diff options
Diffstat (limited to 'src/mscrypto/x509vfy.c')
-rw-r--r-- | src/mscrypto/x509vfy.c | 374 |
1 files changed, 125 insertions, 249 deletions
diff --git a/src/mscrypto/x509vfy.c b/src/mscrypto/x509vfy.c index 899cb6e3..fbc5447e 100644 --- a/src/mscrypto/x509vfy.c +++ b/src/mscrypto/x509vfy.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -10,6 +8,13 @@ * Copyright (C) 2003 Cordys R&D BV, All rights reserved. * Copyright (C) 2003-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:x509vfy + * @Short_description: X509 certificates verification support functions for Microsoft Crypto API. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -182,11 +187,8 @@ xmlSecMSCryptoCheckRevocation(HCERTSTORE hStore, PCCERT_CONTEXT pCert) { while((pCrl = CertEnumCRLsInStore(hStore, pCrl)) != NULL) { if (CertFindCertificateInCRL(pCert, pCrl, 0, NULL, &pCrlEntry) && (pCrlEntry != NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertFindCertificateInCRL", - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "cert found in crl list"); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, NULL, + "CertFindCertificateInCRL: cert found in crl list"); return(FALSE); } } @@ -197,7 +199,6 @@ xmlSecMSCryptoCheckRevocation(HCERTSTORE hStore, PCCERT_CONTEXT pCert) { static void xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cert, DWORD flags) { xmlChar * subject = NULL; - DWORD dwSize; xmlSecAssert(xmlSecKeyDataStoreCheckId(store, xmlSecMSCryptoX509StoreId)); xmlSecAssert(cert != NULL); @@ -206,47 +207,38 @@ xmlSecMSCryptoX509StoreCertError(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT cer /* get certs subject */ subject = xmlSecMSCryptoX509GetNameString(cert, CERT_NAME_RDN_TYPE, 0, NULL); if(subject == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoX509GetNameString", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecMSCryptoX509GetNameString", NULL); return; } /* print error */ if (flags & CERT_STORE_SIGNATURE_FLAG) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "signature"); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "signature failed, subject=%s", + xmlSecErrorsSafeString(subject)); } else if (flags & CERT_STORE_TIME_VALIDITY_FLAG) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, + xmlSecKeyDataStoreGetName(store), + "subject=%s", + xmlSecErrorsSafeString(subject)); } else if (flags & CERT_STORE_REVOCATION_FLAG) { if (flags & CERT_STORE_NO_CRL_FLAG) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_REVOKED, - "no crl"); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_REVOKED, + xmlSecKeyDataStoreGetName(store), + "no crl, subject=%s", + xmlSecErrorsSafeString(subject)); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_REVOKED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_REVOKED, + xmlSecKeyDataStoreGetName(store), + "subject=%s", + xmlSecErrorsSafeString(subject)); } } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - xmlSecErrorsSafeString(subject), - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "subject=%s", + xmlSecErrorsSafeString(subject)); } xmlFree(subject); @@ -267,90 +259,66 @@ static BOOL xmlSecBuildChainUsingWinapi (PCCERT_CONTEXT cert, LPFILETIME pfTime, HCERTSTORE store_untrusted, HCERTSTORE store_doc) { - PCCERT_CHAIN_CONTEXT pChainContext = NULL; - CERT_CHAIN_PARA chainPara; - BOOL rc = FALSE; - HCERTSTORE store_add = NULL; + PCCERT_CHAIN_CONTEXT pChainContext = NULL; + CERT_CHAIN_PARA chainPara; + BOOL rc = FALSE; + HCERTSTORE store_add = NULL; /* Initialize data structures. */ - - memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA)); - chainPara.cbSize = sizeof(CERT_CHAIN_PARA); - - /* Create additional store for CertGetCertificateChain() */ - store_add = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL); - if (!store_add) { - xmlSecError(XMLSEC_ERRORS_HERE, - "chain additional collection store", - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; - } - if (!CertAddStoreToCollection(store_add, store_doc, 0, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - "adding document store", - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; - } - if (!CertAddStoreToCollection(store_add, store_untrusted, 0, 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - "adding untrusted store", - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; - } + memset(&chainPara, 0, sizeof(CERT_CHAIN_PARA)); + chainPara.cbSize = sizeof(CERT_CHAIN_PARA); + + /* Create additional store for CertGetCertificateChain() */ + store_add = CertOpenStore(CERT_STORE_PROV_COLLECTION, 0, 0, 0, NULL); + if (!store_add) { + xmlSecMSCryptoError("CertOpenStore", NULL); + goto end; + } + if (!CertAddStoreToCollection(store_add, store_doc, 0, 0)) { + xmlSecMSCryptoError("CertAddStoreToCollection", NULL); + goto end; + } + if (!CertAddStoreToCollection(store_add, store_untrusted, 0, 0)) { + xmlSecMSCryptoError("CertAddStoreToCollection", NULL); + goto end; + } /* Build a chain using CertGetCertificateChain and the certificate retrieved. */ - if(!CertGetCertificateChain( - NULL, /* use the default chain engine */ + if(!CertGetCertificateChain(NULL, /* use the default chain engine */ cert, - pfTime, + pfTime, store_add, &chainPara, CERT_CHAIN_REVOCATION_CHECK_CHAIN, - NULL, - &pChainContext)) - { - xmlSecError(XMLSEC_ERRORS_HERE, - "building certificate chain, checking root", - "CertGetCertificateChain", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; + NULL, + &pChainContext)) { + xmlSecMSCryptoError("CertGetCertificateChain", NULL); + goto end; + } + if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) { + CertFreeCertificateChain(pChainContext); pChainContext = NULL; + if(!CertGetCertificateChain(NULL, /* use the default chain engine */ + cert, + pfTime, + store_add, + &chainPara, + CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT, + NULL, + &pChainContext)) { + xmlSecMSCryptoError("CertGetCertificateChain", NULL); + goto end; } - if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_REVOCATION_STATUS_UNKNOWN) { - CertFreeCertificateChain(pChainContext); pChainContext = NULL; - if(!CertGetCertificateChain( - NULL, /* use the default chain engine */ - cert, - pfTime, - store_add, - &chainPara, - CERT_CHAIN_REVOCATION_CHECK_CHAIN_EXCLUDE_ROOT, - NULL, - &pChainContext)) - { - xmlSecError(XMLSEC_ERRORS_HERE, - "building certificate chain, excluding root", - "CertGetCertificateChain", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - goto end; - } } - if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) - rc = TRUE; + if (pChainContext->TrustStatus.dwErrorStatus == CERT_TRUST_NO_ERROR) { + rc = TRUE; + } end: - if (pChainContext) CertFreeCertificateChain(pChainContext); - if (store_add) CertCloseStore(store_add, 0); - return (rc); + if (pChainContext) CertFreeCertificateChain(pChainContext); + if (store_add) CertCloseStore(store_add, 0); + return (rc); } /** @@ -560,8 +528,11 @@ xmlSecMSCryptoX509StoreVerify(xmlSecKeyDataStorePtr store, HCERTSTORE certs, CertFreeCertificateContext(nextCert); } - if((selected == 1) && xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { - return(cert); + if(selected == 1) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) != 0 + || xmlSecMSCryptoX509StoreConstructCertsChain(store, cert, certs, keyInfoCtx)) { + return(cert); + } } } @@ -596,25 +567,20 @@ xmlSecMSCryptoX509StoreAdoptCert(xmlSecKeyDataStorePtr store, PCCERT_CONTEXT pCe } else if(type == xmlSecKeyDataTypeNone) { certStore = ctx->untrusted; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "type=%d", type); + xmlSecInvalidIntegerTypeError("type", type, + "xmlSecKeyDataTypeTrusted, xmlSecKeyDataTypeNone", + xmlSecKeyDataStoreGetName(store)); return(-1); } /* TODO: The context to be added here is not duplicated first, - * hopefully this will not lead to errors when closing teh store + * hopefully this will not lead to errors when closing the store * and freeing the mem for all the context in the store. */ xmlSecAssert2(certStore != NULL, -1); if (!CertAddCertificateContextToStore(certStore, pCert, CERT_STORE_ADD_ALWAYS, NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddCertificateContextToStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddCertificateContextToStore", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -643,11 +609,8 @@ xmlSecMSCryptoX509StoreAdoptKeyStore (xmlSecKeyDataStorePtr store, HCERTSTORE ke xmlSecAssert2(ctx->trusted != NULL, -1); if(!CertAddStoreToCollection ( ctx->trusted , keyStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -675,11 +638,8 @@ xmlSecMSCryptoX509StoreAdoptTrustedStore (xmlSecKeyDataStorePtr store, HCERTSTOR xmlSecAssert2(ctx->trusted != NULL, -1); if( !CertAddStoreToCollection ( ctx->trusted , trustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 3 ) ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -707,11 +667,8 @@ xmlSecMSCryptoX509StoreAdoptUntrustedStore (xmlSecKeyDataStorePtr store, HCERTST xmlSecAssert2(ctx->untrusted != NULL, -1); if( !CertAddStoreToCollection ( ctx->untrusted , untrustedStore , CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG , 2 ) ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -735,7 +692,7 @@ xmlSecMSCryptoX509StoreEnableSystemTrustedCerts (xmlSecKeyDataStorePtr store, in xmlSecAssert(ctx != NULL); xmlSecAssert(ctx->untrusted != NULL); - /* it is other way around to make default value 0 mimic old behaiviour */ + /* it is other way around to make default value 0 mimic old behaviour */ ctx->dont_use_system_trusted_certs = !val; } @@ -759,11 +716,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { 0, NULL); if(ctx->trusted == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataStoreGetName(store)); return(-1); } @@ -774,11 +728,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { CERT_STORE_CREATE_NEW_FLAG, NULL); if(hTrustedMemStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ctx->trusted = NULL ; return(-1); @@ -786,11 +737,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { /* add the memory trusted certs store to trusted certs store collection */ if( !CertAddStoreToCollection( ctx->trusted, hTrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); CertCloseStore(hTrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); ctx->trusted = NULL ; @@ -805,11 +753,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { 0, NULL); if(ctx->untrusted == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); ctx->trusted = NULL ; return(-1); @@ -822,11 +767,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { CERT_STORE_CREATE_NEW_FLAG, NULL); if(hUntrustedMemStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertOpenStore", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertOpenStore", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); ctx->trusted = NULL ; @@ -836,11 +778,8 @@ xmlSecMSCryptoX509StoreInitialize(xmlSecKeyDataStorePtr store) { /* add the memory trusted certs store to untrusted certs store collection */ if( !CertAddStoreToCollection( ctx->untrusted, hUntrustedMemStore, CERT_PHYSICAL_STORE_ADD_ENABLE_FLAG, 1 ) ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CertAddStoreToCollection", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertAddStoreToCollection", + xmlSecKeyDataStoreGetName(store)); CertCloseStore(ctx->untrusted, CERT_CLOSE_STORE_FORCE_FLAG); CertCloseStore(ctx->trusted, CERT_CLOSE_STORE_FORCE_FLAG); CertCloseStore(hUntrustedMemStore, CERT_CLOSE_STORE_CHECK_FLAG); @@ -899,28 +838,19 @@ xmlSecMSCryptoCertStrToName(DWORD dwCertEncodingType, LPTSTR pszX500, DWORD dwSt if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, NULL, NULL, len, &ppszError)) { /* this might not be an error, string might just not exist */ - DWORD dw = GetLastError(); return(NULL); } str = (BYTE *)xmlMalloc(sizeof(TCHAR) * ((*len) + 1)); if(str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "len=%ld", (*len)); + xmlSecMallocError(sizeof(TCHAR) * ((*len) + 1), NULL); return(NULL); } memset(str, 0, (*len) + 1); if (!CertStrToName(dwCertEncodingType, pszX500, dwStrType, NULL, str, len, NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CertStrToName", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertStrToName", NULL); xmlFree(str); return(NULL); } @@ -1163,12 +1093,7 @@ xmlSecMSCryptoX509GetCertName(const xmlChar * name) { */ name2 = xmlStrdup(name); if(name2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "xmlStrlen(name)=%d", - xmlStrlen(name)); + xmlSecStrdupError(name, NULL); return(NULL); } while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) { @@ -1176,13 +1101,9 @@ xmlSecMSCryptoX509GetCertName(const xmlChar * name) { } /* get name */ - res = xmlSecMSCryptoConvertUtf8ToTstr(name2); + res = xmlSecWin32ConvertUtf8ToTstr(name2); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoConvertUtf8ToTstr", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecWin32ConvertUtf8ToTstr", NULL); xmlFree(name2); return(NULL); } @@ -1209,11 +1130,7 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, /* get unicode subject name */ wcSubjectName = xmlSecMSCryptoX509GetCertName(subjectName); if(wcSubjectName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509GetCertName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "wcSubjectName"); + xmlSecInternalError("xmlSecMSCryptoX509GetCertName(subjectName)", NULL); return(NULL); } @@ -1234,21 +1151,13 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, /* get serial number */ ret = xmlSecBnInitialize(&issuerSerialBn, 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnInitialize", NULL); return(NULL); } ret = xmlSecBnFromDecString(&issuerSerialBn, issuerSerial); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnInitialize", NULL); xmlSecBnFinalize(&issuerSerialBn); return(NULL); } @@ -1259,11 +1168,7 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, */ ret = xmlSecBnReverse(&issuerSerialBn); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBnReverse", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBnReverse", NULL); xmlSecBnFinalize(&issuerSerialBn); return(NULL); } @@ -1271,11 +1176,7 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, /* get issuer name */ wcIssuerName = xmlSecMSCryptoX509GetCertName(issuerName); if(wcIssuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecMSCryptoX509GetCertName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "wcIssuerName"); + xmlSecInternalError("xmlSecMSCryptoX509GetCertName(issuerName)", NULL); xmlSecBnFinalize(&issuerSerialBn); return(NULL); } @@ -1299,23 +1200,14 @@ xmlSecMSCryptoX509FindCert(HCERTSTORE store, binSki = xmlStrdup(ski); if(binSki == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(ski, NULL); return (NULL); } /* trick: base64 decode "in place" */ binSkiLen = xmlSecBase64Decode(binSki, (xmlSecByte*)binSki, xmlStrlen(binSki)); if(binSkiLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecInternalError("xmlSecBase64Decode", NULL); xmlFree(binSki); return(NULL); } @@ -1357,44 +1249,28 @@ xmlSecMSCryptoX509GetNameString(PCCERT_CONTEXT pCertContext, DWORD dwType, DWORD /* get size first */ dwSize = CertGetNameString(pCertContext, dwType, dwFlags, pvTypePara, NULL, 0); if(dwSize <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - "CertGetNameString", - NULL, - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertGetNameString", NULL); return (NULL); } /* allocate buffer */ name = (LPTSTR)xmlMalloc(sizeof(TCHAR) * (dwSize + 1)); if(name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(sizeof(TCHAR) * (dwSize + 1), NULL); return (NULL); } /* actually get the name */ dwSize = CertGetNameString(pCertContext, dwType, dwFlags, pvTypePara, name, dwSize); if(dwSize <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - "CertGetNameString", - NULL, - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMSCryptoError("CertGetNameString", NULL); xmlFree(name); return (NULL); } - res = xmlSecMSCryptoConvertTstrToUtf8(name); + res = xmlSecWin32ConvertTstrToUtf8(name); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - "xmlSecMSCryptoConvertTstrToUtf8", - NULL, - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecWin32ConvertTstrToUtf8", NULL); xmlFree(name); return (NULL); } |