_KEY(ctx->pKey); if(ecKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_PKEY_get1_DSA", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_get1_DSA", NULL); goto done; } /* calculate signature size */ signHalfSize = xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(ecKey); if(signHalfSize <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLSignatureEcdsaSignatureHalfSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLSignatureEcdsaSignatureHalfSize", NULL); goto done; } /* sign */ sig = ECDSA_do_sign(ctx->dgst, ctx->dgstSize, ecKey); if(sig == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ECDSA_do_sign", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("ECDSA_do_sign", NULL); goto done; } /* get signature components */ - ECDSA_SIG_get0(&rr, &ss, sig); + ECDSA_SIG_get0(sig, &rr, &ss); if((rr == NULL) || (ss == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ECDSA_SIG_get0", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("ECDSA_SIG_get0", NULL); goto done; } /* check sizes */ rSize = BN_num_bytes(rr); if(rSize > signHalfSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "rSize=%d > %d", - (int)rSize, (int)signHalfSize); + xmlSecInvalidSizeMoreThanError("ECDSA signatue r", + rSize, signHalfSize, NULL); goto done; } sSize = BN_num_bytes(ss); if(sSize > signHalfSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "sSize=%d > %d", - (int)sSize, (int)signHalfSize); + xmlSecInvalidSizeMoreThanError("ECDSA signatue s", + sSize, signHalfSize, NULL); goto done; } /* allocate buffer */ ret = xmlSecBufferSetSize(out, 2 * signHalfSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", (int)(2 * signHalfSize)); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%d", (int)(2 * signHalfSize)); goto done; } outData = xmlSecBufferGetData(out); @@ -1154,12 +1024,6 @@ done: if(ecKey != NULL) { EC_KEY_free(ecKey); } - if(rr != NULL) { - BN_free(rr); - } - if(ss != NULL) { - BN_free(ss); - } /* done */ return(res); @@ -1183,85 +1047,58 @@ xmlSecOpenSSLSignatureEcdsaVerify(xmlSecOpenSSLSignatureCtxPtr ctx, const xmlSec /* get key */ ecKey = EVP_PKEY_get1_EC_KEY(ctx->pKey); if(ecKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "EVP_PKEY_get1_DSA", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_PKEY_get1_EC_KEY", NULL); goto done; } /* calculate signature size */ signHalfSize = xmlSecOpenSSLSignatureEcdsaSignatureHalfSize(ecKey); if(signHalfSize <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLSignatureEcdsaSignatureHalfSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLSignatureEcdsaSignatureHalfSize", NULL); goto done; } - /* check size */ - if(signSize != 2 * signHalfSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "invalid length %d (%d expected)", - (int)signSize, (int)(2 * signHalfSize)); + /* check size: we expect the r and s to be the same size and match the size of + * the key (RFC 6931); however some implementations (e.g. Java) cut leading zeros: + * https://github.com/lsh123/xmlsec/issues/228 */ + if((signSize < 2 * signHalfSize) && (signSize % 2 == 0)) { + signHalfSize = signSize / 2; + } else if(signSize != 2 * signHalfSize) { + xmlSecInvalidSizeError("ECDSA signature", signSize, 2 * signHalfSize, + NULL); goto done; } /* create/read signature */ sig = ECDSA_SIG_new(); if (sig == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "DSA_SIG_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto done; - } - - /* get signature components */ - ECDSA_SIG_get0(&rr, &ss, sig); - if((rr == NULL) || (ss == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ECDSA_SIG_get0", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("DSA_SIG_new", NULL); goto done; } - rr = BN_bin2bn(signData, signHalfSize, rr); + rr = BN_bin2bn(signData, signHalfSize, NULL); if(rr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_bin2bn(sig->r)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_bin2bn(sig->r)", NULL); goto done; } - ss = BN_bin2bn(signData + signHalfSize, signHalfSize, ss); + ss = BN_bin2bn(signData + signHalfSize, signHalfSize, NULL); if(ss == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_bin2bn(sig->s)", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_bin2bn(sig->s)", NULL); + goto done; + } + + ret = ECDSA_SIG_set0(sig, rr, ss); + if(ret == 0) { + xmlSecOpenSSLError("ECDSA_SIG_set0()", NULL); goto done; } + rr = NULL; + ss = NULL; /* verify signature */ ret = ECDSA_do_verify(ctx->dgst, ctx->dgstSize, sig, ecKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ECDSA_do_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("ECDSA_do_verify", NULL); goto done; } @@ -1274,19 +1111,10 @@ xmlSecOpenSSLSignatureEcdsaVerify(xmlSecOpenSSLSignatureCtxPtr ctx, const xmlSec done: /* cleanup */ - if(sig != NULL) { - ECDSA_SIG_free(sig); - } - if(ecKey != NULL) { - EC_KEY_free(ecKey); - } - if(rr != NULL) { - BN_free(rr); - } - if(ss != NULL) { - BN_free(ss); - } - + ECDSA_SIG_free(sig); + EC_KEY_free(ecKey); + BN_clear_free(rr); + BN_clear_free(ss); /* done */ return(res); } diff --git a/src/openssl/symkeys.c b/src/openssl/symkeys.c index 78d29e29..6079ec68 100644 --- a/src/openssl/symkeys.c +++ b/src/openssl/symkeys.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:symkeys + * @Short_description: Symmetric keys implementation for OpenSSL. + * @Stability: Private + * + */ + #include "globals.h" #include <stdlib.h> @@ -23,6 +28,7 @@ #include <xmlsec/keyinfo.h> #include <xmlsec/transforms.h> #include <xmlsec/errors.h> +#include <xmlsec/private.h> #include <xmlsec/openssl/crypto.h> @@ -132,6 +138,7 @@ xmlSecOpenSSLSymKeyDataGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlS xmlSecAssert2(xmlSecOpenSSLSymKeyDataCheckId(data), -1); xmlSecAssert2(sizeBits > 0, -1); + UNREFERENCED_PARAMETER(type); buffer = xmlSecKeyDataBinaryValueGetBuffer(data); xmlSecAssert2(buffer != NULL, -1); diff --git a/src/openssl/x509.c b/src/openssl/x509.c index 891db6b6..0bdb06cc 100644 --- a/src/openssl/x509.c +++ b/src/openssl/x509.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +7,13 @@ * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509 + * @Short_description: X509 certificates implementation for OpenSSL. + * @Stability: Stable + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -21,11 +26,6 @@ #include <time.h> #include <libxml/tree.h> -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/x509_vfy.h> -#include <openssl/x509v3.h> -#include <openssl/asn1.h> #include <xmlsec/xmlsec.h> #include <xmlsec/xmltree.h> @@ -35,11 +35,37 @@ #include <xmlsec/x509.h> #include <xmlsec/base64.h> #include <xmlsec/errors.h> +#include <xmlsec/private.h> #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> #include <xmlsec/openssl/x509.h> +/* Windows overwrites X509_NAME and other things that break openssl */ +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/x509_vfy.h> +#include <openssl/x509v3.h> +#include <openssl/asn1.h> + +#ifdef OPENSSL_IS_BORINGSSL +#include <openssl/mem.h> +#endif /* OPENSSL_IS_BORINGSSL */ + + + +#include "openssl_compat.h" + + +/* The ASN1_TIME_check() function was changed from ASN1_TIME * to + * const ASN1_TIME * in 1.1.0. To avoid compiler warnings, we use this hack. + */ +#if !defined(XMLSEC_OPENSSL_API_110) || defined(OPENSSL_IS_BORINGSSL) +typedef ASN1_TIME XMLSEC_CONST_ASN1_TIME; +#else /* !defined(XMLSEC_OPENSSL_API_110) || defined(OPENSSL_IS_BORINGSSL) */ +typedef const ASN1_TIME XMLSEC_CONST_ASN1_TIME; +#endif /* !defined(XMLSEC_OPENSSL_API_110) || defined(OPENSSL_IS_BORINGSSL) */ + /************************************************************************* * * X509 utility functions @@ -98,7 +124,7 @@ static void xmlSecOpenSSLX509CertDebugDump (X509* cert, FILE* output); static void xmlSecOpenSSLX509CertDebugXmlDump (X509* cert, FILE* output); -static int xmlSecOpenSSLX509CertGetTime (ASN1_TIME* t, +static int xmlSecOpenSSLX509CertGetTime (XMLSEC_CONST_ASN1_TIME * t, time_t* res); /************************************************************************* @@ -350,22 +376,16 @@ xmlSecOpenSSLKeyDataX509AdoptCert(xmlSecKeyDataPtr data, X509* cert) { if(ctx->certsList == NULL) { ctx->certsList = sk_X509_new_null(); if(ctx->certsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "sk_X509_new_null", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_new_null", + xmlSecKeyDataGetName(data)); return(-1); } } ret = sk_X509_push(ctx->certsList, cert); if(ret < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "sk_X509_push", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_push", + xmlSecKeyDataGetName(data)); return(-1); } @@ -391,9 +411,9 @@ xmlSecOpenSSLKeyDataX509GetCert(xmlSecKeyDataPtr data, xmlSecSize pos) { ctx = xmlSecOpenSSLX509DataGetCtx(data); xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->certsList != NULL, NULL); - xmlSecAssert2((int)pos < sk_X509_num(ctx->certsList), NULL); + xmlSecAssert2(pos < (xmlSecSize)sk_X509_num(ctx->certsList), NULL); - return(sk_X509_value(ctx->certsList, pos)); + return(sk_X509_value(ctx->certsList, (int)pos)); } /** @@ -439,22 +459,16 @@ xmlSecOpenSSLKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, X509_CRL* crl) { if(ctx->crlsList == NULL) { ctx->crlsList = sk_X509_CRL_new_null(); if(ctx->crlsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "sk_X509_CRL_new_null", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_CRL_new_null", + xmlSecKeyDataGetName(data)); return(-1); } } ret = sk_X509_CRL_push(ctx->crlsList, crl); if(ret < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "sk_X509_CRL_push", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_CRL_push", + xmlSecKeyDataGetName(data)); return(-1); } @@ -481,9 +495,9 @@ xmlSecOpenSSLKeyDataX509GetCrl(xmlSecKeyDataPtr data, xmlSecSize pos) { xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->crlsList != NULL, NULL); - xmlSecAssert2((int)pos < sk_X509_CRL_num(ctx->crlsList), NULL); + xmlSecAssert2(pos < (xmlSecSize)sk_X509_CRL_num(ctx->crlsList), NULL); - return(sk_X509_CRL_value(ctx->crlsList, pos)); + return(sk_X509_CRL_value(ctx->crlsList, (int)pos)); } /** @@ -536,31 +550,23 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { for(pos = 0; pos < size; ++pos) { certSrc = xmlSecOpenSSLKeyDataX509GetCert(src, pos); if(certSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecOpenSSLKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLKeyDataX509GetCert", + xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), + "pos=%d", pos); return(-1); } certDst = X509_dup(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_dup", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", + xmlSecKeyDataGetName(dst)); X509_free(certDst); return(-1); } @@ -571,31 +577,23 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { for(pos = 0; pos < size; ++pos) { crlSrc = xmlSecOpenSSLKeyDataX509GetCrl(src, pos); if(crlSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecOpenSSLKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLKeyDataX509GetCrl", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } crlDst = X509_CRL_dup(crlSrc); if(crlDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "X509_CRL_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_CRL_dup", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCrl(dst, crlDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecOpenSSLKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(dst)); X509_CRL_free(crlDst); return(-1); } @@ -606,20 +604,14 @@ xmlSecOpenSSLKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(certSrc != NULL) { certDst = X509_dup(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_dup", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptKeyCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecOpenSSLKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(dst)); X509_free(certDst); return(-1); } @@ -661,34 +653,23 @@ xmlSecOpenSSLKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyEnsureData(key, id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecOpenSSLX509DataNodeRead(data, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509DataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509DataNodeRead", + xmlSecKeyDataKlassGetName(id)); return(-1); } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { - ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecOpenSSLKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); } return(0); } @@ -708,13 +689,11 @@ xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); + content = xmlSecX509DataGetNodeContent (node, keyInfoCtx); if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); + xmlSecInternalError2("xmlSecX509DataGetNodeContent", + xmlSecKeyDataKlassGetName(id), + "content=%d", content); return(-1); } else if(content == 0) { /* by default we are writing certificates and crls */ @@ -733,22 +712,18 @@ xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLKeyDataX509GetCert", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ret = xmlSecOpenSSLX509CertificateNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLX509CertificateNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -756,11 +731,9 @@ xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ret = xmlSecOpenSSLX509SubjectNameNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLX509SubjectNameNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -768,11 +741,9 @@ xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ret = xmlSecOpenSSLX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLX509IssuerSerialNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -780,11 +751,9 @@ xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ret = xmlSecOpenSSLX509SKINodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLX509SKINodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -796,21 +765,17 @@ xmlSecOpenSSLKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { crl = xmlSecOpenSSLKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLKeyDataX509GetCrl", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } ret = xmlSecOpenSSLX509CRLNodeWrite(crl, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLX509CRLNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -855,11 +820,9 @@ xmlSecOpenSSLKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Certificate:\n"); @@ -889,11 +852,9 @@ xmlSecOpenSSLKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecOpenSSLKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecOpenSSLKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<Certificate>\n"); @@ -921,29 +882,47 @@ xmlSecOpenSSLX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyI ret = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { ret = xmlSecOpenSSLX509CertificateNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError2("xmlSecOpenSSLX509CertificateNodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { ret = xmlSecOpenSSLX509SubjectNameNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError2("xmlSecOpenSSLX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { ret = xmlSecOpenSSLX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError2("xmlSecOpenSSLX509IssuerSerialNodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { ret = xmlSecOpenSSLX509SKINodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError2("xmlSecOpenSSLX509SKINodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { ret = xmlSecOpenSSLX509CRLNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError2("xmlSecOpenSSLX509CRLNodeRead", + xmlSecKeyDataGetName(data), + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + return(-1); + } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation: ignore unknown nodes */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "read node failed"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); return(-1); } } @@ -966,11 +945,7 @@ xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -978,22 +953,16 @@ xmlSecOpenSSLX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml cert = xmlSecOpenSSLX509CertBase64DerRead(content); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509CertBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); X509_free(cert); xmlFree(content); return(-1); @@ -1015,29 +984,20 @@ xmlSecOpenSSLX509CertificateNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfo /* set base64 lines size from context */ buf = xmlSecOpenSSLX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509CertBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlSecInternalError("xmlSecEnsureEmptyChild(xmlSecNodeX509Certificate)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); return(0); @@ -1058,11 +1018,8 @@ xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1072,11 +1029,7 @@ xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml xmlFree(subject); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1086,12 +1039,8 @@ xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "subject=%s", - xmlSecErrorsSafeString(subject)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "subject=%s", xmlSecErrorsSafeString(subject)); xmlFree(subject); return(-1); } @@ -1102,23 +1051,16 @@ xmlSecOpenSSLX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xml cert2 = X509_dup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecOpenSSLError("X509_dup", + xmlSecKeyDataGetName(data)); xmlFree(subject); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); X509_free(cert2); xmlFree(subject); return(-1); @@ -1132,32 +1074,33 @@ static int xmlSecOpenSSLX509SubjectNameNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar* buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); + UNREFERENCED_PARAMETER(keyInfoCtx); buf = xmlSecOpenSSLX509NameWrite(X509_get_subject_name(cert)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameWrite(X509_get_subject_name)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509NameWrite(X509_get_subject_name)", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(xmlSecNodeX509SubjectName)", NULL); + xmlFree(buf); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); + + /* done */ xmlFree(buf); return(0); } @@ -1179,23 +1122,16 @@ xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } cur = xmlSecGetNextElementNode(node->children); if(cur == NULL) { if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); return(-1); } return(0); @@ -1203,56 +1139,32 @@ xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm /* the first is required node X509IssuerName */ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data)); return(-1); } issuerName = xmlNodeGetContent(cur); if(issuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is required node X509SerialNumber */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, xmlSecKeyDataGetName(data)); xmlFree(issuerName); return(-1); } issuerSerial = xmlNodeGetContent(cur); if(issuerSerial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); xmlFree(issuerName); return(-1); } cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1262,13 +1174,10 @@ xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "issuerName=%s;issuerSerial=%s", - xmlSecErrorsSafeString(issuerName), - xmlSecErrorsSafeString(issuerSerial)); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1280,11 +1189,8 @@ xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm cert2 = X509_dup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_dup", + xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1292,11 +1198,8 @@ xmlSecOpenSSLX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xm ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); X509_free(cert2); xmlFree(issuerSerial); xmlFree(issuerName); @@ -1314,69 +1217,61 @@ xmlSecOpenSSLX509IssuerSerialNodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInf xmlNodePtr issuerNameNode; xmlNodePtr issuerNumberNode; xmlChar* buf; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); + UNREFERENCED_PARAMETER(keyInfoCtx); /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + xmlSecInternalError("xmlSecEnsureEmptyChild(xmlSecNodeX509IssuerSerial)", NULL); return(-1); } - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); + issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(xmlSecNodeX509IssuerName)", NULL); return(-1); } - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInternalError("xmlSecEnsureEmptyChild(xmlSecNodeX509SerialNumber)", NULL); return(-1); } /* write data */ buf = xmlSecOpenSSLX509NameWrite(X509_get_issuer_name(cert)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameWrite(X509_get_issuer_name)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509NameWrite(X509_get_issuer_name)", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL); + xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); xmlFree(buf); buf = xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber(cert)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLASN1IntegerWrite(X509_get_serialNumber)", NULL); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(issuerNumberNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNumberNode)", NULL); + xmlFree(buf); + return(-1); + } + + /* done */ + xmlFree(buf); return(0); } @@ -1396,11 +1291,8 @@ xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1410,12 +1302,7 @@ xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn xmlFree(ski); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1426,12 +1313,8 @@ xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn xmlFree(ski); if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "ski=%s", xmlSecErrorsSafeString(ski)); return(-1); } return(0); @@ -1439,22 +1322,16 @@ xmlSecOpenSSLX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn cert2 = X509_dup(cert); if(cert2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_dup", + xmlSecKeyDataGetName(data)); xmlFree(ski); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert2); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); X509_free(cert2); xmlFree(ski); return(-1); @@ -1468,34 +1345,34 @@ static int xmlSecOpenSSLX509SKINodeWrite(X509* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar *buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); + UNREFERENCED_PARAMETER(keyInfoCtx); buf = xmlSecOpenSSLX509SKIWrite(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509SKIWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInternalError("xmlSecEnsureEmptyChild(xmlSecNodeX509SKI)", NULL); + xmlFree(buf); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); + /* done */ + xmlFree(buf); return(0); } @@ -1515,11 +1392,7 @@ xmlSecOpenSSLX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1527,22 +1400,16 @@ xmlSecOpenSSLX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyIn crl = xmlSecOpenSSLX509CrlBase64DerRead(content); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509CrlBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCrl(data, crl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(data)); X509_CRL_free(crl); xmlFree(content); return(-1); @@ -1564,28 +1431,19 @@ xmlSecOpenSSLX509CRLNodeWrite(X509_CRL* crl, xmlNodePtr node, xmlSecKeyInfoCtxPt /* set base64 lines size from context */ buf = xmlSecOpenSSLX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509CrlBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlSecInternalError("xmlSecEnsureEmptyChild(xmlSecNodeX509CRL)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); @@ -1609,11 +1467,8 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecOpenSSLX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1626,74 +1481,52 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr ctx->keyCert = X509_dup(cert); if(ctx->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_dup", + xmlSecKeyDataGetName(data)); return(-1); } keyValue = xmlSecOpenSSLX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509CertGetKey", + xmlSecKeyDataGetName(data)); return(-1); } /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } ret = xmlSecKeySetValue(key, keyValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } - if((X509_get_notBefore(ctx->keyCert) != NULL) && (X509_get_notAfter(ctx->keyCert) != NULL)) { - ret = xmlSecOpenSSLX509CertGetTime(X509_get_notBefore(ctx->keyCert), &(key->notValidBefore)); + if((X509_get0_notBefore(ctx->keyCert) != NULL) && (X509_get0_notAfter(ctx->keyCert) != NULL)) { + ret = xmlSecOpenSSLX509CertGetTime(X509_get0_notBefore(ctx->keyCert), &(key->notValidBefore)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidBefore"); + xmlSecInternalError("xmlSecOpenSSLX509CertGetTime(notAfter)", + xmlSecKeyDataGetName(data)); return(-1); } - ret = xmlSecOpenSSLX509CertGetTime(X509_get_notAfter(ctx->keyCert), &(key->notValidAfter)); + ret = xmlSecOpenSSLX509CertGetTime(X509_get0_notAfter(ctx->keyCert), &(key->notValidAfter)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecOpenSSLX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidAfter"); + xmlSecInternalError("xmlSecOpenSSLX509CertGetTime(notBefore)", + xmlSecKeyDataGetName(data)); return(-1); } } else { key->notValidBefore = key->notValidAfter = 0; } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), NULL); return(-1); } } @@ -1703,9 +1536,28 @@ xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr #ifdef HAVE_TIMEGM extern time_t timegm (struct tm *tm); #else /* HAVE_TIMEGM */ + #ifdef WIN32 + +#ifdef _MSC_VER +static time_t +my_timegm(struct tm *t) { + long seconds = 0; + if(_get_timezone(&seconds) != 0) { + return(-1); + } + return (mktime(t) - seconds); +} +#define timegm(tm) my_timegm(tm) + +#else /* _MSC_VER */ + #define timegm(tm) (mktime(tm) - _timezone) + +#endif /* _MSC_VER */ + #else /* WIN32 */ + /* Absolutely not the best way but it's the only ANSI compatible way I know. * If you system has a native struct tm --> GMT time_t conversion function * (like timegm) use it instead. @@ -1720,7 +1572,7 @@ my_timegm(struct tm *t) { t->tm_hour--; tl = mktime (t); if (tl == -1) { - return -1; + return (-1); } tl += 3600; } @@ -1731,7 +1583,7 @@ my_timegm(struct tm *t) { tg->tm_hour--; tb = mktime (tg); if (tb == -1) { - return -1; + return (-1); } tb += 3600; } @@ -1739,11 +1591,12 @@ my_timegm(struct tm *t) { } #define timegm(tm) my_timegm(tm) + #endif /* WIN32 */ #endif /* HAVE_TIMEGM */ static int -xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) { +xmlSecOpenSSLX509CertGetTime(XMLSEC_CONST_ASN1_TIME * t, time_t* res) { struct tm tm; int offset; @@ -1752,11 +1605,7 @@ xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) { (*res) = 0; if(!ASN1_TIME_check(t)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ASN1_TIME_check", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("ASN1_TIME_check", NULL); return(-1); } @@ -1766,7 +1615,6 @@ xmlSecOpenSSLX509CertGetTime(ASN1_TIME* t, time_t* res) { if(t->type == V_ASN1_UTCTIME) { xmlSecAssert2(t->length > 12, -1); - /* this code is copied from OpenSSL asn1/a_utctm.c file */ tm.tm_year = g2(t->data); if(tm.tm_year < 50) { @@ -1831,21 +1679,13 @@ xmlSecOpenSSLX509CertGetKey(X509* cert) { pKey = X509_get_pubkey(cert); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_get_pubkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_get_pubkey", NULL); return(NULL); } data = xmlSecOpenSSLEvpKeyAdopt(pKey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLEvpKeyAdopt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyAdopt", NULL); EVP_PKEY_free(pKey); return(NULL); } @@ -1862,11 +1702,7 @@ xmlSecOpenSSLX509CertBase64DerRead(xmlChar* buf) { /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1884,32 +1720,22 @@ xmlSecOpenSSLX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) { mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); + xmlSecOpenSSLError("BIO_new", NULL); return(NULL); } ret = BIO_write(mem, buf, size); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_write", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", size); + xmlSecOpenSSLError2("BIO_write", NULL, + "size=%lu", (unsigned long)size); BIO_free_all(mem); return(NULL); } cert = d2i_X509_bio(mem, NULL); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_X509_bio", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError2("d2i_X509_bio", NULL, + "size=%lu", (unsigned long)size); BIO_free_all(mem); return(NULL); } @@ -1929,11 +1755,7 @@ xmlSecOpenSSLX509CertBase64DerWrite(X509* cert, int base64LineWrap) { mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); + xmlSecOpenSSLError("BIO_new", NULL); return(NULL); } @@ -1943,22 +1765,14 @@ xmlSecOpenSSLX509CertBase64DerWrite(X509* cert, int base64LineWrap) { size = BIO_get_mem_data(mem, &p); if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_get_mem_data", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BIO_get_mem_data", NULL); BIO_free_all(mem); return(NULL); } res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); BIO_free_all(mem); return(NULL); } @@ -1976,11 +1790,7 @@ xmlSecOpenSSLX509CrlBase64DerRead(xmlChar* buf) { /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1998,32 +1808,21 @@ xmlSecOpenSSLX509CrlDerRead(xmlSecByte* buf, xmlSecSize size) { mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); + xmlSecOpenSSLError("BIO_new", NULL); return(NULL); } ret = BIO_write(mem, buf, size); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_write", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", size); + xmlSecOpenSSLError2("BIO_write", NULL, + "size=%lu", (unsigned long)size); BIO_free_all(mem); return(NULL); } crl = d2i_X509_CRL_bio(mem, NULL); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "d2i_X509_CRL_bio", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("d2i_X509_CRL_bio", NULL); BIO_free_all(mem); return(NULL); } @@ -2043,11 +1842,7 @@ xmlSecOpenSSLX509CrlBase64DerWrite(X509_CRL* crl, int base64LineWrap) { mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); + xmlSecOpenSSLError("BIO_new", NULL); return(NULL); } @@ -2057,22 +1852,14 @@ xmlSecOpenSSLX509CrlBase64DerWrite(X509_CRL* crl, int base64LineWrap) { size = BIO_get_mem_data(mem, &p); if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_get_mem_data", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BIO_get_mem_data", NULL); BIO_free_all(mem); return(NULL); } res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); BIO_free_all(mem); return(NULL); } @@ -2091,20 +1878,12 @@ xmlSecOpenSSLX509NameWrite(X509_NAME* nm) { mem = BIO_new(BIO_s_mem()); if(mem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BIO_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "BIO_s_mem"); + xmlSecOpenSSLError("BIO_new", NULL); return(NULL); } if (X509_NAME_print_ex(mem, nm, 0, XN_FLAG_RFC2253) <=0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_NAME_print_ex", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_NAME_print_ex", NULL); BIO_free_all(mem); return(NULL); } @@ -2112,13 +1891,9 @@ xmlSecOpenSSLX509NameWrite(X509_NAME* nm) { (void)BIO_flush(mem); /* should call flush ? */ size = BIO_pending(mem); - res = xmlMalloc(size + 1); + res = (xmlChar *)xmlMalloc(size + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(size + 1, NULL); BIO_free_all(mem); return(NULL); } @@ -2140,21 +1915,13 @@ xmlSecOpenSSLASN1IntegerWrite(ASN1_INTEGER *asni) { bn = ASN1_INTEGER_to_BN(asni, NULL); if(bn == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ASN1_INTEGER_to_BN", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("ASN1_INTEGER_to_BN", NULL); return(NULL); } p = BN_bn2dec(bn); if (p == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_bn2dec", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_bn2dec", NULL); BN_free(bn); return(NULL); } @@ -2167,11 +1934,7 @@ xmlSecOpenSSLASN1IntegerWrite(ASN1_INTEGER *asni) { */ res = xmlCharStrdup(p); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlCharStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(BAD_CAST p, NULL); OPENSSL_free(p); return(NULL); } @@ -2191,42 +1954,26 @@ xmlSecOpenSSLX509SKIWrite(X509* cert) { index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); if (index < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "Certificate without SubjectKeyIdentifier extension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_get_ext_by_NID(): Certificate without SubjectKeyIdentifier extension", NULL); return(NULL); } ext = X509_get_ext(cert, index); if (ext == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_get_ext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_get_ext", NULL); return(NULL); } - keyId = X509V3_EXT_d2i(ext); + keyId = (ASN1_OCTET_STRING *)X509V3_EXT_d2i(ext); if (keyId == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509V3_EXT_d2i", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509V3_EXT_d2i", NULL); ASN1_OCTET_STRING_free(keyId); return(NULL); } - res = xmlSecBase64Encode(ASN1_STRING_data(keyId), ASN1_STRING_length(keyId), 0); + res = xmlSecBase64Encode(ASN1_STRING_get0_data(keyId), ASN1_STRING_length(keyId), 0); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); ASN1_OCTET_STRING_free(keyId); return(NULL); } @@ -2367,43 +2114,30 @@ xmlSecOpenSSLKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, cert = xmlSecOpenSSLX509CertDerRead(buf, bufSize); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509CertDerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509CertDerRead", NULL); return(-1); } data = xmlSecKeyEnsureData(key, xmlSecOpenSSLKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); X509_free(cert); return(-1); } ret = xmlSecOpenSSLKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509AdoptCert", + xmlSecKeyDataKlassGetName(id)); X509_free(cert); return(-1); } ret = xmlSecOpenSSLKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecOpenSSLKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } return(0); diff --git a/src/openssl/x509vfy.c b/src/openssl/x509vfy.c index f828afb2..2e54f136 100644 --- a/src/openssl/x509vfy.c +++ b/src/openssl/x509vfy.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +7,13 @@ * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509vfy + * @Short_description: X509 certificates verification support functions for OpenSSL. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -20,10 +25,6 @@ #include <errno.h> #include <libxml/tree.h> -#include <openssl/evp.h> -#include <openssl/x509.h> -#include <openssl/x509_vfy.h> -#include <openssl/x509v3.h> #include <xmlsec/xmlsec.h> #include <xmlsec/xmltree.h> @@ -36,11 +37,18 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> #include <xmlsec/openssl/x509.h> +#include "openssl_compat.h" -/* new API from OpenSSL 1.1.0 */ -#if !defined(XMLSEC_OPENSSL_110) -#define X509_REVOKED_get0_serialNumber(x) ((x)->serialNumber) -#endif /* !defined(XMLSEC_OPENSSL_110) */ +#include <openssl/evp.h> +#include <openssl/x509.h> +#include <openssl/x509_vfy.h> +#include <openssl/x509v3.h> + +#ifdef OPENSSL_IS_BORINGSSL +typedef size_t x509_size_t; +#else /* OPENSSL_IS_BORINGSSL */ +typedef int x509_size_t; +#endif /* OPENSSL_IS_BORINGSSL */ /************************************************************************** * @@ -181,15 +189,22 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* X509 * res = NULL; X509 * cert; X509 * err_cert = NULL; - char buf[256]; + X509_STORE_CTX *xsc; int err = 0; - int i; + x509_size_t i; int ret; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), NULL); xmlSecAssert2(certs != NULL, NULL); xmlSecAssert2(keyInfoCtx != NULL, NULL); + xsc = X509_STORE_CTX_new(); + if(xsc == NULL) { + xmlSecOpenSSLError("X509_STORE_CTX_new", + xmlSecKeyDataStoreGetName(store)); + goto done; + } + ctx = xmlSecOpenSSLX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); xmlSecAssert2(ctx->xst != NULL, NULL); @@ -197,11 +212,8 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* /* dup certs */ certs2 = sk_X509_dup(certs); if(certs2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "sk_X509_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_dup", + xmlSecKeyDataStoreGetName(store)); goto done; } @@ -210,11 +222,8 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* for(i = 0; i < sk_X509_num(ctx->untrusted); ++i) { ret = sk_X509_push(certs2, sk_X509_value(ctx->untrusted, i)); if(ret < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "sk_X509_push", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_push", + xmlSecKeyDataStoreGetName(store)); goto done; } } @@ -224,11 +233,8 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* if(crls != NULL) { crls2 = sk_X509_CRL_dup(crls); if(crls2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "sk_X509_CRL_dup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_CRL_dup", + xmlSecKeyDataStoreGetName(store)); goto done; } @@ -239,11 +245,8 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* } else if(ret == 0) { (void)sk_X509_CRL_delete(crls2, i); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecOpenSSLX509VerifyCRL", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509VerifyCRL", + xmlSecKeyDataStoreGetName(store)); goto done; } } @@ -259,11 +262,8 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* (void)sk_X509_delete(certs2, i); continue; } else if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecOpenSSLX509VerifyCertAgainstCrls", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509VerifyCertAgainstCrls", + xmlSecKeyDataStoreGetName(store)); goto done; } } @@ -274,11 +274,8 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* (void)sk_X509_delete(certs2, i); continue; } else if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "xmlSecOpenSSLX509VerifyCertAgainstCrls", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509VerifyCertAgainstCrls", + xmlSecKeyDataStoreGetName(store)); goto done; } } @@ -289,18 +286,16 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* for(i = 0; i < sk_X509_num(certs2); ++i) { cert = sk_X509_value(certs2, i); if(xmlSecOpenSSLX509FindNextChainCert(certs2, cert) == NULL) { - X509_STORE_CTX xsc; - - if(!X509_STORE_CTX_init(&xsc, ctx->xst, cert, certs2)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_STORE_CTX_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + + ret = X509_STORE_CTX_init(xsc, ctx->xst, cert, certs2); + if(ret != 1) { + xmlSecOpenSSLError("X509_STORE_CTX_init", + xmlSecKeyDataStoreGetName(store)); goto done; } + if(keyInfoCtx->certsVerificationTime > 0) { - X509_STORE_CTX_set_time(&xsc, 0, keyInfoCtx->certsVerificationTime); + X509_STORE_CTX_set_time(xsc, 0, keyInfoCtx->certsVerificationTime); } { @@ -309,11 +304,8 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* vpm = X509_VERIFY_PARAM_new(); if(vpm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_VERIFY_PARAM_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_VERIFY_PARAM_new", + xmlSecKeyDataStoreGetName(store)); goto done; } vpm_flags = X509_VERIFY_PARAM_get_flags(vpm); @@ -324,54 +316,41 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* X509_VERIFY_PARAM_set_time(vpm, keyInfoCtx->certsVerificationTime); } - X509_VERIFY_PARAM_set_depth(vpm, 9); + X509_VERIFY_PARAM_set_depth(vpm, keyInfoCtx->certsVerificationDepth); X509_VERIFY_PARAM_set_flags(vpm, vpm_flags); - X509_STORE_CTX_set0_param(&xsc, vpm); + X509_STORE_CTX_set0_param(xsc, vpm); } - ret = X509_verify_cert(&xsc); - err_cert = X509_STORE_CTX_get_current_cert(&xsc); - err = X509_STORE_CTX_get_error(&xsc); - - X509_STORE_CTX_cleanup (&xsc); - if(ret != 1 && keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_ALLOW_BROKEN_CHAIN){ + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { + ret = X509_verify_cert(xsc); + } else { ret = 1; - keyInfoCtx->flags2 |= XMLSEC_KEYINFO_ERROR_FLAGS_BROKEN_CHAIN; } + err_cert = X509_STORE_CTX_get_current_cert(xsc); + err = X509_STORE_CTX_get_error(xsc); + + X509_STORE_CTX_cleanup (xsc); if(ret == 1) { res = cert; goto done; } else if(ret < 0) { - const char* err_msg; - - buf[0] = '\0'; - X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf); - err_msg = X509_verify_cert_error_string(err); - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_verify_cert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "subj=%s;err=%d;msg=%s", - xmlSecErrorsSafeString(buf), - err, - xmlSecErrorsSafeString(err_msg)); + /* real error */ + xmlSecOpenSSLError("X509_verify_cert", xmlSecKeyDataStoreGetName(store)); goto done; } else if(ret == 0) { const char* err_msg; + char subject[256], issuer[256]; - buf[0] = '\0'; - X509_NAME_oneline(X509_get_subject_name(err_cert), buf, sizeof buf); + X509_NAME_oneline(X509_get_subject_name(err_cert), subject, sizeof(subject)); + X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, sizeof(issuer)); err_msg = X509_verify_cert_error_string(err); - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_verify_cert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "subj=%s;err=%d;msg=%s", - xmlSecErrorsSafeString(buf), - err, - xmlSecErrorsSafeString(err_msg)); + + xmlSecOtherError5(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "X509_verify_cert: subject=%s; issuer=%s; err=%d; msg=%s", + subject, issuer, err, xmlSecErrorsSafeString(err_msg)); } } } @@ -379,45 +358,39 @@ xmlSecOpenSSLX509StoreVerify(xmlSecKeyDataStorePtr store, XMLSEC_STACK_OF_X509* /* if we came here then we found nothing. do we have any error? */ if((err != 0) && (err_cert != NULL)) { const char* err_msg; + char subject[256], issuer[256]; + X509_NAME_oneline(X509_get_subject_name(err_cert), subject, sizeof(subject)); + X509_NAME_oneline(X509_get_issuer_name(err_cert), issuer, sizeof(issuer)); err_msg = X509_verify_cert_error_string(err); + switch (err) { case X509_V_ERR_UNABLE_TO_GET_ISSUER_CERT: - X509_NAME_oneline(X509_get_issuer_name(err_cert), buf, sizeof buf); - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, - "err=%d;msg=%s;issuer=%s", - err, - xmlSecErrorsSafeString(err_msg), - xmlSecErrorsSafeString(buf)); + xmlSecOtherError5(XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, + xmlSecKeyDataStoreGetName(store), + "subject=%s; issuer=%s; err=%d; msg=%s", + subject, issuer, err, xmlSecErrorsSafeString(err_msg)); break; case X509_V_ERR_CERT_NOT_YET_VALID: case X509_V_ERR_ERROR_IN_CERT_NOT_BEFORE_FIELD: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, - "err=%d;msg=%s", err, - xmlSecErrorsSafeString(err_msg)); + xmlSecOtherError5(XMLSEC_ERRORS_R_CERT_NOT_YET_VALID, + xmlSecKeyDataStoreGetName(store), + "subject=%s; issuer=%s; err=%d; msg=%s", + subject, issuer, err, xmlSecErrorsSafeString(err_msg)); break; case X509_V_ERR_CERT_HAS_EXPIRED: case X509_V_ERR_ERROR_IN_CERT_NOT_AFTER_FIELD: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, - "err=%d;msg=%s", err, - xmlSecErrorsSafeString(err_msg)); + xmlSecOtherError5(XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, + xmlSecKeyDataStoreGetName(store), + "subject=%s; issuer=%s; err=%d; msg=%s", + subject, issuer, err, xmlSecErrorsSafeString(err_msg)); break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "err=%d;msg=%s", err, - xmlSecErrorsSafeString(err_msg)); + xmlSecOtherError5(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "subject=%s; issuer=%s; err=%d; msg=%s", + subject, issuer, err, xmlSecErrorsSafeString(err_msg)); + break; } } @@ -428,6 +401,9 @@ done: if(crls2 != NULL) { sk_X509_CRL_free(crls2); } + if(xsc != NULL) { + X509_STORE_CTX_free(xsc); + } return(res); } @@ -457,11 +433,8 @@ xmlSecOpenSSLX509StoreAdoptCert(xmlSecKeyDataStorePtr store, X509* cert, xmlSecK ret = X509_STORE_add_cert(ctx->xst, cert); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_STORE_add_cert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_STORE_add_cert", + xmlSecKeyDataStoreGetName(store)); return(-1); } /* add cert increments the reference */ @@ -471,11 +444,8 @@ xmlSecOpenSSLX509StoreAdoptCert(xmlSecKeyDataStorePtr store, X509* cert, xmlSecK ret = sk_X509_push(ctx->untrusted, cert); if(ret < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "sk_X509_push", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_push", + xmlSecKeyDataStoreGetName(store)); return(-1); } } @@ -505,11 +475,8 @@ xmlSecOpenSSLX509StoreAdoptCrl(xmlSecKeyDataStorePtr store, X509_CRL* crl) { ret = sk_X509_CRL_push(ctx->crls, crl); if(ret < 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "sk_X509_CRL_push", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_CRL_push", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -540,21 +507,15 @@ xmlSecOpenSSLX509StoreAddCertsPath(xmlSecKeyDataStorePtr store, const char *path lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir()); if(lookup == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_STORE_add_lookup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_STORE_add_lookup", + xmlSecKeyDataStoreGetName(store)); return(-1); } if(!X509_LOOKUP_add_dir(lookup, path, X509_FILETYPE_PEM)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_LOOKUP_add_dir", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "path='%s'", - xmlSecErrorsSafeString(path) - ); + xmlSecOpenSSLError2("X509_LOOKUP_add_dir", + xmlSecKeyDataStoreGetName(store), + "path='%s'", + xmlSecErrorsSafeString(path)); return(-1); } return(0); @@ -563,7 +524,7 @@ xmlSecOpenSSLX509StoreAddCertsPath(xmlSecKeyDataStorePtr store, const char *path /** * xmlSecOpenSSLX509StoreAddCertsFile: * @store: the pointer to OpenSSL x509 store. - * @file: the certs file. + * @filename: the certs file. * * Adds all certs in @file to the list of trusted certs * in @store. It is possible for @file to contain multiple certs. @@ -571,12 +532,12 @@ xmlSecOpenSSLX509StoreAddCertsPath(xmlSecKeyDataStorePtr store, const char *path * Returns: 0 on success or a negative value otherwise. */ int -xmlSecOpenSSLX509StoreAddCertsFile(xmlSecKeyDataStorePtr store, const char *file) { +xmlSecOpenSSLX509StoreAddCertsFile(xmlSecKeyDataStorePtr store, const char *filename) { xmlSecOpenSSLX509StoreCtxPtr ctx; X509_LOOKUP *lookup = NULL; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecOpenSSLX509StoreId), -1); - xmlSecAssert2(file != NULL, -1); + xmlSecAssert2(filename != NULL, -1); ctx = xmlSecOpenSSLX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, -1); @@ -584,21 +545,15 @@ xmlSecOpenSSLX509StoreAddCertsFile(xmlSecKeyDataStorePtr store, const char *file lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_file()); if(lookup == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_STORE_add_lookup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_STORE_add_lookup", + xmlSecKeyDataStoreGetName(store)); return(-1); } - if(!X509_LOOKUP_load_file(lookup, file, X509_FILETYPE_PEM)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_LOOKUP_load_file", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "file='%s'", - xmlSecErrorsSafeString(file) - ); + if(!X509_LOOKUP_load_file(lookup, filename, X509_FILETYPE_PEM)) { + xmlSecOpenSSLError2("X509_LOOKUP_load_file", + xmlSecKeyDataStoreGetName(store), + "filename='%s'", + xmlSecErrorsSafeString(filename)); return(-1); } return(0); @@ -619,85 +574,60 @@ xmlSecOpenSSLX509StoreInitialize(xmlSecKeyDataStorePtr store) { ctx->xst = X509_STORE_new(); if(ctx->xst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_STORE_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_STORE_new", + xmlSecKeyDataStoreGetName(store)); return(-1); } if(!X509_STORE_set_default_paths(ctx->xst)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_STORE_set_default_paths", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_STORE_set_default_paths", + xmlSecKeyDataStoreGetName(store)); return(-1); } lookup = X509_STORE_add_lookup(ctx->xst, X509_LOOKUP_hash_dir()); if(lookup == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_STORE_add_lookup", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_STORE_add_lookup", + xmlSecKeyDataStoreGetName(store)); return(-1); } path = xmlSecOpenSSLGetDefaultTrustedCertsFolder(); if(path != NULL) { if(!X509_LOOKUP_add_dir(lookup, (char*)path, X509_FILETYPE_PEM)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_LOOKUP_add_dir", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "path='%s'", - xmlSecErrorsSafeString(path) - ); + xmlSecOpenSSLError2("X509_LOOKUP_add_dir", + xmlSecKeyDataStoreGetName(store), + "path='%s'", + xmlSecErrorsSafeString(path)); return(-1); } } else { if(!X509_LOOKUP_add_dir(lookup, NULL, X509_FILETYPE_DEFAULT)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_LOOKUP_add_dir", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE - ); + xmlSecOpenSSLError("X509_LOOKUP_add_dir", + xmlSecKeyDataStoreGetName(store)); return(-1); } } ctx->untrusted = sk_X509_new_null(); if(ctx->untrusted == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "sk_X509_new_null", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_new_null", + xmlSecKeyDataStoreGetName(store)); return(-1); } ctx->crls = sk_X509_CRL_new_null(); if(ctx->crls == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "sk_X509_CRL_new_null", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_CRL_new_null", + xmlSecKeyDataStoreGetName(store)); return(-1); } ctx->vpm = X509_VERIFY_PARAM_new(); if(ctx->vpm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "X509_VERIFY_PARAM_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_VERIFY_PARAM_new", + xmlSecKeyDataStoreGetName(store)); return(-1); } X509_VERIFY_PARAM_set_depth(ctx->vpm, 9); /* the default cert verification path in openssl */ @@ -740,54 +670,54 @@ xmlSecOpenSSLX509StoreFinalize(xmlSecKeyDataStorePtr store) { *****************************************************************************/ static int xmlSecOpenSSLX509VerifyCRL(X509_STORE* xst, X509_CRL *crl ) { - X509_STORE_CTX xsc; - X509_OBJECT xobj; - EVP_PKEY *pkey; + X509_STORE_CTX *xsc = NULL; + X509_OBJECT *xobj = NULL; + EVP_PKEY *pkey = NULL; int ret; xmlSecAssert2(xst != NULL, -1); xmlSecAssert2(crl != NULL, -1); - ret = X509_STORE_CTX_init(&xsc, xst, NULL, NULL); - if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_STORE_CTX_init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xsc = X509_STORE_CTX_new(); + if(xsc == NULL) { + xmlSecOpenSSLError("X509_STORE_CTX_new", NULL); + goto err; } - ret = X509_STORE_get_by_subject(&xsc, X509_LU_X509, - X509_CRL_get_issuer(crl), &xobj); + xobj = (X509_OBJECT *)X509_OBJECT_new(); + if(xobj == NULL) { + xmlSecOpenSSLError("X509_OBJECT_new", NULL); + goto err; + } + + ret = X509_STORE_CTX_init(xsc, xst, NULL, NULL); + if(ret != 1) { + xmlSecOpenSSLError("X509_STORE_CTX_init", NULL); + goto err; + } + ret = X509_STORE_CTX_get_by_subject(xsc, X509_LU_X509, + X509_CRL_get_issuer(crl), xobj); if(ret <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_STORE_get_by_subject", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecOpenSSLError("X509_STORE_CTX_get_by_subject", NULL); + goto err; } - pkey = X509_get_pubkey(xobj.data.x509); - X509_OBJECT_free_contents(&xobj); + pkey = X509_get_pubkey(X509_OBJECT_get0_X509(xobj)); if(pkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_get_pubkey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); + xmlSecOpenSSLError("X509_get_pubkey", NULL); + goto err; } ret = X509_CRL_verify(crl, pkey); EVP_PKEY_free(pkey); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_CRL_verify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_CRL_verify", NULL); } - X509_STORE_CTX_cleanup (&xsc); + X509_STORE_CTX_free(xsc); + X509_OBJECT_free(xobj); return((ret == 1) ? 1 : 0); + +err: + X509_STORE_CTX_free(xsc); + X509_OBJECT_free(xobj); + return(-1); } static X509* @@ -795,7 +725,7 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName, xmlChar *issuerName, xmlChar *issuerSerial, xmlChar *ski) { X509 *cert = NULL; - int i; + x509_size_t i; xmlSecAssert2(certs != NULL, NULL); @@ -806,12 +736,8 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName, nm = xmlSecOpenSSLX509NameRead(subjectName, xmlStrlen(subjectName)); if(nm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "subject=%s", - xmlSecErrorsSafeString(subjectName)); + xmlSecInternalError2("xmlSecOpenSSLX509NameRead", NULL, + "subject=%s", xmlSecErrorsSafeString(subjectName)); return(NULL); } @@ -832,31 +758,19 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName, nm = xmlSecOpenSSLX509NameRead(issuerName, xmlStrlen(issuerName)); if(nm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "issuer=%s", - xmlSecErrorsSafeString(issuerName)); + xmlSecInternalError2("xmlSecOpenSSLX509NameRead", NULL, + "issuer=%s", xmlSecErrorsSafeString(issuerName)); return(NULL); } bn = BN_new(); if(bn == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_new", NULL); X509_NAME_free(nm); return(NULL); } if(BN_dec2bn(&bn, (char*)issuerSerial) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_dec2bn", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_dec2bn", NULL); BN_free(bn); X509_NAME_free(nm); return(NULL); @@ -864,11 +778,7 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName, serial = BN_to_ASN1_INTEGER(bn, NULL); if(serial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "BN_to_ASN1_INTEGER", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("BN_to_ASN1_INTEGER", NULL); BN_free(bn); X509_NAME_free(nm); return(NULL); @@ -900,26 +810,29 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName, /* our usual trick with base64 decode */ len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); if(len < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecInternalError2("xmlSecBase64Decode", NULL, + "ski=%s", xmlSecErrorsSafeString(ski)); return(NULL); } for(i = 0; i < sk_X509_num(certs); ++i) { cert = sk_X509_value(certs, i); index = X509_get_ext_by_NID(cert, NID_subject_key_identifier, -1); - if((index >= 0) && (ext = X509_get_ext(cert, index))) { - keyId = X509V3_EXT_d2i(ext); - if((keyId != NULL) && (keyId->length == len) && - (memcmp(keyId->data, ski, len) == 0)) { - ASN1_OCTET_STRING_free(keyId); - return(cert); - } + if(index < 0) { + continue; + } + ext = X509_get_ext(cert, index); + if(ext == NULL) { + continue; + } + keyId = (ASN1_OCTET_STRING *)X509V3_EXT_d2i(ext); + if(keyId == NULL) { + continue; + } + if((keyId->length == len) && (memcmp(keyId->data, ski, len) == 0)) { ASN1_OCTET_STRING_free(keyId); + return(cert); } + ASN1_OCTET_STRING_free(keyId); } } @@ -929,7 +842,7 @@ xmlSecOpenSSLX509FindCert(STACK_OF(X509) *certs, xmlChar *subjectName, static X509* xmlSecOpenSSLX509FindNextChainCert(STACK_OF(X509) *chain, X509 *cert) { unsigned long certSubjHash; - int i; + x509_size_t i; xmlSecAssert2(chain != NULL, NULL); xmlSecAssert2(cert != NULL, NULL); @@ -950,7 +863,7 @@ xmlSecOpenSSLX509VerifyCertAgainstCrls(STACK_OF(X509_CRL) *crls, X509* cert) { X509_NAME *issuer; X509_CRL *crl = NULL; X509_REVOKED *revoked; - int i, n; + x509_size_t i, n; int ret; xmlSecAssert2(crls != NULL, -1); @@ -980,7 +893,7 @@ xmlSecOpenSSLX509VerifyCertAgainstCrls(STACK_OF(X509_CRL) *crls, X509* cert) { /* * Check date of CRL to make sure it's not expired */ - ret = X509_cmp_current_time(X509_CRL_get_nextUpdate(crl)); + ret = X509_cmp_current_time(X509_CRL_get0_nextUpdate(crl)); if (ret == 0) { /* crl expired */ return(1); @@ -993,11 +906,7 @@ xmlSecOpenSSLX509VerifyCertAgainstCrls(STACK_OF(X509_CRL) *crls, X509* cert) { for (i = 0; i < n; i++) { revoked = sk_X509_REVOKED_value(X509_CRL_get_REVOKED(crl), i); if (ASN1_INTEGER_cmp(X509_REVOKED_get0_serialNumber(revoked), X509_get_serialNumber(cert)) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_CERT_REVOKED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_REVOKED, NULL, NULL); return(0); } } @@ -1016,11 +925,7 @@ xmlSecOpenSSLX509NameRead(xmlSecByte *str, int len) { nm = X509_NAME_new(); if(nm == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "X509_NAME_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("X509_NAME_new", NULL); return(NULL); } @@ -1032,11 +937,7 @@ xmlSecOpenSSLX509NameRead(xmlSecByte *str, int len) { nameLen = xmlSecOpenSSLX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); if(nameLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509NameStringRead", NULL); X509_NAME_free(nm); return(NULL); } @@ -1048,23 +949,14 @@ xmlSecOpenSSLX509NameRead(xmlSecByte *str, int len) { valueLen = xmlSecOpenSSLX509NameStringRead(&str, &len, value, sizeof(value), '"', 1); if(valueLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509NameStringRead", NULL); X509_NAME_free(nm); return(NULL); } /* skip quote */ if((len <= 0) || ((*str) != '\"')) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "quote is expected:%s", - xmlSecErrorsSafeString(str)); + xmlSecInvalidIntegerDataError("char", (*str), "quote '\"'", NULL); X509_NAME_free(nm); return(NULL); } @@ -1075,12 +967,7 @@ xmlSecOpenSSLX509NameRead(xmlSecByte *str, int len) { ++str; --len; } if((len > 0) && ((*str) != ',')) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "comma is expected:%s", - xmlSecErrorsSafeString(str)); + xmlSecInvalidIntegerDataError("char", (*str), "comma ','", NULL); X509_NAME_free(nm); return(NULL); } @@ -1090,22 +977,14 @@ xmlSecOpenSSLX509NameRead(xmlSecByte *str, int len) { type = MBSTRING_ASC; } else if((*str) == '#') { /* TODO: read octect values */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "reading octect values is not implemented yet"); + xmlSecNotImplementedError("reading octect values is not implemented yet"); X509_NAME_free(nm); return(NULL); } else { valueLen = xmlSecOpenSSLX509NameStringRead(&str, &len, value, sizeof(value), ',', 1); if(valueLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509NameStringRead", NULL); X509_NAME_free(nm); return(NULL); } @@ -1138,29 +1017,23 @@ xmlSecOpenSSLX509NameStringRead(xmlSecByte **str, int *strLen, nonSpace = q = res; while(((p - (*str)) < (*strLen)) && ((*p) != delim) && ((q - res) < resLen)) { if((*p) != '\\') { - if(ingoreTrailingSpaces && !isspace(*p)) nonSpace = q; + if(ingoreTrailingSpaces && !isspace(*p)) { + nonSpace = q; + } *(q++) = *(p++); } else { ++p; nonSpace = q; if(xmlSecIsHex((*p))) { if((p - (*str) + 1) >= (*strLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "two hex digits expected"); + xmlSecInvalidDataError("two hex digits expected", NULL); return(-1); } *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); p += 2; } else { if(((++p) - (*str)) >= (*strLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "escaped symbol missed"); + xmlSecInvalidDataError("escaped symbol missed", NULL); return(-1); } *(q++) = *(p++); @@ -1168,19 +1041,15 @@ xmlSecOpenSSLX509NameStringRead(xmlSecByte **str, int *strLen, } } if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "buffer is too small"); + xmlSecInvalidSizeOtherError("buffer is too small", NULL); return(-1); } - (*strLen) -= (p - (*str)); + (*strLen) -= (int)(p - (*str)); (*str) = p; - return((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); + return(int)((ingoreTrailingSpaces) ? nonSpace - res + 1 : q - res); } -/** +/* * This function DOES NOT create duplicates for X509_NAME_ENTRY objects! */ static STACK_OF(X509_NAME_ENTRY)* @@ -1190,11 +1059,7 @@ xmlSecOpenSSLX509_NAME_ENTRIES_copy(X509_NAME * a) { res = sk_X509_NAME_ENTRY_new(xmlSecOpenSSLX509_NAME_ENTRY_cmp); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "sk_X509_NAME_ENTRY_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("sk_X509_NAME_ENTRY_new", NULL); return(NULL); } @@ -1249,20 +1114,12 @@ xmlSecOpenSSLX509NamesCompare(X509_NAME *a, X509_NAME *b) { a1 = xmlSecOpenSSLX509_NAME_ENTRIES_copy(a); if(a1 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509_NAME_ENTRIES_copy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509_NAME_ENTRIES_copy", NULL); return(-1); } b1 = xmlSecOpenSSLX509_NAME_ENTRIES_copy(b); if(b1 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecOpenSSLX509_NAME_ENTRIES_copy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLX509_NAME_ENTRIES_copy", NULL); sk_X509_NAME_ENTRY_free(a1); return(1); } @@ -1286,6 +1143,7 @@ static int xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY * const *a, const X509_NAME_ENTRY * const *b) { ASN1_STRING *a_value, *b_value; ASN1_OBJECT *a_name, *b_name; + int a_len, b_len; int ret; xmlSecAssert2(a != NULL, -1); @@ -1306,13 +1164,15 @@ xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY * const *a, const X509_NA return(0); } - ret = ASN1_STRING_length(a_value) - ASN1_STRING_length(b_value); + a_len = ASN1_STRING_length(a_value); + b_len = ASN1_STRING_length(b_value); + ret = a_len - b_len; if(ret != 0) { return(ret); } - if(ASN1_STRING_length(a_value) > 0) { - ret = memcmp(ASN1_STRING_data(a_value), ASN1_STRING_data(b_value), ASN1_STRING_length(a_value)); + if(a_len > 0) { + ret = memcmp(ASN1_STRING_get0_data(a_value), ASN1_STRING_get0_data(b_value), a_len); if(ret != 0) { return(ret); } @@ -1333,7 +1193,6 @@ xmlSecOpenSSLX509_NAME_ENTRY_cmp(const X509_NAME_ENTRY * const *a, const X509_NA return(OBJ_cmp(a_name, b_name)); } - #endif /* XMLSEC_NO_X509 */ diff --git a/src/parser.c b/src/parser.c index 969c3e4f..ddeb590c 100644 --- a/src/parser.c +++ b/src/parser.c @@ -1,13 +1,19 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * XML Parser transform and utility functions. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:parser + * @Short_description: XML parser functions and the XML parser transform implementation. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -87,6 +93,7 @@ static xmlSecTransformKlass xmlSecParserKlass = { NULL, /* void* reserved1; */ }; + /** * xmlSecTransformXmlParserGetKlass: * @@ -125,6 +132,10 @@ xmlSecParserFinalize(xmlSecTransformPtr transform) { xmlSecAssert(ctx != NULL); if(ctx->parserCtx != NULL) { + if(ctx->parserCtx->myDoc != NULL) { + xmlFreeDoc(ctx->parserCtx->myDoc); + ctx->parserCtx->myDoc = NULL; + } xmlFreeParserCtxt(ctx->parserCtx); } memset(ctx, 0, sizeof(xmlSecParserCtx)); @@ -148,11 +159,7 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, ctx->parserCtx = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL); if(ctx->parserCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlCreatePushParserCtxt", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlCreatePushParserCtxt", xmlSecTransformGetName(transform)); return(-1); } @@ -165,11 +172,7 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, } else if(transform->status == xmlSecTransformStatusFinished) { return(0); } else if(transform->status != xmlSecTransformStatusWorking) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1); @@ -179,11 +182,9 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, if((data != NULL) && (dataSize > 0)) { ret = xmlParseChunk(ctx->parserCtx, (const char*)data, dataSize, 0); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlParseChunk", - XMLSEC_ERRORS_R_XML_FAILED, - "size=%d", dataSize); + xmlSecXmlParserError2("xmlParseChunk", ctx->parserCtx, + xmlSecTransformGetName(transform), + "size=%lu", (unsigned long)dataSize); return(-1); } } @@ -192,11 +193,8 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, if(final != 0) { ret = xmlParseChunk(ctx->parserCtx, NULL, 0, 1); if((ret != 0) || (ctx->parserCtx->myDoc == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlParseChunk", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlParserError("xmlParseChunk", ctx->parserCtx, + xmlSecTransformGetName(transform)); return(-1); } @@ -204,11 +202,8 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, transform->outNodes = xmlSecNodeSetCreate(ctx->parserCtx->myDoc, NULL, xmlSecNodeSetTree); if(transform->outNodes == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNodeSetCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNodeSetCreate", + xmlSecTransformGetName(transform)); xmlFreeDoc(ctx->parserCtx->myDoc); ctx->parserCtx->myDoc = NULL; return(-1); @@ -220,11 +215,8 @@ xmlSecParserPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, if(transform->next != NULL) { ret = xmlSecTransformPushXml(transform->next, transform->outNodes, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformPushXml", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPushXml", + xmlSecTransformGetName(transform)); return(-1); } } @@ -264,53 +256,38 @@ xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes, (*nodes) = NULL; return(0); default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1); /* prepare parser context */ if(transform->prev == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - "prev transform is null"); + xmlSecInvalidTransfromError2(transform, + "prev transform=\"%s\"", + xmlSecErrorsSafeString(transform->prev)); return(-1); } buf = xmlSecTransformCreateInputBuffer(transform->prev, transformCtx); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformCreateInputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCreateInputBuffer", + xmlSecTransformGetName(transform)); return(-1); } ctxt = xmlNewParserCtxt(); if (ctxt == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlNewParserCtxt", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewParserCtxt", + xmlSecTransformGetName(transform)); xmlFreeParserInputBuffer(buf); return(-1); } input = xmlNewIOInputStream(ctxt, buf, XML_CHAR_ENCODING_NONE); if(input == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlNewParserCtxt", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlParserError("xmlNewParserCtxt", ctxt, + xmlSecTransformGetName(transform)); xmlFreeParserCtxt(ctxt); xmlFreeParserInputBuffer(buf); return(-1); @@ -318,12 +295,13 @@ xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes, ret = inputPush(ctxt, input); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "inputPush", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlParserError("inputPush", ctxt, + xmlSecTransformGetName(transform)); xmlFreeInputStream(input); + if(ctxt->myDoc != NULL) { + xmlFreeDoc(ctxt->myDoc); + ctxt->myDoc = NULL; + } xmlFreeParserCtxt(ctxt); return(-1); } @@ -335,11 +313,8 @@ xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes, /* finaly do the parsing */ ret = xmlParseDocument(ctxt); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlParseDocument", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlParserError("xmlParseDocument", ctxt, + xmlSecTransformGetName(transform)); if(ctxt->myDoc != NULL) { xmlFreeDoc(ctxt->myDoc); ctxt->myDoc = NULL; @@ -356,11 +331,8 @@ xmlSecParserPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes, /* return result to the caller */ (*nodes) = xmlSecNodeSetCreate(doc, NULL, xmlSecNodeSetTree); if((*nodes) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNodeSetCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNodeSetCreate", + xmlSecTransformGetName(transform)); xmlFreeDoc(doc); return(-1); } @@ -394,15 +366,18 @@ typedef struct _xmlSecExtMemoryParserCtx { */ xmlDocPtr xmlSecParseFile(const char *filename) { - xmlDocPtr ret; xmlParserCtxtPtr ctxt; + xmlDocPtr res = NULL; char *directory = NULL; + int ret; xmlSecAssert2(filename != NULL, NULL); xmlInitParser(); ctxt = xmlCreateFileParserCtxt(filename); if (ctxt == NULL) { + xmlSecXmlError2("xmlCreateFileParserCtxt", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); return(NULL); } @@ -410,26 +385,56 @@ xmlSecParseFile(const char *filename) { /* crashes on x64 xmlCtxtUseOptions (ctxt, XML_PARSE_HUGE); */ /* todo: set directories from current doc? */ - if ((ctxt->directory == NULL) && (directory == NULL)) + if ((ctxt->directory == NULL) && (directory == NULL)) { directory = xmlParserGetDirectory(filename); - if ((ctxt->directory == NULL) && (directory != NULL)) - ctxt->directory = (char *) xmlStrdup((xmlChar *) directory); + if(directory == NULL) { + xmlSecXmlError2("xmlParserGetDirectory", NULL, + "filename=%s", xmlSecErrorsSafeString(filename)); + xmlFreeParserCtxt(ctxt); + return(NULL); + } + } + if ((ctxt->directory == NULL) && (directory != NULL)) { + ctxt->directory = (char *) xmlStrdup(BAD_CAST directory); + if(ctxt->directory == NULL) { + xmlSecStrdupError(BAD_CAST directory, NULL); + xmlFreeParserCtxt(ctxt); + return(NULL); + } + } /* required for c14n! */ ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS; ctxt->replaceEntities = 1; - xmlParseDocument(ctxt); + ret = xmlParseDocument(ctxt); + if(ret < 0) { + xmlSecXmlParserError2("xmlParseDocument", ctxt, NULL, + "filename=%s", + xmlSecErrorsSafeString(filename)); + if(ctxt->myDoc != NULL) { + xmlFreeDoc(ctxt->myDoc); + ctxt->myDoc = NULL; + } + xmlFreeParserCtxt(ctxt); + return(NULL); + } - if(ctxt->wellFormed) { - ret = ctxt->myDoc; - } else { - ret = NULL; - xmlFreeDoc(ctxt->myDoc); - ctxt->myDoc = NULL; + if(!ctxt->wellFormed) { + xmlSecInternalError("document is not well formed", NULL); + if(ctxt->myDoc != NULL) { + xmlFreeDoc(ctxt->myDoc); + ctxt->myDoc = NULL; + } + xmlFreeParserCtxt(ctxt); + return(NULL); } + + /* done */ + res = ctxt->myDoc; + ctxt->myDoc = NULL; xmlFreeParserCtxt(ctxt); - return(ret); + return(res); } @@ -457,11 +462,7 @@ xmlSecParseMemoryExt(const xmlSecByte *prefix, xmlSecSize prefixSize, /* create context */ ctxt = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL); if(ctxt == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlCreatePushParserCtxt", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlCreatePushParserCtxt", NULL); goto done; } @@ -473,11 +474,9 @@ xmlSecParseMemoryExt(const xmlSecByte *prefix, xmlSecSize prefixSize, if((prefix != NULL) && (prefixSize > 0)) { ret = xmlParseChunk(ctxt, (const char*)prefix, prefixSize, 0); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlParseChunk", - XMLSEC_ERRORS_R_XML_FAILED, - "prefixSize=%d", prefixSize); + xmlSecXmlParserError2("xmlParseChunk", ctxt, NULL, + "chunkSize=%d", prefixSize); + goto done; } } @@ -486,11 +485,9 @@ xmlSecParseMemoryExt(const xmlSecByte *prefix, xmlSecSize prefixSize, if((buffer != NULL) && (bufferSize > 0)) { ret = xmlParseChunk(ctxt, (const char*)buffer, bufferSize, 0); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlParseChunk", - XMLSEC_ERRORS_R_XML_FAILED, - "bufferSize=%d", bufferSize); + xmlSecXmlParserError2("xmlParseChunk", ctxt, NULL, + "chunkSize=%d", bufferSize); + goto done; } } @@ -499,11 +496,9 @@ xmlSecParseMemoryExt(const xmlSecByte *prefix, xmlSecSize prefixSize, if((postfix != NULL) && (postfixSize > 0)) { ret = xmlParseChunk(ctxt, (const char*)postfix, postfixSize, 0); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlParseChunk", - XMLSEC_ERRORS_R_XML_FAILED, - "postfixSize=%d", postfixSize); + xmlSecXmlParserError2("xmlParseChunk", ctxt, NULL, + "chunkSize=%d", postfixSize); + goto done; } } @@ -511,17 +506,18 @@ xmlSecParseMemoryExt(const xmlSecByte *prefix, xmlSecSize prefixSize, /* finishing */ ret = xmlParseChunk(ctxt, NULL, 0, 1); if((ret != 0) || (ctxt->myDoc == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlParseChunk", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlParserError("xmlParseChunk", ctxt, NULL); goto done; } doc = ctxt->myDoc; + ctxt->myDoc = NULL; done: if(ctxt != NULL) { + if(ctxt->myDoc != NULL) { + xmlFreeDoc(ctxt->myDoc); + ctxt->myDoc = NULL; + } xmlFreeParserCtxt(ctxt); } return(doc); @@ -541,18 +537,15 @@ done: */ xmlDocPtr xmlSecParseMemory(const xmlSecByte *buffer, xmlSecSize size, int recovery) { - xmlDocPtr ret; xmlParserCtxtPtr ctxt; + xmlDocPtr res = NULL; + int ret; xmlSecAssert2(buffer != NULL, NULL); ctxt = xmlCreateMemoryParserCtxt((char*)buffer, size); if (ctxt == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlCreateMemoryParserCtxt", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlCreateMemoryParserCtxt", NULL); return(NULL); } @@ -560,16 +553,31 @@ xmlSecParseMemory(const xmlSecByte *buffer, xmlSecSize size, int recovery) { ctxt->loadsubset = XML_DETECT_IDS | XML_COMPLETE_ATTRS; ctxt->replaceEntities = 1; - xmlParseDocument(ctxt); + ret = xmlParseDocument(ctxt); + if(ret < 0) { + xmlSecXmlParserError("xmlParseDocument", ctxt, NULL); + if(ctxt->myDoc != NULL) { + xmlFreeDoc(ctxt->myDoc); + ctxt->myDoc = NULL; + } + xmlFreeParserCtxt(ctxt); + return(NULL); + } - if((ctxt->wellFormed) || recovery) { - ret = ctxt->myDoc; - } else { - ret = NULL; - xmlFreeDoc(ctxt->myDoc); - ctxt->myDoc = NULL; + if(!(ctxt->wellFormed) && !recovery) { + xmlSecInternalError("document is not well formed", NULL); + if(ctxt->myDoc != NULL) { + xmlFreeDoc(ctxt->myDoc); + ctxt->myDoc = NULL; + } + xmlFreeParserCtxt(ctxt); + return(NULL); } + + /* done */ + res = ctxt->myDoc; + ctxt->myDoc = NULL; xmlFreeParserCtxt(ctxt); - return(ret); + return(res); } diff --git a/src/relationship.c b/src/relationship.c index e510d4b6..54cef688 100644 --- a/src/relationship.c +++ b/src/relationship.c @@ -1,37 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Relationship transform * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ -#include "globals.h" - -#include <stdlib.h> -#include <string.h> - -#include <libxml/tree.h> -#include <libxml/xpointer.h> -#include <libxml/c14n.h> - -#include <xmlsec/xmlsec.h> -#include <xmlsec/xmltree.h> -#include <xmlsec/keys.h> -#include <xmlsec/list.h> -#include <xmlsec/transforms.h> -#include <xmlsec/errors.h> - - -/****************************************************************************** - * - * Relationship transform - * - * http://standards.iso.org/ittf/PubliclyAvailableStandards/c061796_ISO_IEC_29500-2_2012.zip +/** + * SECTION:relationship + * @Short_description: Relationship transform implementation + * @Stability: Private * - * 13.2.4.24 Relationships Transform Algorithm + * [Relationship transform](http://standards.iso.org/ittf/PubliclyAvailableStandards/c061796_ISO_IEC_29500-2_2012.zip) * * The relationships transform takes the XML document from the Relationships part and converts * it to another XML document. @@ -79,7 +60,7 @@ * IMPLEMENTATION NOTES (https://github.com/lsh123/xmlsec/pull/24): * * * We don't simply manipulate the XML tree, but do an XML tree -> output bytes transformation, - * so e.g. because we never write characters inside XML elements, we implicitly remove all character + * because we never write characters inside XML elements, we implicitly remove all character * contents, as required by step 3, point 1. It also simplifies the task of the situation that * realistically the input of the transformation is always a document that conforms to the OOXML * relationships XML schema, so in practice it'll never happen that the input document has e.g. @@ -91,7 +72,24 @@ * when there will be such an input, then it'll be easy to add support for that. But I didn't want to clutter * the current implementation with details that doesn't seem to be used in practice * - *****************************************************************************/ + */ +#include "globals.h" + +#include <stdlib.h> +#include <string.h> + +#include <libxml/tree.h> +#include <libxml/xpointer.h> +#include <libxml/c14n.h> + +#include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> +#include <xmlsec/keys.h> +#include <xmlsec/list.h> +#include <xmlsec/transforms.h> +#include <xmlsec/errors.h> + + typedef struct _xmlSecRelationshipCtx xmlSecRelationshipCtx, *xmlSecRelationshipCtxPtr; struct _xmlSecRelationshipCtx { @@ -168,11 +166,8 @@ xmlSecRelationshipInitialize(xmlSecTransformPtr transform) { ctx->sourceIdList = xmlSecPtrListCreate(xmlSecStringListId); if(ctx->sourceIdList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListCreate", + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -212,43 +207,21 @@ xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSec while(cur != NULL) { if(xmlSecCheckNodeName(cur, xmlSecNodeRelationshipReference, xmlSecRelationshipReferenceNs)) { xmlChar* sourceId; - xmlChar* tmp; sourceId = xmlGetProp(cur, xmlSecRelationshipAttrSourceId); if(sourceId == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlGetProp", - xmlSecErrorsSafeString(xmlSecRelationshipAttrSourceId), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); - return(-1); - } - - tmp = xmlStrdup(sourceId); - if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlStrdup", - XMLSEC_ERRORS_R_STRDUP_FAILED, - "len=%d", xmlStrlen(sourceId)); - xmlFree(sourceId); + xmlSecInvalidNodeAttributeError(cur, xmlSecRelationshipAttrSourceId, + NULL, "empty"); return(-1); } - ret = xmlSecPtrListAdd(ctx->sourceIdList, tmp); + ret = xmlSecPtrListAdd(ctx->sourceIdList, sourceId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecTransformGetName(transform)); xmlFree(sourceId); - xmlFree(tmp); return(-1); } - xmlFree(sourceId); - xmlFree(tmp); } cur = cur->next; @@ -260,8 +233,8 @@ xmlSecRelationshipReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSec /* Sorts Relationship elements by Id value in lexicographical order. */ static int xmlSecTransformRelationshipCompare(xmlNodePtr node1, xmlNodePtr node2) { - xmlChar* id1; - xmlChar* id2; + xmlChar* id1 = NULL; + xmlChar* id2 = NULL; int ret; if(node1 == node2) { @@ -277,21 +250,28 @@ xmlSecTransformRelationshipCompare(xmlNodePtr node1, xmlNodePtr node2) { id1 = xmlGetProp(node1, xmlSecRelationshipAttrId); id2 = xmlGetProp(node2, xmlSecRelationshipAttrId); if(id1 == NULL) { - return(-1); + ret = -1; + goto done; } if(id2 == NULL) { - xmlFree(id1); - return(1); + ret = 1; + goto done; } ret = xmlStrcmp(id1, id2); - xmlFree(id1); - xmlFree(id2); - return(ret); +done: + if (id1 != NULL) { + xmlFree(id1); + } + if (id2 != NULL) { + xmlFree(id2); + } + + return ret; } -/** +/* * This is step 2, point 4: if the input sourceId list doesn't contain the Id attribute of the current node, * then exclude it from the output, instead of processing it. */ @@ -309,43 +289,38 @@ xmlSecTransformRelationshipProcessNode(xmlSecTransformPtr transform, xmlOutputBu if(xmlSecCheckNodeName(cur, xmlSecNodeRelationship, xmlSecRelationshipsNs)) { xmlChar* id = xmlGetProp(cur, xmlSecRelationshipAttrId); if(id == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlGetProp(xmlSecRelationshipAttrId)", - XMLSEC_ERRORS_R_XML_FAILED, - "name=Id"); + xmlSecXmlError2("xmlGetProp(xmlSecRelationshipAttrId)", + xmlSecTransformGetName(transform), + "name=%s", xmlSecRelationshipAttrId); return(-1); } ctx = xmlSecRelationshipGetCtx(transform); for(ii = 0; ii < xmlSecPtrListGetSize(ctx->sourceIdList); ++ii) { - if(xmlStrcmp(xmlSecPtrListGetItem(ctx->sourceIdList, ii), id) == 0) { + if(xmlStrcmp((xmlChar *)xmlSecPtrListGetItem(ctx->sourceIdList, ii), id) == 0) { found = 1; break; } } + xmlFree(id); + if(found < 0) { - xmlFree(id); return(0); } - xmlFree(id); } ret = xmlSecTransformRelationshipProcessElementNode(transform, buf, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformRelationshipProcessElementNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipProcessElementNode", + xmlSecTransformGetName(transform)); return(-1); } return(0); } -/** +/* * This is step 2, point 3: sort elements by Id: we process other elements as-is, but for elements we collect them in a list, * then sort, and finally process them (process the head of the list, then pop the head, till the list becomes empty). */ @@ -360,32 +335,21 @@ xmlSecTransformRelationshipProcessNodeList(xmlSecTransformPtr transform, xmlOutp list = xmlListCreate(NULL, (xmlListDataCompare)xmlSecTransformRelationshipCompare); if(list == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlListCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlListCreate", xmlSecTransformGetName(transform)); return(-1); } for(; cur; cur = cur->next) { if(xmlStrcmp(cur->name, xmlSecNodeRelationship) == 0) { if(xmlListInsert(list, cur) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlListInsert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlListInsert", xmlSecTransformGetName(transform)); return(-1); } } else { ret = xmlSecTransformRelationshipProcessNode(transform, buf, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformRelationshipProcessNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipProcessNode", + xmlSecTransformGetName(transform)); xmlListDelete(list); return(-1); } @@ -400,11 +364,8 @@ xmlSecTransformRelationshipProcessNodeList(xmlSecTransformPtr transform, xmlOutp ret = xmlSecTransformRelationshipProcessNode(transform, buf, node); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformRelationshipProcessNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipProcessNode", + xmlSecTransformGetName(transform)); xmlListDelete(list); return(-1); } @@ -426,50 +387,30 @@ xmlSecTransformRelationshipWriteProp(xmlOutputBufferPtr buf, const xmlChar * nam ret = xmlOutputBufferWriteString(buf, " "); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", NULL); return(-1); } ret = xmlOutputBufferWriteString(buf, (const char*) name); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", NULL); return(-1); } if(value != NULL) { ret = xmlOutputBufferWriteString(buf, "=\""); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", NULL); return(-1); } ret = xmlOutputBufferWriteString(buf, (const char*) value); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", NULL); return(-1); } ret = xmlOutputBufferWriteString(buf, "\""); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", NULL); return(-1); } } @@ -499,20 +440,14 @@ xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, xmlO /* write open node */ ret = xmlOutputBufferWriteString(buf, "<"); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlOutputBufferWriteString(buf, (const char *)cur->name); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", + xmlSecTransformGetName(transform)); return(-1); } @@ -520,22 +455,19 @@ xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, xmlO if(cur->nsDef != NULL) { ret = xmlSecTransformRelationshipWriteNs(buf, cur->nsDef->href); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformRelationshipWriteNs", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipWriteNs", + xmlSecTransformGetName(transform)); return(-1); } } - /** + /* * write attributes: * * This is step 3, point 6: add default value of TargetMode if there is no such attribute. */ for(attr = cur->properties; attr != NULL; attr = attr->next) { - xmlChar* value = xmlGetProp(cur, attr->name); + xmlChar * value = xmlGetProp(cur, attr->name); if(xmlStrcmp(attr->name, xmlSecRelationshipAttrTargetMode) == 0) { foundTargetMode = 1; @@ -543,14 +475,12 @@ xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, xmlO ret = xmlSecTransformRelationshipWriteProp(buf, attr->name, value); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformRelationshipWriteProp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipWriteProp", + xmlSecTransformGetName(transform)); xmlFree(value); return(-1); } + xmlFree(value); } @@ -558,11 +488,8 @@ xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, xmlO if(xmlStrcmp(cur->name, xmlSecNodeRelationship) == 0 && !foundTargetMode) { ret = xmlSecTransformRelationshipWriteProp(buf, xmlSecRelationshipAttrTargetMode, BAD_CAST "Internal"); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformRelationshipWriteProp(TargetMode=Internal)", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipWriteProp(TargetMode=Internal)", + xmlSecTransformGetName(transform)); return(-1); } } @@ -570,11 +497,8 @@ xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, xmlO /* finish writing open node */ ret = xmlOutputBufferWriteString(buf, ">"); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", + xmlSecTransformGetName(transform)); return(-1); } @@ -582,11 +506,8 @@ xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, xmlO if(cur->children != NULL) { ret = xmlSecTransformRelationshipProcessNodeList(transform, buf, cur->children); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformRelationshipProcessNodeList", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipProcessNodeList", + xmlSecTransformGetName(transform)); return(-1); } } @@ -594,28 +515,19 @@ xmlSecTransformRelationshipProcessElementNode(xmlSecTransformPtr transform, xmlO /* write closing node */ ret = xmlOutputBufferWriteString(buf, "</"); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlOutputBufferWriteString(buf, (const char *)cur->name); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", + xmlSecTransformGetName(transform)); return(-1); } if(xmlOutputBufferWriteString(buf, ">") < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferWriteString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferWriteString", + xmlSecTransformGetName(transform)); return(-1); } @@ -634,11 +546,8 @@ xmlSecTransformRelationshipExecute(xmlSecTransformPtr transform, xmlOutputBuffer if(doc->children != NULL) { ret = xmlSecTransformRelationshipProcessNodeList(transform, buf, doc->children); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformRelationshipProcessNodeList", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipProcessNodeList", + xmlSecTransformGetName(transform)); return(-1); } } @@ -669,11 +578,7 @@ xmlSecTransformRelationshipPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPt case xmlSecTransformStatusFinished: return(0); default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1); @@ -682,43 +587,30 @@ xmlSecTransformRelationshipPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPt if(transform->next != NULL) { buf = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCreateOutputBuffer", + xmlSecTransformGetName(transform)); return(-1); } } else { buf = xmlSecBufferCreateOutputBuffer(&(transform->outBuf)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferCreateOutputBuffer", + xmlSecTransformGetName(transform)); return(-1); } } ret = xmlSecTransformRelationshipExecute(transform, buf, nodes->doc); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlC14NExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformRelationshipExecute", + xmlSecTransformGetName(transform)); xmlOutputBufferClose(buf); return(-1); } ret = xmlOutputBufferClose(buf); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferClose", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferClose", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -749,43 +641,30 @@ xmlSecTransformRelationshipPopBin(xmlSecTransformPtr transform, xmlSecByte* data /* get xml data from previous transform */ ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformPopXml", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPopXml", + xmlSecTransformGetName(transform)); return(-1); } /* dump everything to internal buffer */ buf = xmlSecBufferCreateOutputBuffer(out); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferCreateOutputBuffer", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlC14NExecute(transform->inNodes->doc, (xmlC14NIsVisibleCallback)xmlSecNodeSetContains, transform->inNodes, XML_C14N_1_0, NULL, 0, buf); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformC14NExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlC14NExecute", + xmlSecTransformGetName(transform)); xmlOutputBufferClose(buf); return(-1); } ret = xmlOutputBufferClose(buf); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferClose", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferClose", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -808,11 +687,9 @@ xmlSecTransformRelationshipPopBin(xmlSecTransformPtr transform, xmlSecByte* data memcpy(data, xmlSecBufferGetData(out), outSize); ret = xmlSecBufferRemoveHead(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } } else if(xmlSecBufferGetSize(out) == 0) { @@ -824,11 +701,7 @@ xmlSecTransformRelationshipPopBin(xmlSecTransformPtr transform, xmlSecByte* data xmlSecAssert2(xmlSecBufferGetSize(out) == 0, -1); (*dataSize) = 0; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/skeleton/Makefile.am b/src/skeleton/Makefile.am index 2f54f9de..dd037e62 100644 --- a/src/skeleton/Makefile.am +++ b/src/skeleton/Makefile.am @@ -25,10 +25,6 @@ libxmlsec1_skeleton_la_SOURCES =\ globals.h \ $(NULL) -if SHAREDLIB_HACK -libxmlsec1_skeleton_la_SOURCES += ../strings.c -endif - libxmlsec1_skeleton_la_LIBADD = \ $(SKELETON_LIBS) \ $(LIBXSLT_LIBS) \ diff --git a/src/skeleton/app.c b/src/skeleton/app.c index 69c83308..a9386a9a 100644 --- a/src/skeleton/app.c +++ b/src/skeleton/app.c @@ -1,16 +1,24 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:app + * @Short_description: Application support functions for Skeleton. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> -/* TODO: aadd Skeleton include files */ +/* TODO: add Skeleton include files */ #include <xmlsec/xmlsec.h> #include <xmlsec/keys.h> @@ -73,11 +81,7 @@ xmlSecSkeletonAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); /* TODO: load key */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonAppKeyLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(NULL); } @@ -101,11 +105,7 @@ xmlSecSkeletonAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlS xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, NULL); /* TODO: load key */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonAppKeyLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(NULL); } @@ -130,11 +130,7 @@ xmlSecSkeletonAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonAppKeyCertLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(-1); } @@ -157,11 +153,7 @@ xmlSecSkeletonAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xml xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonAppKeyCertLoadMemory", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(-1); } @@ -188,11 +180,7 @@ xmlSecSkeletonAppPkcs12Load(const char *filename, xmlSecAssert2(filename != NULL, NULL); /* TODO: load pkcs12 file */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonAppPkcs12Load", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(NULL); } @@ -217,11 +205,7 @@ xmlSecSkeletonAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, c xmlSecAssert2(data != NULL, NULL); /* TODO: load pkcs12 file */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonAppPkcs12Load", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(NULL); } @@ -249,11 +233,7 @@ xmlSecSkeletonAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); /* TODO: load cert and add to keys manager */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonAppKeysMngrCertLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(-1); } @@ -279,11 +259,7 @@ xmlSecSkeletonAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte xmlSecAssert2(format != xmlSecKeyDataFormatUnknown, -1); /* TODO: load cert and add to keys manager */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonAppKeysMngrCertLoad", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError(NULL); return(-1); } @@ -314,21 +290,13 @@ xmlSecSkeletonAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { keysStore = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(keysStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptKeysStore", NULL); xmlSecKeyStoreDestroy(keysStore); return(-1); } @@ -336,11 +304,7 @@ xmlSecSkeletonAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { ret = xmlSecSkeletonKeysMngrInit(mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSkeletonKeysMngrInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSkeletonKeysMngrInit", NULL); return(-1); } @@ -372,21 +336,13 @@ xmlSecSkeletonAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr ke store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSimpleKeysStoreAdoptKey", NULL); return(-1); } @@ -417,21 +373,14 @@ xmlSecSkeletonAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreLoad(store, uri, mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreLoad", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecSimpleKeysStoreLoad", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -462,22 +411,15 @@ xmlSecSkeletonAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filenam store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecSimpleKeysStoreSave(store, filename, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSimpleKeysStoreSave", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename=%s", - xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecSimpleKeysStoreSave", NULL, + "filename=%s", + xmlSecErrorsSafeString(filename)); return(-1); } diff --git a/src/skeleton/crypto.c b/src/skeleton/crypto.c index 0e372f18..0da927eb 100644 --- a/src/skeleton/crypto.c +++ b/src/skeleton/crypto.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:crypto + * @Short_description: Crypto transforms implementation for Skeleton. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -244,21 +252,13 @@ int xmlSecSkeletonInit (void) { /* Check loaded xmlsec library version */ if(xmlSecCheckVersionExact() != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCheckVersionExact", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCheckVersionExact", NULL); return(-1); } /* register our klasses */ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_skeleton()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL); return(-1); } return(0); diff --git a/src/skeleton/globals.h b/src/skeleton/globals.h index 065c3e8f..6e84c432 100644 --- a/src/skeleton/globals.h +++ b/src/skeleton/globals.h @@ -21,4 +21,7 @@ #define IN_XMLSEC_CRYPTO #define XMLSEC_PRIVATE +/* Include common error helper macros. */ +#include "../errors_helpers.h" + #endif /* ! __XMLSEC_GLOBALS_H__ */ @@ -1,12 +1,17 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Simple SOAP messages parsing/creation. * * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright (C) 2002-2003 Aleksey Sanin <aleksey@aleksey.com> + * Copyright (C) 2002-2017 Aleksey Sanin <aleksey@aleksey.com> + */ +/** + * SECTION:soap + * @Short_description: Simple SOAP messages parsing/creation functions. + * @Stability: Private + * */ #include "globals.h" @@ -59,23 +64,15 @@ xmlSecSoap11CreateEnvelope(xmlDocPtr doc) { /* create Envelope node */ envNode = xmlNewDocNode(doc, NULL, xmlSecNodeEnvelope, NULL); if(envNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewDocNode", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeEnvelope)); + xmlSecXmlError2("xmlNewDocNode", NULL, + "node=%s", xmlSecErrorsSafeString(xmlSecNodeEnvelope)); return(NULL); } ns = xmlNewNs(envNode, xmlSecSoap11Ns, NULL) ; if(ns == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNs", - XMLSEC_ERRORS_R_XML_FAILED, - "ns=%s", - xmlSecErrorsSafeString(xmlSecSoap11Ns)); + xmlSecXmlError2("xmlNewNs", NULL, + "ns=%s", xmlSecErrorsSafeString(xmlSecSoap11Ns)); xmlFreeNode(envNode); return(NULL); } @@ -84,12 +81,7 @@ xmlSecSoap11CreateEnvelope(xmlDocPtr doc) { /* add required Body node */ bodyNode = xmlSecAddChild(envNode, xmlSecNodeBody, xmlSecSoap11Ns); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeBody)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeBody)", NULL); xmlFreeNode(envNode); return(NULL); } @@ -132,22 +124,14 @@ xmlSecSoap11EnsureHeader(xmlNodePtr envNode) { /* if the first element child is not Header then it is Body */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeBody), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(cur, xmlSecNodeBody, NULL); return(NULL); } /* finally add Header node before body */ hdrNode = xmlSecAddPrevSibling(cur, xmlSecNodeHeader, xmlSecSoap11Ns); if(hdrNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddPrevSibling", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecAddPrevSibling", NULL); return(NULL); } @@ -172,11 +156,7 @@ xmlSecSoap11AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) { bodyNode = xmlSecSoap11GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap11GetBody", NULL); return(NULL); } @@ -232,46 +212,28 @@ xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref, /* get Body node */ bodyNode = xmlSecSoap11GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap11GetBody", NULL); return(NULL); } /* check that we don't have Fault node already */ faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns); if(faultNode != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeBody), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(bodyNode, xmlSecNodeFault, NULL); return(NULL); } /* add Fault node */ faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap11Ns); if(faultNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeFault)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeFault)", NULL); return(NULL); } /* add faultcode node */ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultCode, xmlSecSoap11Ns); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeFaultCode)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeFaultCode)", NULL); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -280,12 +242,8 @@ xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref, /* create qname for fault code */ qname = xmlSecGetQName(cur, faultCodeHref, faultCodeLocalPart); if(qname == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGetQName", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(cur->name)); + xmlSecXmlError2("xmlSecGetQName", NULL, + "node=%s", xmlSecErrorsSafeString(cur->name)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -298,12 +256,7 @@ xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref, /* add faultstring node */ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultString, xmlSecSoap11Ns); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeFaultString)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeFaultString)", NULL); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -316,12 +269,7 @@ xmlSecSoap11AddFaultEntry(xmlNodePtr envNode, const xmlChar* faultCodeHref, /* add faultactor node */ cur = xmlSecAddChild(faultNode, xmlSecNodeFaultActor, xmlSecSoap11Ns); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeFaultActor)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeFaultActor)", NULL); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -351,11 +299,7 @@ xmlSecSoap11CheckEnvelope(xmlNodePtr envNode) { /* verify envNode itself */ if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap11Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeEnvelope), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(envNode, xmlSecNodeEnvelope, NULL); return(0); } @@ -367,11 +311,7 @@ xmlSecSoap11CheckEnvelope(xmlNodePtr envNode) { /* required Body node is next */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeBody), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(cur, xmlSecNodeBody, NULL); return(0); } @@ -423,11 +363,7 @@ xmlSecSoap11GetBody(xmlNodePtr envNode) { /* Body node is next */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap11Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeBody), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(cur, xmlSecNodeBody, NULL); return(NULL); } @@ -453,11 +389,7 @@ xmlSecSoap11GetBodyEntriesNumber(xmlNodePtr envNode) { /* get Body node */ bodyNode = xmlSecSoap11GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap11GetBody", NULL); return(0); } @@ -489,11 +421,7 @@ xmlSecSoap11GetBodyEntry(xmlNodePtr envNode, xmlSecSize pos) { /* get Body node */ bodyNode = xmlSecSoap11GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap11GetBody", NULL); return(NULL); } @@ -523,11 +451,7 @@ xmlSecSoap11GetFaultEntry(xmlNodePtr envNode) { /* get Body node */ bodyNode = xmlSecSoap11GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap11GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap11GetBody", NULL); return(NULL); } @@ -585,23 +509,15 @@ xmlSecSoap12CreateEnvelope(xmlDocPtr doc) { /* create Envelope node */ envNode = xmlNewDocNode(doc, NULL, xmlSecNodeEnvelope, NULL); if(envNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewDocNode", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeEnvelope)); + xmlSecXmlError2("xmlNewDocNode", NULL, + "node=%s", xmlSecErrorsSafeString(xmlSecNodeEnvelope)); return(NULL); } ns = xmlNewNs(envNode, xmlSecSoap12Ns, NULL) ; if(ns == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNs", - XMLSEC_ERRORS_R_XML_FAILED, - "ns=%s", - xmlSecErrorsSafeString(xmlSecSoap12Ns)); + xmlSecXmlError2("xmlNewNs", NULL, + "ns=%s", xmlSecErrorsSafeString(xmlSecSoap12Ns)); xmlFreeNode(envNode); return(NULL); } @@ -610,12 +526,7 @@ xmlSecSoap12CreateEnvelope(xmlDocPtr doc) { /* add required Body node */ bodyNode = xmlSecAddChild(envNode, xmlSecNodeBody, xmlSecSoap12Ns); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeBody)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeBody)", NULL); xmlFreeNode(envNode); return(NULL); } @@ -658,22 +569,14 @@ xmlSecSoap12EnsureHeader(xmlNodePtr envNode) { /* if the first element child is not Header then it is Body */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeBody), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(cur, xmlSecNodeBody, NULL); return(NULL); } /* finally add Header node before body */ hdrNode = xmlSecAddPrevSibling(cur, xmlSecNodeHeader, xmlSecSoap12Ns); if(hdrNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddPrevSibling", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecAddPrevSibling", NULL); return(NULL); } @@ -709,11 +612,7 @@ xmlSecSoap12AddBodyEntry(xmlNodePtr envNode, xmlNodePtr entryNode) { bodyNode = xmlSecSoap12GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap12GetBody", NULL); return(NULL); } @@ -813,46 +712,28 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode, /* get Body node */ bodyNode = xmlSecSoap12GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap12GetBody", NULL); return(NULL); } /* check that we don't have Fault node already */ faultNode = xmlSecFindChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns); if(faultNode != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeBody), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(bodyNode, xmlSecNodeFault, NULL); return(NULL); } /* add Fault node */ faultNode = xmlSecAddChild(bodyNode, xmlSecNodeFault, xmlSecSoap12Ns); if(faultNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeFault)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeFault)", NULL); return(NULL); } /* add Code node */ cur = xmlSecAddChild(faultNode, xmlSecNodeCode, xmlSecSoap12Ns); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeCode)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeCode)", NULL); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -863,12 +744,8 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode, xmlSecNodeValue, xmlSecSoap12Ns, faultCode); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "faultCode=%d", - faultCode); + xmlSecInternalError2("xmlSecQName2IntegerNodeWrite", NULL, + "faultCode=%d", faultCode); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -877,12 +754,7 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode, /* add Reason node */ cur = xmlSecAddChild(faultNode, xmlSecNodeReason, xmlSecSoap12Ns); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeReason)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeReason)", NULL); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -890,12 +762,8 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode, /* Add Reason/Text node */ if(xmlSecSoap12AddFaultReasonText(faultNode, faultReasonText, faultReasonLang) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12AddFaultReasonText", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "text=%s", - xmlSecErrorsSafeString(faultReasonText)); + xmlSecInternalError2("xmlSecSoap12AddFaultReasonText", NULL, + "text=%s", xmlSecErrorsSafeString(faultReasonText)); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -905,12 +773,7 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode, /* add Node node */ cur = xmlSecAddChild(faultNode, xmlSecNodeNode, xmlSecSoap12Ns); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeNode)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeNode)", NULL); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -922,12 +785,7 @@ xmlSecSoap12AddFaultEntry(xmlNodePtr envNode, xmlSecSoap12FaultCode faultCode, /* add Role node */ cur = xmlSecAddChild(faultNode, xmlSecNodeRole, xmlSecSoap12Ns); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRole)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeRole)", NULL); xmlUnlinkNode(faultNode); xmlFreeNode(faultNode); return(NULL); @@ -958,15 +816,10 @@ xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, co xmlSecAssert2(subCodeHref != NULL, NULL); xmlSecAssert2(subCodeName != NULL, NULL); - /* Code node is the first childern in Fault node */ + /* Code node is the first children in Fault node */ cur = xmlSecGetNextElementNode(faultNode->children); if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeCode, xmlSecSoap12Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeCode)); + xmlSecInvalidNodeError(cur, xmlSecNodeCode, NULL); return(NULL); } @@ -986,24 +839,14 @@ xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, co /* add Subcode node */ subcodeNode = xmlSecAddChild(cur, xmlSecNodeSubcode, xmlSecSoap12Ns); if(subcodeNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeSubcode)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeSubcode)", NULL); return(NULL); } /* add Value node */ valueNode = xmlSecAddChild(subcodeNode, xmlSecNodeValue, xmlSecSoap12Ns); if(valueNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeValue)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeValue)", NULL); xmlUnlinkNode(subcodeNode); xmlFreeNode(subcodeNode); return(NULL); @@ -1012,12 +855,8 @@ xmlSecSoap12AddFaultSubcode(xmlNodePtr faultNode, const xmlChar* subCodeHref, co /* create qname for fault code */ qname = xmlSecGetQName(cur, subCodeHref, subCodeName); if(qname == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGetQName", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(cur->name)); + xmlSecXmlError2("xmlSecGetQName", NULL, + "node=%s", xmlSecErrorsSafeString(cur->name)); xmlUnlinkNode(subcodeNode); xmlFreeNode(subcodeNode); return(NULL); @@ -1056,24 +895,14 @@ xmlSecSoap12AddFaultReasonText(xmlNodePtr faultNode, const xmlChar* faultReasonT /* find Reason node */ reasonNode = xmlSecFindChild(faultNode, xmlSecNodeReason, xmlSecSoap12Ns); if(reasonNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecFindChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeReason)); + xmlSecInternalError("xmlSecFindChild(xmlSecNodeReason)", NULL); return(NULL); } /* add Text node */ textNode = xmlSecAddChild(reasonNode, xmlSecNodeText, xmlSecSoap12Ns); if(textNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeText)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeText)", NULL); return(NULL); } xmlNodeSetContent(textNode, faultReasonText); @@ -1104,12 +933,7 @@ xmlSecSoap12AddFaultDetailEntry(xmlNodePtr faultNode, xmlNodePtr detailEntryNode if(detailNode == NULL) { detailNode = xmlSecAddChild(faultNode, xmlSecNodeDetail, xmlSecSoap12Ns); if(detailNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDetail)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeDetail)", NULL); return(NULL); } } @@ -1134,11 +958,7 @@ xmlSecSoap12CheckEnvelope(xmlNodePtr envNode) { /* verify envNode itself */ if(!xmlSecCheckNodeName(envNode, xmlSecNodeEnvelope, xmlSecSoap12Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeEnvelope), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(envNode, xmlSecNodeEnvelope, NULL); return(0); } @@ -1150,11 +970,7 @@ xmlSecSoap12CheckEnvelope(xmlNodePtr envNode) { /* required Body node is next */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeBody), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(cur, xmlSecNodeBody, NULL); return(0); } @@ -1206,11 +1022,7 @@ xmlSecSoap12GetBody(xmlNodePtr envNode) { /* Body node is next */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeBody, xmlSecSoap12Ns)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeBody), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeError(cur, xmlSecNodeBody, NULL); return(NULL); } @@ -1236,11 +1048,7 @@ xmlSecSoap12GetBodyEntriesNumber(xmlNodePtr envNode) { /* get Body node */ bodyNode = xmlSecSoap12GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap12GetBody", NULL); return(0); } @@ -1272,11 +1080,7 @@ xmlSecSoap12GetBodyEntry(xmlNodePtr envNode, xmlSecSize pos) { /* get Body node */ bodyNode = xmlSecSoap12GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap12GetBody", NULL); return(NULL); } @@ -1306,11 +1110,7 @@ xmlSecSoap12GetFaultEntry(xmlNodePtr envNode) { /* get Body node */ bodyNode = xmlSecSoap12GetBody(envNode); if(bodyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecSoap12GetBody", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecSoap12GetBody", NULL); return(NULL); } diff --git a/src/strings.c b/src/strings.c index 8a621330..b4324c59 100644 --- a/src/strings.c +++ b/src/strings.c @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * All the string constants. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:strings + * @Short_description: The strings constants. + * @Stability: Private + * + */ #include "globals.h" #include <libxml/tree.h> @@ -108,6 +113,15 @@ const xmlChar xmlSecHrefAes192Cbc[] = "http://www.w3.org/2001/04/xml const xmlChar xmlSecNameAes256Cbc[] = "aes256-cbc"; const xmlChar xmlSecHrefAes256Cbc[] = "http://www.w3.org/2001/04/xmlenc#aes256-cbc"; +const xmlChar xmlSecNameAes128Gcm[] = "aes128-gcm"; +const xmlChar xmlSecHrefAes128Gcm[] = "http://www.w3.org/2009/xmlenc11#aes128-gcm"; + +const xmlChar xmlSecNameAes192Gcm[] = "aes192-gcm"; +const xmlChar xmlSecHrefAes192Gcm[] = "http://www.w3.org/2009/xmlenc11#aes192-gcm"; + +const xmlChar xmlSecNameAes256Gcm[] = "aes256-gcm"; +const xmlChar xmlSecHrefAes256Gcm[] = "http://www.w3.org/2009/xmlenc11#aes256-gcm"; + const xmlChar xmlSecNameKWAes128[] = "kw-aes128"; const xmlChar xmlSecHrefKWAes128[] = "http://www.w3.org/2001/04/xmlenc#kw-aes128"; diff --git a/src/templates.c b/src/templates.c index 88bed3dd..d0120161 100644 --- a/src/templates.c +++ b/src/templates.c @@ -1,13 +1,18 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Creating signature and encryption templates. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:templates + * @Short_description: XML signature and encryption template functions. + * @Stability: Stable + * + */ #include "globals.h" #include <stdlib.h> @@ -103,23 +108,15 @@ xmlSecTmplSignatureCreateNsPref(xmlDocPtr doc, xmlSecTransformId c14nMethodId, /* create Signature node itself */ signNode = xmlNewDocNode(doc, NULL, xmlSecNodeSignature, NULL); if(signNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewDocNode", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeSignature)); + xmlSecXmlError2("xmlNewDocNode", NULL, + "node=%s", xmlSecErrorsSafeString(xmlSecNodeSignature)); return(NULL); } ns = xmlNewNs(signNode, xmlSecDSigNs, nsPrefix); if(ns == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNs", - XMLSEC_ERRORS_R_XML_FAILED, - "ns=%s", - xmlSecErrorsSafeString(xmlSecDSigNs)); + xmlSecXmlError2("xmlNewNs", NULL, + "ns=%s", xmlSecErrorsSafeString(xmlSecDSigNs)); xmlFreeNode(signNode); return(NULL); } @@ -132,12 +129,7 @@ xmlSecTmplSignatureCreateNsPref(xmlDocPtr doc, xmlSecTransformId c14nMethodId, /* add SignedInfo node */ signedInfoNode = xmlSecAddChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs); if(signedInfoNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeSignedInfo)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeSignedInfo)", NULL); xmlFreeNode(signNode); return(NULL); } @@ -145,36 +137,21 @@ xmlSecTmplSignatureCreateNsPref(xmlDocPtr doc, xmlSecTransformId c14nMethodId, /* add SignatureValue node */ cur = xmlSecAddChild(signNode, xmlSecNodeSignatureValue, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeSignatureValue)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeSignatureValue)", NULL); xmlFreeNode(signNode); return(NULL); } - /* add CanonicaizationMethod node to SignedInfo */ + /* add CanonicalizationMethod node to SignedInfo */ cur = xmlSecAddChild(signedInfoNode, xmlSecNodeCanonicalizationMethod, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeCanonicalizationMethod)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeCanonicalizationMethod)", NULL); xmlFreeNode(signNode); return(NULL); } if(xmlSetProp(cur, xmlSecAttrAlgorithm, c14nMethodId->href) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - xmlSecErrorsSafeString(c14nMethodId->href)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrAlgorithm)); xmlFreeNode(signNode); return(NULL); } @@ -182,23 +159,13 @@ xmlSecTmplSignatureCreateNsPref(xmlDocPtr doc, xmlSecTransformId c14nMethodId, /* add SignatureMethod node to SignedInfo */ cur = xmlSecAddChild(signedInfoNode, xmlSecNodeSignatureMethod, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeSignatureMethod)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeSignatureMethod)", NULL); xmlFreeNode(signNode); return(NULL); } if(xmlSetProp(cur, xmlSecAttrAlgorithm, signMethodId->href) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - xmlSecErrorsSafeString(signMethodId->href)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrAlgorithm)); xmlFreeNode(signNode); return(NULL); } @@ -229,22 +196,14 @@ xmlSecTmplSignatureEnsureKeyInfo(xmlNodePtr signNode, const xmlChar *id) { signValueNode = xmlSecFindChild(signNode, xmlSecNodeSignatureValue, xmlSecDSigNs); if(signValueNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeSignatureValue), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeNotFoundError("xmlSecFindChild", signNode, + xmlSecNodeSignatureValue, NULL); return(NULL); } res = xmlSecAddNextSibling(signValueNode, xmlSecNodeKeyInfo, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddNextSibling", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlSecInternalError("xmlSecAddNextSibling(xmlSecNodeKeyInfo)", NULL); return(NULL); } } @@ -280,11 +239,8 @@ xmlSecTmplSignatureAddReference(xmlNodePtr signNode, xmlSecTransformId digestMet signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs); if(signedInfoNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeSignedInfo), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeNotFoundError("xmlSecFindChild", signNode, + xmlSecNodeSignedInfo, NULL); return(NULL); } @@ -304,12 +260,7 @@ xmlSecTmplAddReference(xmlNodePtr parentNode, xmlSecTransformId digestMethodId, /* add Reference node */ res = xmlSecAddChild(parentNode, xmlSecNodeReference, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeReference)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeReference)", NULL); return(NULL); } @@ -327,24 +278,14 @@ xmlSecTmplAddReference(xmlNodePtr parentNode, xmlSecTransformId digestMethodId, /* add DigestMethod node and set algorithm */ cur = xmlSecAddChild(res, xmlSecNodeDigestMethod, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDigestMethod)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeDigestMethod)", NULL); xmlUnlinkNode(res); xmlFreeNode(res); return(NULL); } if(xmlSetProp(cur, xmlSecAttrAlgorithm, digestMethodId->href) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - xmlSecErrorsSafeString(digestMethodId->href)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrAlgorithm)); xmlUnlinkNode(res); xmlFreeNode(res); return(NULL); @@ -353,12 +294,7 @@ xmlSecTmplAddReference(xmlNodePtr parentNode, xmlSecTransformId digestMethodId, /* add DigestValue node */ cur = xmlSecAddChild(res, xmlSecNodeDigestValue, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDigestValue)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeDigestValue)", NULL); xmlUnlinkNode(res); xmlFreeNode(res); return(NULL); @@ -388,12 +324,7 @@ xmlSecTmplSignatureAddObject(xmlNodePtr signNode, const xmlChar *id, res = xmlSecAddChild(signNode, xmlSecNodeObject, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeObject)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeObject)", NULL); return(NULL); } if(id != NULL) { @@ -424,11 +355,8 @@ xmlSecTmplSignatureGetSignMethodNode(xmlNodePtr signNode) { signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs); if(signedInfoNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeSignedInfo), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeNotFoundError("xmlSecFindChild", signNode, + xmlSecNodeSignedInfo, NULL); return(NULL); } return(xmlSecFindChild(signedInfoNode, xmlSecNodeSignatureMethod, xmlSecDSigNs)); @@ -450,11 +378,8 @@ xmlSecTmplSignatureGetC14NMethodNode(xmlNodePtr signNode) { signedInfoNode = xmlSecFindChild(signNode, xmlSecNodeSignedInfo, xmlSecDSigNs); if(signedInfoNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeSignedInfo), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeNotFoundError("xmlSecFindChild", signNode, + xmlSecNodeSignedInfo, NULL); return(NULL); } return(xmlSecFindChild(signedInfoNode, xmlSecNodeCanonicalizationMethod, xmlSecDSigNs)); @@ -487,39 +412,28 @@ xmlSecTmplReferenceAddTransform(xmlNodePtr referenceNode, xmlSecTransformId tran tmp = xmlSecGetNextElementNode(referenceNode->children); if(tmp == NULL) { transformsNode = xmlSecAddChild(referenceNode, xmlSecNodeTransforms, xmlSecDSigNs); + if(transformsNode == NULL) { + xmlSecInternalError("xmlSecAddChild(xmlSecNodeTransforms)", NULL); + return(NULL); + } } else { transformsNode = xmlSecAddPrevSibling(tmp, xmlSecNodeTransforms, xmlSecDSigNs); - } - if(transformsNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild or xmlSecAddPrevSibling", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeTransforms)); - return(NULL); + if(transformsNode == NULL) { + xmlSecInternalError("xmlSecAddPrevSibling(xmlSecNodeTransforms)", NULL); + return(NULL); + } } } res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeTransform)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeTransform)", NULL); return(NULL); } if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - xmlSecErrorsSafeString(transformId->href)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrAlgorithm)); xmlUnlinkNode(res); xmlFreeNode(res); return(NULL); @@ -547,12 +461,7 @@ xmlSecTmplObjectAddSignProperties(xmlNodePtr objectNode, const xmlChar *id, cons res = xmlSecAddChild(objectNode, xmlSecNodeSignatureProperties, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeSignatureProperties)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeSignatureProperties)", NULL); return(NULL); } if(id != NULL) { @@ -582,12 +491,7 @@ xmlSecTmplObjectAddManifest(xmlNodePtr objectNode, const xmlChar *id) { res = xmlSecAddChild(objectNode, xmlSecNodeManifest, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeManifest)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeManifest)", NULL); return(NULL); } if(id != NULL) { @@ -647,23 +551,15 @@ xmlSecTmplEncDataCreate(xmlDocPtr doc, xmlSecTransformId encMethodId, encNode = xmlNewDocNode(doc, NULL, xmlSecNodeEncryptedData, NULL); if(encNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewDocNode", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeEncryptedData)); + xmlSecXmlError2("xmlNewDocNode", NULL, + "node=%s", xmlSecErrorsSafeString(xmlSecNodeEncryptedData)); return(NULL); } ns = xmlNewNs(encNode, xmlSecEncNs, NULL); if(ns == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNs", - XMLSEC_ERRORS_R_XML_FAILED, - "ns=%s", - xmlSecErrorsSafeString(xmlSecEncNs)); + xmlSecXmlError2("xmlNewNs", NULL, + "ns=%s", xmlSecErrorsSafeString(xmlSecEncNs)); return(NULL); } xmlSetNs(encNode, ns); @@ -699,22 +595,12 @@ xmlSecTmplPrepareEncData(xmlNodePtr parentNode, xmlSecTransformId encMethodId) { if(encMethodId != NULL) { cur = xmlSecAddChild(parentNode, xmlSecNodeEncryptionMethod, xmlSecEncNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeEncryptionMethod)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeEncryptionMethod)", NULL); return(-1); } if(xmlSetProp(cur, xmlSecAttrAlgorithm, encMethodId->href) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - xmlSecErrorsSafeString(encMethodId->href)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrAlgorithm)); return(-1); } } @@ -722,12 +608,7 @@ xmlSecTmplPrepareEncData(xmlNodePtr parentNode, xmlSecTransformId encMethodId) { /* and CipherData node */ cur = xmlSecAddChild(parentNode, xmlSecNodeCipherData, xmlSecEncNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeCipherData)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeCipherData)", NULL); return(-1); } @@ -757,22 +638,14 @@ xmlSecTmplEncDataEnsureKeyInfo(xmlNodePtr encNode, const xmlChar* id) { cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs); if(cipherDataNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeCipherData), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeNotFoundError("xmlSecFindChild", encNode, + xmlSecNodeCipherData, NULL); return(NULL); } res = xmlSecAddPrevSibling(cipherDataNode, xmlSecNodeKeyInfo, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddPrevSibling", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlSecInternalError("xmlSecAddPrevSibling(xmlSecNodeKeyInfo)", NULL); return(NULL); } } @@ -803,12 +676,7 @@ xmlSecTmplEncDataEnsureEncProperties(xmlNodePtr encNode, const xmlChar *id) { if(res == NULL) { res = xmlSecAddChild(encNode, xmlSecNodeEncryptionProperties, xmlSecEncNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeEncryptionProperties)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeEncryptionProperties)", NULL); return(NULL); } } @@ -842,22 +710,13 @@ xmlSecTmplEncDataAddEncProperty(xmlNodePtr encNode, const xmlChar *id, const xml encProps = xmlSecTmplEncDataEnsureEncProperties(encNode, NULL); if(encProps == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTmplEncDataEnsureEncProperties", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTmplEncDataEnsureEncProperties", NULL); return(NULL); } res = xmlSecAddChild(encProps, xmlSecNodeEncryptionProperty, xmlSecEncNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeEncryptionProperty)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeEncryptionProperty)", NULL); return(NULL); } if(id != NULL) { @@ -888,22 +747,15 @@ xmlSecTmplEncDataEnsureCipherValue(xmlNodePtr encNode) { cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs); if(cipherDataNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeCipherData), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeNotFoundError("xmlSecFindChild", encNode, + xmlSecNodeCipherData, NULL); return(NULL); } /* check that we don;t have CipherReference node */ tmp = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs); if(tmp != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeCipherReference), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(cipherDataNode, xmlSecNodeCipherReference, NULL); return(NULL); } @@ -911,12 +763,7 @@ xmlSecTmplEncDataEnsureCipherValue(xmlNodePtr encNode) { if(res == NULL) { res = xmlSecAddChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeCipherValue)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeCipherValue)", NULL); return(NULL); } } @@ -944,22 +791,15 @@ xmlSecTmplEncDataEnsureCipherReference(xmlNodePtr encNode, const xmlChar *uri) { cipherDataNode = xmlSecFindChild(encNode, xmlSecNodeCipherData, xmlSecEncNs); if(cipherDataNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeCipherData), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeNotFoundError("xmlSecFindChild", encNode, + xmlSecNodeCipherData, NULL); return(NULL); } /* check that we don;t have CipherValue node */ tmp = xmlSecFindChild(cipherDataNode, xmlSecNodeCipherValue, xmlSecEncNs); if(tmp != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeCipherValue), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(cipherDataNode, xmlSecNodeCipherValue, NULL); return(NULL); } @@ -967,12 +807,7 @@ xmlSecTmplEncDataEnsureCipherReference(xmlNodePtr encNode, const xmlChar *uri) { if(res == NULL) { res = xmlSecAddChild(cipherDataNode, xmlSecNodeCipherReference, xmlSecEncNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeCipherReference)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeCipherReference)", NULL); return(NULL); } } @@ -988,7 +823,7 @@ xmlSecTmplEncDataEnsureCipherReference(xmlNodePtr encNode, const xmlChar *uri) { * xmlSecTmplEncDataGetEncMethodNode: * @encNode: the pointer to <enc:EcnryptedData /> node. * - * Gets pointer to <enc:EncrytpionMethod/> node. + * Gets pointer to <enc:EncryptionMethod/> node. * * Returns: pointer to <enc:EncryptionMethod /> node or NULL if an error occurs. */ @@ -1025,35 +860,20 @@ xmlSecTmplCipherReferenceAddTransform(xmlNodePtr cipherReferenceNode, if(transformsNode == NULL) { transformsNode = xmlSecAddChild(cipherReferenceNode, xmlSecNodeTransforms, xmlSecEncNs); if(transformsNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeTransforms)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeTransforms)", NULL); return(NULL); } } res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeTransform)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeTransform)", NULL); return(NULL); } if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - xmlSecErrorsSafeString(transformId->href)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrAlgorithm)); xmlUnlinkNode(res); xmlFreeNode(res); return(NULL); @@ -1089,36 +909,21 @@ xmlSecTmplReferenceListAddDataReference(xmlNodePtr encNode, const xmlChar *uri) if(refListNode == NULL) { refListNode = xmlSecAddChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs); if(refListNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeReferenceList)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeReferenceList)", NULL); return(NULL); } } res = xmlSecAddChild(refListNode, xmlSecNodeDataReference, xmlSecEncNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDataReference)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeDataReference)", NULL); return(NULL); } if(uri != NULL) { if(xmlSetProp(res, xmlSecAttrURI, uri) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrURI), - xmlSecErrorsSafeString(uri)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrURI)); xmlUnlinkNode(res); xmlFreeNode(res); return(NULL); @@ -1148,36 +953,21 @@ xmlSecTmplReferenceListAddKeyReference(xmlNodePtr encNode, const xmlChar *uri) { if(refListNode == NULL) { refListNode = xmlSecAddChild(encNode, xmlSecNodeReferenceList, xmlSecEncNs); if(refListNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeReferenceList)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeReferenceList)", NULL); return(NULL); } } res = xmlSecAddChild(refListNode, xmlSecNodeKeyReference, xmlSecEncNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyReference)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeKeyReference)", NULL); return(NULL); } if(uri != NULL) { if(xmlSetProp(res, xmlSecAttrURI, uri) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrURI), - xmlSecErrorsSafeString(uri)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrURI)); xmlUnlinkNode(res); xmlFreeNode(res); return(NULL); @@ -1207,21 +997,21 @@ xmlSecTmplReferenceListAddKeyReference(xmlNodePtr encNode, const xmlChar *uri) { xmlNodePtr xmlSecTmplKeyInfoAddKeyName(xmlNodePtr keyInfoNode, const xmlChar* name) { xmlNodePtr res; + int ret; xmlSecAssert2(keyInfoNode != NULL, NULL); res = xmlSecAddChild(keyInfoNode, xmlSecNodeKeyName, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyName)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeKeyName)", NULL); return(NULL); } if(name != NULL) { - xmlSecNodeEncodeAndSetContent(res, name); + ret = xmlSecNodeEncodeAndSetContent(res, name); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + return(NULL); + } } return(res); } @@ -1243,12 +1033,7 @@ xmlSecTmplKeyInfoAddKeyValue(xmlNodePtr keyInfoNode) { res = xmlSecAddChild(keyInfoNode, xmlSecNodeKeyValue, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyValue)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeKeyValue)", NULL); return(NULL); } @@ -1272,12 +1057,7 @@ xmlSecTmplKeyInfoAddX509Data(xmlNodePtr keyInfoNode) { res = xmlSecAddChild(keyInfoNode, xmlSecNodeX509Data, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Data)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeX509Data)", NULL); return(NULL); } @@ -1304,12 +1084,7 @@ xmlSecTmplKeyInfoAddRetrievalMethod(xmlNodePtr keyInfoNode, const xmlChar *uri, res = xmlSecAddChild(keyInfoNode, xmlSecNodeRetrievalMethod, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRetrievalMethod)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeRetrievalMethod)", NULL); return(NULL); } @@ -1346,35 +1121,20 @@ xmlSecTmplRetrievalMethodAddTransform(xmlNodePtr retrMethodNode, xmlSecTransform if(transformsNode == NULL) { transformsNode = xmlSecAddChild(retrMethodNode, xmlSecNodeTransforms, xmlSecDSigNs); if(transformsNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeTransforms)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeTransforms)", NULL); return(NULL); } } res = xmlSecAddChild(transformsNode, xmlSecNodeTransform, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeTransform)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeTransform)", NULL); return(NULL); } if(xmlSetProp(res, xmlSecAttrAlgorithm, transformId->href) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "name=%s,value=%s", - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - xmlSecErrorsSafeString(transformId->href)); + xmlSecXmlError2("xmlSetProp", NULL, + "name=%s", xmlSecErrorsSafeString(xmlSecAttrAlgorithm)); xmlUnlinkNode(res); xmlFreeNode(res); return(NULL); @@ -1408,12 +1168,7 @@ xmlSecTmplKeyInfoAddEncryptedKey(xmlNodePtr keyInfoNode, xmlSecTransformId encMe /* we allow multiple encrypted key elements */ encKeyNode = xmlSecAddChild(keyInfoNode, xmlSecNodeEncryptedKey, xmlSecEncNs); if(encKeyNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeEncryptedKey)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeEncryptedKey)", NULL); return(NULL); } @@ -1458,22 +1213,13 @@ xmlSecTmplX509DataAddIssuerSerial(xmlNodePtr x509DataNode) { cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(x509DataNode, xmlSecNodeX509IssuerSerial, NULL); return(NULL); } cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeX509IssuerSerial)", NULL); return(NULL); } @@ -1492,35 +1238,29 @@ xmlSecTmplX509DataAddIssuerSerial(xmlNodePtr x509DataNode) { */ xmlNodePtr xmlSecTmplX509IssuerSerialAddIssuerName(xmlNodePtr x509IssuerSerialNode, const xmlChar* issuerName) { - xmlNodePtr res; - - xmlSecAssert2(x509IssuerSerialNode != NULL, NULL); + xmlNodePtr res; + int ret; - if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName, - xmlSecDSigNs) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecAssert2(x509IssuerSerialNode != NULL, NULL); + if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName, xmlSecDSigNs) != NULL) { + xmlSecNodeAlreadyPresentError(x509IssuerSerialNode, xmlSecNodeX509IssuerName, NULL); return(NULL); - } + } - res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName, xmlSecDSigNs); + res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeX509IssuerName)", NULL); return(NULL); } - if (issuerName != NULL) { - xmlSecNodeEncodeAndSetContent(res, issuerName); - } - return(res); + if (issuerName != NULL) { + ret = xmlSecNodeEncodeAndSetContent(res, issuerName); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + return(NULL); + } + } + return(res); } /** @@ -1535,35 +1275,30 @@ xmlSecTmplX509IssuerSerialAddIssuerName(xmlNodePtr x509IssuerSerialNode, const x */ xmlNodePtr xmlSecTmplX509IssuerSerialAddSerialNumber(xmlNodePtr x509IssuerSerialNode, const xmlChar* serial) { - xmlNodePtr res; + xmlNodePtr res; + int ret; - xmlSecAssert2(x509IssuerSerialNode != NULL, NULL); + xmlSecAssert2(x509IssuerSerialNode != NULL, NULL); - if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, - xmlSecDSigNs) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } + if(xmlSecFindChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, xmlSecDSigNs) != NULL) { + xmlSecNodeAlreadyPresentError(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, NULL); + return(NULL); + } - res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, xmlSecDSigNs); - if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); - return(NULL); - } + res = xmlSecAddChild(x509IssuerSerialNode, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + if(res == NULL) { + xmlSecInternalError("xmlSecAddChild(xmlSecNodeX509SerialNumber)", NULL); + return(NULL); + } - if (serial != NULL) { - xmlSecNodeEncodeAndSetContent(res, serial); + if (serial != NULL) { + ret = xmlSecNodeEncodeAndSetContent(res, serial); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + return(NULL); } - return(res); + } + return(res); } /** @@ -1584,22 +1319,13 @@ xmlSecTmplX509DataAddSubjectName(xmlNodePtr x509DataNode) { cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(x509DataNode, xmlSecNodeX509SubjectName, NULL); return(NULL); } cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeX509SubjectName)", NULL); return(NULL); } @@ -1624,22 +1350,13 @@ xmlSecTmplX509DataAddSKI(xmlNodePtr x509DataNode) { cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeX509SKI), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(x509DataNode, xmlSecNodeX509SKI, NULL); return(NULL); } cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeX509SKI)", NULL); return(NULL); } @@ -1665,22 +1382,13 @@ xmlSecTmplX509DataAddCertificate(xmlNodePtr x509DataNode) { cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeX509Certificate), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(x509DataNode, xmlSecNodeX509Certificate, NULL); return(NULL); } cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeX509Certificate)", NULL); return(NULL); } @@ -1705,22 +1413,13 @@ xmlSecTmplX509DataAddCRL(xmlNodePtr x509DataNode) { cur = xmlSecFindChild(x509DataNode, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeX509CRL), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(x509DataNode, xmlSecNodeX509CRL, NULL); return(NULL); } cur = xmlSecAddChild(x509DataNode, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeX509CRL)", NULL); return(NULL); } @@ -1741,38 +1440,33 @@ xmlSecTmplX509DataAddCRL(xmlNodePtr x509DataNode) { * Creates <dsig:HMACOutputLength/> child for the HMAC transform * node @node. * - * Returns: 0 on success and a negatie value otherwise. + * Returns: 0 on success and a negative value otherwise. */ int xmlSecTmplTransformAddHmacOutputLength(xmlNodePtr transformNode, xmlSecSize bitsLen) { xmlNodePtr cur; - char buf[32]; + char buf[64]; xmlSecAssert2(transformNode != NULL, -1); xmlSecAssert2(bitsLen > 0, -1); cur = xmlSecFindChild(transformNode, xmlSecNodeHMACOutputLength, xmlSecDSigNs); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeHMACOutputLength), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(transformNode, xmlSecNodeHMACOutputLength, NULL); return(-1); } cur = xmlSecAddChild(transformNode, xmlSecNodeHMACOutputLength, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeHMACOutputLength)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeHMACOutputLength)", NULL); return(-1); } - snprintf(buf, sizeof(buf), "%u", bitsLen); +#ifdef WIN32 + sprintf_s(buf, sizeof(buf), "%lu", (unsigned long)bitsLen); +#else /* WIN32 */ + sprintf(buf, "%lu", (unsigned long)bitsLen); +#endif /* WIN32 */ xmlNodeSetContent(cur, BAD_CAST buf); return(0); } @@ -1799,32 +1493,19 @@ xmlSecTmplTransformAddRsaOaepParam(xmlNodePtr transformNode, oaepParamNode = xmlSecFindChild(transformNode, xmlSecNodeRsaOAEPparams, xmlSecEncNs); if(oaepParamNode != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeRsaOAEPparams), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(transformNode, xmlSecNodeRsaOAEPparams, NULL); return(-1); } oaepParamNode = xmlSecAddChild(transformNode, xmlSecNodeRsaOAEPparams, xmlSecEncNs); if(oaepParamNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRsaOAEPparams)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeRsaOAEPparams)", NULL); return(-1); } base64 = xmlSecBase64Encode(buf, size, 0); if(base64 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBase64Encode", NULL, "size=%d", size); return(-1); } @@ -1836,7 +1517,7 @@ xmlSecTmplTransformAddRsaOaepParam(xmlNodePtr transformNode, /** * xmlSecTmplTransformAddXsltStylesheet: * @transformNode: the pointer to <dsig:Transform/> node. - * @xslt: the XSLT transform exspression. + * @xslt: the XSLT transform expression. * * Writes the XSLT transform expression to the @node. * @@ -1852,21 +1533,13 @@ xmlSecTmplTransformAddXsltStylesheet(xmlNodePtr transformNode, const xmlChar *xs xsltDoc = xmlParseMemory((const char*)xslt, xmlStrlen(xslt)); if(xsltDoc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlParseMemory", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlParseMemory", NULL); return(-1); } ret = xmlSecReplaceContent(transformNode, xmlDocGetRootElement(xsltDoc)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecReplaceContent", NULL); xmlFreeDoc(xsltDoc); return(-1); } @@ -1896,22 +1569,14 @@ xmlSecTmplTransformAddC14NInclNamespaces(xmlNodePtr transformNode, cur = xmlSecFindChild(transformNode, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeInclusiveNamespaces), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(transformNode, xmlSecNodeInclusiveNamespaces, NULL); return(-1); } cur = xmlSecAddChild(transformNode, xmlSecNodeInclusiveNamespaces, xmlSecNsExcC14N); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecNodeGetName(transformNode)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeInclusiveNamespaces)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeInclusiveNamespaces)", + xmlSecNodeGetName(transformNode)); return(-1); } @@ -1926,7 +1591,7 @@ xmlSecTmplTransformAddC14NInclNamespaces(xmlNodePtr transformNode, * @nsList: the NULL terminated list of namespace prefix/href pairs * (optional). * - * Writes XPath transform infromation to the <dsig:Transform/> node + * Writes XPath transform information to the <dsig:Transform/> node * @node. * * Returns: 0 for success or a negative value otherwise. @@ -1935,32 +1600,29 @@ int xmlSecTmplTransformAddXPath(xmlNodePtr transformNode, const xmlChar *expression, const xmlChar **nsList) { xmlNodePtr xpathNode; + int ret; xmlSecAssert2(transformNode != NULL, -1); xmlSecAssert2(expression != NULL, -1); xpathNode = xmlSecFindChild(transformNode, xmlSecNodeXPath, xmlSecDSigNs); if(xpathNode != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeXPath), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(transformNode, xmlSecNodeXPath, NULL); return(-1); } xpathNode = xmlSecAddChild(transformNode, xmlSecNodeXPath, xmlSecDSigNs); if(xpathNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeXPath)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeXPath)", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(xpathNode, expression); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); return(-1); } - xmlSecNodeEncodeAndSetContent(xpathNode, expression); return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpathNode, nsList) : 0); } @@ -1972,7 +1634,7 @@ xmlSecTmplTransformAddXPath(xmlNodePtr transformNode, const xmlChar *expression, * @nsList: the NULL terminated list of namespace prefix/href pairs. * (optional). * - * Writes XPath2 transform infromation to the <dsig:Transform/> node + * Writes XPath2 transform information to the <dsig:Transform/> node * @node. * * Returns: 0 for success or a negative value otherwise. @@ -1981,6 +1643,7 @@ int xmlSecTmplTransformAddXPath2(xmlNodePtr transformNode, const xmlChar* type, const xmlChar *expression, const xmlChar **nsList) { xmlNodePtr xpathNode; + int ret; xmlSecAssert2(transformNode != NULL, -1); xmlSecAssert2(type != NULL, -1); @@ -1988,17 +1651,17 @@ xmlSecTmplTransformAddXPath2(xmlNodePtr transformNode, const xmlChar* type, xpathNode = xmlSecAddChild(transformNode, xmlSecNodeXPath, xmlSecXPath2Ns); if(xpathNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeXPath)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeXPath)", NULL); return(-1); } xmlSetProp(xpathNode, xmlSecAttrFilter, type); - xmlSecNodeEncodeAndSetContent(xpathNode, expression); + ret = xmlSecNodeEncodeAndSetContent(xpathNode, expression); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + return(-1); + } + return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpathNode, nsList) : 0); } @@ -2009,7 +1672,7 @@ xmlSecTmplTransformAddXPath2(xmlNodePtr transformNode, const xmlChar* type, * @nsList: the NULL terminated list of namespace prefix/href pairs. * (optional). * - * Writes XPoniter transform infromation to the <dsig:Transform/> node + * Writes XPointer transform information to the <dsig:Transform/> node * @node. * * Returns: 0 for success or a negative value otherwise. @@ -2018,33 +1681,29 @@ int xmlSecTmplTransformAddXPointer(xmlNodePtr transformNode, const xmlChar *expression, const xmlChar **nsList) { xmlNodePtr xpointerNode; + int ret; xmlSecAssert2(expression != NULL, -1); xmlSecAssert2(transformNode != NULL, -1); xpointerNode = xmlSecFindChild(transformNode, xmlSecNodeXPointer, xmlSecXPointerNs); if(xpointerNode != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeXPointer), - XMLSEC_ERRORS_R_NODE_ALREADY_PRESENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNodeAlreadyPresentError(transformNode, xmlSecNodeXPointer, NULL); return(-1); } xpointerNode = xmlSecAddChild(transformNode, xmlSecNodeXPointer, xmlSecXPointerNs); if(xpointerNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeXPointer)); + xmlSecInternalError("xmlSecAddChild(xmlSecNodeXPointer)", NULL); return(-1); } + ret = xmlSecNodeEncodeAndSetContent(xpointerNode, expression); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + return(-1); + } - xmlSecNodeEncodeAndSetContent(xpointerNode, expression); return((nsList != NULL) ? xmlSecTmplNodeWriteNsList(xpointerNode, nsList) : 0); } @@ -2058,34 +1717,32 @@ xmlSecTmplNodeWriteNsList(xmlNodePtr parentNode, const xmlChar** nsList) { xmlSecAssert2(parentNode != NULL, -1); xmlSecAssert2(nsList != NULL, -1); + /* nsList contains pairs of prefix/href with NULL at the end. We use special + "#default" prefix instead of NULL prefix */ ptr = nsList; while((*ptr) != NULL) { + /* get next prefix/href pair */ if(xmlStrEqual(BAD_CAST "#default", (*ptr))) { prefix = NULL; } else { prefix = (*ptr); } - if(*(++ptr) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "unexpected end of ns list"); + href = *(++ptr); + if(href == NULL) { + xmlSecInvalidDataError("unexpected end of ns list", NULL); return(-1); } - href = *(ptr++); + /* create namespace node */ ns = xmlNewNs(parentNode, href, prefix); if(ns == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNs", - XMLSEC_ERRORS_R_XML_FAILED, - "href=%s;prefix=%s", - xmlSecErrorsSafeString(href), - xmlSecErrorsSafeString(prefix)); + xmlSecXmlError2("xmlNewNs", NULL, + "prefix=%s", xmlSecErrorsSafeString(prefix)); return(-1); } + + /* next pair */ + ++ptr; } return(0); } diff --git a/src/transforms.c b/src/transforms.c index 2761929f..4ce95238 100644 --- a/src/transforms.c +++ b/src/transforms.c @@ -1,14 +1,24 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * The Transforms Element (http://www.w3.org/TR/xmldsig-core/#sec-Transforms) * - * The optional Transforms element contains an ordered list of Transform - * elements; these describe how the signer obtained the data object that - * was digested. + * This is free software; see Copyright file in the source + * distribution for preciese wording. + * + * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + */ +/** + * SECTION:transforms + * @Short_description: Transform object functions. + * @Stability: Stable + * + * The [Transforms Element](http://www.w3.org/TR/xmldsig-core/#sec-Transforms) + * contains an ordered list of Transform elements; these describe how the signer + * obtained the data object that was digested. * * Schema Definition: * + * |[<!-- language="XML" --> * <element name="Transforms" type="ds:TransformsType"/> * <complexType name="TransformsType"> * <sequence> @@ -25,18 +35,16 @@ * </choice> * <attribute name="Algorithm" type="anyURI" use="required"/> * </complexType> + * ]| * * DTD: * + * |[<!-- language="XML" --> * <!ELEMENT Transforms (Transform+)> * <!ELEMENT Transform (#PCDATA|XPath %Transform.ANY;)* > * <!ATTLIST Transform Algorithm CDATA #REQUIRED > * <!ELEMENT XPath (#PCDATA) > - * - * This is free software; see Copyright file in the source - * distribution for preciese wording. - * - * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. + * ]| */ #include "globals.h" @@ -97,21 +105,13 @@ xmlSecTransformIdsInit(void) { ret = xmlSecPtrListInitialize(xmlSecTransformIdsGet(), xmlSecTransformIdListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListPtrInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecTransformIdListId"); + xmlSecInternalError("xmlSecPtrListInitialize(xmlSecTransformIdListId)", NULL); return(-1); } ret = xmlSecTransformIdsRegisterDefault(); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegisterDefault", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsRegisterDefault", NULL); return(-1); } @@ -153,12 +153,8 @@ xmlSecTransformIdsRegister(xmlSecTransformId id) { ret = xmlSecPtrListAdd(xmlSecTransformIdsGet(), (xmlSecPtr)id); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id))); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecTransformKlassGetName(id)); return(-1); } @@ -176,129 +172,64 @@ xmlSecTransformIdsRegister(xmlSecTransformId id) { int xmlSecTransformIdsRegisterDefault(void) { if(xmlSecTransformIdsRegister(xmlSecTransformBase64Id) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformBase64Id))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformBase64Id)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformEnvelopedId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformEnvelopedId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformEnvelopedId)", NULL); return(-1); } /* c14n methods */ if(xmlSecTransformIdsRegister(xmlSecTransformInclC14NId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformInclC14NId)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformInclC14NWithCommentsId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NWithCommentsId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformInclC14NWithCommentsId)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformInclC14N11Id) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14N11Id))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformInclC14N11Id)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformInclC14N11WithCommentsId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14N11WithCommentsId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformInclC14N11WithCommentsId)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformExclC14NId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformExclC14NId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformExclC14NId)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformExclC14NWithCommentsId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformExclC14NWithCommentsId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformExclC14NWithCommentsId)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformXPathId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPathId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformXPathId)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformXPath2Id) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPath2Id))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformXPath2Id)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformXPointerId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformXPointerId)", NULL); return(-1); } if(xmlSecTransformIdsRegister(xmlSecTransformRelationshipId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformRelationshipId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformRelationshipId)", NULL); return(-1); } #ifndef XMLSEC_NO_XSLT if(xmlSecTransformIdsRegister(xmlSecTransformXsltId) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsRegister", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXsltId))); + xmlSecInternalError("xmlSecTransformIdsRegister(xmlSecTransformXsltId)", NULL); return(-1); } #endif /* XMLSEC_NO_XSLT */ @@ -361,21 +292,13 @@ xmlSecTransformCtxCreate(void) { /* Allocate a new xmlSecTransform and fill the fields. */ ctx = (xmlSecTransformCtxPtr)xmlMalloc(sizeof(xmlSecTransformCtx)); if(ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)sizeof(xmlSecTransformCtx)); + xmlSecMallocError(sizeof(xmlSecTransformCtx), NULL); return(NULL); } ret = xmlSecTransformCtxInitialize(ctx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxInitialize", NULL); xmlSecTransformCtxDestroy(ctx); return(NULL); } @@ -417,11 +340,7 @@ xmlSecTransformCtxInitialize(xmlSecTransformCtxPtr ctx) { ret = xmlSecPtrListInitialize(&(ctx->enabledTransforms), xmlSecTransformIdListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize(xmlSecTransformIdListId)", NULL); return(-1); } @@ -448,7 +367,7 @@ xmlSecTransformCtxFinalize(xmlSecTransformCtxPtr ctx) { * xmlSecTransformCtxReset: * @ctx: the pointer to transforms chain processing context. * - * Resets transfroms context for new processing. + * Resets transforms context for new processing. */ void xmlSecTransformCtxReset(xmlSecTransformCtxPtr ctx) { @@ -501,11 +420,7 @@ xmlSecTransformCtxCopyUserPref(xmlSecTransformCtxPtr dst, xmlSecTransformCtxPtr ret = xmlSecPtrListCopy(&(dst->enabledTransforms), &(src->enabledTransforms)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListCopy(enabledTransforms)", NULL); return(-1); } @@ -533,12 +448,8 @@ xmlSecTransformCtxAppend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transform if(ctx->last != NULL) { ret = xmlSecTransformConnect(ctx->last, transform, ctx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformConnect", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); + xmlSecInternalError("xmlSecTransformConnect", + xmlSecTransformGetName(transform)); return(-1); } } else { @@ -571,12 +482,8 @@ xmlSecTransformCtxPrepend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transfor if(ctx->first != NULL) { ret = xmlSecTransformConnect(transform, ctx->first, ctx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformConnect", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); + xmlSecInternalError("xmlSecTransformConnect", + xmlSecTransformGetName(transform)); return(-1); } } else { @@ -593,7 +500,7 @@ xmlSecTransformCtxPrepend(xmlSecTransformCtxPtr ctx, xmlSecTransformPtr transfor * @ctx: the pointer to transforms chain processing context. * @id: the new transform klass. * - * Creaeates new transform and connects it to the end of the chain of + * Creates new transform and connects it to the end of the chain of * transforms in the @ctx (see #xmlSecTransformConnect function for details). * * Returns: pointer to newly created transform or NULL if an error occurs. @@ -609,23 +516,15 @@ xmlSecTransformCtxCreateAndAppend(xmlSecTransformCtxPtr ctx, xmlSecTransformId i transform = xmlSecTransformCreate(id); if(!xmlSecTransformIsValid(transform)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id))); + xmlSecInternalError("xmlSecTransformCreate", + xmlSecTransformKlassGetName(id)); return(NULL); } ret = xmlSecTransformCtxAppend(ctx, transform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); + xmlSecInternalError("xmlSecTransformCtxAppend", + xmlSecTransformKlassGetName(id)); xmlSecTransformDestroy(transform); return(NULL); } @@ -638,7 +537,7 @@ xmlSecTransformCtxCreateAndAppend(xmlSecTransformCtxPtr ctx, xmlSecTransformId i * @ctx: the pointer to transforms chain processing context. * @id: the new transform klass. * - * Creaeates new transform and connects it to the end of the chain of + * Creates new transform and connects it to the end of the chain of * transforms in the @ctx (see #xmlSecTransformConnect function for details). * * Returns: pointer to newly created transform or NULL if an error occurs. @@ -654,23 +553,15 @@ xmlSecTransformCtxCreateAndPrepend(xmlSecTransformCtxPtr ctx, xmlSecTransformId transform = xmlSecTransformCreate(id); if(!xmlSecTransformIsValid(transform)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id))); + xmlSecInternalError("xmlSecTransformCreate", + xmlSecTransformKlassGetName(id)); return(NULL); } ret = xmlSecTransformCtxPrepend(ctx, transform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); + xmlSecInternalError("xmlSecTransformCtxPrepend", + xmlSecTransformGetName(transform)); xmlSecTransformDestroy(transform); return(NULL); } @@ -701,23 +592,15 @@ xmlSecTransformCtxNodeRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node, transform = xmlSecTransformNodeRead(node, usage, ctx); if(transform == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecTransformNodeRead", + xmlSecNodeGetName(node)); return(NULL); } ret = xmlSecTransformCtxAppend(ctx, transform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); + xmlSecInternalError("xmlSecTransformCtxAppend", + xmlSecTransformGetName(transform)); xmlSecTransformDestroy(transform); return(NULL); } @@ -750,23 +633,15 @@ xmlSecTransformCtxNodesListRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node, xmlS while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeTransform, xmlSecDSigNs)) { transform = xmlSecTransformNodeRead(cur, usage, ctx); if(transform == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError("xmlSecTransformNodeRead", + xmlSecNodeGetName(cur)); return(-1); } ret = xmlSecTransformCtxAppend(ctx, transform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError("xmlSecTransformCtxAppend", + xmlSecTransformGetName(transform)); xmlSecTransformDestroy(transform); return(-1); } @@ -774,11 +649,7 @@ xmlSecTransformCtxNodesListRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node, xmlS } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } return(0); @@ -818,7 +689,7 @@ xmlSecTransformCtxNodesListRead(xmlSecTransformCtxPtr ctx, xmlNodePtr node, xmlS * identifies a node-set containing the element with ID attribute value * 'chapter1' of the XML resource containing the signature. XML Signature * (and its applications) modify this node-set to include the element plus - * all descendents including namespaces and attributes -- but not comments. + * all descendants including namespaces and attributes -- but not comments. * * Returns: 0 on success or a negative value otherwise. */ @@ -838,12 +709,8 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP /* check uri */ if(xmlSecTransformUriTypeCheck(ctx->enabledUris, uri) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_URI_TYPE, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_URI_TYPE, NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -857,11 +724,7 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP if(xptr == NULL){ ctx->uri = xmlStrdup(uri); if(ctx->uri == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_STRDUP_FAILED, - "size=%d", xmlStrlen(uri)); + xmlSecStrdupError(uri, NULL); return(-1); } /* we are done */ @@ -869,34 +732,22 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP } else if(xmlStrcmp(uri, BAD_CAST "#xpointer(/)") == 0) { ctx->xptrExpr = xmlStrdup(uri); if(ctx->xptrExpr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_STRDUP_FAILED, - "size=%d", xmlStrlen(uri)); + xmlSecStrdupError(uri, NULL); return(-1); } /* we are done */ return(0); } - ctx->uri = xmlStrndup(uri, xptr - uri); + ctx->uri = xmlStrndup(uri, (int)(xptr - uri)); if(ctx->uri == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_STRDUP_FAILED, - "size=%d", (int)(xptr - uri)); + xmlSecStrdupError(uri, NULL); return(-1); } ctx->xptrExpr = xmlStrdup(xptr); if(ctx->xptrExpr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_STRDUP_FAILED, - "size=%d", xmlStrlen(xptr)); + xmlSecStrdupError(xptr, NULL); return(-1); } @@ -918,14 +769,15 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP size = xmlStrlen(BAD_CAST tmpl) + xmlStrlen(xptr) + 2; buf = (xmlChar*)xmlMalloc(size * sizeof(xmlChar)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", size); + xmlSecMallocError(size * sizeof(xmlChar), NULL); return(-1); } - snprintf((char*)buf, size * sizeof(xmlChar), tmpl, xptr + 1); + ret = xmlStrPrintf(buf, size, tmpl, xptr + 1); + if(ret < 0) { + xmlSecXmlError("xmlStrPrintf", NULL); + xmlFree(buf); + return(-1); + } xptr = buf; nodeSetType = xmlSecNodeSetTreeWithoutComments; } @@ -936,12 +788,7 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP /* we need to create XPonter transform to execute expr */ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformXPointerId); if(!xmlSecTransformIsValid(transform)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXPointerId))); + xmlSecInternalError("xmlSecTransformCtxCreateAndPrepend(xmlSecTransformXPointerId)", NULL); if(buf != NULL) { xmlFree(buf); } @@ -950,12 +797,8 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP ret = xmlSecTransformXPointerSetExpr(transform, xptr, nodeSetType, hereNode); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformXPointerSetExpr", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); + xmlSecInternalError("xmlSecTransformXPointerSetExpr", + xmlSecTransformGetName(transform)); if(buf != NULL) { xmlFree(buf); } @@ -972,12 +815,7 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformVisa3DHackId); if(!xmlSecTransformIsValid(transform)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformVisa3DHackId))); + xmlSecInternalError("xmlSecTransformCtxCreateAndPrepend(xmlSecTransformVisa3DHackId)", NULL); if(buf != NULL) { xmlFree(buf); } @@ -986,12 +824,8 @@ xmlSecTransformCtxSetUri(xmlSecTransformCtxPtr ctx, const xmlChar* uri, xmlNodeP ret = xmlSecTransformVisa3DHackSetID(transform, xptr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformVisa3DHackSetID", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); + xmlSecInternalError("xmlSecTransformVisa3DHackSetID", + xmlSecTransformGetName(transform)); if(buf != NULL) { xmlFree(buf); } @@ -1027,22 +861,13 @@ xmlSecTransformCtxPrepare(xmlSecTransformCtxPtr ctx, xmlSecTransformDataType inp /* add binary buffer to store result */ transform = xmlSecTransformCtxCreateAndAppend(ctx, xmlSecTransformMemBufId); if(!xmlSecTransformIsValid(transform)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId))); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend(xmlSecTransformMemBufId)", NULL); return(-1); } ctx->result = xmlSecTransformMemBufGetBuffer(transform); if(ctx->result == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformMemBufGetBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId))); + xmlSecInternalError("xmlSecTransformMemBufGetBuffer(xmlSecTransformMemBufId)", + xmlSecTransformGetName(transform)); return(-1); } @@ -1053,12 +878,7 @@ xmlSecTransformCtxPrepare(xmlSecTransformCtxPtr ctx, xmlSecTransformDataType inp /* need to add parser transform */ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformXmlParserId); if(transform == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformXmlParserId))); + xmlSecInternalError("xmlSecTransformCtxCreateAndPrepend(xmlSecTransformXmlParserId)", NULL); return(-1); } } else if(((firstType & xmlSecTransformDataTypeXml) == 0) && @@ -1067,12 +887,7 @@ xmlSecTransformCtxPrepare(xmlSecTransformCtxPtr ctx, xmlSecTransformDataType inp /* need to add c14n transform */ transform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformInclC14NId); if(transform == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInclC14NId))); + xmlSecInternalError("xmlSecTransformCtxCreateAndPrepend(xmlSecTransformInclC14NId)", NULL); return(-1); } } @@ -1082,11 +897,7 @@ xmlSecTransformCtxPrepare(xmlSecTransformCtxPtr ctx, xmlSecTransformDataType inp if(ctx->preExecCallback != NULL) { ret = (ctx->preExecCallback)(ctx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "ctx->preExecCallback", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("ctx->preExecCallback", NULL); return(-1); } } @@ -1121,21 +932,14 @@ xmlSecTransformCtxBinaryExecute(xmlSecTransformCtxPtr ctx, ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeBin); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxPrepare", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "type=bin"); + xmlSecInternalError("xmlSecTransformCtxPrepare(TypeBin)", NULL); return(-1); } ret = xmlSecTransformPushBin(ctx->first, data, dataSize, 1, ctx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxPushBin", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "dataSize=%d", dataSize); + xmlSecInternalError2("xmlSecTransformPushBin", NULL, + "dataSize=%d", dataSize); return(-1); } @@ -1166,34 +970,21 @@ xmlSecTransformCtxUriExecute(xmlSecTransformCtxPtr ctx, const xmlChar* uri) { uriTransform = xmlSecTransformCtxCreateAndPrepend(ctx, xmlSecTransformInputURIId); if(uriTransform == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformInputURIId))); + xmlSecInternalError("xmlSecTransformCtxCreateAndPrepend(xmlSecTransformInputURIId)", NULL); return(-1); } ret = xmlSecTransformInputURIOpen(uriTransform, uri); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformInputURIOpen", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecTransformInputURIOpen", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } /* we do not need to do something special for this transform */ ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeUnknown); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxPrepare", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "type=bin"); + xmlSecInternalError("xmlSecTransformCtxPrepare(TypeUnknown)", NULL); return(-1); } @@ -1202,25 +993,18 @@ xmlSecTransformCtxUriExecute(xmlSecTransformCtxPtr ctx, const xmlChar* uri) { */ ret = xmlSecTransformPump(uriTransform, uriTransform->next, ctx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformPump", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecInternalError("xmlSecTransformPump", + xmlSecTransformGetName(uriTransform)); return(-1); } /* Close to free up file handle */ ret = xmlSecTransformInputURIClose(uriTransform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformInputURIClose", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ret=%d", ret); - return(-1); - } + xmlSecInternalError("xmlSecTransformInputURIClose", + xmlSecTransformGetName(uriTransform)); + return(-1); + } /* Done */ ctx->status = xmlSecTransformStatusFinished; @@ -1249,11 +1033,7 @@ xmlSecTransformCtxXmlExecute(xmlSecTransformCtxPtr ctx, xmlSecNodeSetPtr nodes) ret = xmlSecTransformCtxPrepare(ctx, xmlSecTransformDataTypeXml); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxPrepare", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "type=xml"); + xmlSecInternalError("xmlSecTransformCtxPrepare(TypeXml)", NULL); return(-1); } @@ -1261,12 +1041,8 @@ xmlSecTransformCtxXmlExecute(xmlSecTransformCtxPtr ctx, xmlSecNodeSetPtr nodes) * just don't care and c14n likes push more than pop */ ret = xmlSecTransformPushXml(ctx->first, nodes, ctx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformPushXml", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(ctx->first))); + xmlSecInternalError("xmlSecTransformPushXml", + xmlSecTransformGetName(ctx->first)); return(-1); } @@ -1299,11 +1075,7 @@ xmlSecTransformCtxExecute(xmlSecTransformCtxPtr ctx, xmlDocPtr doc) { /* our xpointer transform takes care of providing correct nodes set */ nodes = xmlSecNodeSetCreate(doc, NULL, xmlSecNodeSetNormal); if(nodes == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNodeSetCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNodeSetCreate", NULL); return(-1); } @@ -1311,21 +1083,13 @@ xmlSecTransformCtxExecute(xmlSecTransformCtxPtr ctx, xmlDocPtr doc) { /* we do not want to have comments for empty URI */ nodes = xmlSecNodeSetGetChildren(doc, NULL, 0, 0); if(nodes == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNodeSetGetChildren", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNodeSetGetChildren", NULL); return(-1); } } ret = xmlSecTransformCtxXmlExecute(ctx, nodes); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxXmlExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxXmlExecute", NULL); xmlSecNodeSetDestroy(nodes); return(-1); } @@ -1334,11 +1098,7 @@ xmlSecTransformCtxExecute(xmlSecTransformCtxPtr ctx, xmlDocPtr doc) { } else { ret = xmlSecTransformCtxUriExecute(ctx, ctx->uri); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxUriExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxUriExecute", NULL); return(-1); } } @@ -1431,7 +1191,7 @@ xmlSecTransformCtxDebugXmlDump(xmlSecTransformCtxPtr ctx, FILE* output) { * @id: the transform id to create. * * Creates new transform of the @id klass. The caller is responsible for - * destroying returned tansform using #xmlSecTransformDestroy function. + * destroying returned transform using #xmlSecTransformDestroy function. * * Returns: pointer to newly created transform or NULL if an error occurs. */ @@ -1448,11 +1208,7 @@ xmlSecTransformCreate(xmlSecTransformId id) { /* Allocate a new xmlSecTransform and fill the fields. */ transform = (xmlSecTransformPtr)xmlMalloc(id->objSize); if(transform == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", id->objSize); + xmlSecMallocError(id->objSize, NULL); return(NULL); } memset(transform, 0, id->objSize); @@ -1461,11 +1217,8 @@ xmlSecTransformCreate(xmlSecTransformId id) { if(id->initialize != NULL) { ret = (id->initialize)(transform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "id->initialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("id->initialize", + xmlSecTransformGetName(transform)); xmlSecTransformDestroy(transform); return(NULL); } @@ -1473,22 +1226,16 @@ xmlSecTransformCreate(xmlSecTransformId id) { ret = xmlSecBufferInitialize(&(transform->inBuf), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", 0); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); xmlSecTransformDestroy(transform); return(NULL); } ret = xmlSecBufferInitialize(&(transform->outBuf), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", 0); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); xmlSecTransformDestroy(transform); return(NULL); } @@ -1531,7 +1278,7 @@ xmlSecTransformDestroy(xmlSecTransformPtr transform) { * xmlSecTransformNodeRead: * @node: the pointer to the transform's node. * @usage: the transform usage (signature, encryption, ...). - * @transformCtx: the transform's chaing processing context. + * @transformCtx: the transform's chain processing context. * * Reads transform from the @node as follows: * @@ -1557,23 +1304,15 @@ xmlSecTransformNodeRead(xmlNodePtr node, xmlSecTransformUsage usage, xmlSecTrans href = xmlGetProp(node, xmlSecAttrAlgorithm); if(href == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecAttrAlgorithm), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInvalidNodeAttributeError(node, xmlSecAttrAlgorithm, + NULL, "empty"); return(NULL); } id = xmlSecTransformIdListFindByHref(xmlSecTransformIdsGet(), href, usage); if(id == xmlSecTransformIdUnknown) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdListFindByHref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "href=%s", - xmlSecErrorsSafeString(href)); + xmlSecInternalError2("xmlSecTransformIdListFindByHref", NULL, + "href=%s", xmlSecErrorsSafeString(href)); xmlFree(href); return(NULL); } @@ -1581,24 +1320,17 @@ xmlSecTransformNodeRead(xmlNodePtr node, xmlSecTransformUsage usage, xmlSecTrans /* check with enabled transforms list */ if((xmlSecPtrListGetSize(&(transformCtx->enabledTransforms)) > 0) && (xmlSecTransformIdListFind(&(transformCtx->enabledTransforms), id) != 1)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id)), - XMLSEC_ERRORS_R_TRANSFORM_DISABLED, - "href=%s", - xmlSecErrorsSafeString(href)); + xmlSecOtherError2(XMLSEC_ERRORS_R_TRANSFORM_DISABLED, + xmlSecTransformKlassGetName(id), + "href=%s", xmlSecErrorsSafeString(href)); xmlFree(href); return(NULL); } transform = xmlSecTransformCreate(id); if(!xmlSecTransformIsValid(transform)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(id))); + xmlSecInternalError("xmlSecTransformCreate(id)", + xmlSecTransformKlassGetName(id)); xmlFree(href); return(NULL); } @@ -1606,12 +1338,8 @@ xmlSecTransformNodeRead(xmlNodePtr node, xmlSecTransformUsage usage, xmlSecTrans if(transform->id->readNode != NULL) { ret = transform->id->readNode(transform, node, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "id->readNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); + xmlSecInternalError("readNode", + xmlSecTransformGetName(transform)); xmlSecTransformDestroy(transform); xmlFree(href); return(NULL); @@ -1628,7 +1356,7 @@ xmlSecTransformNodeRead(xmlNodePtr node, xmlSecTransformUsage usage, xmlSecTrans * xmlSecTransformPump: * @left: the source pumping transform. * @right: the destination pumping transform. - * @transformCtx: the transform's chaing processing context. + * @transformCtx: the transform's chain processing context. * * Pops data from @left transform and pushes to @right transform until * no more data is available. @@ -1655,21 +1383,15 @@ xmlSecTransformPump(xmlSecTransformPtr left, xmlSecTransformPtr right, xmlSecTra ret = xmlSecTransformPopXml(left, &nodes, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(left)), - "xmlSecTransformPopXml", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPopXml", + xmlSecTransformGetName(left)); return(-1); } ret = xmlSecTransformPushXml(right, nodes, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(right)), - "xmlSecTransformPushXml", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPushXml", + xmlSecTransformGetName(right)); return(-1); } } else if(((leftType & xmlSecTransformDataTypeBin) != 0) && @@ -1681,30 +1403,22 @@ xmlSecTransformPump(xmlSecTransformPtr left, xmlSecTransformPtr right, xmlSecTra do { ret = xmlSecTransformPopBin(left, buf, sizeof(buf), &bufSize, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(left)), - "xmlSecTransformPopBin", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPopBin", + xmlSecTransformGetName(left)); return(-1); } final = (bufSize == 0) ? 1 : 0; ret = xmlSecTransformPushBin(right, buf, bufSize, final, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(right)), - "xmlSecTransformPushBin", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPushBin", + xmlSecTransformGetName(right)); return(-1); } } while(final == 0); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(left)), - xmlSecErrorsSafeString(xmlSecTransformGetName(right)), - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - "transforms input/output data formats do not match"); + xmlSecInvalidTransfromError2(left, + "transforms input/output data formats do not match, right transform=\"%s\"", + xmlSecErrorsSafeString(xmlSecTransformGetName(right))); } return(0); } @@ -1760,7 +1474,7 @@ xmlSecTransformSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { * @transform: the pointer to transform. * @data: the binary data for verification. * @dataSize: the data size. - * @transformCtx: the transform's chaing processing context. + * @transformCtx: the transform's chain processing context. * * Verifies the data with transform's processing results * (for digest, HMAC and signature transforms). The verification @@ -1782,7 +1496,7 @@ xmlSecTransformVerify(xmlSecTransformPtr transform, const xmlSecByte* data, * xmlSecTransformVerifyNodeContent: * @transform: the pointer to transform. * @node: the pointer to node. - * @transformCtx: the transform's chaing processing context. + * @transformCtx: the transform's chain processing context. * * Gets the @node content, base64 decodes it and calls #xmlSecTransformVerify * function to verify binary results. @@ -1801,21 +1515,15 @@ xmlSecTransformVerifyNodeContent(xmlSecTransformPtr transform, xmlNodePtr node, ret = xmlSecBufferInitialize(&buffer, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferBase64NodeContentRead(&buffer, node); if((ret < 0) || (xmlSecBufferGetData(&buffer) == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", + xmlSecTransformGetName(transform)); xmlSecBufferFinalize(&buffer); return(-1); } @@ -1823,11 +1531,8 @@ xmlSecTransformVerifyNodeContent(xmlSecTransformPtr transform, xmlNodePtr node, ret = xmlSecTransformVerify(transform, xmlSecBufferGetData(&buffer), xmlSecBufferGetSize(&buffer), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformVerify", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformVerify", + xmlSecTransformGetName(transform)); xmlSecBufferFinalize(&buffer); return(-1); } @@ -1840,7 +1545,7 @@ xmlSecTransformVerifyNodeContent(xmlSecTransformPtr transform, xmlNodePtr node, * xmlSecTransformGetDataType: * @transform: the pointer to transform. * @mode: the data mode (push or pop). - * @transformCtx: the transform's chaing processing context. + * @transformCtx: the transform's chain processing context. * * Gets transform input (@mode is "push") or output (@mode is "pop") data * type (binary or XML). @@ -1950,7 +1655,7 @@ xmlSecTransformPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nodes, * xmlSecTransformExecute: * @transform: the pointer to transform. * @last: the flag: if set to 1 then it's the last data chunk. - * @transformCtx: the transform's chaing processing context. + * @transformCtx: the transform's chain processing context. * * Executes transform (used by default popBin/pushBin/popXml/pushXml methods). * @@ -2010,7 +1715,7 @@ xmlSecTransformDebugXmlDump(xmlSecTransformPtr transform, FILE* output) { * xmlSecTransformConnect: * @left: the pointer to left (prev) transform. * @right: the pointer to right (next) transform. - * @transformCtx: the transform's chaing processing context. + * @transformCtx: the transform's chain processing context. * * If the data object is a node-set and the next transform requires octets, * the signature application MUST attempt to convert the node-set to an octet @@ -2073,24 +1778,17 @@ xmlSecTransformConnect(xmlSecTransformPtr left, xmlSecTransformPtr right, middleId = xmlSecTransformInclC14NId; } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(left)), - xmlSecErrorsSafeString(xmlSecTransformGetName(right)), - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - "leftType=%d;rightType=%d", - leftType, rightType); + xmlSecInvalidTransfromError2(left, + "transforms types do not match, right transform=\"%s\"", + xmlSecErrorsSafeString(xmlSecTransformGetName(right))); return(-1); } /* insert transform */ middle = xmlSecTransformCreate(middleId); if(middle == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(left)), - "xmlSecTransformCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(middleId))); + xmlSecInternalError("xmlSecTransformCreate", + xmlSecTransformKlassGetName(middleId)); return(-1); } left->next = middle; @@ -2129,7 +1827,7 @@ xmlSecTransformRemove(xmlSecTransformPtr transform) { * xmlSecTransformDefaultGetDataType: * @transform: the pointer to transform. * @mode: the data mode (push or pop). - * @transformCtx: the transform's chaing processing context. + * @transformCtx: the transform's chain processing context. * * Gets transform input (@mode is "push") or output (@mode is "pop") data * type (binary or XML) by analyzing available pushBin/popBin/pushXml/popXml @@ -2164,11 +1862,9 @@ xmlSecTransformDefaultGetDataType(xmlSecTransformPtr transform, xmlSecTransformM } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "mode=%d", mode); + xmlSecInvalidIntegerDataError("mode", mode, + "xmlSecTransformModePush,xmlSecTransformModePop", + xmlSecTransformGetName(transform)); return(xmlSecTransformDataTypeUnknown); } @@ -2214,11 +1910,9 @@ xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform, const xmlSecByte* da ret = xmlSecBufferAppend(&(transform->inBuf), data, chunkSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", chunkSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", chunkSize); return(-1); } @@ -2227,16 +1921,12 @@ xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform, const xmlSecByte* da } /* process data */ - inSize = xmlSecBufferGetSize(&(transform->inBuf)); - outSize = xmlSecBufferGetSize(&(transform->outBuf)); finalData = (((dataSize == 0) && (final != 0)) ? 1 : 0); ret = xmlSecTransformExecute(transform, finalData, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "final=%d", final); + xmlSecInternalError2("xmlSecTransformExecute", + xmlSecTransformGetName(transform), + "final=%d", final); return(-1); } @@ -2247,7 +1937,7 @@ xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform, const xmlSecByte* da finalData = 0; } - /* we don't want to puch too much */ + /* we don't want to push too much */ if(outSize > XMLSEC_TRANSFORM_BINARY_CHUNK) { outSize = XMLSEC_TRANSFORM_BINARY_CHUNK; finalData = 0; @@ -2259,11 +1949,9 @@ xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform, const xmlSecByte* da finalData, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform->next)), - "xmlSecTransformPushBin", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "final=%d;outSize=%d", final, outSize); + xmlSecInternalError3("xmlSecTransformPushBin", + xmlSecTransformGetName(transform->next), + "final=%d;outSize=%d", final, outSize); return(-1); } } @@ -2272,11 +1960,9 @@ xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform, const xmlSecByte* da if(outSize > 0) { ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } } @@ -2301,7 +1987,8 @@ xmlSecTransformDefaultPushBin(xmlSecTransformPtr transform, const xmlSecByte* da */ int xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data, - xmlSecSize maxDataSize, xmlSecSize* dataSize, xmlSecTransformCtxPtr transformCtx) { + xmlSecSize maxDataSize, xmlSecSize* dataSize, + xmlSecTransformCtxPtr transformCtx) { xmlSecSize outSize; int final = 0; int ret; @@ -2322,11 +2009,9 @@ xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data, /* ensure that we have space for at least one data chunk */ ret = xmlSecBufferSetMaxSize(&(transform->inBuf), inSize + chunkSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize + chunkSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", inSize + chunkSize); return(-1); } @@ -2335,11 +2020,8 @@ xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data, xmlSecBufferGetData(&(transform->inBuf)) + inSize, chunkSize, &chunkSize, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform->prev)), - "xmlSecTransformPopBin", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPopBin", + xmlSecTransformGetName(transform->prev)); return(-1); } @@ -2347,11 +2029,9 @@ xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data, if(chunkSize > 0) { ret = xmlSecBufferSetSize(&(transform->inBuf), inSize + chunkSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize + chunkSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", inSize + chunkSize); return(-1); } final = 0; /* the previous transform returned some data..*/ @@ -2365,11 +2045,8 @@ xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data, /* execute our transform */ ret = xmlSecTransformExecute(transform, final, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformExecute", + xmlSecTransformGetName(transform)); return(-1); } } @@ -2391,11 +2068,9 @@ xmlSecTransformDefaultPopBin(xmlSecTransformPtr transform, xmlSecByte* data, ret = xmlSecBufferRemoveHead(&(transform->outBuf), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } } @@ -2430,11 +2105,8 @@ xmlSecTransformDefaultPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nod transform->inNodes = nodes; ret = xmlSecTransformExecute(transform, 1, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformExecute", + xmlSecTransformGetName(transform)); return(-1); } @@ -2442,11 +2114,8 @@ xmlSecTransformDefaultPushXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr nod if(transform->next != NULL) { ret = xmlSecTransformPushXml(transform->next, transform->outNodes, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformPushXml", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPushXml", + xmlSecTransformGetName(transform)); return(-1); } } @@ -2478,11 +2147,8 @@ xmlSecTransformDefaultPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nod if(transform->prev != NULL) { ret = xmlSecTransformPopXml(transform->prev, &(transform->inNodes), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformPopXml", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPopXml", + xmlSecTransformGetName(transform)); return(-1); } } @@ -2490,11 +2156,8 @@ xmlSecTransformDefaultPopXml(xmlSecTransformPtr transform, xmlSecNodeSetPtr* nod /* execute our transform */ ret = xmlSecTransformExecute(transform, 1, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformExecute", + xmlSecTransformGetName(transform)); return(-1); } @@ -2733,21 +2396,16 @@ xmlSecTransformCreateOutputBuffer(xmlSecTransformPtr transform, xmlSecTransformC /* check that we have binary push method for this transform */ type = xmlSecTransformDefaultGetDataType(transform, xmlSecTransformModePush, transformCtx); if((type & xmlSecTransformDataTypeBin) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - "push binary data not supported"); + xmlSecInvalidTransfromError2(transform, + "push binary data not supported, type=\"%d\"", + (int)type); return(NULL); } buffer = xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferModeWrite, transform, transformCtx); if(buffer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformIOBufferCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIOBufferCreate", + xmlSecTransformGetName(transform)); return(NULL); } @@ -2756,11 +2414,7 @@ xmlSecTransformCreateOutputBuffer(xmlSecTransformPtr transform, xmlSecTransformC buffer, NULL); if(output == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferCreateIO", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferCreateIO", xmlSecTransformGetName(transform)); xmlSecTransformIOBufferDestroy(buffer); return(NULL); } @@ -2789,21 +2443,16 @@ xmlSecTransformCreateInputBuffer(xmlSecTransformPtr transform, xmlSecTransformCt /* check that we have binary pop method for this transform */ type = xmlSecTransformDefaultGetDataType(transform, xmlSecTransformModePop, transformCtx); if((type & xmlSecTransformDataTypeBin) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - "pop binary data not supported"); + xmlSecInvalidTransfromError2(transform, + "pop binary data not supported, type=\"%d\"", + (int)type); return(NULL); } buffer = xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferModeRead, transform, transformCtx); if(buffer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformIOBufferCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIOBufferCreate", + xmlSecTransformGetName(transform)); return(NULL); } @@ -2812,11 +2461,7 @@ xmlSecTransformCreateInputBuffer(xmlSecTransformPtr transform, xmlSecTransformCt buffer, XML_CHAR_ENCODING_NONE); if(input == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlParserInputBufferCreateIO", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlParserInputBufferCreateIO", xmlSecTransformGetName(transform)); xmlSecTransformIOBufferDestroy(buffer); return(NULL); } @@ -2834,11 +2479,7 @@ xmlSecTransformIOBufferCreate(xmlSecTransformIOBufferMode mode, xmlSecTransformP buffer = (xmlSecTransformIOBufferPtr)xmlMalloc(sizeof(xmlSecTransformIOBuffer)); if(buffer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", (int)sizeof(xmlSecTransformIOBuffer)); + xmlSecMallocError(sizeof(xmlSecTransformIOBuffer), NULL); return(NULL); } memset(buffer, 0, sizeof(xmlSecTransformIOBuffer)); @@ -2871,11 +2512,8 @@ xmlSecTransformIOBufferRead(xmlSecTransformIOBufferPtr buffer, ret = xmlSecTransformPopBin(buffer->transform, buf, size, &size, buffer->transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)), - "xmlSecTransformPopBin", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPopBin", + xmlSecTransformGetName(buffer->transform)); return(-1); } return(size); @@ -2894,11 +2532,8 @@ xmlSecTransformIOBufferWrite(xmlSecTransformIOBufferPtr buffer, ret = xmlSecTransformPushBin(buffer->transform, buf, size, 0, buffer->transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)), - "xmlSecTransformPushBin", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPushBin", + xmlSecTransformGetName(buffer->transform)); return(-1); } return(size); @@ -2916,11 +2551,8 @@ xmlSecTransformIOBufferClose(xmlSecTransformIOBufferPtr buffer) { if(buffer->mode == xmlSecTransformIOBufferModeWrite) { ret = xmlSecTransformPushBin(buffer->transform, NULL, 0, 1, buffer->transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(buffer->transform)), - "xmlSecTransformPushBin", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformPushBin", + xmlSecTransformGetName(buffer->transform)); return(-1); } } @@ -1,11 +1,19 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * + * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509 + * @Short_description: <dsig:X509Certificate/> node parser functions. + * @Stability: Stable + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -30,7 +38,6 @@ /** * xmlSecX509DataGetNodeContent: * @node: the pointer to <dsig:X509Data/> node. - * @deleteChildren: the flag that indicates whether to remove node children after reading. * @keyInfoCtx: the pointer to <dsig:KeyInfo/> node processing context. * * Reads the contents of <dsig:X509Data/> node and returns it as @@ -40,10 +47,8 @@ * or a negative value if an error occurs. */ int -xmlSecX509DataGetNodeContent (xmlNodePtr node, int deleteChildren, - xmlSecKeyInfoCtxPtr keyInfoCtx) { - xmlNodePtr cur, next; - int deleteCurNode; +xmlSecX509DataGetNodeContent (xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr cur; int content = 0; xmlSecAssert2(node != NULL, 0); @@ -52,42 +57,30 @@ xmlSecX509DataGetNodeContent (xmlNodePtr node, int deleteChildren, /* determine the current node content */ cur = xmlSecGetNextElementNode(node->children); while(cur != NULL) { - deleteCurNode = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_CERTIFICATE_NODE; - deleteCurNode = 1; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_SUBJECTNAME_NODE; - deleteCurNode = 1; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_ISSUERSERIAL_NODE; - deleteCurNode = 1; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_SKI_NODE; - deleteCurNode = 1; } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { if(xmlSecIsEmptyNode(cur) == 1) { content |= XMLSEC_X509DATA_CRL_NODE; - deleteCurNode = 1; } } else { /* todo: fail on unknown child node? */ } - next = xmlSecGetNextElementNode(cur->next); - if((deleteCurNode != 0) && (deleteChildren != 0)) { - /* remove "template" nodes */ - xmlUnlinkNode(cur); - xmlFreeNode(cur); - } - cur = next; + cur = xmlSecGetNextElementNode(cur->next); } return (content); diff --git a/src/xmldsig.c b/src/xmldsig.c index 304a869b..619e725a 100644 --- a/src/xmldsig.c +++ b/src/xmldsig.c @@ -1,15 +1,20 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * "XML Digital Signature" implementation - * http://www.w3.org/TR/xmldsig-core/ - * http://www.w3.org/Signature/Overview.html * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:xmldsig + * @Short_description: XML Digital Signature functions. + * @Stability: Stable + * + * [XML Digital Signature](http://www.w3.org/TR/xmldsig-core/) implementation. + */ + #include "globals.h" #ifndef XMLSEC_NO_XMLDSIG @@ -47,16 +52,12 @@ static int xmlSecDSigCtxProcessObjectNode (xmlSecDSigCtxPtr dsigCt xmlNodePtr node); static int xmlSecDSigCtxProcessManifestNode (xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node); + static int xmlSecDSigCtxProcessReferences (xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferenceNode); -/* TIZEN CUSTUMIZED */ -static int xmlSecHexToInt (char a); -static int xmlSecDecodeCmp (const xmlChar* encoded, - const xmlChar* plain); - /* The ID attribute in XMLDSig is 'Id' */ -static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL }; +static const xmlChar* xmlSecDSigIds[] = { xmlSecAttrId, NULL }; /** * xmlSecDSigCtxCreate: @@ -76,22 +77,13 @@ xmlSecDSigCtxCreate(xmlSecKeysMngrPtr keysMngr) { dsigCtx = (xmlSecDSigCtxPtr) xmlMalloc(sizeof(xmlSecDSigCtx)); if(dsigCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecDSigCtx)=%d", - (int)sizeof(xmlSecDSigCtx)); + xmlSecMallocError(sizeof(xmlSecDSigCtx), NULL); return(NULL); } ret = xmlSecDSigCtxInitialize(dsigCtx, keysMngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigCtxInitialize", NULL); xmlSecDSigCtxDestroy(dsigCtx); return(NULL); } @@ -134,22 +126,14 @@ xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) { /* initialize key info */ ret = xmlSecKeyInfoCtxInitialize(&(dsigCtx->keyInfoReadCtx), keysMngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", NULL); return(-1); } dsigCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead; ret = xmlSecKeyInfoCtxInitialize(&(dsigCtx->keyInfoWriteCtx), keysMngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", NULL); return(-1); } dsigCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite; @@ -159,11 +143,7 @@ xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) { /* initializes transforms dsigCtx */ ret = xmlSecTransformCtxInitialize(&(dsigCtx->transformCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxInitialize", NULL); return(-1); } @@ -171,21 +151,13 @@ xmlSecDSigCtxInitialize(xmlSecDSigCtxPtr dsigCtx, xmlSecKeysMngrPtr keysMngr) { ret = xmlSecPtrListInitialize(&(dsigCtx->signedInfoReferences), xmlSecDSigReferenceCtxListId); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize", NULL); return(ret); } ret = xmlSecPtrListInitialize(&(dsigCtx->manifestReferences), xmlSecDSigReferenceCtxListId); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize", NULL); return(ret); } @@ -221,50 +193,6 @@ xmlSecDSigCtxFinalize(xmlSecDSigCtxPtr dsigCtx) { memset(dsigCtx, 0, sizeof(xmlSecDSigCtx)); } -/* TIZEN CUSTUMIZED */ -int -xmlSecProxyCtxAdd(xmlSecProxyCtxPtr* proxyCtxPtrPtr, const xmlChar* uri) { - xmlSecProxyCtxPtr pc = (xmlSecProxyCtxPtr)xmlMalloc(sizeof(xmlSecProxyCtx)); - if(pc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", sizeof(xmlSecProxyCtx)); - return(-1); - } - - pc->cache = xmlStrdup(uri); - if(pc->cache == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "node=%s", - xmlSecErrorsSafeString(uri)); - xmlFree(pc); - return(-1); - } - pc->next = NULL; - - while(*proxyCtxPtrPtr != NULL) - proxyCtxPtrPtr = &((*proxyCtxPtrPtr)->next); - - *proxyCtxPtrPtr = pc; - return(0); -} - -void xmlSecProxyCtxDestroy(xmlSecProxyCtxPtr proxyCtxPtr) { - while(proxyCtxPtr != NULL) { - if(proxyCtxPtr->cache != NULL) - xmlFree(proxyCtxPtr->cache); - - xmlSecProxyCtxPtr next = proxyCtxPtr->next; - xmlFree(proxyCtxPtr); - proxyCtxPtr = next; - } -} - /** * xmlSecDSigCtxEnableReferenceTransform: * @dsigCtx: the pointer to <dsig:Signature/> processing context. @@ -285,22 +213,14 @@ xmlSecDSigCtxEnableReferenceTransform(xmlSecDSigCtxPtr dsigCtx, xmlSecTransformI if(dsigCtx->enabledReferenceTransforms == NULL) { dsigCtx->enabledReferenceTransforms = xmlSecPtrListCreate(xmlSecTransformIdListId); if(dsigCtx->enabledReferenceTransforms == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListCreate", NULL); return(-1); } } ret = xmlSecPtrListAdd(dsigCtx->enabledReferenceTransforms, (void*)transformId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", NULL); return(-1); } return(0); @@ -368,11 +288,7 @@ xmlSecDSigCtxSign(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr tmpl) { /* read signature template */ ret = xmlSecDSigCtxProcessSignatureNode(dsigCtx, tmpl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigCtxSignatureProcessNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigCtxProcessSignatureNode", NULL); return(-1); } xmlSecAssert2(dsigCtx->signMethod != NULL, -1); @@ -386,11 +302,7 @@ xmlSecDSigCtxSign(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr tmpl) { /* check what we've got */ dsigCtx->result = dsigCtx->transformCtx.result; if((dsigCtx->result == NULL) || (xmlSecBufferGetData(dsigCtx->result) == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_RESULT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_RESULT, NULL, NULL); return(-1); } @@ -409,7 +321,7 @@ xmlSecDSigCtxSign(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr tmpl) { * @dsigCtx: the pointer to <dsig:Signature/> processing context. * @node: the pointer with <dsig:Signature/> node. * - * Vaidates signature in the @node. The verification result is returned + * Validates signature in the @node. The verification result is returned * in #status member of the @dsigCtx object. * * Returns: 0 on success (check #status member of @dsigCtx to get @@ -431,11 +343,7 @@ xmlSecDSigCtxVerify(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* read signature info */ ret = xmlSecDSigCtxProcessSignatureNode(dsigCtx, node); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigCtxSignatureProcessNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigCtxProcessSignatureNode", NULL); return(-1); } xmlSecAssert2(dsigCtx->signMethod != NULL, -1); @@ -450,11 +358,7 @@ xmlSecDSigCtxVerify(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { ret = xmlSecTransformVerifyNodeContent(dsigCtx->signMethod, dsigCtx->signValueNode, &(dsigCtx->transformCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformVerifyNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformVerifyNodeContent", NULL); return(-1); } @@ -535,12 +439,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { xmlSecAssert2(node != NULL, -1); if(!xmlSecCheckNodeName(node, xmlSecNodeSignature, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeSignature)); + xmlSecInvalidNodeError(node, xmlSecNodeSignature, NULL); return(-1); } @@ -551,12 +450,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* first node is required SignedInfo */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeSignedInfo, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeSignedInfo)); + xmlSecInvalidNodeError(cur, xmlSecNodeSignedInfo, NULL); return(-1); } signedInfoNode = cur; @@ -564,12 +458,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* next node is required SignatureValue */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeSignatureValue, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeSignatureValue)); + xmlSecInvalidNodeError(cur, xmlSecNodeSignatureValue, NULL); return(-1); } dsigCtx->signValueNode = cur; @@ -589,11 +478,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_IGNORE_MANIFESTS) == 0) { ret = xmlSecDSigCtxProcessObjectNode(dsigCtx, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigCtxProcessObjectNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigCtxProcessObjectNode", NULL); return(-1); } } @@ -602,22 +487,14 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* if there is something left than it's an error */ if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } /* now validated all the references and prepare transform */ ret = xmlSecDSigCtxProcessSignedInfoNode(dsigCtx, signedInfoNode, &firstReferenceNode); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigCtxProcessSignedInfoNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigCtxProcessSignedInfoNode", NULL); return(-1); } @@ -628,39 +505,21 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* now read key info node */ ret = xmlSecDSigCtxProcessKeyInfoNode(dsigCtx, keyInfoNode); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigCtxProcessKeyInfoNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigCtxProcessKeyInfoNode", NULL); return(-1); } /* as the result, we should have a key */ xmlSecAssert2(dsigCtx->signKey != NULL, -1); - /* TIZEN CUSTUMIZED : if no-hash mode, skip processing references */ - if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_IGNORE_REFERENCES) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_MAX_NUMBER, - "Skip processing references. no-hash mode."); - dsigCtx->status = xmlSecDSigStatusSucceeded; - } else { - /* now actually process references and calculate digests */ - ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigCtxProcessReferences", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - /* references processing might change the status */ - if(dsigCtx->status != xmlSecDSigStatusUnknown) { - return(0); - } + /* now actually process references and calculate digests */ + ret = xmlSecDSigCtxProcessReferences(dsigCtx, firstReferenceNode); + if(ret < 0) { + xmlSecInternalError("xmlSecDSigCtxProcessReferences", NULL); + return(-1); + } + /* references processing might change the status */ + if(dsigCtx->status != xmlSecDSigStatusUnknown) { + return(0); } /* if we need to write result to xml node then we need base64 encode result */ @@ -671,11 +530,7 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { base64Encode = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx), xmlSecTransformBase64Id); if(base64Encode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", NULL); return(-1); } base64Encode->operation = xmlSecTransformOperationEncode; @@ -690,34 +545,21 @@ xmlSecDSigCtxProcessSignatureNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { xmlSecAssert2(signedInfoNode != NULL, -1); nodeset = xmlSecNodeSetGetChildren(signedInfoNode->doc, signedInfoNode, 1, 0); if(nodeset == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNodeSetGetChildren", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(signedInfoNode))); + xmlSecInternalError("xmlSecNodeSetGetChildren(signedInfoNode)", NULL); return(-1); } /* calculate the signature */ ret = xmlSecTransformCtxXmlExecute(&(dsigCtx->transformCtx), nodeset); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxXmlExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxXmlExecute", NULL); xmlSecNodeSetDestroy(nodeset); return(-1); } xmlSecNodeSetDestroy(nodeset); } else { /* TODO */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "the binary c14n transforms are not supported yet", - XMLSEC_ERRORS_R_NOT_IMPLEMENTED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNotImplementedError("binary c14n transforms"); return(-1); } return(0); @@ -777,12 +619,8 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm dsigCtx->c14nMethod = xmlSecTransformCtxNodeRead(&(dsigCtx->transformCtx), cur, xmlSecTransformUsageC14NMethod); if(dsigCtx->c14nMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError2("xmlSecTransformCtxNodeRead", NULL, + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } } else if(dsigCtx->defC14NMethodId != xmlSecTransformIdUnknown) { @@ -792,20 +630,14 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm dsigCtx->c14nMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx), dsigCtx->defC14NMethodId); if(dsigCtx->c14nMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", NULL); return(-1); } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CanonicalizationMethod", - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeCanonicalizationMethod)); + /* if c14n method is not specified in the template and not specified in + * the dsig context then it's an error. + */ + xmlSecInvalidNodeError(cur, xmlSecNodeCanonicalizationMethod, NULL); return(-1); } @@ -815,12 +647,8 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm dsigCtx->preSignMemBufMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx), xmlSecTransformMemBufId); if(dsigCtx->preSignMemBufMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId))); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", + xmlSecTransformKlassGetName(xmlSecTransformMemBufId)); } } @@ -830,14 +658,11 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm dsigCtx->signMethod = xmlSecTransformCtxNodeRead(&(dsigCtx->transformCtx), cur, xmlSecTransformUsageSignatureMethod); if(dsigCtx->signMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError("xmlSecTransformCtxNodeRead", + xmlSecNodeGetName(cur)); return(-1); } + cur = xmlSecGetNextElementNode(cur->next); } else if(dsigCtx->defSignMethodId != xmlSecTransformIdUnknown) { /* the dsig spec does require SignatureMethod node * to be present but in some case it application might decide to @@ -845,28 +670,19 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm dsigCtx->signMethod = xmlSecTransformCtxCreateAndAppend(&(dsigCtx->transformCtx), dsigCtx->defSignMethodId); if(dsigCtx->signMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", NULL); return(-1); } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeSignatureMethod)); + /* if sign method is not specified in the template and not specified in + * the dsig context then it's an error. + */ + xmlSecInvalidNodeError(cur, xmlSecNodeSignatureMethod, NULL); return(-1); } dsigCtx->signMethod->operation = dsigCtx->operation; /* read references */ - if(cur != NULL) { - cur = xmlSecGetNextElementNode(cur->next); - } while((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs))) { /* record first reference node */ if((*firstReferenceNode) == NULL) { @@ -880,21 +696,13 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm /* check that we have at least one Reference */ if(refNodesCount == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_DSIG_NO_REFERENCES, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_DSIG_NO_REFERENCES, NULL, NULL); return(-1); } /* if there is something left than it's an error */ if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } @@ -902,44 +710,6 @@ xmlSecDSigCtxProcessSignedInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node, xm return(0); } -static int -xmlSecHexToInt(char a) -{ - if (a >= '0' && a <= '9') return(a - '0'); - if (a >= 'A' && a <= 'F') return(a - 'A' + 10); - if (a >= 'a' && a <= 'f') return(a - 'a' + 10); - - return(-1); -} - -static int -xmlSecDecodeCmp(const xmlChar* encoded, const xmlChar* plain) { - - xmlSecAssert2(encoded != NULL, -1); - xmlSecAssert2(plain != NULL, -1); - - while(*plain != '\0') { - if(*encoded == '\0') - return(-1); - - /* check encoded char is same with plain char */ - if(*encoded == '%') { - if(*(encoded + 1) == '\0' &&*(encoded + 2) == '\0') - return(-1); - - if((int)*plain != - xmlSecHexToInt(*(encoded + 1)) * 16 + xmlSecHexToInt(*(encoded + 2))) - return(-1); - - encoded += 3; - plain++; - } else { - if(*(encoded++) != *(plain++)) - return(-1); - } - } - return(0); -} static int xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferenceNode) { @@ -957,123 +727,21 @@ xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferen for(cur = firstReferenceNode; (cur != NULL); cur = xmlSecGetNextElementNode(cur->next)) { /* already checked but we trust none */ if(!xmlSecCheckNodeName(cur, xmlSecNodeReference, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeReference)); + xmlSecInvalidNodeError(cur, xmlSecNodeReference, NULL); return(-1); } - /* TIZEN CUTUMIZED : skip uri in proxy caches for proxy mode */ - if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_SKIP_PROXY) != 0) { - - int isInProxy = 0; - if(dsigCtx->skipReferences != NULL) { - xmlChar* refUri = xmlGetProp(cur, xmlSecAttrURI); - if(refUri == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); - return(-1); - } - - xmlSecProxyCtxPtr pc = dsigCtx->skipReferences; - while(pc != NULL) { - if(strncmp((char*)refUri, (char*)pc->cache, xmlStrlen(refUri)) == 0) { - isInProxy = 1; - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_MAX_NUMBER, - "[%s] is already checked by singature-validator.", - refUri); - break; - } - pc = pc->next; - } - xmlFree(refUri); - } else { - /* if proxy is not exist, process references */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_MAX_NUMBER, - "Proxy doesn't exist."); - } - - if(isInProxy) - continue; - } - - /* TIZEN CUTUMIZED : check uri only in proxy caches for partial mode */ - if((dsigCtx->flags & XMLSEC_DSIG_FLAGS_CHECK_PROXY) != 0) { - - int isInProxy = 0; - if(dsigCtx->checkReferences != NULL) { - xmlChar* refUri = xmlGetProp(cur, xmlSecAttrURI); - if(refUri == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); - return(-1); - } - - xmlSecProxyCtxPtr pc = dsigCtx->checkReferences; - while(pc != NULL) { - if(xmlSecDecodeCmp(refUri, pc->cache) == 0) { - isInProxy = 1; - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_MAX_NUMBER, - "Check [%s] on processing references.", - refUri); - break; - } - pc = pc->next; - } - xmlFree(refUri); - } else { - /* if proxy is not exist, process references */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_MAX_NUMBER, - "Proxy doesn't exist."); - } - - /* if not exist on proxy, skip on processing references */ - if(isInProxy == 0) - continue; - } - /* create reference */ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginSignedInfo); if(dsigRefCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigReferenceCtxCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigReferenceCtxCreate", NULL); return(-1); } /* add to the list */ ret = xmlSecPtrListAdd(&(dsigCtx->signedInfoReferences), dsigRefCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", NULL); xmlSecDSigReferenceCtxDestroy(dsigRefCtx); return(-1); } @@ -1081,12 +749,8 @@ xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferen /* process */ ret = xmlSecDSigReferenceCtxProcessNode(dsigRefCtx, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigReferenceCtxProcessNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError("xmlSecDSigReferenceCtxProcessNode", + xmlSecNodeGetName(cur)); return(-1); } @@ -1101,6 +765,7 @@ xmlSecDSigCtxProcessReferences(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr firstReferen return(0); } + static int xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { int ret; @@ -1111,12 +776,8 @@ xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* set key requirements */ ret = xmlSecTransformSetKeyReq(dsigCtx->signMethod, &(dsigCtx->keyInfoReadCtx.keyReq)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformSetKeyReq", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(dsigCtx->signMethod))); + xmlSecInternalError("xmlSecTransformSetKeyReq", + xmlSecTransformGetName(dsigCtx->signMethod)); return(-1); } @@ -1129,23 +790,15 @@ xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* check that we have exactly what we want */ if((dsigCtx->signKey == NULL) || (!xmlSecKeyMatch(dsigCtx->signKey, NULL, &(dsigCtx->keyInfoReadCtx.keyReq)))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_KEY_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_NOT_FOUND, NULL, NULL); return(-1); } /* set the key to the transform */ ret = xmlSecTransformSetKey(dsigCtx->signMethod, dsigCtx->signKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformSetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(dsigCtx->signMethod))); + xmlSecInternalError("xmlSecTransformSetKey", + xmlSecTransformGetName(dsigCtx->signMethod)); return(-1); } @@ -1153,11 +806,7 @@ xmlSecDSigCtxProcessKeyInfoNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { if((node != NULL) && (dsigCtx->operation == xmlSecTransformOperationSign)) { ret = xmlSecKeyInfoNodeWrite(node, dsigCtx->signKey, &(dsigCtx->keyInfoWriteCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoNodeWrite", NULL); return(-1); } } @@ -1208,11 +857,7 @@ xmlSecDSigCtxProcessObjectNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { if(xmlSecCheckNodeName(cur, xmlSecNodeManifest, xmlSecDSigNs)) { ret = xmlSecDSigCtxProcessManifestNode(dsigCtx, cur); if(ret < 0){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigCtxProcessManifestNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigCtxProcessManifestNode", NULL); return(-1); } } @@ -1267,22 +912,14 @@ xmlSecDSigCtxProcessManifestNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* create reference */ dsigRefCtx = xmlSecDSigReferenceCtxCreate(dsigCtx, xmlSecDSigReferenceOriginManifest); if(dsigRefCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigReferenceCtxCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigReferenceCtxCreate", NULL); return(-1); } /* add to the list */ ret = xmlSecPtrListAdd(&(dsigCtx->manifestReferences), dsigRefCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", NULL); xmlSecDSigReferenceCtxDestroy(dsigRefCtx); return(-1); } @@ -1290,12 +927,8 @@ xmlSecDSigCtxProcessManifestNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* process */ ret = xmlSecDSigReferenceCtxProcessNode(dsigRefCtx, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigReferenceCtxProcessNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError("xmlSecDSigReferenceCtxProcessNode", + xmlSecNodeGetName(cur)); return(-1); } @@ -1306,11 +939,7 @@ xmlSecDSigCtxProcessManifestNode(xmlSecDSigCtxPtr dsigCtx, xmlNodePtr node) { /* we should have nothing else here */ if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } return(0); @@ -1516,22 +1145,13 @@ xmlSecDSigReferenceCtxCreate(xmlSecDSigCtxPtr dsigCtx, xmlSecDSigReferenceOrigin dsigRefCtx = (xmlSecDSigReferenceCtxPtr) xmlMalloc(sizeof(xmlSecDSigReferenceCtx)); if(dsigRefCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecDSigReferenceCtx)=%d", - (int)sizeof(xmlSecDSigReferenceCtx)); + xmlSecMallocError(sizeof(xmlSecDSigReferenceCtx), NULL); return(NULL); } ret = xmlSecDSigReferenceCtxInitialize(dsigRefCtx, dsigCtx, origin); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecDSigReferenceCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecDSigReferenceCtxInitialize", NULL); xmlSecDSigReferenceCtxDestroy(dsigRefCtx); return(NULL); } @@ -1580,11 +1200,7 @@ xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlSecDSi /* initializes transforms dsigRefCtx */ ret = xmlSecTransformCtxInitialize(&(dsigRefCtx->transformCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxInitialize", NULL); return(-1); } @@ -1593,11 +1209,7 @@ xmlSecDSigReferenceCtxInitialize(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlSecDSi ret = xmlSecPtrListCopy(&(dsigRefCtx->transformCtx.enabledTransforms), dsigCtx->enabledReferenceTransforms); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListCopy", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListCopy", NULL); return(-1); } } @@ -1697,12 +1309,8 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP /* set start URI (and check that it is enabled!) */ ret = xmlSecTransformCtxSetUri(transformCtx, dsigRefCtx->uri, node); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxSetUri", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", - xmlSecErrorsSafeString(dsigRefCtx->uri)); + xmlSecInternalError2("xmlSecTransformCtxSetUri", NULL, + "uri=%s", xmlSecErrorsSafeString(dsigRefCtx->uri)); return(-1); } @@ -1712,12 +1320,8 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP ret = xmlSecTransformCtxNodesListRead(transformCtx, cur, xmlSecTransformUsageDSigTransform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxNodesListRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError2("xmlSecTransformCtxNodesListRead", NULL, + "node=%s", xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); return(-1); } @@ -1735,12 +1339,7 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP transformCtx, xmlSecTransformMemBufId); if(dsigRefCtx->preDigestMemBufMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecTransformMemBufId))); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend(xmlSecTransformMemBufId)", NULL); return(-1); } } @@ -1750,12 +1349,8 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP dsigRefCtx->digestMethod = xmlSecTransformCtxNodeRead(&(dsigRefCtx->transformCtx), cur, xmlSecTransformUsageDigestMethod); if(dsigRefCtx->digestMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError("xmlSecTransformCtxNodeRead", + xmlSecNodeGetName(cur)); return(-1); } @@ -1767,20 +1362,14 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP dsigRefCtx->digestMethod = xmlSecTransformCtxCreateAndAppend(&(dsigRefCtx->transformCtx), dsigRefCtx->dsigCtx->defSignMethodId); if(dsigRefCtx->digestMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", NULL); return(-1); } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeDigestMethod)); + /* if digest method is not specified in the template and not specified in + * the dsig context then it's an error. + */ + xmlSecInvalidNodeError(cur, xmlSecNodeDigestMethod, NULL); return(-1); } dsigRefCtx->digestMethod->operation = dsigRefCtx->dsigCtx->operation; @@ -1790,22 +1379,13 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP digestValueNode = cur; cur = xmlSecGetNextElementNode(cur->next); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDigestValue)); + xmlSecInvalidNodeError(cur, xmlSecNodeDigestValue, NULL); return(-1); } /* if we have something else then it's an error */ if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } @@ -1816,11 +1396,7 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP /* we need to add base64 encode transform */ base64Encode = xmlSecTransformCtxCreateAndAppend(transformCtx, xmlSecTransformBase64Id); if(base64Encode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", NULL); return(-1); } base64Encode->operation = xmlSecTransformOperationEncode; @@ -1829,23 +1405,14 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP /* finally get transforms results */ ret = xmlSecTransformCtxExecute(transformCtx, node->doc); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri:%s", - xmlSecErrorsSafeString(dsigRefCtx->uri)); + xmlSecInternalError("xmlSecTransformCtxExecute", NULL); return(-1); } dsigRefCtx->result = transformCtx->result; if(dsigRefCtx->dsigCtx->operation == xmlSecTransformOperationSign) { if((dsigRefCtx->result == NULL) || (xmlSecBufferGetData(dsigRefCtx->result) == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxExecute", NULL); return(-1); } @@ -1861,12 +1428,7 @@ xmlSecDSigReferenceCtxProcessNode(xmlSecDSigReferenceCtxPtr dsigRefCtx, xmlNodeP ret = xmlSecTransformVerifyNodeContent(dsigRefCtx->digestMethod, digestValueNode, transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformVerifyNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri:%s", - xmlSecErrorsSafeString(dsigRefCtx->uri)); + xmlSecInternalError("xmlSecTransformVerifyNodeContent", NULL); return(-1); } @@ -2027,6 +1589,7 @@ xmlSecDSigReferenceCtxDebugXmlDump(xmlSecDSigReferenceCtxPtr dsigRefCtx, FILE* o } } + /************************************************************************** * * xmlSecDSigReferenceCtxListKlass @@ -2053,3 +1616,5 @@ xmlSecDSigReferenceCtxListGetKlass(void) { } #endif /* XMLSEC_NO_XMLDSIG */ + + diff --git a/src/xmlenc.c b/src/xmlenc.c index 36c7bcad..825ed4c4 100644 --- a/src/xmlenc.c +++ b/src/xmlenc.c @@ -1,14 +1,20 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * "XML Encryption" implementation - * http://www.w3.org/TR/xmlenc-core * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:xmlenc + * @Short_description: XML Encryption support. + * @Stability: Stable + * + * [XML Encryption](http://www.w3.org/TR/xmlenc-core) implementation. + */ + #include "globals.h" #ifndef XMLSEC_NO_XMLENC @@ -60,22 +66,13 @@ xmlSecEncCtxCreate(xmlSecKeysMngrPtr keysMngr) { encCtx = (xmlSecEncCtxPtr) xmlMalloc(sizeof(xmlSecEncCtx)); if(encCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecEncCtx)=%d", - (int)sizeof(xmlSecEncCtx)); + xmlSecMallocError(sizeof(xmlSecEncCtx), NULL); return(NULL); } ret = xmlSecEncCtxInitialize(encCtx, keysMngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxInitialize", NULL); xmlSecEncCtxDestroy(encCtx); return(NULL); } @@ -118,22 +115,14 @@ xmlSecEncCtxInitialize(xmlSecEncCtxPtr encCtx, xmlSecKeysMngrPtr keysMngr) { /* initialize key info */ ret = xmlSecKeyInfoCtxInitialize(&(encCtx->keyInfoReadCtx), keysMngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", NULL); return(-1); } encCtx->keyInfoReadCtx.mode = xmlSecKeyInfoModeRead; ret = xmlSecKeyInfoCtxInitialize(&(encCtx->keyInfoWriteCtx), keysMngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", NULL); return(-1); } encCtx->keyInfoWriteCtx.mode = xmlSecKeyInfoModeWrite; @@ -143,11 +132,7 @@ xmlSecEncCtxInitialize(xmlSecEncCtxPtr encCtx, xmlSecKeysMngrPtr keysMngr) { /* initializes transforms encCtx */ ret = xmlSecTransformCtxInitialize(&(encCtx->transformCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxInitialize", NULL); return(-1); } @@ -261,31 +246,19 @@ xmlSecEncCtxCopyUserPref(xmlSecEncCtxPtr dst, xmlSecEncCtxPtr src) { ret = xmlSecTransformCtxCopyUserPref(&(dst->transformCtx), &(src->transformCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCopyUserPref", NULL); return(-1); } ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoReadCtx), &(src->keyInfoReadCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxCopyUserPref", NULL); return(-1); } ret = xmlSecKeyInfoCtxCopyUserPref(&(dst->keyInfoWriteCtx), &(src->keyInfoWriteCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoCtxCopyUserPref", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxCopyUserPref", NULL); return(-1); } @@ -320,22 +293,14 @@ xmlSecEncCtxBinaryEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, /* read the template and set encryption method, key, etc. */ ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxEncDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxEncDataNodeRead", NULL); return(-1); } ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxBinaryExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "dataSize=%d", - dataSize); + xmlSecInternalError2("xmlSecTransformCtxBinaryExecute", NULL, + "dataSize=%d", dataSize); return(-1); } @@ -344,11 +309,7 @@ xmlSecEncCtxBinaryEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, ret = xmlSecEncCtxEncDataNodeWrite(encCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxEncDataNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxEncDataNodeWrite", NULL); return(-1); } return(0); @@ -383,21 +344,13 @@ xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) /* read the template and set encryption method, key, etc. */ ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxEncDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxEncDataNodeRead", NULL); return(-1); } ret = xmlSecTransformCtxPrepare(&(encCtx->transformCtx), xmlSecTransformDataTypeBin); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxPrepare", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "type=bin"); + xmlSecInternalError("xmlSecTransformCtxPrepare(TypeBin)", NULL); return(-1); } @@ -405,11 +358,8 @@ xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) output = xmlSecTransformCreateOutputBuffer(encCtx->transformCtx.first, &(encCtx->transformCtx)); if(output == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->transformCtx.first)), - "xmlSecTransformCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCreateOutputBuffer", + xmlSecTransformGetName(encCtx->transformCtx.first)); return(-1); } @@ -425,12 +375,8 @@ xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) xmlNodeDumpOutput(output, node->doc, cur, 0, 0, NULL); } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "type=%s", - xmlSecErrorsSafeString(encCtx->type)); + xmlSecInvalidStringTypeError("encryption type", encCtx->type, + "supported encryption type", NULL); xmlOutputBufferClose(output); return(-1); } @@ -438,11 +384,7 @@ xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) /* close the buffer and flush everything */ ret = xmlOutputBufferClose(output); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlOutputBufferClose", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferClose", NULL); return(-1); } @@ -451,11 +393,7 @@ xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) ret = xmlSecEncCtxEncDataNodeWrite(encCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxEncDataNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxEncDataNodeWrite", NULL); return(-1); } @@ -465,23 +403,15 @@ xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceNodeAndReturn(node, tmpl, &(encCtx->replacedNodeList)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecReplaceNodeAndReturn", + xmlSecNodeGetName(node)); return(-1); } } else { ret = xmlSecReplaceNode(node, tmpl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecReplaceNode", + xmlSecNodeGetName(node)); return(-1); } } @@ -492,38 +422,27 @@ xmlSecEncCtxXmlEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, xmlNodePtr node) if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceContentAndReturn(node, tmpl, &(encCtx->replacedNodeList)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceContentAndReturn", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecReplaceContentAndReturn", + xmlSecNodeGetName(node)); return(-1); } } else { ret = xmlSecReplaceContent(node, tmpl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecReplaceContent", + xmlSecNodeGetName(node)); return(-1); } } encCtx->resultReplaced = 1; } else { - /* we should've catached this error before */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "type=%s", - xmlSecErrorsSafeString(encCtx->type)); - return(-1); + /* we should've caught this error before */ + xmlSecInvalidStringTypeError("encryption type", encCtx->type, + "supported encryption type", NULL); + return(-1); } + /* done */ return(0); } @@ -553,34 +472,22 @@ xmlSecEncCtxUriEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, const xmlChar *u /* we need to add input uri transform first */ ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, tmpl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxSetUri", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecTransformCtxSetUri", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } /* read the template and set encryption method, key, etc. */ ret = xmlSecEncCtxEncDataNodeRead(encCtx, tmpl); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxEncDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxEncDataNodeRead", NULL); return(-1); } /* encrypt the data */ ret = xmlSecTransformCtxExecute(&(encCtx->transformCtx), tmpl->doc); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxExecute", NULL); return(-1); } @@ -589,11 +496,7 @@ xmlSecEncCtxUriEncrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr tmpl, const xmlChar *u ret = xmlSecEncCtxEncDataNodeWrite(encCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxEncDataNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxEncDataNodeWrite", NULL); return(-1); } @@ -620,11 +523,7 @@ xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* decrypt */ buffer = xmlSecEncCtxDecryptToBuffer(encCtx, node); if(buffer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxDecryptToBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxDecryptToBuffer", NULL); return(-1); } @@ -634,23 +533,15 @@ xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceNodeBufferAndReturn", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecReplaceNodeBufferAndReturn", + xmlSecNodeGetName(node)); return(-1); } } else { ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceNodeBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecReplaceNodeBuffer", + xmlSecNodeGetName(node)); return(-1); } } @@ -663,23 +554,15 @@ xmlSecEncCtxDecrypt(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { if((encCtx->flags & XMLSEC_ENC_RETURN_REPLACED_NODE) != 0) { ret = xmlSecReplaceNodeBufferAndReturn(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer), &(encCtx->replacedNodeList)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceNodeBufferAndReturn", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecReplaceNodeBufferAndReturn", + xmlSecNodeGetName(node)); return(-1); } } else { ret = xmlSecReplaceNodeBuffer(node, xmlSecBufferGetData(buffer), xmlSecBufferGetSize(buffer)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecReplaceNodeBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(node))); + xmlSecInternalError("xmlSecReplaceNodeBuffer", + xmlSecNodeGetName(node)); return(-1); } } @@ -712,11 +595,7 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { ret = xmlSecEncCtxEncDataNodeRead(encCtx, node); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxEncDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxEncDataNodeRead", NULL); return(NULL); } @@ -727,22 +606,14 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { data = xmlNodeGetContent(encCtx->cipherValueNode); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->cipherValueNode)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(encCtx->cipherValueNode, NULL, "empty"); return(NULL); } dataSize = xmlStrlen(data); ret = xmlSecTransformCtxBinaryExecute(&(encCtx->transformCtx), data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxBinaryExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxBinaryExecute", NULL); if(data != NULL) { xmlFree(data); } @@ -754,11 +625,7 @@ xmlSecEncCtxDecryptToBuffer(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { } else { ret = xmlSecTransformCtxExecute(&(encCtx->transformCtx), node->doc); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxBinaryExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxExecute", NULL); return(NULL); } } @@ -781,23 +648,13 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { switch(encCtx->mode) { case xmlEncCtxModeEncryptedData: if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedData, xmlSecEncNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeEncryptedData)); + xmlSecInvalidNodeError(node, xmlSecNodeEncryptedData, NULL); return(-1); } break; case xmlEncCtxModeEncryptedKey: if(!xmlSecCheckNodeName(node, xmlSecNodeEncryptedKey, xmlSecEncNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeEncryptedKey)); + xmlSecInvalidNodeError(node, xmlSecNodeEncryptedKey, NULL); return(-1); } break; @@ -837,22 +694,13 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* next is required CipherData node */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeCipherData, xmlSecEncNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeCipherData)); + xmlSecInvalidNodeError(cur, xmlSecNodeCipherData, NULL); return(-1); } ret = xmlSecEncCtxCipherDataNodeRead(encCtx, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxCipherDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecEncCtxCipherDataNodeRead", NULL); return(-1); } cur = xmlSecGetNextElementNode(cur->next); @@ -873,12 +721,7 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { if((cur != NULL) && (xmlSecCheckNodeName(cur, xmlSecNodeCarriedKeyName, xmlSecEncNs))) { encCtx->carriedKeyName = xmlNodeGetContent(cur); if(encCtx->carriedKeyName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeCipherData)); + xmlSecInvalidNodeContentError(cur, NULL, "empty"); return(-1); } /* TODO: decode the name? */ @@ -888,11 +731,7 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* if there is something left than it's an error */ if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } @@ -902,31 +741,20 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { encCtx->encMethod = xmlSecTransformCtxNodeRead(&(encCtx->transformCtx), encCtx->encMethodNode, xmlSecTransformUsageEncryptionMethod); if(encCtx->encMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode))); + xmlSecInternalError("xmlSecTransformCtxNodeRead", + xmlSecNodeGetName(encCtx->encMethodNode)); return(-1); } } else if(encCtx->defEncMethodId != xmlSecTransformIdUnknown) { encCtx->encMethod = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), encCtx->defEncMethodId); if(encCtx->encMethod == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", + xmlSecTransformKlassGetName(encCtx->defEncMethodId)); return(-1); } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "encryption method not specified"); + xmlSecInvalidDataError("encryption method not specified", NULL); return(-1); } encCtx->encMethod->operation = encCtx->operation; @@ -934,12 +762,8 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* we have encryption method, find key */ ret = xmlSecTransformSetKeyReq(encCtx->encMethod, &(encCtx->keyInfoReadCtx.keyReq)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformSetKeyReq", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod))); + xmlSecInternalError("xmlSecTransformSetKeyReq", + xmlSecTransformGetName(encCtx->encMethod)); return(-1); } @@ -954,23 +778,17 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { if((encCtx->encKey == NULL) || (!xmlSecKeyMatch(encCtx->encKey, NULL, &(encCtx->keyInfoReadCtx.keyReq)))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_KEY_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_KEY_NOT_FOUND, NULL, + "encMethod=%s", + xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod))); return(-1); } /* set the key to the transform */ ret = xmlSecTransformSetKey(encCtx->encMethod, encCtx->encKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformSetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformGetName(encCtx->encMethod))); + xmlSecInternalError("xmlSecTransformSetKey", + xmlSecTransformGetName(encCtx->encMethod)); return(-1); } @@ -981,11 +799,7 @@ xmlSecEncCtxEncDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* we need to add base64 encode transform */ base64Encode = xmlSecTransformCtxCreateAndAppend(&(encCtx->transformCtx), xmlSecTransformBase64Id); if(base64Encode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCreateAndAppend", NULL); return(-1); } base64Encode->operation = xmlSecTransformOperationEncode; @@ -1017,11 +831,7 @@ xmlSecEncCtxEncDataNodeWrite(xmlSecEncCtxPtr encCtx) { if(encCtx->keyInfoNode != NULL) { ret = xmlSecKeyInfoNodeWrite(encCtx->keyInfoNode, encCtx->encKey, &(encCtx->keyInfoWriteCtx)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyInfoNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoNodeWrite", NULL); return(-1); } } @@ -1049,11 +859,7 @@ xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* we need to add base64 decode transform */ base64Decode = xmlSecTransformCtxCreateAndPrepend(&(encCtx->transformCtx), xmlSecTransformBase64Id); if(base64Decode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxCreateAndPrepend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCtxCreateAndPrepend", NULL); return(-1); } } @@ -1064,12 +870,8 @@ xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { if(encCtx->operation == xmlSecTransformOperationDecrypt) { ret = xmlSecEncCtxCipherReferenceNodeRead(encCtx, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecEncCtxCipherReferenceNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInternalError("xmlSecEncCtxCipherReferenceNodeRead", + xmlSecNodeGetName(cur)); return(-1); } } @@ -1077,11 +879,7 @@ xmlSecEncCtxCipherDataNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } return(0); @@ -1100,12 +898,8 @@ xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { uri = xmlGetProp(node, xmlSecAttrURI); ret = xmlSecTransformCtxSetUri(&(encCtx->transformCtx), uri, node); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxSetUri", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecTransformCtxSetUri", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); xmlFree(uri); return(-1); } @@ -1118,12 +912,8 @@ xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { ret = xmlSecTransformCtxNodesListRead(&(encCtx->transformCtx), cur, xmlSecTransformUsageDSigTransform); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformCtxNodesListRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(encCtx->encMethodNode))); + xmlSecInternalError("xmlSecTransformCtxNodesListRead", + xmlSecNodeGetName(encCtx->encMethodNode)); return(-1); } cur = xmlSecGetNextElementNode(cur->next); @@ -1131,11 +921,7 @@ xmlSecEncCtxCipherReferenceNodeRead(xmlSecEncCtxPtr encCtx, xmlNodePtr node) { /* if there is something left than it's an error */ if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, NULL); return(-1); } return(0); diff --git a/src/xmlsec.c b/src/xmlsec.c index 6098d3c5..4225d842 100644 --- a/src/xmlsec.c +++ b/src/xmlsec.c @@ -1,13 +1,19 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * General functions. * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:xmlsec + * @Short_description: Utility functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -23,6 +29,53 @@ #include <xmlsec/io.h> #include <xmlsec/errors.h> +/* + * Custom external entity handler, denies all files except the initial + * document we're parsing (input_id == 1) + */ +/* default external entity loader, pointer saved during xmlInit */ +static xmlExternalEntityLoader +xmlSecDefaultExternalEntityLoader = NULL; + +/* + * xmlSecNoXxeExternalEntityLoader: + * @URL: the URL for the entity to load + * @ID: public ID for the entity to load + * @ctxt: XML parser context, or NULL + * + * See libxml2's xmlLoadExternalEntity and xmlNoNetExternalEntityLoader. + * This function prevents any external (file or network) entities from being loaded. + */ +static xmlParserInputPtr +xmlSecNoXxeExternalEntityLoader(const char *URL, const char *ID, + xmlParserCtxtPtr ctxt) { + if (ctxt == NULL) { + return(NULL); + } + if (ctxt->input_id == 1) { + return xmlSecDefaultExternalEntityLoader((const char *) URL, ID, ctxt); + } + xmlSecXmlError2("xmlSecNoXxeExternalEntityLoader", NULL, + "illegal external entity='%s'", xmlSecErrorsSafeString(URL)); + return(NULL); +} + +/* + * xmlSecSetExternalEntityLoader: + * @entityLoader: the new entity resolver function, or NULL to restore + * libxml2's default handler + * + * Wrapper for xmlSetExternalEntityLoader. + */ +void +xmlSecSetExternalEntityLoader(xmlExternalEntityLoader entityLoader) { + if (entityLoader == NULL) { + entityLoader = xmlSecDefaultExternalEntityLoader; + } + xmlSetExternalEntityLoader(entityLoader); +} + + /** * xmlSecInit: * @@ -38,37 +91,30 @@ xmlSecInit(void) { #ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLInit", NULL); return(-1); } #endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */ if(xmlSecKeyDataIdsInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataIdsInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyDataIdsInit", NULL); return(-1); } if(xmlSecTransformIdsInit() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecTransformIdsInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformIdsInit", NULL); return(-1); } + /* initialise safe external entity loader */ + if (!xmlSecDefaultExternalEntityLoader) { + xmlSecDefaultExternalEntityLoader = xmlGetExternalEntityLoader(); + } + xmlSetExternalEntityLoader(xmlSecNoXxeExternalEntityLoader); /* we use rand() function to generate id attributes */ - srand(time(NULL)); + srand((unsigned int)time(NULL)); return(0); } @@ -88,11 +134,7 @@ xmlSecShutdown(void) { #ifndef XMLSEC_NO_CRYPTO_DYNAMIC_LOADING if(xmlSecCryptoDLShutdown() < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLShutdown", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLShutdown", NULL); res = -1; } #endif /* XMLSEC_NO_CRYPTO_DYNAMIC_LOADING */ @@ -129,39 +171,27 @@ int xmlSecCheckVersionExt(int major, int minor, int subminor, xmlSecCheckVersionMode mode) { /* we always want to have a match for major version number */ if(major != XMLSEC_VERSION_MAJOR) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "expected major version=%d;real major version=%d", - XMLSEC_VERSION_MAJOR, major); + xmlSecOtherError3(XMLSEC_ERRORS_R_INVALID_VERSION, NULL, + "expected major version=%d;real major version=%d", + XMLSEC_VERSION_MAJOR, major); return(0); } switch(mode) { case xmlSecCheckVersionExactMatch: if((minor != XMLSEC_VERSION_MINOR) || (subminor != XMLSEC_VERSION_SUBMINOR)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "mode=exact;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d", - XMLSEC_VERSION_MINOR, minor, - XMLSEC_VERSION_SUBMINOR, subminor); + xmlSecOtherError5(XMLSEC_ERRORS_R_INVALID_VERSION, NULL, + "mode=exact;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d", + XMLSEC_VERSION_MINOR, minor, XMLSEC_VERSION_SUBMINOR, subminor); return(0); } break; case xmlSecCheckVersionABICompatible: - if((minor > XMLSEC_VERSION_MINOR) || - ((minor == XMLSEC_VERSION_MINOR) && - (subminor > XMLSEC_VERSION_SUBMINOR))) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "mode=abi compatible;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d", - XMLSEC_VERSION_MINOR, minor, - XMLSEC_VERSION_SUBMINOR, subminor); + if((minor > XMLSEC_VERSION_MINOR) || ((minor == XMLSEC_VERSION_MINOR) && + (subminor > XMLSEC_VERSION_SUBMINOR))) { + xmlSecOtherError5(XMLSEC_ERRORS_R_INVALID_VERSION, NULL, + "mode=abi compatible;expected minor version=%d;real minor version=%d;expected subminor version=%d;real subminor version=%d", + XMLSEC_VERSION_MINOR, minor, XMLSEC_VERSION_SUBMINOR, subminor); return(0); } break; diff --git a/src/xmltree.c b/src/xmltree.c index 3ef7f977..df99931d 100644 --- a/src/xmltree.c +++ b/src/xmltree.c @@ -1,20 +1,24 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * Common XML Doc utility functions * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:xmltree + * @Short_description: XML tree functions. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> #include <string.h> #include <ctype.h> -#include <time.h> -#include <errno.h> #include <libxml/tree.h> #include <libxml/valid.h> @@ -28,6 +32,61 @@ #include <xmlsec/base64.h> #include <xmlsec/errors.h> +static const xmlChar* g_xmlsec_xmltree_default_linefeed = xmlSecStringCR; + +/** + * xmlSecGetDefaultLineFeed: + * + * Gets the current default linefeed. + * + * Returns: the current default linefeed. + */ +const xmlChar* +xmlSecGetDefaultLineFeed(void) +{ + return g_xmlsec_xmltree_default_linefeed; +} + +/** + * xmlSecSetDefaultLineFeed: + * @linefeed: default linefeed. + * + * Sets the current default linefeed. The caller must ensure that the linefeed + * string exists for the lifetime of the program or until the new linefeed is set. + */ +void +xmlSecSetDefaultLineFeed(const xmlChar *linefeed) +{ + g_xmlsec_xmltree_default_linefeed = linefeed; +} + +/** + * xmlSecFindSibling: + * @cur: the pointer to XML node. + * @name: the name. + * @ns: the namespace href (may be NULL). + * + * Searches @cur and the next siblings of the @cur node having given name and + * namespace href. + * + * Returns: the pointer to the found node or NULL if an error occurs or + * node is not found. + */ +xmlNodePtr +xmlSecFindSibling(const xmlNodePtr cur, const xmlChar *name, const xmlChar *ns) { + xmlNodePtr tmp; + xmlSecAssert2(name != NULL, NULL); + + for(tmp = cur; tmp != NULL; tmp = tmp->next) { + if(tmp->type == XML_ELEMENT_NODE) { + if(xmlSecCheckNodeName(tmp, name, ns)) { + return(tmp); + } + } + } + return(NULL); +} + /** * xmlSecFindChild: * @parent: the pointer to XML node. @@ -42,21 +101,10 @@ */ xmlNodePtr xmlSecFindChild(const xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) { - xmlNodePtr cur; - xmlSecAssert2(parent != NULL, NULL); xmlSecAssert2(name != NULL, NULL); - cur = parent->children; - while(cur != NULL) { - if(cur->type == XML_ELEMENT_NODE) { - if(xmlSecCheckNodeName(cur, name, ns)) { - return(cur); - } - } - cur = cur->next; - } - return(NULL); + return(xmlSecFindSibling(parent->children, name, ns)); } /** @@ -185,13 +233,9 @@ xmlSecAddChild(xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) { if(parent->children == NULL) { /* TODO: add indents */ - text = xmlNewText(xmlSecStringCR); + text = xmlNewText(xmlSecGetDefaultLineFeed()); if(text == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewText", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewText", NULL); return(NULL); } xmlAddChild(parent, text); @@ -199,11 +243,7 @@ xmlSecAddChild(xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) { cur = xmlNewChild(parent, NULL, name, NULL); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewChild", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewChild", NULL); return(NULL); } @@ -215,18 +255,18 @@ xmlSecAddChild(xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) { nsPtr = xmlSearchNsByHref(cur->doc, cur, ns); if((nsPtr == NULL) || (xmlSearchNs(cur->doc, cur, nsPtr->prefix) != nsPtr)) { nsPtr = xmlNewNs(cur, ns, NULL); + if(nsPtr == NULL) { + xmlSecXmlError("xmlNewNs", NULL); + return(NULL); + } } xmlSetNs(cur, nsPtr); } /* TODO: add indents */ - text = xmlNewText(xmlSecStringCR); + text = xmlNewText(xmlSecGetDefaultLineFeed()); if(text == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewText", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewText", NULL); return(NULL); } xmlAddChild(parent, text); @@ -252,13 +292,9 @@ xmlSecAddChildNode(xmlNodePtr parent, xmlNodePtr child) { if(parent->children == NULL) { /* TODO: add indents */ - text = xmlNewText(xmlSecStringCR); + text = xmlNewText(xmlSecGetDefaultLineFeed()); if(text == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewText", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewText", NULL); return(NULL); } xmlAddChild(parent, text); @@ -267,13 +303,9 @@ xmlSecAddChildNode(xmlNodePtr parent, xmlNodePtr child) { xmlAddChild(parent, child); /* TODO: add indents */ - text = xmlNewText(xmlSecStringCR); + text = xmlNewText(xmlSecGetDefaultLineFeed()); if(text == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewText", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewText", NULL); return(NULL); } xmlAddChild(parent, text); @@ -282,6 +314,52 @@ xmlSecAddChildNode(xmlNodePtr parent, xmlNodePtr child) { } /** + * xmlSecEnsureEmptyChild: + * @parent: the pointer to XML node. + * @name: the name. + * @ns: the namespace href (may be NULL). + * + * Searches a direct child of the @parent node having given name and + * namespace href. If not found then element node with given name / namespace + * is added. + * + * Returns: the pointer to the found or created node; or NULL if an error occurs. + */ +xmlNodePtr +xmlSecEnsureEmptyChild(xmlNodePtr parent, const xmlChar *name, const xmlChar *ns) { + xmlNodePtr cur = NULL; + xmlNodePtr tmp; + + xmlSecAssert2(parent != NULL, NULL); + xmlSecAssert2(name != NULL, NULL); + + /* try to find an empty node first */ + tmp = xmlSecFindNode(parent, name, ns); + while(tmp != NULL) { + cur = tmp; + if(xmlSecIsEmptyNode(cur) == 1) { + return(cur); + } + tmp = xmlSecFindSibling(cur->next, name, ns); + } + + /* if not found then either add next or add at the end */ + if(cur == NULL) { + cur = xmlSecAddChild(parent, name, ns); + } else if((cur->next != NULL) && (cur->next->type == XML_TEXT_NODE)) { + cur = xmlSecAddNextSibling(cur->next, name, ns); + } else { + cur = xmlSecAddNextSibling(cur, name, ns); + } + if(cur == NULL) { + xmlSecInternalError2("xmlSecAddChild or xmlSecAddNextSibling", NULL, + "node=%s", xmlSecErrorsSafeString(name)); + return(NULL); + } + return(cur); +} + +/** * xmlSecAddNextSibling * @node: the pointer to an XML node. * @name: the new node name. @@ -301,11 +379,7 @@ xmlSecAddNextSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) { cur = xmlNewNode(NULL, name); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNode", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewNode", NULL); return(NULL); } xmlAddNextSibling(node, cur); @@ -323,13 +397,9 @@ xmlSecAddNextSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) { } /* TODO: add indents */ - text = xmlNewText(xmlSecStringCR); + text = xmlNewText(xmlSecGetDefaultLineFeed()); if(text == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewText", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewText", NULL); return(NULL); } xmlAddNextSibling(node, text); @@ -357,11 +427,7 @@ xmlSecAddPrevSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) { cur = xmlNewNode(NULL, name); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNode", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewNode", NULL); return(NULL); } xmlAddPrevSibling(node, cur); @@ -379,13 +445,9 @@ xmlSecAddPrevSibling(xmlNodePtr node, const xmlChar *name, const xmlChar *ns) { } /* TODO: add indents */ - text = xmlNewText(xmlSecStringCR); + text = xmlNewText(xmlSecGetDefaultLineFeed()); if(text == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewText", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewText", NULL); return(NULL); } xmlAddPrevSibling(node, text); @@ -453,11 +515,7 @@ xmlSecReplaceNodeAndReturn(xmlNodePtr node, xmlNodePtr newNode, xmlNodePtr* repl oldNode = xmlReplaceNode(node, newNode); if(oldNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlReplaceNode", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlReplaceNode", NULL); return(-1); } @@ -565,17 +623,15 @@ int xmlSecReplaceNodeBufferAndReturn(xmlNodePtr node, const xmlSecByte *buffer, xmlSecSize size, xmlNodePtr *replaced) { xmlNodePtr results = NULL; xmlNodePtr next = NULL; + int ret; xmlSecAssert2(node != NULL, -1); xmlSecAssert2(node->parent != NULL, -1); /* parse buffer in the context of node's parent */ - if(xmlParseInNodeContext(node->parent, (const char*)buffer, size, XML_PARSE_NODICT, &results) != XML_ERR_OK) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlParseInNodeContext", - XMLSEC_ERRORS_R_XML_FAILED, - "Failed to parse content"); + ret = xmlParseInNodeContext(node->parent, (const char*)buffer, size, XML_PARSE_NODICT, &results); + if(ret != XML_ERR_OK) { + xmlSecXmlError("xmlParseInNodeContext", NULL); return(-1); } @@ -615,24 +671,17 @@ xmlSecNodeEncodeAndSetContent(xmlNodePtr node, const xmlChar * buffer) { xmlSecAssert2(node->doc != NULL, -1); if(buffer != NULL) { - xmlChar * tmp; - + xmlChar * tmp; tmp = xmlEncodeSpecialChars(node->doc, buffer); if (tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlEncodeSpecialChars", - XMLSEC_ERRORS_R_XML_FAILED, - "Failed to encode special characters"); + xmlSecXmlError("xmlEncodeSpecialChars", NULL); return(-1); } - xmlNodeSetContent(node, tmp); xmlFree(tmp); } else { xmlNodeSetContent(node, NULL); } - return(0); } @@ -667,12 +716,7 @@ xmlSecAddIDs(xmlDocPtr doc, xmlNodePtr cur, const xmlChar** ids) { if(tmp == NULL) { xmlAddID(NULL, doc, name, attr); } else if(tmp != attr) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "id=%s already defined", - xmlSecErrorsSafeString(name)); + xmlSecInvalidStringDataError("id", name, "unique id (id already defined)", NULL); } xmlFree(name); } @@ -694,172 +738,9 @@ xmlSecAddIDs(xmlDocPtr doc, xmlNodePtr cur, const xmlChar** ids) { } /** - * xmlSecGenerateAndAddID: - * @node: the node to ID attr to. - * @attrName: the ID attr name. - * @prefix: the prefix to add to the generated ID (can be NULL). - * @len: the length of ID. - * - * Generates a unique ID in the format <@prefix>base64-encoded(@len random bytes) - * and puts it in the attribute @attrName. - * - * Returns: 0 on success or a negative value if an error occurs. - */ -int -xmlSecGenerateAndAddID(xmlNodePtr node, const xmlChar* attrName, const xmlChar* prefix, xmlSecSize len) { - xmlChar* id; - int count; - - xmlSecAssert2(node != NULL, -1); - xmlSecAssert2(attrName != NULL, -1); - - /* we will try 5 times before giving up */ - for(count = 0; count < 5; count++) { - id = xmlSecGenerateID(prefix, len); - if(id == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGenerateID", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - - if((node->doc == NULL) || (xmlGetID(node->doc, id) == NULL)) { - /* this is a unique ID in the document and we can use it */ - if(xmlSetProp(node, attrName, id) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSetProp", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(id); - return(-1); - } - - xmlFree(id); - return(0); - } - xmlFree(id); - } - - return(-1); -} - -/** - * xmlSecGenerateID: - * @prefix: the prefix to add to the generated ID (can be NULL). - * @len: the length of ID. - * - * Generates a unique ID in the format <@prefix>base64-encoded(@len random bytes). - * The caller is responsible for freeing returned string using @xmlFree function. - * - * Returns: pointer to generated ID string or NULL if an error occurs. - */ -xmlChar* -xmlSecGenerateID(const xmlChar* prefix, xmlSecSize len) { - xmlSecBuffer buffer; - xmlSecSize i, binLen; - xmlChar* res; - xmlChar* p; - int ret; - - xmlSecAssert2(len > 0, NULL); - - /* we will do base64 decoding later */ - binLen = (3 * len + 1) / 4; - - ret = xmlSecBufferInitialize(&buffer, binLen + 1); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(NULL); - } - xmlSecAssert2(xmlSecBufferGetData(&buffer) != NULL, NULL); - xmlSecAssert2(xmlSecBufferGetMaxSize(&buffer) >= binLen, NULL); - - ret = xmlSecBufferSetSize(&buffer, binLen); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBufferFinalize(&buffer); - return(NULL); - } - xmlSecAssert2(xmlSecBufferGetSize(&buffer) == binLen, NULL); - - /* create random bytes */ - unsigned int seed = time(NULL); - for(i = 0; i < binLen; i++) { - (xmlSecBufferGetData(&buffer)) [i] = (xmlSecByte) (256.0 * rand_r(&seed) / (RAND_MAX + 1.0)); - } - - /* base64 encode random bytes */ - res = xmlSecBase64Encode(xmlSecBufferGetData(&buffer), xmlSecBufferGetSize(&buffer), 0); - if((res == NULL) || (xmlStrlen(res) == 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlSecBufferFinalize(&buffer); - return(NULL); - } - xmlSecBufferFinalize(&buffer); - - /* truncate the generated id attribute if needed */ - if(xmlStrlen(res) > (int)len) { - res[len] = '\0'; - } - - /* we need to cleanup base64 encoded id because ID attr can't have '+' or '/' characters */ - for(p = res; (*p) != '\0'; p++) { - if(((*p) == '+') || ((*p) == '/')) { - (*p) = '_'; - } - } - - /* add prefix if exist */ - if(prefix) { - xmlChar* tmp; - xmlSecSize tmpLen; - - tmpLen = xmlStrlen(prefix) + xmlStrlen(res) + 1; - tmp = xmlMalloc(tmpLen + 1); - if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - xmlFree(res); - return(NULL); - } - - xmlSecStrPrintf(tmp, tmpLen, "%s%s", prefix, res); - xmlFree(res); - res = tmp; - } else { - /* no prefix: check that ID attribute starts from a letter */ - if(!(((res[0] >= 'A') && (res[0] <= 'Z')) || - ((res[0] >= 'a') && (res[0] <= 'z')))) { - res[0] = 'A'; - } - } - - return(res); -} - - -/** * xmlSecCreateTree: * @rootNodeName: the root node name. - * @rootNodeNs: the root node namespace (otpional). + * @rootNodeNs: the root node namespace (optional). * * Creates a new XML tree with one root node @rootNodeName. * @@ -876,22 +757,15 @@ xmlSecCreateTree(const xmlChar* rootNodeName, const xmlChar* rootNodeNs) { /* create doc */ doc = xmlNewDoc(BAD_CAST "1.0"); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewDoc", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlNewDoc", NULL); return(NULL); } /* create root node */ root = xmlNewDocNode(doc, NULL, rootNodeName, NULL); if(root == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewDocNode", - XMLSEC_ERRORS_R_XML_FAILED, - "node=Keys"); + xmlSecXmlError2("xmlNewDocNode", NULL, + "node=%s", rootNodeName); xmlFreeDoc(doc); return(NULL); } @@ -900,12 +774,8 @@ xmlSecCreateTree(const xmlChar* rootNodeName, const xmlChar* rootNodeNs) { /* and set root node namespace */ ns = xmlNewNs(root, rootNodeNs, NULL); if(ns == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNewNs", - XMLSEC_ERRORS_R_XML_FAILED, - "ns=%s", - xmlSecErrorsSafeString(rootNodeNs)); + xmlSecXmlError2("xmlNewNs", NULL, + "ns=%s", xmlSecErrorsSafeString(rootNodeNs)); xmlFreeDoc(doc); return(NULL); } @@ -918,7 +788,7 @@ xmlSecCreateTree(const xmlChar* rootNodeName, const xmlChar* rootNodeNs) { * xmlSecIsEmptyNode: * @node: the node to check * - * Checks whethere the @node is empty (i.e. has only whitespaces children). + * Checks whether the @node is empty (i.e. has only whitespaces children). * * Returns: 1 if @node is empty, 0 otherwise or a negative value if an error occurs. */ @@ -947,7 +817,7 @@ xmlSecIsEmptyNode(xmlNodePtr node) { * xmlSecIsEmptyString: * @str: the string to check * - * Checks whethere the @str is empty (i.e. has only whitespaces children). + * Checks whether the @str is empty (i.e. has only whitespaces children). * * Returns: 1 if @str is empty, 0 otherwise or a negative value if an error occurs. */ @@ -980,12 +850,8 @@ xmlSecPrintXmlString(FILE * fd, const xmlChar * str) { xmlChar * encoded_str = NULL; encoded_str = xmlEncodeSpecialChars(NULL, str); if(encoded_str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlEncodeSpecialChars", - XMLSEC_ERRORS_R_XML_FAILED, - "string=%s", - xmlSecErrorsSafeString(str)); + xmlSecXmlError2("xmlEncodeSpecialChars", NULL, + "string=%s", xmlSecErrorsSafeString(str)); return(-1); } @@ -996,12 +862,7 @@ xmlSecPrintXmlString(FILE * fd, const xmlChar * str) { } if(res < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "fprintf", - XMLSEC_ERRORS_R_IO_FAILED, - "res=%d,errno=%d", - res, errno); + xmlSecIOError("fprintf", NULL, NULL); return(-1); } return(res); @@ -1023,6 +884,7 @@ xmlChar* xmlSecGetQName(xmlNodePtr node, const xmlChar* href, const xmlChar* local) { xmlChar* qname; xmlNsPtr ns; + int ret; xmlSecAssert2(node != NULL, NULL); xmlSecAssert2(local != NULL, NULL); @@ -1031,13 +893,8 @@ xmlSecGetQName(xmlNodePtr node, const xmlChar* href, const xmlChar* local) { * it might cause collisions */ ns = xmlSearchNsByHref(node->doc, node, href); if((ns == NULL) && (href != NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSearchNsByHref", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s,href=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(href)); + xmlSecXmlError2("xmlSearchNsByHref", NULL, + "node=%s", xmlSecErrorsSafeString(node->name)); return(NULL); } @@ -1045,26 +902,22 @@ xmlSecGetQName(xmlNodePtr node, const xmlChar* href, const xmlChar* local) { xmlSecSize len; len = xmlStrlen(local) + xmlStrlen(ns->prefix) + 4; - qname = xmlMalloc(len); + qname = (xmlChar *)xmlMalloc(len); if(qname == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlMalloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "node=%s", - xmlSecErrorsSafeString(node->name)); + xmlSecMallocError(len, NULL); + return(NULL); + } + + ret = xmlStrPrintf(qname, len, "%s:%s", ns->prefix, local); + if(ret < 0) { + xmlSecXmlError("xmlStrPrintf", NULL); + xmlFree(qname); return(NULL); } - xmlSecStrPrintf(qname, len, "%s:%s", ns->prefix, local); } else { qname = xmlStrdup(local); if(qname == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "node=%s", - xmlSecErrorsSafeString(node->name)); + xmlSecStrdupError(local, NULL); return(NULL); } } @@ -1164,15 +1017,9 @@ xmlSecQName2IntegerGetIntegerFromString(xmlSecQName2IntegerInfoConstPtr info, qnameLocalPart = xmlStrchr(qname, ':'); if(qnameLocalPart != NULL) { - qnamePrefix = xmlStrndup(qname, qnameLocalPart - qname); + qnamePrefix = xmlStrndup(qname, (int)(qnameLocalPart - qname)); if(qnamePrefix == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrndup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "node=%s,value=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(qname)); + xmlSecStrdupError(qname, NULL); return(-1); } qnameLocalPart++; @@ -1184,13 +1031,8 @@ xmlSecQName2IntegerGetIntegerFromString(xmlSecQName2IntegerInfoConstPtr info, /* search namespace href */ ns = xmlSearchNs(node->doc, node, qnamePrefix); if((ns == NULL) && (qnamePrefix != NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSearchNs", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s,qnamePrefix=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(qnamePrefix)); + xmlSecXmlError2("xmlSearchNs", NULL, + "node=%s", xmlSecErrorsSafeString(node->name)); if(qnamePrefix != NULL) { xmlFree(qnamePrefix); } @@ -1201,14 +1043,11 @@ xmlSecQName2IntegerGetIntegerFromString(xmlSecQName2IntegerInfoConstPtr info, /* and finally search for integer */ ret = xmlSecQName2IntegerGetInteger(info, qnameHref, qnameLocalPart, intValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerGetInteger", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,qnameLocalPart=%s,qnameHref=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(qnameLocalPart), - xmlSecErrorsSafeString(qnameHref)); + xmlSecInternalError4("xmlSecQName2IntegerGetInteger", NULL, + "node=%s,qnameLocalPart=%s,qnameHref=%s", + xmlSecErrorsSafeString(node->name), + xmlSecErrorsSafeString(qnameLocalPart), + xmlSecErrorsSafeString(qnameHref)); if(qnamePrefix != NULL) { xmlFree(qnamePrefix); } @@ -1243,13 +1082,10 @@ xmlSecQName2IntegerGetStringFromInteger(xmlSecQName2IntegerInfoConstPtr info, qnameInfo = xmlSecQName2IntegerGetInfo(info, intValue); if(qnameInfo == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerGetInfo", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,intValue=%d", - xmlSecErrorsSafeString(node->name), - intValue); + xmlSecInternalError3("xmlSecQName2IntegerGetInfo", NULL, + "node=%s,intValue=%d", + xmlSecErrorsSafeString(node->name), + intValue); return(NULL); } @@ -1278,25 +1114,18 @@ xmlSecQName2IntegerNodeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr nod content = xmlNodeGetContent(node); if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNodeGetContent", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(node->name)); + xmlSecXmlError2("xmlNodeGetContent", NULL, + "node=%s", xmlSecErrorsSafeString(node->name)); return(-1); } /* todo: trim content? */ ret = xmlSecQName2IntegerGetIntegerFromString(info, node, content, intValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerGetIntegerFromString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,value=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(content)); + xmlSecInternalError3("xmlSecQName2IntegerGetIntegerFromString", NULL, + "node=%s,value=%s", + xmlSecErrorsSafeString(node->name), + xmlSecErrorsSafeString(content)); xmlFree(content); return(-1); } @@ -1330,25 +1159,19 @@ xmlSecQName2IntegerNodeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodePtr no /* find and build qname */ qname = xmlSecQName2IntegerGetStringFromInteger(info, node, intValue); if(qname == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerGetStringFromInteger", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,intValue=%d", - xmlSecErrorsSafeString(node->name), - intValue); + xmlSecInternalError3("xmlSecQName2IntegerGetStringFromInteger", NULL, + "node=%s,intValue=%d", + xmlSecErrorsSafeString(node->name), + intValue); return(-1); } cur = xmlSecAddChild(node, nodeName, nodeNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,intValue=%d", - xmlSecErrorsSafeString(nodeName), - intValue); + xmlSecInternalError3("xmlSecAddChild", NULL, + "node=%s,intValue=%d", + xmlSecErrorsSafeString(nodeName), + intValue); xmlFree(qname); return(-1); } @@ -1383,27 +1206,19 @@ xmlSecQName2IntegerAttributeRead(xmlSecQName2IntegerInfoConstPtr info, xmlNodePt attrValue = xmlGetProp(node, attrName); if(attrValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlGetProp", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s,attrValue=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(attrName)); + xmlSecXmlError2("xmlGetProp", NULL, + "node=%s", xmlSecErrorsSafeString(node->name)); return(-1); } /* todo: trim value? */ ret = xmlSecQName2IntegerGetIntegerFromString(info, node, attrValue, intValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerGetIntegerFromString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,attrName=%s,attrValue=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(attrName), - xmlSecErrorsSafeString(attrValue)); + xmlSecInternalError4("xmlSecQName2IntegerGetIntegerFromString", NULL, + "node=%s,attrName=%s,attrValue=%s", + xmlSecErrorsSafeString(node->name), + xmlSecErrorsSafeString(attrName), + xmlSecErrorsSafeString(attrValue)); xmlFree(attrValue); return(-1); } @@ -1437,27 +1252,21 @@ xmlSecQName2IntegerAttributeWrite(xmlSecQName2IntegerInfoConstPtr info, xmlNodeP /* find and build qname */ qname = xmlSecQName2IntegerGetStringFromInteger(info, node, intValue); if(qname == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2IntegerGetStringFromInteger", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,attrName=%s,intValue=%d", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(attrName), - intValue); + xmlSecInternalError4("xmlSecQName2IntegerGetStringFromInteger", NULL, + "node=%s,attrName=%s,intValue=%d", + xmlSecErrorsSafeString(node->name), + xmlSecErrorsSafeString(attrName), + intValue); return(-1); } attr = xmlSetProp(node, attrName, qname); if(attr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChildNode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,attrName=%s,intValue=%d", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(attrName), - intValue); + xmlSecInternalError4("xmlSetProp", NULL, + "node=%s,attrName=%s,intValue=%d", + xmlSecErrorsSafeString(node->name), + xmlSecErrorsSafeString(attrName), + intValue); xmlFree(qname); return(-1); } @@ -1612,15 +1421,9 @@ xmlSecQName2BitMaskGetBitMaskFromString(xmlSecQName2BitMaskInfoConstPtr info, qnameLocalPart = xmlStrchr(qname, ':'); if(qnameLocalPart != NULL) { - qnamePrefix = xmlStrndup(qname, qnameLocalPart - qname); + qnamePrefix = xmlStrndup(qname, (int)(qnameLocalPart - qname)); if(qnamePrefix == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrndup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - "node=%s,value=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(qname)); + xmlSecStrdupError(qname, NULL); return(-1); } qnameLocalPart++; @@ -1632,13 +1435,8 @@ xmlSecQName2BitMaskGetBitMaskFromString(xmlSecQName2BitMaskInfoConstPtr info, /* search namespace href */ ns = xmlSearchNs(node->doc, node, qnamePrefix); if((ns == NULL) && (qnamePrefix != NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSearchNs", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s,qnamePrefix=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(qnamePrefix)); + xmlSecXmlError2("xmlSearchNs", NULL, + "node=%s", xmlSecErrorsSafeString(node->name)); if(qnamePrefix != NULL) { xmlFree(qnamePrefix); } @@ -1649,14 +1447,11 @@ xmlSecQName2BitMaskGetBitMaskFromString(xmlSecQName2BitMaskInfoConstPtr info, /* and finally search for integer */ ret = xmlSecQName2BitMaskGetBitMask(info, qnameHref, qnameLocalPart, mask); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2BitMaskGetBitMask", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,qnameLocalPart=%s,qnameHref=%s", - xmlSecErrorsSafeString(node->name), - xmlSecErrorsSafeString(qnameLocalPart), - xmlSecErrorsSafeString(qnameHref)); + xmlSecInternalError4("xmlSecQName2BitMaskGetBitMask", NULL, + "node=%s,qnameLocalPart=%s,qnameHref=%s", + xmlSecErrorsSafeString(node->name), + xmlSecErrorsSafeString(qnameLocalPart), + xmlSecErrorsSafeString(qnameHref)); if(qnamePrefix != NULL) { xmlFree(qnamePrefix); } @@ -1691,13 +1486,10 @@ xmlSecQName2BitMaskGetStringFromBitMask(xmlSecQName2BitMaskInfoConstPtr info, qnameInfo = xmlSecQName2BitMaskGetInfo(info, mask); if(qnameInfo == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2BitMaskGetInfo", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s,mask=%d", - xmlSecErrorsSafeString(node->name), - mask); + xmlSecInternalError3("xmlSecQName2BitMaskGetInfo", NULL, + "node=%s,mask=%d", + xmlSecErrorsSafeString(node->name), + mask); return(NULL); } @@ -1738,23 +1530,15 @@ xmlSecQName2BitMaskNodesRead(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr* n while((cur != NULL) && (xmlSecCheckNodeName(cur, nodeName, nodeNs))) { content = xmlNodeGetContent(cur); if(content == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlNodeGetContent", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(cur->name)); + xmlSecXmlError2("xmlNodeGetContent", NULL, + "node=%s", xmlSecErrorsSafeString(cur->name)); return(-1); } ret = xmlSecQName2BitMaskGetBitMaskFromString(info, cur, content, &tmp); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2BitMaskGetBitMaskFromString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "value=%s", - xmlSecErrorsSafeString(content)); + xmlSecInternalError2("xmlSecQName2BitMaskGetBitMaskFromString", NULL, + "value=%s", xmlSecErrorsSafeString(content)); xmlFree(content); return(-1); } @@ -1762,12 +1546,8 @@ xmlSecQName2BitMaskNodesRead(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr* n if((stopOnUnknown != 0) && (tmp == 0)) { /* todo: better error */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecQName2BitMaskGetBitMaskFromString", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "value=%s", - xmlSecErrorsSafeString(content)); + xmlSecInternalError2("xmlSecQName2BitMaskGetBitMaskFromString", NULL, + "value=%s", xmlSecErrorsSafeString(content)); return(-1); } @@ -1810,23 +1590,15 @@ xmlSecQName2BitMaskNodesWrite(xmlSecQName2BitMaskInfoConstPtr info, xmlNodePtr n qname = xmlSecGetQName(node, info[ii].qnameHref, info[ii].qnameLocalPart); if(qname == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecGetQName", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(nodeName)); + xmlSecXmlError2("xmlSecGetQName", NULL, + "node=%s", xmlSecErrorsSafeString(nodeName)); return(-1); } cur = xmlSecAddChild(node, nodeName, nodeNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XML_FAILED, - "node=%s", - xmlSecErrorsSafeString(nodeName)); + xmlSecXmlError2("xmlSecAddChild", NULL, + "node=%s", xmlSecErrorsSafeString(nodeName)); xmlFree(qname); return(-1); } @@ -1905,6 +1677,273 @@ xmlSecQName2BitMaskDebugXmlDump(xmlSecQName2BitMaskInfoConstPtr info, xmlSecBitM fprintf(output, "</%sList>\n", name); } +/************************************************************************* + * + * Windows string conversions + * + ************************************************************************/ +#ifdef WIN32 + +/** + * xmlSecWin32ConvertUtf8ToUnicode: + * @str: the string to convert. + * + * Converts input string from UTF8 to Unicode. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +LPWSTR +xmlSecWin32ConvertUtf8ToUnicode(const xmlChar* str) { + LPWSTR res = NULL; + int len; + int ret; + + xmlSecAssert2(str != NULL, NULL); + + /* call MultiByteToWideChar first to get the buffer size */ + ret = MultiByteToWideChar(CP_UTF8, 0, (LPCCH)str, -1, NULL, 0); + if(ret <= 0) { + return(NULL); + } + len = ret + 1; + + /* allocate buffer */ + res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len); + if(res == NULL) { + xmlSecMallocError(sizeof(WCHAR) * len, NULL); + return(NULL); + } + + /* convert */ + ret = MultiByteToWideChar(CP_UTF8, 0, (LPCCH)str, -1, res, len); + if(ret <= 0) { + xmlFree(res); + return(NULL); + } + + /* done */ + return(res); +} + +/** + * xmlSecWin32ConvertUnicodeToUtf8: + * @str: the string to convert. + * + * Converts input string from Unicode to UTF8. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +xmlChar* +xmlSecWin32ConvertUnicodeToUtf8(LPCWSTR str) { + xmlChar * res = NULL; + int len; + int ret; + + xmlSecAssert2(str != NULL, NULL); + + /* call WideCharToMultiByte first to get the buffer size */ + ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, NULL, 0, NULL, NULL); + if(ret <= 0) { + return(NULL); + } + len = ret + 1; + + /* allocate buffer */ + res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len); + if(res == NULL) { + xmlSecMallocError(sizeof(xmlChar) * len, NULL); + return(NULL); + } + + /* convert */ + ret = WideCharToMultiByte(CP_UTF8, 0, str, -1, (LPSTR)res, len, NULL, NULL); + if(ret <= 0) { + xmlFree(res); + return(NULL); + } + + /* done */ + return(res); +} + +/** + * xmlSecWin32ConvertLocaleToUnicode: + * @str: the string to convert. + * + * Converts input string from current system locale to Unicode. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +LPWSTR +xmlSecWin32ConvertLocaleToUnicode(const char* str) { + LPWSTR res = NULL; + int len; + int ret; + + xmlSecAssert2(str != NULL, NULL); + + /* call MultiByteToWideChar first to get the buffer size */ + ret = MultiByteToWideChar(CP_ACP, 0, str, -1, NULL, 0); + if(ret <= 0) { + return(NULL); + } + len = ret; + + /* allocate buffer */ + res = (LPWSTR)xmlMalloc(sizeof(WCHAR) * len); + if(res == NULL) { + xmlSecMallocError(sizeof(WCHAR) * len, NULL); + return(NULL); + } + + /* convert */ + ret = MultiByteToWideChar(CP_ACP, 0, str, -1, res, len); + if(ret <= 0) { + xmlFree(res); + return(NULL); + } + + /* done */ + return(res); +} + +/** + * xmlSecWin32ConvertLocaleToUtf8: + * @str: the string to convert. + * + * Converts input string from locale to UTF8. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +xmlChar* +xmlSecWin32ConvertLocaleToUtf8(const char * str) { + LPWSTR strW = NULL; + xmlChar * res = NULL; + int len; + int ret; + + xmlSecAssert2(str != NULL, NULL); + + strW = xmlSecWin32ConvertLocaleToUnicode(str); + if(strW == NULL) { + return(NULL); + } + + /* call WideCharToMultiByte first to get the buffer size */ + ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, NULL, 0, NULL, NULL); + if(ret <= 0) { + xmlFree(strW); + return(NULL); + } + len = ret + 1; + + /* allocate buffer */ + res = (xmlChar*)xmlMalloc(sizeof(xmlChar) * len); + if(res == NULL) { + xmlSecMallocError(sizeof(xmlChar) * len, NULL); + xmlFree(strW); + return(NULL); + } + + /* convert */ + ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, (LPSTR)res, len, NULL, NULL); + if(ret <= 0) { + xmlFree(strW); + xmlFree(res); + return(NULL); + } + + /* done */ + xmlFree(strW); + return(res); +} + +/** + * xmlSecWin32ConvertUtf8ToLocale: + * @str: the string to convert. + * + * Converts input string from UTF8 to locale. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +char * +xmlSecWin32ConvertUtf8ToLocale(const xmlChar* str) { + LPWSTR strW = NULL; + char * res = NULL; + int len; + int ret; + + xmlSecAssert2(str != NULL, NULL); + + strW = xmlSecWin32ConvertUtf8ToUnicode(str); + if(strW == NULL) { + return(NULL); + } + + /* call WideCharToMultiByte first to get the buffer size */ + ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, NULL, 0, NULL, NULL); + if(ret <= 0) { + xmlFree(strW); + return(NULL); + } + len = ret + 1; + + /* allocate buffer */ + res = (char*)xmlMalloc(sizeof(char) * len); + if(res == NULL) { + xmlSecMallocError(sizeof(char) * len, NULL); + xmlFree(strW); + return(NULL); + } + + /* convert */ + ret = WideCharToMultiByte(CP_ACP, 0, strW, -1, res, len, NULL, NULL); + if(ret <= 0) { + xmlFree(strW); + xmlFree(res); + return(NULL); + } + + /* done */ + xmlFree(strW); + return(res); +} + +/** + * xmlSecWin32ConvertTstrToUtf8: + * @str: the string to convert. + * + * Converts input string from TSTR (locale or Unicode) to UTF8. + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +xmlChar* +xmlSecWin32ConvertTstrToUtf8(LPCTSTR str) { +#ifdef UNICODE + return xmlSecWin32ConvertUnicodeToUtf8(str); +#else /* UNICODE */ + return xmlSecWin32ConvertLocaleToUtf8(str); +#endif /* UNICODE */ +} + +/** + * xmlSecWin32ConvertUtf8ToTstr: + * @str: the string to convert. + * + * Converts input string from UTF8 to TSTR (locale or Unicode). + * + * Returns: a pointer to newly allocated string (must be freed with xmlFree) or NULL if an error occurs. + */ +LPTSTR +xmlSecWin32ConvertUtf8ToTstr(const xmlChar* str) { +#ifdef UNICODE + return xmlSecWin32ConvertUtf8ToUnicode(str); +#else /* UNICODE */ + return xmlSecWin32ConvertUtf8ToLocale(str); +#endif /* UNICODE */ +} + +#endif /* WIN32 */ diff --git a/src/xpath.c b/src/xpath.c index 43cdf33a..8c74d6af 100644 --- a/src/xpath.c +++ b/src/xpath.c @@ -1,13 +1,20 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * XPath transform * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:xpath + * @Short_description: XPath transform implementation. + * @Stability: Private + * + * + */ + #include "globals.h" #include <stdlib.h> @@ -30,7 +37,7 @@ * * xmlSecXPathHereFunction: * @ctxt: the ponter to XPath context. - * @nargs: the arguments nubmer. + * @nargs: the arguments number. * * The implementation of XPath "here()" function. * See xmlXPtrHereFunction() in xpointer.c. the only change is that @@ -86,12 +93,7 @@ xmlSecXPathDataCreate(xmlSecXPathDataType type) { data = (xmlSecXPathDataPtr) xmlMalloc(sizeof(xmlSecXPathData)); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "sizeof(xmlSecXPathData)=%d", - (int)sizeof(xmlSecXPathData)); + xmlSecMallocError(sizeof(xmlSecXPathData), NULL); return(NULL); } memset(data, 0, sizeof(xmlSecXPathData)); @@ -105,11 +107,7 @@ xmlSecXPathDataCreate(xmlSecXPathDataType type) { case xmlSecXPathDataTypeXPath2: data->ctx = xmlXPathNewContext(NULL); /* we'll set doc in the context later */ if(data->ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlXPathNewContext", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlXPathNewContext", NULL); xmlSecXPathDataDestroy(data); return(NULL); } @@ -117,11 +115,7 @@ xmlSecXPathDataCreate(xmlSecXPathDataType type) { case xmlSecXPathDataTypeXPointer: data->ctx = xmlXPtrNewContext(NULL, NULL, NULL); /* we'll set doc in the context later */ if(data->ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlXPtrNewContext", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlXPtrNewContext", NULL); xmlSecXPathDataDestroy(data); return(NULL); } @@ -154,11 +148,7 @@ xmlSecXPathDataSetExpr(xmlSecXPathDataPtr data, const xmlChar* expr) { data->expr = xmlStrdup(expr); if(data->expr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_STRDUP_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(expr, NULL); return(-1); } return(0); @@ -182,13 +172,8 @@ xmlSecXPathDataRegisterNamespaces(xmlSecXPathDataPtr data, xmlNodePtr node) { if((ns->prefix != NULL) && (xmlXPathNsLookup(data->ctx, ns->prefix) == NULL)){ ret = xmlXPathRegisterNs(data->ctx, ns->prefix, ns->href); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlXPathRegisterNs", - XMLSEC_ERRORS_R_XML_FAILED, - "href=%s;prefix=%s", - xmlSecErrorsSafeString(ns->href), - xmlSecErrorsSafeString(ns->prefix)); + xmlSecXmlError2("xmlXPathRegisterNs", NULL, + "prefix=%s", xmlSecErrorsSafeString(ns->prefix)); return(-1); } } @@ -209,22 +194,14 @@ xmlSecXPathDataNodeRead(xmlSecXPathDataPtr data, xmlNodePtr node) { ret = xmlSecXPathDataRegisterNamespaces (data, node); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXPathDataRegisterNamespaces", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataRegisterNamespaces", NULL); return(-1); } /* read node content and set expr */ data->expr = xmlNodeGetContent(node); if(data->expr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, NULL, "empty"); return(-1); } @@ -258,29 +235,19 @@ xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNo case xmlSecXPathDataTypeXPath2: xpathObj = xmlXPathEvalExpression(data->expr, data->ctx); if(xpathObj == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlXPathEvalExpression", - XMLSEC_ERRORS_R_XML_FAILED, - "expr=%s", - xmlSecErrorsSafeString(data->expr)); + xmlSecXmlError2("xmlXPathEvalExpression", NULL, + "expr=%s", xmlSecErrorsSafeString(data->expr)); return(NULL); } break; case xmlSecXPathDataTypeXPointer: xpathObj = xmlXPtrEval(data->expr, data->ctx); if(xpathObj == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlXPtrEval", - XMLSEC_ERRORS_R_XML_FAILED, - "expr=%s", - xmlSecErrorsSafeString(data->expr)); + xmlSecXmlError2("xmlXPtrEval", NULL, + "expr=%s", xmlSecErrorsSafeString(data->expr)); return(NULL); } break; - default: - return(NULL); } /* sometime LibXML2 returns an empty nodeset or just NULL, we want @@ -290,23 +257,15 @@ xmlSecXPathDataExecute(xmlSecXPathDataPtr data, xmlDocPtr doc, xmlNodePtr hereNo xpathObj->nodesetval = xmlXPathNodeSetCreate(NULL); if(xpathObj->nodesetval == NULL) { xmlXPathFreeObject(xpathObj); - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlXPathNodeSetCreate", - XMLSEC_ERRORS_R_XML_FAILED, - "expr=%s", - xmlSecErrorsSafeString(data->expr)); + xmlSecXmlError2("xmlXPathNodeSetCreate", NULL, + "expr=%s", xmlSecErrorsSafeString(data->expr)); return(NULL); } } nodes = xmlSecNodeSetCreate(doc, xpathObj->nodesetval, data->nodeSetType); if(nodes == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNodeSetCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "type=%d", data->nodeSetType); + xmlSecInternalError2("xmlSecNodeSetCreate", NULL, "type=%d", data->nodeSetType); xmlXPathFreeObject(xpathObj); return(NULL); } @@ -359,11 +318,7 @@ xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc, for(pos = 0; pos < xmlSecPtrListGetSize(dataList); ++pos) { data = (xmlSecXPathDataPtr)xmlSecPtrListGetItem(dataList, pos); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecPtrListGetItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecPtrListGetItem", NULL, "pos=%d", pos); if((res != NULL) && (res != nodes)) { xmlSecNodeSetDestroy(res); } @@ -372,11 +327,7 @@ xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc, tmp = xmlSecXPathDataExecute(data, doc, hereNode); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXPathDataExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataExecute", NULL); if((res != NULL) && (res != nodes)) { xmlSecNodeSetDestroy(res); } @@ -385,11 +336,8 @@ xmlSecXPathDataListExecute(xmlSecPtrListPtr dataList, xmlDocPtr doc, tmp2 = xmlSecNodeSetAdd(res, tmp, data->nodeSetOp); if(tmp2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNodeSetAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNodeSetIntersection"); + xmlSecInternalError2("xmlSecNodeSetAdd", NULL, + "nodeSetOp=%d", (int)data->nodeSetOp); if((res != NULL) && (res != nodes)) { xmlSecNodeSetDestroy(res); } @@ -438,11 +386,8 @@ xmlSecTransformXPathInitialize(xmlSecTransformPtr transform) { ret = xmlSecPtrListInitialize(dataList, xmlSecXPathDataListId); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListInitialize", + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -482,11 +427,8 @@ xmlSecTransformXPathExecute(xmlSecTransformPtr transform, int last, transform->outNodes = xmlSecXPathDataListExecute(dataList, doc, transform->hereNode, transform->inNodes); if(transform->outNodes == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataExecute", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataListExecute", + xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -549,6 +491,7 @@ xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS xmlSecXPathDataPtr data; xmlNodePtr cur; xmlChar* tmp; + int tmpSize; int ret; xmlSecAssert2(xmlSecTransformCheckId(transform, xmlSecTransformXPathId), -1); @@ -562,33 +505,23 @@ xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPath, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeXPath)); + xmlSecInvalidNodeError(cur, xmlSecNodeXPath, + xmlSecTransformGetName(transform)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataCreate", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataNodeRead", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } @@ -596,30 +529,27 @@ xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } /* create full XPath expression */ xmlSecAssert2(data->expr != NULL, -1); - size_t tmpSize = sizeof(xmlChar) * (xmlStrlen(data->expr) + - strlen(xpathPattern) + 1); - tmp = (xmlChar*) xmlMalloc(tmpSize); + tmpSize = xmlStrlen(data->expr) + xmlStrlen(BAD_CAST xpathPattern) + 1; + tmp = (xmlChar*) xmlMalloc(sizeof(xmlChar) * tmpSize); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "size=%d", - (int)(xmlStrlen(data->expr) + strlen(xpathPattern) + 1)); + xmlSecMallocError(sizeof(xmlChar) * tmpSize, + xmlSecTransformGetName(transform)); return(-1); } - snprintf((char*)tmp, tmpSize, xpathPattern, (char*)data->expr); + ret = xmlStrPrintf(tmp, tmpSize, xpathPattern, (char*)data->expr); + if(ret < 0) { + xmlSecXmlError("xmlStrPrintf", xmlSecTransformGetName(transform)); + xmlFree(tmp); + return(-1); + } xmlFree(data->expr); data->expr = tmp; @@ -630,11 +560,7 @@ xmlSecTransformXPathNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlS /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -709,21 +635,15 @@ xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPath2); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataCreate", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataNodeRead", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } @@ -731,11 +651,8 @@ xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } @@ -744,12 +661,9 @@ xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml data->nodeSetType = xmlSecNodeSetTree; op = xmlGetProp(cur, xmlSecAttrFilter); if(op == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecAttrFilter), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter, + xmlSecTransformGetName(transform), + "empty"); return(-1); } if(xmlStrEqual(op, xmlSecXPath2FilterIntersect)) { @@ -759,12 +673,9 @@ xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml } else if(xmlStrEqual(op, xmlSecXPath2FilterUnion)) { data->nodeSetOp = xmlSecNodeSetUnion; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecAttrFilter), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "filter=%s", - xmlSecErrorsSafeString(op)); + xmlSecInvalidNodeAttributeError(cur, xmlSecAttrFilter, + xmlSecTransformGetName(transform), + "unknown"); xmlFree(op); return(-1); } @@ -775,11 +686,7 @@ xmlSecTransformXPath2NodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xml /* check that we have nothing else */ if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -864,32 +771,23 @@ xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataCreate", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataRegisterNamespaces(data, hereNode); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataRegisterNamespaces", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataRegisterNamespaces", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } ret = xmlSecXPathDataSetExpr(data, expr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataSetExpr", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataSetExpr", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } @@ -897,11 +795,8 @@ xmlSecTransformXPointerSetExpr(xmlSecTransformPtr transform, const xmlChar* expr /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } @@ -931,33 +826,23 @@ xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, x /* there is only one required node */ cur = xmlSecGetNextElementNode(node->children); if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeXPointer, xmlSecXPointerNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected=%s", - xmlSecErrorsSafeString(xmlSecNodeXPath)); + xmlSecInvalidNodeError(cur, xmlSecNodeXPointer, + xmlSecTransformGetName(transform)); return(-1); } /* read information from the node */ data = xmlSecXPathDataCreate(xmlSecXPathDataTypeXPointer); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataCreate", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecXPathDataNodeRead(data, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXPathDataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXPathDataNodeRead", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } @@ -965,11 +850,8 @@ xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, x /* append it to the list */ ret = xmlSecPtrListAdd(dataList, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecPtrListAdd", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecPtrListAdd", + xmlSecTransformGetName(transform)); xmlSecXPathDataDestroy(data); return(-1); } @@ -981,11 +863,7 @@ xmlSecTransformXPointerNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, x /* check that we have nothing else */ cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -1076,11 +954,7 @@ xmlSecTransformVisa3DHackSetID(xmlSecTransformPtr transform, const xmlChar* id) (*idPtr) = xmlStrdup(id); if((*idPtr) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(id, xmlSecTransformGetName(transform)); return(-1); } @@ -1131,33 +1005,22 @@ xmlSecTransformVisa3DHackExecute(xmlSecTransformPtr transform, int last, attr = xmlGetID(doc, (*idPtr)); if((attr == NULL) || (attr->parent == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlGetID", - XMLSEC_ERRORS_R_XML_FAILED, - "id=\"%s\"", - xmlSecErrorsSafeString((*idPtr))); + xmlSecXmlError2("xmlGetID", xmlSecTransformGetName(transform), + "id=\"%s\"", xmlSecErrorsSafeString(*idPtr)); return(-1); } nodeSet = xmlXPathNodeSetCreate(attr->parent); if(nodeSet == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlXPathNodeSetCreate", - XMLSEC_ERRORS_R_XML_FAILED, - "id=\"%s\"", - xmlSecErrorsSafeString((*idPtr))); + xmlSecXmlError2("xmlXPathNodeSetCreate", xmlSecTransformGetName(transform), + "id=\"%s\"", xmlSecErrorsSafeString(*idPtr)); return(-1); } transform->outNodes = xmlSecNodeSetCreate(doc, nodeSet, xmlSecNodeSetTreeWithoutComments); if(transform->outNodes == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNodeSetCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNodeSetCreate", + xmlSecTransformGetName(transform)); xmlXPathFreeNodeSet(nodeSet); return(-1); } @@ -1,13 +1,20 @@ -/** +/* * XML Security Library (http://www.aleksey.com/xmlsec). * - * XSLT Transform (http://www.w3.org/TR/xmldsig-core/#sec-XSLT) * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:xslt + * @Short_description: XSLT transform implementation. + * @Stability: Private + * + * [XSLT Transform](http://www.w3.org/TR/xmldsig-core/#sec-XSLT) implementation. + */ + #include "globals.h" #ifndef XMLSEC_NO_XSLT @@ -212,6 +219,10 @@ xmlSecXsltFinalize(xmlSecTransformPtr transform) { xsltFreeStylesheet(ctx->xslt); } if(ctx->parserCtx != NULL) { + if(ctx->parserCtx->myDoc != NULL) { + xmlFreeDoc(ctx->parserCtx->myDoc); + ctx->parserCtx->myDoc = NULL; + } xmlFreeParserCtxt(ctx->parserCtx); } memset(ctx, 0, sizeof(xmlSecXsltCtx)); @@ -236,11 +247,7 @@ xmlSecXsltReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransfor /* read content in the buffer */ buffer = xmlBufferCreate(); if(buffer == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlBufferCreate", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlBufferCreate", xmlSecTransformGetName(transform)); return(-1); } cur = node->children; @@ -253,11 +260,8 @@ xmlSecXsltReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransfor doc = xmlSecParseMemory(xmlBufferContent(buffer), xmlBufferLength(buffer), 1); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecParseMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecParseMemory", + xmlSecTransformGetName(transform)); xmlBufferFree(buffer); return(-1); } @@ -265,11 +269,8 @@ xmlSecXsltReadNode(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTransfor /* pre-process stylesheet */ ctx->xslt = xsltParseStylesheetDoc(doc); if(ctx->xslt == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xsltParseStylesheetDoc", - XMLSEC_ERRORS_R_XSLT_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXsltError("xsltParseStylesheetDoc", NULL, xmlSecTransformGetName(transform)); + /* after parsing stylesheet doc is assigned * to it and will be freed by xsltFreeStylesheet() */ xmlFreeDoc(doc); @@ -301,11 +302,7 @@ xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, ctx->parserCtx = xmlCreatePushParserCtxt(NULL, NULL, NULL, 0, NULL); if(ctx->parserCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlCreatePushParserCtxt", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlCreatePushParserCtxt", xmlSecTransformGetName(transform)); return(-1); } @@ -317,11 +314,7 @@ xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, } else if(transform->status == xmlSecTransformStatusFinished) { return(0); } else if(transform->status != xmlSecTransformStatusWorking) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } xmlSecAssert2(transform->status == xmlSecTransformStatusWorking, -1); @@ -331,11 +324,10 @@ xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, if((data != NULL) && (dataSize > 0)) { ret = xmlParseChunk(ctx->parserCtx, (const char*)data, dataSize, 0); if(ret != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlParseChunk", - XMLSEC_ERRORS_R_XML_FAILED, - "size=%d", dataSize); + xmlSecXmlParserError2("xmlParseChunk", ctx->parserCtx, + xmlSecTransformGetName(transform), + "size=%d", dataSize); + return(-1); } } @@ -349,11 +341,8 @@ xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, /* finalize */ ret = xmlParseChunk(ctx->parserCtx, NULL, 0, 1); if((ret != 0) || (ctx->parserCtx->myDoc == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlParseChunk", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlParserError("xmlParseChunk", ctx->parserCtx, + xmlSecTransformGetName(transform)); return(-1); } @@ -363,11 +352,8 @@ xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, docOut = xmlSecXsApplyStylesheet(ctx, docIn); if(docOut == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXsApplyStylesheet", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXsApplyStylesheet", + xmlSecTransformGetName(transform)); xmlFreeDoc(docIn); return(-1); } @@ -376,22 +362,16 @@ xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, if(transform->next != NULL) { output = xmlSecTransformCreateOutputBuffer(transform->next, transformCtx); if(output == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecTransformCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecTransformCreateOutputBuffer", + xmlSecTransformGetName(transform)); xmlFreeDoc(docOut); return(-1); } } else { output = xmlSecBufferCreateOutputBuffer(&(transform->outBuf)); if(output == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferCreateOutputBuffer", + xmlSecTransformGetName(transform)); xmlFreeDoc(docOut); return(-1); } @@ -399,22 +379,14 @@ xmlSecXsltPushBin(xmlSecTransformPtr transform, const xmlSecByte* data, ret = xsltSaveResultTo(output, docOut, ctx->xslt); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xsltSaveResultTo", - XMLSEC_ERRORS_R_XSLT_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXsltError("xsltParseStylesheetDoc", ctx->xslt, xmlSecTransformGetName(transform)); xmlOutputBufferClose(output); xmlFreeDoc(docOut); return(-1); } ret = xmlOutputBufferClose(output); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlOutputBufferClose", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferClose", xmlSecTransformGetName(transform)); xmlFreeDoc(docOut); return(-1); } @@ -459,21 +431,16 @@ xmlSecXsltExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr ret = xmlSecXslProcess(ctx, in, out); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecXslProcess", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXslProcess", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -482,11 +449,7 @@ xmlSecXsltExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr /* the only way we can get here is if there is no input */ xmlSecAssert2(inSize == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -507,61 +470,47 @@ xmlSecXslProcess(xmlSecXsltCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out) docIn = xmlSecParseMemory(xmlSecBufferGetData(in), xmlSecBufferGetSize(in), 1); if(docIn == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecParseMemory", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecParseMemory", NULL); goto done; } docOut = xmlSecXsApplyStylesheet(ctx, docIn); if(docOut == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecXsApplyStylesheet", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecXsApplyStylesheet", NULL); goto done; } output = xmlSecBufferCreateOutputBuffer(out); if(output == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferCreateOutputBuffer", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferCreateOutputBuffer", NULL); goto done; } ret = xsltSaveResultTo(output, docOut, ctx->xslt); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xsltSaveResultTo", - XMLSEC_ERRORS_R_XSLT_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXsltError("xsltSaveResultTo", ctx->xslt, NULL); goto done; } ret = xmlOutputBufferClose(output); output = NULL; if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlOutputBufferClose", - XMLSEC_ERRORS_R_XML_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXmlError("xmlOutputBufferClose", NULL); return(-1); } res = 0; done: - if(output != NULL) xmlOutputBufferClose(output); - if(docIn != NULL) xmlFreeDoc(docIn); - if(docOut != NULL) xmlFreeDoc(docOut); + if(output != NULL) { + xmlOutputBufferClose(output); + } + if(docIn != NULL) { + xmlFreeDoc(docIn); + } + if(docOut != NULL) { + xmlFreeDoc(docOut); + } return(res); } @@ -578,37 +527,27 @@ xmlSecXsApplyStylesheet(xmlSecXsltCtxPtr ctx, xmlDocPtr doc) { xsltCtx = xsltNewTransformContext(ctx->xslt, doc); if(xsltCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xsltNewTransformContext", - XMLSEC_ERRORS_R_XSLT_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXsltError("xsltNewTransformContext", ctx->xslt, NULL); goto done; } /* set security prefs */ ret = xsltSetCtxtSecurityPrefs(g_xslt_default_security_prefs, xsltCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xsltSetCtxtSecurityPrefs", - XMLSEC_ERRORS_R_XSLT_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXsltError("xsltSetCtxtSecurityPrefs", ctx->xslt, NULL); goto done; } res = xsltApplyStylesheetUser(ctx->xslt, doc, NULL, NULL, NULL, xsltCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xsltApplyStylesheetUser", - XMLSEC_ERRORS_R_XSLT_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecXsltError("xsltApplyStylesheetUser", ctx->xslt, NULL); goto done; } done: - if(xsltCtx != NULL) xsltFreeTransformContext(xsltCtx); + if(xsltCtx != NULL) { + xsltFreeTransformContext(xsltCtx); + } return res; } |