diff options
Diffstat (limited to 'src/nss')
-rw-r--r-- | src/nss/Makefile.am | 4 | ||||
-rw-r--r-- | src/nss/README | 2 | ||||
-rw-r--r-- | src/nss/app.c | 518 | ||||
-rw-r--r-- | src/nss/bignum.c | 49 | ||||
-rw-r--r-- | src/nss/ciphers.c | 194 | ||||
-rw-r--r-- | src/nss/crypto.c | 118 | ||||
-rw-r--r-- | src/nss/digests.c | 144 | ||||
-rw-r--r-- | src/nss/globals.h | 44 | ||||
-rw-r--r-- | src/nss/hmac.c | 189 | ||||
-rw-r--r-- | src/nss/keysstore.c | 150 | ||||
-rw-r--r-- | src/nss/keytrans.c | 788 | ||||
-rw-r--r-- | src/nss/kw_aes.c | 165 | ||||
-rw-r--r-- | src/nss/kw_des.c | 171 | ||||
-rw-r--r-- | src/nss/pkikeys.c | 640 | ||||
-rw-r--r-- | src/nss/signatures.c | 635 | ||||
-rw-r--r-- | src/nss/symkeys.c | 13 | ||||
-rw-r--r-- | src/nss/x509.c | 730 | ||||
-rw-r--r-- | src/nss/x509vfy.c | 287 |
18 files changed, 2139 insertions, 2702 deletions
diff --git a/src/nss/Makefile.am b/src/nss/Makefile.am index 8cd85863..e666f33c 100644 --- a/src/nss/Makefile.am +++ b/src/nss/Makefile.am @@ -37,10 +37,6 @@ libxmlsec1_nss_la_SOURCES =\ globals.h \ $(NULL) -if SHAREDLIB_HACK -libxmlsec1_nss_la_SOURCES += ../strings.c -endif - libxmlsec1_nss_la_LIBADD = \ $(NSS_LIBS) \ $(LIBXSLT_LIBS) \ diff --git a/src/nss/README b/src/nss/README index 65a0f45e..536552ed 100644 --- a/src/nss/README +++ b/src/nss/README @@ -1,6 +1,6 @@ WHAT VERSION OF NSS? ------------------------------------------------------------------------ -NSS 3.9 or greater and NSPR 4.4.1 or greater are required. +NSS 3.11.1 or greater and NSPR 4.4.1 or greater are required. KEYS MANAGER ------------------------------------------------------------------------ diff --git a/src/nss/app.c b/src/nss/app.c index 0a9046fc..57b540a5 100644 --- a/src/nss/app.c +++ b/src/nss/app.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:app + * @Short_description: Application support functions for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -73,22 +81,15 @@ xmlSecNssAppInit(const char* config) { if(config) { rv = NSS_InitReadWrite(config); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "NSS_InitReadWrite", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "config=%s", - xmlSecErrorsSafeString(config)); + xmlSecNssError2("NSS_InitReadWrite", NULL, + "config=%s", + xmlSecErrorsSafeString(config)); return(-1); } } else { rv = NSS_NoDB_Init(NULL); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "NSS_NoDB_Init", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("NSS_NoDB_Init", NULL); return(-1); } } @@ -131,11 +132,7 @@ xmlSecNssAppShutdown(void) { PK11_LogoutAll(); rv = NSS_Shutdown(); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "NSS_Shutdown", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("NSS_Shutdown", NULL); return(-1); } return(0); @@ -149,11 +146,7 @@ xmlSecNssAppCreateSECItem(SECItem *contents, const xmlSecByte* data, xmlSecSize contents->data = 0; if (!SECITEM_AllocItem(NULL, contents, dataSize)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECITEM_AllocItem", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECITEM_AllocItem", NULL); return(-1); } @@ -178,33 +171,21 @@ xmlSecNssAppReadSECItem(SECItem *contents, const char *fn) { file = PR_Open(fn, PR_RDONLY, 00660); if (file == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PR_Open", - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s", - xmlSecErrorsSafeString(fn)); + xmlSecNssError2("PR_Open", NULL, + "filename=%s", xmlSecErrorsSafeString(fn)); goto done; } prStatus = PR_GetOpenFileInfo(file, &info); if (prStatus != PR_SUCCESS) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PR_GetOpenFileInfo", - XMLSEC_ERRORS_R_IO_FAILED, - "filename=%s", - xmlSecErrorsSafeString(fn)); + xmlSecNssError2("PR_GetOpenFileInfo", NULL, + "filename=%s", xmlSecErrorsSafeString(fn)); goto done; } contents->data = 0; if (!SECITEM_AllocItem(NULL, contents, info.size)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECITEM_AllocItem", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECITEM_AllocItem", NULL); goto done; } @@ -286,21 +267,13 @@ xmlSecNssAppKeyLoad(const char *filename, xmlSecKeyDataFormat format, memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppReadSECItem(&secItem, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppReadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppReadSECItem", NULL); return(NULL); } res = xmlSecNssAppKeyLoadSECItem(&secItem, format, pwd, pwdCallback, pwdCallbackCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(NULL); } @@ -335,21 +308,13 @@ xmlSecNssAppKeyLoadMemory(const xmlSecByte* data, xmlSecSize dataSize, xmlSecKey memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppCreateSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppCreateSECItem", NULL); return(NULL); } res = xmlSecNssAppKeyLoadSECItem(&secItem, format, pwd, pwdCallback, pwdCallbackCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(NULL); } @@ -385,22 +350,14 @@ xmlSecNssAppKeyLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format, case xmlSecKeyDataFormatPkcs12: key = xmlSecNssAppPkcs12LoadSECItem(secItem, pwd, pwdCallback, pwdCallbackCtx); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppPkcs12LoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppPkcs12LoadSECItem", NULL); return(NULL); } break; case xmlSecKeyDataFormatCertDer: key = xmlSecNssAppKeyFromCertLoadSECItem(secItem, format); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyFromCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyFromCertLoadSECItem", NULL); return(NULL); } break; @@ -408,21 +365,14 @@ xmlSecNssAppKeyLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format, case xmlSecKeyDataFormatDer: key = xmlSecNssAppDerKeyLoadSECItem(secItem); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppDerKeyLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppDerKeyLoadSECItem", NULL); return(NULL); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyLoad", - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); - return(NULL); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); + return(NULL); } return(key); @@ -448,11 +398,7 @@ xmlSecNssAppDerKeyLoadSECItem(SECItem* secItem) { */ slot = xmlSecNssGetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetInternalKeySlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssGetInternalKeySlot", NULL); goto done; } @@ -472,31 +418,19 @@ xmlSecNssAppDerKeyLoadSECItem(SECItem* secItem) { /* TRY PUBLIC KEY */ spki = SECKEY_DecodeDERSubjectPublicKeyInfo(secItem); if (spki == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_DecodeDERSubjectPublicKeyInfo", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECKEY_DecodeDERSubjectPublicKeyInfo", NULL); } pubkey = SECKEY_ExtractPublicKey(spki); if (pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECKEY_ExtractPublicKey", NULL); goto done; } } data = xmlSecNssPKIAdoptKey(privkey, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL); goto done; } privkey = NULL; @@ -504,22 +438,14 @@ xmlSecNssAppDerKeyLoadSECItem(SECItem* secItem) { key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } retval = key; @@ -573,21 +499,13 @@ xmlSecNssAppKeyCertLoad(xmlSecKeyPtr key, const char* filename, xmlSecKeyDataFor memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppReadSECItem(&secItem, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppReadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppReadSECItem", NULL); return(-1); } ret = xmlSecNssAppKeyCertLoadSECItem(key, &secItem, format); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyCertLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(-1); } @@ -620,21 +538,13 @@ xmlSecNssAppKeyCertLoadMemory(xmlSecKeyPtr key, const xmlSecByte* data, xmlSecSi memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppCreateSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppCreateSECItem", NULL); return(-1); } ret = xmlSecNssAppKeyCertLoadSECItem(key, &secItem, format); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeyCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeyCertLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(-1); } @@ -665,12 +575,7 @@ xmlSecNssAppKeyCertLoadSECItem(xmlSecKeyPtr key, SECItem* secItem, xmlSecKeyData data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyEnsureData(xmlSecNssKeyDataX509Id)", NULL); return(-1); } @@ -680,32 +585,22 @@ xmlSecNssAppKeyCertLoadSECItem(xmlSecKeyPtr key, SECItem* secItem, xmlSecKeyData cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), secItem, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "format=%d", format); + xmlSecNssError2("__CERT_NewTempCertificate", NULL, + "format=%d", (int)format); return(-1); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(-1); } xmlSecAssert2(cert != NULL, -1); ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); return(-1); } @@ -740,21 +635,13 @@ xmlSecNssAppPkcs12Load(const char *filename, const char *pwd, memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppReadSECItem(&secItem, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppReadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppReadSECItem", NULL); return(NULL); } res = xmlSecNssAppPkcs12LoadSECItem(&secItem, pwd, pwdCallback, pwdCallbackCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppPkcs12LoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppPkcs12LoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(NULL); } @@ -790,21 +677,13 @@ xmlSecNssAppPkcs12LoadMemory(const xmlSecByte* data, xmlSecSize dataSize, const memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppCreateSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppCreateSECItem", NULL); return(NULL); } res = xmlSecNssAppPkcs12LoadSECItem(&secItem, pwd, pwdCallback, pwdCallbackCtx); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppPkcs12LoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppPkcs12LoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(NULL); } @@ -860,111 +739,69 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, */ slot = xmlSecNssGetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetInternalKeySlot", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssGetInternalKeySlot", NULL); goto done; } pwditem.data = (unsigned char *)pwd; pwditem.len = strlen(pwd)+1; if (!SECITEM_AllocItem(NULL, &uc2_pwditem, 2*pwditem.len)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECITEM_AllocItem", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SECITEM_AllocItem", NULL); goto done; } if (PORT_UCS2_ASCIIConversion(PR_TRUE, pwditem.data, pwditem.len, uc2_pwditem.data, 2*pwditem.len, &(uc2_pwditem.len), 0) == PR_FALSE) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_UCS2_ASCIIConversion", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PORT_UCS2_ASCIIConversion", NULL); goto done; } p12ctx = SEC_PKCS12DecoderStart(&uc2_pwditem, slot, NULL, NULL, NULL, NULL, NULL, NULL); if (p12ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderStart", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderStart", NULL); goto done; } rv = SEC_PKCS12DecoderUpdate(p12ctx, secItem->data, secItem->len); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderUpdate", NULL); goto done; } rv = SEC_PKCS12DecoderVerify(p12ctx); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderVerify", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderVerify", NULL); goto done; } rv = SEC_PKCS12DecoderValidateBags(p12ctx, xmlSecNssAppNicknameCollisionCallback); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderValidateBags", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderValidateBags", NULL); goto done; } rv = SEC_PKCS12DecoderImportBags(p12ctx); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderImportBags", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderImportBags", NULL); goto done; } certlist = SEC_PKCS12DecoderGetCerts(p12ctx); if (certlist == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_PKCS12DecoderGetCerts", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("SEC_PKCS12DecoderGetCerts", NULL); goto done; } x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)); goto done; } - for (head = CERT_LIST_HEAD(certlist); - !CERT_LIST_END(head, certlist); - head = CERT_LIST_NEXT(head)) { + for (head = CERT_LIST_HEAD(certlist); !CERT_LIST_END(head, certlist); head = CERT_LIST_NEXT(head)) { cert = head->cert; privkey = PK11_FindKeyByAnyCert(cert, NULL); @@ -978,20 +815,14 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, } else { pubkey = CERT_ExtractPublicKey(cert); if (pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_ExtractPublicKey", + xmlSecKeyDataGetName(x509Data)); goto done; } data = xmlSecNssPKIAdoptKey(privkey, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", + xmlSecKeyDataGetName(x509Data)); goto done; } @@ -1000,23 +831,15 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, tmpcert = CERT_DupCertificate(cert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, tmpcert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); CERT_DestroyCertificate(tmpcert); goto done; } @@ -1026,22 +849,14 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, tmpcert = CERT_DupCertificate(cert); if(tmpcert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecNssKeyDataX509AdoptCert(x509Data, tmpcert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); CERT_DestroyCertificate(tmpcert); goto done; } @@ -1049,32 +864,21 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, } /* end for loop */ if (data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppPkcs12Load", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "private key not found in PKCS12 file"); + /* private key not found in PKCS12 file */ + xmlSecInternalError("xmlSecNssAppPkcs12Load(private key)", NULL); goto done; } key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); goto done; } ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(x509Data)); xmlSecKeyDestroy(key); key = NULL; goto done; @@ -1083,12 +887,8 @@ xmlSecNssAppPkcs12LoadSECItem(SECItem* secItem, const char *pwd, ret = xmlSecKeyAdoptData(key, x509Data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); xmlSecKeyDestroy(key); key = NULL; goto done; @@ -1148,31 +948,21 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), secItem, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "format=%d", format); + xmlSecNssError2("__CERT_NewTempCertificate", NULL, + "format=%d", (int)format); return(NULL); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(NULL); } /* get key value */ keyData = xmlSecNssX509CertGetKey(cert); if(keyData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertGetKey", NULL); CERT_DestroyCertificate(cert); return(NULL); } @@ -1180,11 +970,7 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) /* create key */ key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); xmlSecKeyDataDestroy(keyData); CERT_DestroyCertificate(cert); return(NULL); @@ -1193,11 +979,7 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) /* set key value */ ret = xmlSecKeySetValue(key, keyData); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", NULL); xmlSecKeyDestroy(key); xmlSecKeyDataDestroy(keyData); CERT_DestroyCertificate(cert); @@ -1207,11 +989,7 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) /* create cert data */ certData = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id); if(certData == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", NULL); xmlSecKeyDestroy(key); CERT_DestroyCertificate(cert); return(NULL); @@ -1220,11 +998,7 @@ xmlSecNssAppKeyFromCertLoadSECItem(SECItem* secItem, xmlSecKeyDataFormat format) /* put cert in the cert data */ ret = xmlSecNssKeyDataX509AdoptCert(certData, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", NULL); xmlSecKeyDestroy(key); CERT_DestroyCertificate(cert); return(NULL); @@ -1261,21 +1035,13 @@ xmlSecNssAppKeysMngrCertLoad(xmlSecKeysMngrPtr mngr, const char *filename, memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppReadSECItem(&secItem, filename); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppReadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppReadSECItem", NULL); return(-1); } ret = xmlSecNssAppKeysMngrCertLoadSECItem(mngr, &secItem, format, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeysMngrCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeysMngrCertLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(-1); } @@ -1311,21 +1077,13 @@ xmlSecNssAppKeysMngrCertLoadMemory(xmlSecKeysMngrPtr mngr, const xmlSecByte* dat memset(&secItem, 0, sizeof(secItem)); ret = xmlSecNssAppCreateSECItem(&secItem, data, dataSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppCreateSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppCreateSECItem", NULL); return(-1); } ret = xmlSecNssAppKeysMngrCertLoadSECItem(mngr, &secItem, format, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAppKeysMngrCertLoadSECItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAppKeysMngrCertLoadSECItem", NULL); SECITEM_FreeItem(&secItem, PR_FALSE); return(-1); } @@ -1360,11 +1118,7 @@ xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem, x509Store = xmlSecKeysMngrGetDataStore(mngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssX509StoreId"); + xmlSecInternalError("xmlSecKeysMngrGetDataStore(xmlSecNssX509StoreId)", NULL); return(-1); } @@ -1373,30 +1127,20 @@ xmlSecNssAppKeysMngrCertLoadSECItem(xmlSecKeysMngrPtr mngr, SECItem* secItem, cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), secItem, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "format=%d", format); + xmlSecNssError2("__CERT_NewTempCertificate", NULL, + "format=%d", (int)format); return(-1); } break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_FORMAT, - "format=%d", format); + xmlSecOtherError2(XMLSEC_ERRORS_R_INVALID_FORMAT, NULL, + "format=%d", (int)format); return(-1); } ret = xmlSecNssX509StoreAdoptCert(x509Store, cert, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509StoreAdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509StoreAdoptCert", NULL); CERT_DestroyCertificate(cert); return(-1); } @@ -1427,21 +1171,13 @@ xmlSecNssAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { keysStore = xmlSecKeyStoreCreate(xmlSecNssKeysStoreId); if(keysStore == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecNssX509StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptKeysStore(mngr, keysStore); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptKeysStore", NULL); xmlSecKeyStoreDestroy(keysStore); return(-1); } @@ -1449,11 +1185,7 @@ xmlSecNssAppDefaultKeysMngrInit(xmlSecKeysMngrPtr mngr) { ret = xmlSecNssKeysMngrInit(mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeysMngrInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeysMngrInit", NULL); return(-1); } @@ -1481,21 +1213,13 @@ xmlSecNssAppDefaultKeysMngrAdoptKey(xmlSecKeysMngrPtr mngr, xmlSecKeyPtr key) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecNssKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeysStoreAdoptKey", NULL); return(-1); } @@ -1522,21 +1246,14 @@ xmlSecNssAppDefaultKeysMngrLoad(xmlSecKeysMngrPtr mngr, const char* uri) { store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecNssKeysStoreLoad(store, uri, mngr); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeysStoreLoad", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "uri=%s", xmlSecErrorsSafeString(uri)); + xmlSecInternalError2("xmlSecNssKeysStoreLoad", NULL, + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } @@ -1563,21 +1280,14 @@ xmlSecNssAppDefaultKeysMngrSave(xmlSecKeysMngrPtr mngr, const char* filename, xm store = xmlSecKeysMngrGetKeysStore(mngr); if(store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrGetKeysStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetKeysStore", NULL); return(-1); } ret = xmlSecNssKeysStoreSave(store, filename, type); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeysStoreSave", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "filename%s", xmlSecErrorsSafeString(filename)); + xmlSecInternalError2("xmlSecNssKeysStoreSave", NULL, + "filename%s", xmlSecErrorsSafeString(filename)); return(-1); } diff --git a/src/nss/bignum.c b/src/nss/bignum.c index 261155e6..761711ef 100644 --- a/src/nss/bignum.c +++ b/src/nss/bignum.c @@ -1,13 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * Reading/writing bignum values * * This is free software; see Copyright file in the source * distribution for precise wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:bignum + * @Short_description: Big numbers support functions implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <stdlib.h> @@ -19,6 +25,7 @@ #include <libxml/tree.h> #include <xmlsec/xmlsec.h> +#include <xmlsec/xmltree.h> #include <xmlsec/buffer.h> #include <xmlsec/base64.h> #include <xmlsec/errors.h> @@ -29,7 +36,7 @@ /** * xmlSecNssNodeGetBigNumValue: * @arena: the arena from which to allocate memory - * @cur: the poitner to an XML node. + * @cur: the pointer to an XML node. * @a: a SECItem object to hold the BigNum value * * Converts the node content from CryptoBinary format @@ -53,21 +60,13 @@ xmlSecNssNodeGetBigNumValue(PRArenaPool *arena, const xmlNodePtr cur, ret = xmlSecBufferInitialize(&buf, 128); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", NULL); return(NULL); } ret = xmlSecBufferBase64NodeContentRead(&buf, cur); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentRead", NULL); xmlSecBufferFinalize(&buf); return(NULL); } @@ -115,11 +114,7 @@ xmlSecNssNodeSetBigNumValue(xmlNodePtr cur, const SECItem *a, int addLineBreaks) ret = xmlSecBufferInitialize(&buf, a->len + 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", a->len + 1); + xmlSecInternalError2("xmlSecBufferInitialize", NULL, "size=%d", a->len + 1); return(-1); } @@ -127,34 +122,26 @@ xmlSecNssNodeSetBigNumValue(xmlNodePtr cur, const SECItem *a, int addLineBreaks) ret = xmlSecBufferSetSize(&buf, a->len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", a->len); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", a->len); xmlSecBufferFinalize(&buf); return(-1); } if(addLineBreaks) { - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); } else { xmlNodeSetContent(cur, xmlSecStringEmpty); } ret = xmlSecBufferBase64NodeContentWrite(&buf, cur, xmlSecBase64GetDefaultLineSize()); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferBase64NodeContentWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferBase64NodeContentWrite", NULL); xmlSecBufferFinalize(&buf); return(-1); } if(addLineBreaks) { - xmlNodeAddContent(cur, xmlSecStringCR); + xmlNodeAddContent(cur, xmlSecGetDefaultLineFeed()); } xmlSecBufferFinalize(&buf); diff --git a/src/nss/ciphers.c b/src/nss/ciphers.c index cf679368..1c7d27b9 100644 --- a/src/nss/ciphers.c +++ b/src/nss/ciphers.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:ciphers + * @Short_description: Ciphers transforms implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -43,7 +51,6 @@ struct _xmlSecNssBlockCipherCtx { xmlSecByte key[XMLSEC_NSS_MAX_KEY_SIZE]; xmlSecSize keySize; xmlSecByte iv[XMLSEC_NSS_MAX_IV_SIZE]; - xmlSecSize ivSize; }; static int xmlSecNssBlockCipherCtxInit (xmlSecNssBlockCipherCtxPtr ctx, xmlSecBufferPtr in, @@ -65,10 +72,10 @@ static int xmlSecNssBlockCipherCtxFinal (xmlSecNssBlockCipherCtx xmlSecTransformCtxPtr transformCtx); static int xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, - xmlSecBufferPtr in, xmlSecBufferPtr out, - int encrypt, - const xmlChar* cipherName, - xmlSecTransformCtxPtr transformCtx) { + xmlSecBufferPtr in, xmlSecBufferPtr out, + int encrypt, + const xmlChar* cipherName, + xmlSecTransformCtxPtr transformCtx) { SECItem keyItem; SECItem ivItem; PK11SlotInfo* slot; @@ -94,22 +101,16 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, /* generate random iv */ rv = PK11_GenerateRandom(ctx->iv, ivLen); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", ivLen); + xmlSecNssError2("PK11_GenerateRandom", cipherName, + "size=%d", ivLen); return(-1); } /* write iv to the output */ ret = xmlSecBufferAppend(out, ctx->iv, ivLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ivLen); + xmlSecInternalError2("xmlSecBufferAppend", cipherName, + "size=%d", ivLen); return(-1); } @@ -127,11 +128,8 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, /* and remove from input */ ret = xmlSecBufferRemoveHead(in, ivLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ivLen); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", ivLen); return(-1); } } @@ -141,26 +139,18 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, keyItem.len = ctx->keySize; memset(&ivItem, 0, sizeof(ivItem)); ivItem.data = ctx->iv; - ivItem.len = ctx->ivSize; + ivItem.len = ivLen; slot = PK11_GetBestSlot(ctx->cipher, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", cipherName); return(-1); } symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginDerive, - CKA_SIGN, &keyItem, NULL); + CKA_ENCRYPT, &keyItem, NULL); if(symKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportSymKey", cipherName); PK11_FreeSlot(slot); return(-1); } @@ -169,11 +159,7 @@ xmlSecNssBlockCipherCtxInit(xmlSecNssBlockCipherCtxPtr ctx, (encrypt) ? CKA_ENCRYPT : CKA_DECRYPT, symKey, &ivItem); if(ctx->cipherCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CreateContextBySymKey", cipherName); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); @@ -228,11 +214,8 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, /* we write out the input size plus may be one block */ ret = xmlSecBufferSetMaxSize(out, outSize + inSize + blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + inSize + blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + inSize + blockLen); return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; @@ -240,11 +223,7 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, inSize + blockLen, xmlSecBufferGetData(in), inSize); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CipherOp", cipherName); return(-1); } xmlSecAssert2((xmlSecSize)outLen == inSize, -1); @@ -252,22 +231,16 @@ xmlSecNssBlockCipherCtxUpdate(xmlSecNssBlockCipherCtxPtr ctx, /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + outLen); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } return(0); @@ -307,11 +280,8 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, /* create padding */ ret = xmlSecBufferSetMaxSize(in, blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", blockLen); return(-1); } inBuf = xmlSecBufferGetData(in); @@ -320,11 +290,8 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, if((xmlSecSize)blockLen > (inSize + 1)) { rv = PK11_GenerateRandom(inBuf + inSize, blockLen - inSize - 1); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", blockLen - inSize - 1); + xmlSecNssError2("PK11_GenerateRandom", cipherName, + "size=%d", ((int)blockLen - inSize - 1)); return(-1); } } @@ -332,11 +299,7 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, inSize = blockLen; } else { if(inSize != (xmlSecSize)blockLen) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data=%d;block=%d", inSize, blockLen); + xmlSecInvalidSizeError("Input data", inSize, blockLen, cipherName); return(-1); } } @@ -344,11 +307,8 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, /* process last block */ ret = xmlSecBufferSetMaxSize(out, outSize + 2 * blockLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + 2 * blockLen); + xmlSecInternalError2("xmlSecBufferSetMaxSize", cipherName, + "size=%d", outSize + 2 * blockLen); return(-1); } outBuf = xmlSecBufferGetData(out) + outSize; @@ -356,11 +316,7 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, rv = PK11_CipherOp(ctx->cipherCtx, outBuf, &outLen, 2 * blockLen, xmlSecBufferGetData(in), inSize); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CipherOp", cipherName); return(-1); } xmlSecAssert2((xmlSecSize)outLen == inSize, -1); @@ -368,12 +324,8 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, if(encrypt == 0) { /* check padding */ if(outLen < outBuf[blockLen - 1]) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "padding=%d;buffer=%d", - outBuf[blockLen - 1], outLen); + xmlSecInvalidSizeLessThanError("Input data padding", + inSize, outBuf[blockLen - 1], cipherName); return(-1); } outLen -= outBuf[blockLen - 1]; @@ -382,22 +334,16 @@ xmlSecNssBlockCipherCtxFinal(xmlSecNssBlockCipherCtxPtr ctx, /* set correct output buffer size */ ret = xmlSecBufferSetSize(out, outSize + outLen); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize + outLen); + xmlSecInternalError2("xmlSecBufferSetSize", cipherName, + "size=%d", outSize + outLen); return(-1); } /* remove the processed block from input */ ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(cipherName), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", cipherName, + "size=%d", inSize); return(-1); } @@ -487,11 +433,7 @@ xmlSecNssBlockCipherInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_AES */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } @@ -563,12 +505,8 @@ xmlSecNssBlockCipherSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) < ctx->keySize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "keySize=%d;expected=%d", - xmlSecBufferGetSize(buffer), ctx->keySize); + xmlSecInvalidKeyDataSizeError(xmlSecBufferGetSize(buffer), ctx->keySize, + xmlSecTransformGetName(transform)); return(-1); } @@ -606,20 +544,14 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxInit", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssBlockCipherCtxInit", + xmlSecTransformGetName(transform)); return(-1); } } if((ctx->ctxInitialized == 0) && (last != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "not enough data to initialize transform"); + xmlSecInvalidDataError("not enough data to initialize transform", + xmlSecTransformGetName(transform)); return(-1); } @@ -628,11 +560,8 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxUpdate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssBlockCipherCtxUpdate", + xmlSecTransformGetName(transform)); return(-1); } } @@ -642,11 +571,8 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0, xmlSecTransformGetName(transform), transformCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssBlockCipherCtxFinal", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssBlockCipherCtxFinal", + xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusFinished; @@ -658,11 +584,7 @@ xmlSecNssBlockCipherExecute(xmlSecTransformPtr transform, int last, xmlSecTransf /* the only way we can get here is if there is no enough data in the input */ xmlSecAssert2(last == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } diff --git a/src/nss/crypto.c b/src/nss/crypto.c index ea79519f..a00824dd 100644 --- a/src/nss/crypto.c +++ b/src/nss/crypto.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:crypto + * @Short_description: Crypto transforms implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -75,6 +83,10 @@ xmlSecCryptoGetFunctions_nss(void) { gXmlSecNssFunctions->keyDataDsaGetKlass = xmlSecNssKeyDataDsaGetKlass; #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA + gXmlSecNssFunctions->keyDataEcdsaGetKlass = xmlSecNssKeyDataEcdsaGetKlass; +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_HMAC gXmlSecNssFunctions->keyDataHmacGetKlass = xmlSecNssKeyDataHmacGetKlass; #endif /* XMLSEC_NO_HMAC */ @@ -121,9 +133,33 @@ xmlSecCryptoGetFunctions_nss(void) { /******************************* DSA ********************************/ #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 gXmlSecNssFunctions->transformDsaSha1GetKlass = xmlSecNssTransformDsaSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + gXmlSecNssFunctions->transformDsaSha256GetKlass = xmlSecNssTransformDsaSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ + /******************************* ECDSA ******************************/ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 + gXmlSecNssFunctions->transformEcdsaSha1GetKlass = xmlSecNssTransformEcdsaSha1GetKlass; +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + gXmlSecNssFunctions->transformEcdsaSha224GetKlass = xmlSecNssTransformEcdsaSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ +#ifndef XMLSEC_NO_SHA256 + gXmlSecNssFunctions->transformEcdsaSha256GetKlass = xmlSecNssTransformEcdsaSha256GetKlass; +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + gXmlSecNssFunctions->transformEcdsaSha384GetKlass = xmlSecNssTransformEcdsaSha384GetKlass; +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + gXmlSecNssFunctions->transformEcdsaSha512GetKlass = xmlSecNssTransformEcdsaSha512GetKlass; +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + /******************************* HMAC ********************************/ #ifndef XMLSEC_NO_HMAC @@ -139,6 +175,10 @@ xmlSecCryptoGetFunctions_nss(void) { gXmlSecNssFunctions->transformHmacSha1GetKlass = xmlSecNssTransformHmacSha1GetKlass; #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + gXmlSecNssFunctions->transformHmacSha224GetKlass = xmlSecNssTransformHmacSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 gXmlSecNssFunctions->transformHmacSha256GetKlass = xmlSecNssTransformHmacSha256GetKlass; #endif /* XMLSEC_NO_SHA256 */ @@ -164,6 +204,10 @@ xmlSecCryptoGetFunctions_nss(void) { gXmlSecNssFunctions->transformRsaSha1GetKlass = xmlSecNssTransformRsaSha1GetKlass; #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + gXmlSecNssFunctions->transformRsaSha224GetKlass = xmlSecNssTransformRsaSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 gXmlSecNssFunctions->transformRsaSha256GetKlass = xmlSecNssTransformRsaSha256GetKlass; #endif /* XMLSEC_NO_SHA256 */ @@ -193,6 +237,9 @@ xmlSecCryptoGetFunctions_nss(void) { #ifndef XMLSEC_NO_SHA1 gXmlSecNssFunctions->transformSha1GetKlass = xmlSecNssTransformSha1GetKlass; #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + gXmlSecNssFunctions->transformSha224GetKlass = xmlSecNssTransformSha224GetKlass; +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 gXmlSecNssFunctions->transformSha256GetKlass = xmlSecNssTransformSha256GetKlass; #endif /* XMLSEC_NO_SHA256 */ @@ -246,11 +293,7 @@ int xmlSecNssInit (void) { /* Check loaded xmlsec library version */ if(xmlSecCheckVersionExact() != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCheckVersionExact", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCheckVersionExact", NULL); return(-1); } @@ -259,11 +302,7 @@ xmlSecNssInit (void) { /* register our klasses */ if(xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms(xmlSecCryptoGetFunctions_nss()) < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecCryptoDLFunctionsRegisterKeyDataAndTransforms", NULL); return(-1); } @@ -303,21 +342,13 @@ xmlSecNssKeysMngrInit(xmlSecKeysMngrPtr mngr) { x509Store = xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssX509StoreId"); + xmlSecInternalError("xmlSecKeyDataStoreCreate(xmlSecNssX509StoreId)", NULL); return(-1); } ret = xmlSecKeysMngrAdoptDataStore(mngr, x509Store); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeysMngrAdoptDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrAdoptDataStore", NULL); xmlSecKeyDataStoreDestroy(x509Store); return(-1); } @@ -342,22 +373,14 @@ xmlSecNssGetInternalKeySlot() slot = PK11_GetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GetInternalKeySlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_GetInternalKeySlot", NULL); return NULL; } if (PK11_NeedUserInit(slot)) { rv = PK11_InitPin(slot, NULL, NULL); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_Authenticate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_InitPin", NULL); return NULL; } } @@ -365,11 +388,8 @@ xmlSecNssGetInternalKeySlot() if(PK11_IsLoggedIn(slot, NULL) != PR_TRUE) { rv = PK11_Authenticate(slot, PR_TRUE, NULL); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_Authenticate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError2("PK11_Authenticate", NULL, + "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot))); return NULL; } } @@ -396,22 +416,15 @@ xmlSecNssGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { ret = xmlSecBufferSetSize(buffer, size); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", size); + xmlSecInternalError2("xmlSecBufferSetSize", NULL, "size=%d", size); return(-1); } /* get random data */ rv = PK11_GenerateRandom((xmlSecByte*)xmlSecBufferGetData(buffer), size); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", size); + xmlSecNssError2("PK11_GenerateRandom", NULL, + "size=%lu", (unsigned long)size); return(-1); } return(0); @@ -427,18 +440,11 @@ xmlSecNssGenerateRandom(xmlSecBufferPtr buffer, xmlSecSize size) { * @reason: the error code. * @msg: the additional error message. * - * The default errors reporting callback function. + * The errors reporting callback function. Just a pass through to the default callback. */ void xmlSecNssErrorsDefaultCallback(const char* file, int line, const char* func, const char* errorObject, const char* errorSubject, int reason, const char* msg) { - xmlChar buf[500]; - int err; - - err = PORT_GetError(); - xmlSecStrPrintf(buf, sizeof(buf), BAD_CAST "%s;last nss error=%d (0x%08X)", msg, err, err); - xmlSecErrorsDefaultCallback(file, line, func, - errorObject, errorSubject, - reason, (char*)buf); + xmlSecErrorsDefaultCallback(file, line, func, errorObject, errorSubject, reason, msg); } diff --git a/src/nss/digests.c b/src/nss/digests.c index 2a81375c..3bcfb04d 100644 --- a/src/nss/digests.c +++ b/src/nss/digests.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:digests + * @Short_description: Digests transforms implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -77,6 +85,12 @@ xmlSecNssDigestCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { return(1); @@ -123,6 +137,11 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha224Id)) { + ctx->digest = SECOID_FindOIDByTag(SEC_OID_SHA224); + } else +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformSha256Id)) { @@ -143,30 +162,18 @@ xmlSecNssDigestInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_SHA512 */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } if(ctx->digest == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SECOID_FindOIDByTag", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SECOID_FindOIDByTag", xmlSecTransformGetName(transform)); return(-1); } ctx->digestCtx = PK11_CreateDigestContext(ctx->digest->offset); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateDigestContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_CreateDigestContext", xmlSecTransformGetName(transform)); return(-1); } @@ -207,22 +214,16 @@ xmlSecNssDigestVerify(xmlSecTransformPtr transform, xmlSecAssert2(ctx->dgstSize > 0, -1); if(dataSize != ctx->dgstSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data and digest sizes are different (data=%d, dgst=%d)", - dataSize, ctx->dgstSize); + xmlSecInvalidIntegerDataError2("dataSize", dataSize, + "dgstSize", ctx->dgstSize, "dataSize == dgstSize", + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } if(memcmp(ctx->dgst, data, dataSize) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "data and digest do not match"); + xmlSecInvalidDataError("data and digest do not match", + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } @@ -253,11 +254,7 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt if(transform->status == xmlSecTransformStatusNone) { rv = PK11_DigestBegin(ctx->digestCtx); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestBegin", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -270,21 +267,15 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt if(inSize > 0) { rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestOp", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -293,11 +284,7 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst)); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestFinal", xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(dgstSize > 0, -1); @@ -306,11 +293,9 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, ctx->dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", ctx->dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", ctx->dgstSize); return(-1); } } @@ -320,11 +305,7 @@ xmlSecNssDigestExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCt /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -428,6 +409,53 @@ xmlSecNssTransformSha1GetKlass(void) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/****************************************************************************** + * + * SHA224 Digest transforms + * + *****************************************************************************/ +static xmlSecTransformKlass xmlSecNssSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssDigestSize, /* xmlSecSize objSize */ + + /* data */ + xmlSecNameSha224, /* const xmlChar* name; */ + xmlSecHrefSha224, /* const xmlChar* href; */ + xmlSecTransformUsageDigestMethod, /* xmlSecTransformUsage usage; */ + + /* methods */ + xmlSecNssDigestInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssDigestFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + NULL, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + NULL, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssDigestVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssDigestExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformSha224GetKlass: + * + * SHA224 digest transform klass. + * + * Returns: pointer to SHA224 digest transform klass. + */ +xmlSecTransformId +xmlSecNssTransformSha224GetKlass(void) { + return(&xmlSecNssSha224Klass); +} +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 /****************************************************************************** diff --git a/src/nss/globals.h b/src/nss/globals.h index 065c3e8f..c3dec2d8 100644 --- a/src/nss/globals.h +++ b/src/nss/globals.h @@ -21,4 +21,48 @@ #define IN_XMLSEC_CRYPTO #define XMLSEC_PRIVATE +/* Include common error helper macros. */ +#include "../errors_helpers.h" + +/** + * xmlSecNssError: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * + * Macro. The XMLSec library macro for reporting NSS crypro errors. + */ +#define xmlSecNssError(errorFunction, errorObject) \ + { \ + PRInt32 error_code = PR_GetError(); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + "NSS error: %ld", \ + (long int)error_code \ + ); \ + } + +/** + * xmlSecNssError2: + * @errorFunction: the failed function name. + * @errorObject: the error specific error object (e.g. transform, key data, etc). + * @msg: the extra message. + * @param: the extra message param. + * + * Macro. The XMLSec library macro for reporting NSS crypro errors. + */ +#define xmlSecNssError2(errorFunction, errorObject, msg, param) \ + { \ + PRInt32 error_code = PR_GetError(); \ + xmlSecError(XMLSEC_ERRORS_HERE, \ + (const char*)(errorObject), \ + (errorFunction), \ + XMLSEC_ERRORS_R_CRYPTO_FAILED, \ + msg "; NSS error: %ld", \ + (param), \ + (long int)error_code \ + ); \ + } + #endif /* ! __XMLSEC_GLOBALS_H__ */ diff --git a/src/nss/hmac.c b/src/nss/hmac.c index 79fbf40d..e25b1e61 100644 --- a/src/nss/hmac.c +++ b/src/nss/hmac.c @@ -1,5 +1,6 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -7,6 +8,13 @@ * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:hmac + * @Short_description: HMAC transforms implementation for NSS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_HMAC #include "globals.h" @@ -125,6 +133,12 @@ xmlSecNssHmacCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) { return(1); @@ -176,6 +190,12 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha224Id)) { + ctx->digestType = CKM_SHA224_HMAC; + } else +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformHmacSha256Id)) { ctx->digestType = CKM_SHA256_HMAC; @@ -196,11 +216,7 @@ xmlSecNssHmacInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } return(0); @@ -272,11 +288,8 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans small value */ if((int)ctx->dgstSize < xmlSecNssHmacGetMinOutputLength()) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_ATTRIBUTE, - "HMAC output length is too small"); + xmlSecInvalidNodeContentError(cur, xmlSecTransformGetName(transform), + "HMAC output length is too small"); return(-1); } @@ -284,11 +297,7 @@ xmlSecNssHmacNodeRead(xmlSecTransformPtr transform, xmlNodePtr node, xmlSecTrans } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecTransformGetName(transform)); return(-1); } return(0); @@ -345,11 +354,7 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(buffer != NULL, -1); if(xmlSecBufferGetSize(buffer) == 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key is empty"); + xmlSecInvalidZeroKeyDataSizeError(xmlSecTransformGetName(transform)); return(-1); } @@ -360,33 +365,21 @@ xmlSecNssHmacSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { slot = PK11_GetBestSlot(ctx->digestType, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecTransformGetName(transform)); return(-1); } symKey = PK11_ImportSymKey(slot, ctx->digestType, PK11_OriginDerive, CKA_SIGN, &keyItem, NULL); if(symKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_ImportSymKey", xmlSecTransformGetName(transform)); PK11_FreeSlot(slot); return(-1); } ctx->digestCtx = PK11_CreateContextBySymKey(ctx->digestType, CKA_SIGN, symKey, &ignore); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_CreateContextBySymKey", xmlSecTransformGetName(transform)); PK11_FreeSymKey(symKey); PK11_FreeSlot(slot); return(-1); @@ -421,36 +414,29 @@ xmlSecNssHmacVerify(xmlSecTransformPtr transform, /* compare the digest size in bytes */ if(dataSize != ((ctx->dgstSize + 7) / 8)){ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "data=%d;dgst=%d", - dataSize, ((ctx->dgstSize + 7) / 8)); + xmlSecInvalidSizeError("HMAC digest", + dataSize, ((ctx->dgstSize + 7) / 8), + xmlSecTransformGetName(transform)); transform->status = xmlSecTransformStatusFail; return(0); } - /* we check the last byte separatelly */ + /* we check the last byte separately */ xmlSecAssert2(dataSize > 0, -1); mask = last_byte_masks[ctx->dgstSize % 8]; if((ctx->dgst[dataSize - 1] & mask) != (data[dataSize - 1] & mask)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match (last byte)"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match (last byte)"); transform->status = xmlSecTransformStatusFail; return(0); } /* now check the rest of the digest */ if((dataSize > 1) && (memcmp(ctx->dgst, data, dataSize - 1) != 0)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "data and digest do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "data and digest do not match"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -481,11 +467,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP if(transform->status == xmlSecTransformStatusNone) { rv = PK11_DigestBegin(ctx->digestCtx); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestBegin", xmlSecTransformGetName(transform)); return(-1); } transform->status = xmlSecTransformStatusWorking; @@ -498,21 +480,15 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP if(inSize > 0) { rv = PK11_DigestOp(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestOp", xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } } @@ -521,11 +497,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP rv = PK11_DigestFinal(ctx->digestCtx, ctx->dgst, &dgstSize, sizeof(ctx->dgst)); if(rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_DigestFinal", xmlSecTransformGetName(transform)); return(-1); } xmlSecAssert2(dgstSize > 0, -1); @@ -536,23 +508,18 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP } else if(ctx->dgstSize <= XMLSEC_SIZE_BAD_CAST(8 * dgstSize)) { dgstSize = ((ctx->dgstSize + 7) / 8); /* we need to truncate result digest */ } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "result-bits=%d;required-bits=%d", - 8 * dgstSize, ctx->dgstSize); + xmlSecInvalidSizeLessThanError("HMAC digest (bits)", + 8 * dgstSize, ctx->dgstSize, + xmlSecTransformGetName(transform)); return(-1); } if(transform->operation == xmlSecTransformOperationSign) { ret = xmlSecBufferAppend(out, ctx->dgst, dgstSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferAppend", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", dgstSize); + xmlSecInternalError2("xmlSecBufferAppend", + xmlSecTransformGetName(transform), + "size=%d", dgstSize); return(-1); } } @@ -562,11 +529,7 @@ xmlSecNssHmacExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxP /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "size=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -712,6 +675,52 @@ xmlSecNssTransformHmacSha1GetKlass(void) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/****************************************************************************** + * + * HMAC SHA224 + * + ******************************************************************************/ +static xmlSecTransformKlass xmlSecNssHmacSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssHmacSize, /* xmlSecSize objSize */ + + xmlSecNameHmacSha224, /* const xmlChar* name; */ + xmlSecHrefHmacSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssHmacInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssHmacFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + xmlSecNssHmacNodeRead, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssHmacSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssHmacSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssHmacVerify, /* xmlSecTransformValidateMethod validate; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssHmacExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformHmacSha224GetKlass: + * + * The HMAC-SHA224 transform klass. + * + * Returns: the HMAC-SHA224 transform klass. + */ +xmlSecTransformId +xmlSecNssTransformHmacSha224GetKlass(void) { + return(&xmlSecNssHmacSha224Klass); +} +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 /****************************************************************************** * diff --git a/src/nss/keysstore.c b/src/nss/keysstore.c index 057fc454..6dbf6b74 100644 --- a/src/nss/keysstore.c +++ b/src/nss/keysstore.c @@ -1,5 +1,16 @@ +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * + * + * This is free software; see Copyright file in the source + * distribution for precise wording. + * + * Copyright (c) 2003 America Online, Inc. All rights reserved. + */ /** - * XMLSec library + * SECTION:keysstore + * @Short_description: Keys store implementation for NSS. + * @Stability: Stable * * Nss keys store that uses Simple Keys Store under the hood. Uses the * Nss DB as a backing store for the finding keys, but the NSS DB is @@ -10,11 +21,6 @@ * DB. * Thus, the NSS DB can be used to pre-load keys and becomes an alternate * source of keys for xmlsec - * - * This is free software; see Copyright file in the source - * distribution for precise wording. - * - * Copyright (c) 2003 America Online, Inc. All rights reserved. */ #include "globals.h" @@ -126,7 +132,7 @@ xmlSecNssKeysStoreAdoptKey(xmlSecKeyStorePtr store, xmlSecKeyPtr key) { */ int xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, - xmlSecKeysMngrPtr keysMngr) { + xmlSecKeysMngrPtr keysMngr ATTRIBUTE_UNUSED) { xmlDocPtr doc; xmlNodePtr root; xmlNodePtr cur; @@ -139,22 +145,14 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, doc = xmlParseFile(uri); if(doc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlParseFile", - XMLSEC_ERRORS_R_XML_FAILED, - "uri=%s", - xmlSecErrorsSafeString(uri)); + xmlSecXmlError2("xmlParseFile", xmlSecKeyStoreGetName(store), + "uri=%s", xmlSecErrorsSafeString(uri)); return(-1); } root = xmlDocGetRootElement(doc); if(!xmlSecCheckNodeName(root, BAD_CAST "Keys", xmlSecNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(root)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=<xmlsec:Keys>"); + xmlSecInvalidNodeError(root, BAD_CAST "Keys", xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -163,30 +161,23 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, while((cur != NULL) && xmlSecCheckNodeName(cur, xmlSecNodeKeyInfo, xmlSecDSigNs)) { key = xmlSecKeyCreate(); if(key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "expected-node=%s", - xmlSecErrorsSafeString(xmlSecNodeKeyInfo)); + xmlSecInternalError("xmlSecKeyCreate", + xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } ret = xmlSecKeyInfoCtxInitialize(&keyInfoCtx, NULL); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoCtxInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoCtxInitialize", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); } keyInfoCtx.mode = xmlSecKeyInfoModeRead; - keyInfoCtx.keysMngr = keysMngr; + keyInfoCtx.keysMngr = NULL; keyInfoCtx.flags = XMLSEC_KEYINFO_FLAGS_DONT_STOP_ON_KEY_FOUND | XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS; keyInfoCtx.keyReq.keyId = xmlSecKeyDataIdUnknown; @@ -195,11 +186,8 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, ret = xmlSecKeyInfoNodeRead(cur, key, &keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyInfoNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyInfoNodeRead", + xmlSecKeyStoreGetName(store)); xmlSecKeyInfoCtxFinalize(&keyInfoCtx); xmlSecKeyDestroy(key); xmlFreeDoc(doc); @@ -210,11 +198,8 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, if(xmlSecKeyIsValid(key)) { ret = xmlSecNssKeysStoreAdoptKey(store, key); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecNssKeysStoreAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeysStoreAdoptKey", + xmlSecKeyStoreGetName(store)); xmlSecKeyDestroy(key); xmlFreeDoc(doc); return(-1); @@ -227,11 +212,7 @@ xmlSecNssKeysStoreLoad(xmlSecKeyStorePtr store, const char *uri, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyStoreGetName(store)); xmlFreeDoc(doc); return(-1); } @@ -275,11 +256,8 @@ xmlSecNssKeysStoreInitialize(xmlSecKeyStorePtr store) { *ss = xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId); if(*ss == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyStoreGetName(store)), - "xmlSecKeyStoreCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecSimpleKeysStoreId"); + xmlSecInternalError("xmlSecKeyStoreCreate(xmlSecSimpleKeysStoreId)", + xmlSecKeyStoreGetName(store)); return(-1); } @@ -346,11 +324,7 @@ xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, if (keyReq->keyType & xmlSecKeyDataTypePublic) { pubkey = CERT_ExtractPublicKey(cert); if (pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_ExtractPublicKey", NULL); goto done; } } @@ -358,22 +332,14 @@ xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, if (keyReq->keyType & xmlSecKeyDataTypePrivate) { privkey = PK11_FindKeyByAnyCert(cert, NULL); if (privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_FindKeyByAnyCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_FindKeyByAnyCert", NULL); goto done; } } data = xmlSecNssPKIAdoptKey(privkey, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL); goto done; } privkey = NULL; @@ -381,78 +347,50 @@ xmlSecNssKeysStoreFindKey(xmlSecKeyStorePtr store, const xmlChar* name, key = xmlSecKeyCreate(); if (key == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyCreate", NULL); return (NULL); } x509Data = xmlSecKeyDataCreate(xmlSecNssKeyDataX509Id); if(x509Data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "transform=%s", - xmlSecErrorsSafeString(xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id))); + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecTransformKlassGetName(xmlSecNssKeyDataX509Id)); goto done; } ret = xmlSecNssKeyDataX509AdoptKeyCert(x509Data, cert); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(x509Data)); goto done; } cert = CERT_DupCertificate(cert); if (cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(x509Data)); goto done; } ret = xmlSecNssKeyDataX509AdoptCert(x509Data, cert); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(x509Data)); goto done; } cert = NULL; ret = xmlSecKeySetValue(key, data); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data))); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; ret = xmlSecKeyAdoptData(key, x509Data); if (ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyAdoptData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "data=%s", - xmlSecErrorsSafeString(xmlSecKeyDataGetName(x509Data))); + xmlSecInternalError("xmlSecKeyAdoptData", + xmlSecKeyDataGetName(x509Data)); goto done; } x509Data = NULL; diff --git a/src/nss/keytrans.c b/src/nss/keytrans.c index d84593b9..1772de85 100644 --- a/src/nss/keytrans.c +++ b/src/nss/keytrans.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * AES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * - * Copyright ................................. + * Copyright (c) 2003 America Online, Inc. All rights reserved. + */ +/** + * SECTION:keytrans + * @Short_description: RSA Key Transport transforms implementation for NSS. + * @Stability: Private + * */ + #include "globals.h" #include <stdlib.h> @@ -39,17 +44,17 @@ typedef struct _xmlSecNssKeyTransportCtx xmlSecNssKeyTran typedef struct _xmlSecNssKeyTransportCtx* xmlSecNssKeyTransportCtxPtr; #define xmlSecNssKeyTransportSize \ - ( sizeof( xmlSecTransform ) + sizeof( xmlSecNssKeyTransportCtx ) ) -#define xmlSecNssKeyTransportGetCtx( transform ) \ - ( ( xmlSecNssKeyTransportCtxPtr )( ( ( xmlSecByte* )( transform ) ) + sizeof( xmlSecTransform ) ) ) + (sizeof(xmlSecTransform) + sizeof(xmlSecNssKeyTransportCtx)) +#define xmlSecNssKeyTransportGetCtx(transform) \ + ((xmlSecNssKeyTransportCtxPtr)(((xmlSecByte*)(transform)) + sizeof(xmlSecTransform))) struct _xmlSecNssKeyTransportCtx { - CK_MECHANISM_TYPE cipher ; - SECKEYPublicKey* pubkey ; - SECKEYPrivateKey* prikey ; - xmlSecKeyDataId keyId ; - xmlSecBufferPtr material ; /* to be encrypted/decrypted material */ -} ; + CK_MECHANISM_TYPE cipher; + SECKEYPublicKey* pubkey; + SECKEYPrivateKey* prikey; + xmlSecKeyDataId keyId; + xmlSecBufferPtr material; /* to be encrypted/decrypted material */ +}; static int xmlSecNssKeyTransportInitialize (xmlSecTransformPtr transform); static void xmlSecNssKeyTransportFinalize (xmlSecTransformPtr transform); @@ -89,12 +94,12 @@ xmlSecNssKeyTransportCheckId(xmlSecTransformPtr transform) { static int xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { - xmlSecNssKeyTransportCtxPtr context ; + xmlSecNssKeyTransportCtxPtr context; xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert2( context != NULL , -1 ) ; + context = xmlSecNssKeyTransportGetCtx(transform); + xmlSecAssert2(context != NULL, -1); /* initialize context */ memset(context, 0, sizeof(xmlSecNssKeyTransportCtx)); @@ -122,11 +127,7 @@ xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { /* not found */ { - xmlSecError(XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNotImplementedError(xmlSecErrorsSafeString(xmlSecTransformGetName(transform))); return(-1); } @@ -135,43 +136,43 @@ xmlSecNssKeyTransportInitialize(xmlSecTransformPtr transform) { static void xmlSecNssKeyTransportFinalize(xmlSecTransformPtr transform) { - xmlSecNssKeyTransportCtxPtr context ; + xmlSecNssKeyTransportCtxPtr context; xmlSecAssert(xmlSecNssKeyTransportCheckId(transform)); xmlSecAssert(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize)); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert( context != NULL ) ; + context = xmlSecNssKeyTransportGetCtx(transform); + xmlSecAssert(context != NULL); - if( context->pubkey != NULL ) { - SECKEY_DestroyPublicKey( context->pubkey ) ; - context->pubkey = NULL ; + if(context->pubkey != NULL) { + SECKEY_DestroyPublicKey(context->pubkey); + context->pubkey = NULL; } - if( context->prikey != NULL ) { - SECKEY_DestroyPrivateKey( context->prikey ) ; - context->prikey = NULL ; + if(context->prikey != NULL) { + SECKEY_DestroyPrivateKey(context->prikey); + context->prikey = NULL; } - if( context->material != NULL ) { + if(context->material != NULL) { xmlSecBufferDestroy(context->material); - context->material = NULL ; + context->material = NULL; } } static int xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyReq) { - xmlSecNssKeyTransportCtxPtr context ; + xmlSecNssKeyTransportCtxPtr context; xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(keyReq != NULL, -1); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - xmlSecAssert2( context != NULL , -1 ) ; + context = xmlSecNssKeyTransportGetCtx(transform); + xmlSecAssert2(context != NULL, -1); - keyReq->keyId = context->keyId; + keyReq->keyId = context->keyId; if(transform->operation == xmlSecTransformOperationEncrypt) { keyReq->keyUsage = xmlSecKeyUsageEncrypt; keyReq->keyType = xmlSecKeyDataTypePublic; @@ -185,480 +186,373 @@ xmlSecNssKeyTransportSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr ke static int xmlSecNssKeyTransportSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { - xmlSecNssKeyTransportCtxPtr context = NULL ; - xmlSecKeyDataPtr keyData = NULL ; - SECKEYPublicKey* pubkey = NULL ; - SECKEYPrivateKey* prikey = NULL ; + xmlSecNssKeyTransportCtxPtr context = NULL; + xmlSecKeyDataPtr keyData = NULL; + SECKEYPublicKey* pubkey = NULL; + SECKEYPrivateKey* prikey = NULL; xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); xmlSecAssert2(key != NULL, -1); - context = xmlSecNssKeyTransportGetCtx( transform ) ; - if( (context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL) ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportGetCtx" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + context = xmlSecNssKeyTransportGetCtx(transform); + if((context == NULL) || (context->keyId == NULL) || (context->pubkey != NULL)) { + xmlSecInternalError("xmlSecNssKeyTransportGetCtx", xmlSecTransformGetName(transform)); return(-1); } - xmlSecAssert2( xmlSecKeyCheckId( key, context->keyId ), -1 ) ; - - keyData = xmlSecKeyGetValue( key ) ; - if( keyData == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyGetName( key ) ) , - "xmlSecKeyGetValue" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecAssert2(xmlSecKeyCheckId(key, context->keyId), -1); + + keyData = xmlSecKeyGetValue(key); + if(keyData == NULL) { + xmlSecInternalError("xmlSecKeyGetValue", xmlSecTransformGetName(transform)); return(-1); } if(transform->operation == xmlSecTransformOperationEncrypt) { - if( ( pubkey = xmlSecNssPKIKeyDataGetPubKey( keyData ) ) == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , - "xmlSecNssPKIKeyDataGetPubKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + pubkey = xmlSecNssPKIKeyDataGetPubKey(keyData); + if(pubkey == NULL) { + xmlSecInternalError("xmlSecNssPKIKeyDataGetPubKey", xmlSecKeyDataGetName(keyData)); + return(-1); } - - context->pubkey = pubkey ; + context->pubkey = pubkey; } else { - if( ( prikey = xmlSecNssPKIKeyDataGetPrivKey( keyData ) ) == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecKeyDataGetName( keyData ) ) , - "xmlSecNssPKIKeyDataGetPrivKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + prikey = xmlSecNssPKIKeyDataGetPrivKey(keyData); + if(prikey == NULL) { + xmlSecInternalError("xmlSecNssPKIKeyDataGetPrivKey", xmlSecKeyDataGetName(keyData)); + return(-1); } - - context->prikey = prikey ; + context->prikey = prikey; } - return(0) ; + /* done */ + return(0); } static int -xmlSecNssKeyTransportCtxInit( - xmlSecNssKeyTransportCtxPtr ctx , - xmlSecBufferPtr in , - xmlSecBufferPtr out , - int encrypt , - xmlSecTransformCtxPtr transformCtx -) { - int blockSize ; - - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - if( ctx->material != NULL ) { - xmlSecBufferDestroy( ctx->material ) ; - ctx->material = NULL ; - } +xmlSecNssKeyTransportCtxInit(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, + int encrypt, xmlSecTransformCtxPtr transformCtx) { + int blockSize; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != CKM_INVALID_MECHANISM, -1); + xmlSecAssert2((ctx->pubkey != NULL && encrypt) || (ctx->prikey != NULL && !encrypt), -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + if(ctx->material != NULL) { + xmlSecBufferDestroy(ctx->material); + ctx->material = NULL; + } - if( ctx->pubkey != NULL ) { - blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; - } else if( ctx->prikey != NULL ) { - blockSize = PK11_SignatureLen( ctx->prikey ) ; - } else { - blockSize = -1 ; + if(ctx->pubkey != NULL) { + blockSize = SECKEY_PublicKeyStrength(ctx->pubkey); + if(blockSize <= 0) { + xmlSecNssError("SECKEY_PublicKeyStrength", NULL); + return(-1); } - - if( blockSize < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + } else if(ctx->prikey != NULL) { + blockSize = PK11_SignatureLen(ctx->prikey); + if(blockSize <= 0) { + xmlSecNssError("PK11_SignatureLen", NULL); + return(-1); } + } else { + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_NOT_FOUND, NULL, + "neither public or private keys are set"); + return(-1); + } - ctx->material = xmlSecBufferCreate( blockSize ) ; - if( ctx->material == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferCreate" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + ctx->material = xmlSecBufferCreate(blockSize); + if(ctx->material == NULL) { + xmlSecInternalError2("xmlSecBufferSetData", NULL, + "size=%lu", (long unsigned)blockSize); + return(-1); + } - /* read raw key material into context */ - if( xmlSecBufferSetData( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferSetData" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + /* read raw key material into context */ + if(xmlSecBufferSetData(ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferSetData", NULL, + "size=%lu", (long unsigned)xmlSecBufferGetSize(in)); + return(-1); + } - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } + if(xmlSecBufferRemoveHead(in, xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", NULL, + "size=%lu", (long unsigned)xmlSecBufferGetSize(in)); + return(-1); + } - return(0); + return(0); } static int -xmlSecNssKeyTransportCtxUpdate( - xmlSecNssKeyTransportCtxPtr ctx , - xmlSecBufferPtr in , - xmlSecBufferPtr out , - int encrypt , - xmlSecTransformCtxPtr transformCtx -) { - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( ctx->material != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - /* read raw key material and append into context */ - if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } +xmlSecNssKeyTransportCtxUpdate(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, + int encrypt, xmlSecTransformCtxPtr transformCtx) { + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != CKM_INVALID_MECHANISM, -1); + xmlSecAssert2((ctx->pubkey != NULL && encrypt) || (ctx->prikey != NULL && !encrypt), -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(ctx->material != NULL, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + /* read raw key material and append into context */ + if(xmlSecBufferAppend(ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferAppend", NULL, + "size=%lu", (long unsigned)xmlSecBufferGetSize(in)); + return(-1); + } - return(0); + if(xmlSecBufferRemoveHead(in, xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", NULL, + "size=%lu", (long unsigned)xmlSecBufferGetSize(in)); + return(-1); + } + return(0); } static int -xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, +xmlSecNssKeyTransportCtxFinal(xmlSecNssKeyTransportCtxPtr ctx, xmlSecBufferPtr in, xmlSecBufferPtr out, int encrypt, xmlSecTransformCtxPtr transformCtx) { - PK11SymKey* symKey ; - PK11SlotInfo* slot ; - SECItem oriskv ; - int blockSize ; - xmlSecBufferPtr result ; - - xmlSecAssert2( ctx != NULL , -1 ) ; - xmlSecAssert2( ctx->cipher != CKM_INVALID_MECHANISM , -1 ) ; - xmlSecAssert2( ( ctx->pubkey != NULL && encrypt ) || ( ctx->prikey != NULL && !encrypt ), -1 ) ; - xmlSecAssert2( ctx->keyId != NULL , -1 ) ; - xmlSecAssert2( ctx->material != NULL , -1 ) ; - xmlSecAssert2( in != NULL , -1 ) ; - xmlSecAssert2( out != NULL , -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - /* read raw key material and append into context */ - if( xmlSecBufferAppend( ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + PK11SymKey* symKey; + PK11SlotInfo* slot; + SECItem oriskv; + int blockSize; + xmlSecBufferPtr result; + + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->cipher != CKM_INVALID_MECHANISM, -1); + xmlSecAssert2((ctx->pubkey != NULL && encrypt) || (ctx->prikey != NULL && !encrypt), -1); + xmlSecAssert2(ctx->keyId != NULL, -1); + xmlSecAssert2(ctx->material != NULL, -1); + xmlSecAssert2(in != NULL, -1); + xmlSecAssert2(out != NULL, -1); + xmlSecAssert2(transformCtx != NULL, -1); + + /* read raw key material and append into context */ + if(xmlSecBufferAppend(ctx->material, xmlSecBufferGetData(in), xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferAppend", NULL, + "size=%lu", (unsigned long)xmlSecBufferGetSize(in)); + return(-1); + } + + if(xmlSecBufferRemoveHead(in, xmlSecBufferGetSize(in)) < 0) { + xmlSecInternalError2("xmlSecBufferRemoveHead", NULL, + "size=%lu", (unsigned long)xmlSecBufferGetSize(in)); + return(-1); + } + + /* Now we get all of the key material */ + /* from now on we will wrap or unwrap the key */ + if(ctx->pubkey != NULL) { + blockSize = SECKEY_PublicKeyStrength(ctx->pubkey); + if(blockSize <= 0) { + xmlSecNssError("SECKEY_PublicKeyStrength", NULL); + return(-1); + } + } else if(ctx->prikey != NULL) { + blockSize = PK11_SignatureLen(ctx->prikey); + if(blockSize <= 0) { + xmlSecNssError("PK11_SignatureLen", NULL); + return(-1); } + } else { + xmlSecOtherError(XMLSEC_ERRORS_R_KEY_NOT_FOUND, NULL, + "neither public or private keys are set"); + return(-1); + } + + result = xmlSecBufferCreate(blockSize * 2); + if(result == NULL) { + xmlSecInternalError("xmlSecBufferCreate", NULL); + return(-1); + } + + oriskv.type = siBuffer; + oriskv.data = xmlSecBufferGetData(ctx->material); + oriskv.len = xmlSecBufferGetSize(ctx->material); + + if(encrypt != 0) { + CK_OBJECT_HANDLE id; + SECItem wrpskv; + + /* Create template symmetric key from material */ + slot = ctx->pubkey->pkcs11Slot; + if(slot == NULL) { + slot = PK11_GetBestSlot(ctx->cipher, NULL); + if(slot == NULL) { + xmlSecNssError("PK11_GetBestSlot", NULL); + xmlSecBufferDestroy(result); + return(-1); + } - if( xmlSecBufferRemoveHead( in , xmlSecBufferGetSize(in) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferRemoveHead" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + id = PK11_ImportPublicKey(slot, ctx->pubkey, PR_FALSE); + if(id == CK_INVALID_HANDLE) { + xmlSecNssError("PK11_ImportPublicKey", NULL); + xmlSecBufferDestroy(result); + PK11_FreeSlot(slot); return(-1); + } } - /* Now we get all of the key materail */ - /* from now on we will wrap or unwrap the key */ - if( ctx->pubkey != NULL ) { - blockSize = SECKEY_PublicKeyStrength( ctx->pubkey ) ; - } else if( ctx->prikey != NULL ) { - blockSize = PK11_SignatureLen( ctx->prikey ) ; - } else { - blockSize = -1 ; + /* pay attention to mechanism */ + symKey = PK11_ImportSymKey(slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL); + if(symKey == NULL) { + xmlSecNssError("PK11_ImportSymKey", NULL); + xmlSecBufferDestroy(result); + PK11_FreeSlot(slot); + return(-1); } - if( blockSize < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_GetBlockSize" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); + wrpskv.type = siBuffer; + wrpskv.data = xmlSecBufferGetData(result); + wrpskv.len = xmlSecBufferGetMaxSize(result); + + if(PK11_PubWrapSymKey(ctx->cipher, ctx->pubkey, symKey, &wrpskv) != SECSuccess) { + xmlSecNssError("PK11_PubWrapSymKey", NULL); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + PK11_FreeSlot(slot); + return(-1); } - result = xmlSecBufferCreate( blockSize * 2 ) ; - if( result == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL, - "xmlSecBufferCreate" , - XMLSEC_ERRORS_R_XMLSEC_FAILED , - XMLSEC_ERRORS_NO_MESSAGE) ; - return(-1); + if(xmlSecBufferSetSize(result, wrpskv.len) < 0) { + xmlSecInternalError2("xmlSecBufferSetSize", NULL, + "size=%lu", (unsigned long)wrpskv.len); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + PK11_FreeSlot(slot); + return(-1); + } + PK11_FreeSymKey(symKey); + PK11_FreeSlot(slot); + } else { + SECItem* keyItem; + + /* pay attention to mechanism */ + symKey = PK11_PubUnwrapSymKey(ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0); + if(symKey == NULL) { + xmlSecNssError("PK11_PubUnwrapSymKey", NULL); + xmlSecBufferDestroy(result); + return(-1); } - oriskv.type = siBuffer ; - oriskv.data = xmlSecBufferGetData( ctx->material ) ; - oriskv.len = xmlSecBufferGetSize( ctx->material ) ; - - if( encrypt != 0 ) { - CK_OBJECT_HANDLE id ; - SECItem wrpskv ; - - /* Create template symmetric key from material */ - slot = ctx->pubkey->pkcs11Slot; - if( slot == NULL ) { - slot = PK11_GetBestSlot( ctx->cipher, NULL ) ; - if( slot == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecNssSlotGet" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - id = PK11_ImportPublicKey( slot, ctx->pubkey, PR_FALSE ) ; - if( id == CK_INVALID_HANDLE ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ImportPublicKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - } - - /* pay attention to mechanism */ - symKey = PK11_ImportSymKey( slot, ctx->cipher, PK11_OriginUnwrap, CKA_WRAP, &oriskv, NULL ) ; - if( symKey == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ImportSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - - wrpskv.type = siBuffer ; - wrpskv.data = xmlSecBufferGetData( result ) ; - wrpskv.len = xmlSecBufferGetMaxSize( result ) ; - - if( PK11_PubWrapSymKey( ctx->cipher, ctx->pubkey, symKey, &wrpskv ) != SECSuccess ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubWrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - - if( xmlSecBufferSetSize( result , wrpskv.len ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferSetSize" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - PK11_FreeSlot( slot ) ; - return(-1); - } - PK11_FreeSymKey( symKey ) ; - PK11_FreeSlot( slot ) ; - } else { - SECItem* keyItem ; - - /* pay attention to mechanism */ - symKey = PK11_PubUnwrapSymKey( ctx->prikey, &oriskv, ctx->cipher, CKA_UNWRAP, 0 ); - if( symKey == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubUnwrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - /* Extract raw data from symmetric key */ - if( PK11_ExtractKeyValue( symKey ) != SECSuccess ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_ExtractKeyValue" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - keyItem = PK11_GetKeyData( symKey ); - if( keyItem == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_GetKeyData" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - - if( xmlSecBufferSetData( result, keyItem->data, keyItem->len ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "PK11_PubUnwrapSymKey" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - PK11_FreeSymKey( symKey ) ; - xmlSecBufferDestroy(result); - return(-1); - } - PK11_FreeSymKey( symKey ) ; + /* Extract raw data from symmetric key */ + if(PK11_ExtractKeyValue(symKey) != SECSuccess) { + xmlSecNssError("PK11_ExtractKeyValue", NULL); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + return(-1); } - /* Write output */ - if( xmlSecBufferAppend( out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result) ) < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - "xmlSecBufferAppend" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; - xmlSecBufferDestroy(result); - return(-1); + keyItem = PK11_GetKeyData(symKey); + if(keyItem == NULL) { + xmlSecNssError("PK11_GetKeyData", NULL); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + return(-1); + } + + if(xmlSecBufferSetData(result, keyItem->data, keyItem->len) < 0) { + xmlSecInternalError2("xmlSecBufferSetData", NULL, + "size=%lu", (unsigned long)keyItem->len); + PK11_FreeSymKey(symKey); + xmlSecBufferDestroy(result); + return(-1); } + PK11_FreeSymKey(symKey); + } + + /* Write output */ + if(xmlSecBufferAppend(out, xmlSecBufferGetData(result), xmlSecBufferGetSize(result)) < 0) { + xmlSecInternalError2("xmlSecBufferAppend", NULL, + "size=%lu", (unsigned long)xmlSecBufferGetSize(result)); xmlSecBufferDestroy(result); + return(-1); + } - return(0); + /* done */ + xmlSecBufferDestroy(result); + return(0); } static int xmlSecNssKeyTransportExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtxPtr transformCtx) { - xmlSecNssKeyTransportCtxPtr context = NULL ; - xmlSecBufferPtr inBuf, outBuf ; - int operation ; - int rtv ; - - xmlSecAssert2( xmlSecNssKeyTransportCheckId( transform ), -1 ) ; - xmlSecAssert2( xmlSecTransformCheckSize( transform, xmlSecNssKeyTransportSize ), -1 ) ; - xmlSecAssert2( ( transform->operation == xmlSecTransformOperationEncrypt ) || ( transform->operation == xmlSecTransformOperationDecrypt ), -1 ) ; - xmlSecAssert2( transformCtx != NULL , -1 ) ; - - context = xmlSecNssKeyTransportGetCtx( transform ) ; - if( context == NULL ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportGetCtx" , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - XMLSEC_ERRORS_NO_MESSAGE ) ; + xmlSecNssKeyTransportCtxPtr context = NULL; + xmlSecBufferPtr inBuf, outBuf; + int operation; + int rtv; + + xmlSecAssert2(xmlSecNssKeyTransportCheckId(transform), -1); + xmlSecAssert2(xmlSecTransformCheckSize(transform, xmlSecNssKeyTransportSize), -1); + xmlSecAssert2((transform->operation == xmlSecTransformOperationEncrypt) || (transform->operation == xmlSecTransformOperationDecrypt), -1); + xmlSecAssert2(transformCtx != NULL, -1); + + context = xmlSecNssKeyTransportGetCtx(transform); + if(context == NULL) { + xmlSecInternalError("xmlSecNssKeyTransportGetCtx", + xmlSecTransformGetName(transform)); + return(-1); + } + + inBuf = &(transform->inBuf); + outBuf = &(transform->outBuf); + + if(transform->status == xmlSecTransformStatusNone) { + transform->status = xmlSecTransformStatusWorking; + } + + operation = (transform->operation == xmlSecTransformOperationEncrypt) ? 1 : 0; + if(transform->status == xmlSecTransformStatusWorking) { + if(context->material == NULL) { + rtv = xmlSecNssKeyTransportCtxInit(context, inBuf, outBuf, operation, transformCtx); + if(rtv < 0) { + xmlSecInternalError("xmlSecNssKeyTransportCtxInit", + xmlSecTransformGetName(transform)); return(-1); + } } - inBuf = &( transform->inBuf ) ; - outBuf = &( transform->outBuf ) ; + if((context->material == NULL) && (last != 0)) { + xmlSecInvalidTransfromStatusError2(transform, + "No enough data to initialize transform"); + return(-1); + } - if( transform->status == xmlSecTransformStatusNone ) { - transform->status = xmlSecTransformStatusWorking ; + if(context->material != NULL) { + rtv = xmlSecNssKeyTransportCtxUpdate(context, inBuf, outBuf, operation, transformCtx); + if(rtv < 0) { + xmlSecInternalError("xmlSecNssKeyTransportCtxUpdate", + xmlSecTransformGetName(transform)); + return(-1); + } } - operation = ( transform->operation == xmlSecTransformOperationEncrypt ) ? 1 : 0 ; - if( transform->status == xmlSecTransformStatusWorking ) { - if( context->material == NULL ) { - rtv = xmlSecNssKeyTransportCtxInit( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxInit" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - } - - if( (context->material == NULL) && (last != 0) ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "No enough data to intialize transform" ) ; - return(-1); - } - - if( context->material != NULL ) { - rtv = xmlSecNssKeyTransportCtxUpdate( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxUpdate" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - } - - if( last ) { - rtv = xmlSecNssKeyTransportCtxFinal( context, inBuf , outBuf , operation , transformCtx ) ; - if( rtv < 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - "xmlSecNssKeyTransportCtxFinal" , - XMLSEC_ERRORS_R_INVALID_STATUS , - XMLSEC_ERRORS_NO_MESSAGE ) ; - return(-1); - } - transform->status = xmlSecTransformStatusFinished ; - } - } else if( transform->status == xmlSecTransformStatusFinished ) { - if( xmlSecBufferGetSize( inBuf ) != 0 ) { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "status=%d", transform->status ) ; - return(-1); - } - } else { - xmlSecError( XMLSEC_ERRORS_HERE , - xmlSecErrorsSafeString( xmlSecTransformGetName( transform ) ) , - NULL , - XMLSEC_ERRORS_R_INVALID_STATUS , - "status=%d", transform->status ) ; + if(last) { + rtv = xmlSecNssKeyTransportCtxFinal(context, inBuf, outBuf, operation, transformCtx); + if(rtv < 0) { + xmlSecInternalError("xmlSecNssKeyTransportCtxFinal", + xmlSecTransformGetName(transform)); return(-1); + } + transform->status = xmlSecTransformStatusFinished; } + } else if(transform->status == xmlSecTransformStatusFinished) { + if(xmlSecBufferGetSize(inBuf) != 0) { + xmlSecInvalidTransfromStatusError2(transform, + "More data available in the input buffer"); + return(-1); + } + } else { + xmlSecInvalidTransfromStatusError(transform); + return(-1); + } - return(0); + return(0); } diff --git a/src/nss/kw_aes.c b/src/nss/kw_aes.c index cea884eb..fceacb06 100644 --- a/src/nss/kw_aes.c +++ b/src/nss/kw_aes.c @@ -1,8 +1,6 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * AES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -10,6 +8,13 @@ * Copyright (c) 2003 America Online, Inc. All rights reserved. * Copyright (C) 2010-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_aes + * @Short_description: AES Key Transport transforms implementation for NSS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_AES #include "globals.h" @@ -242,21 +247,14 @@ xmlSecNssKWAesInitialize(xmlSecTransformPtr transform) { } else if(xmlSecTransformCheckId(transform, xmlSecNssTransformKWAes256Id)) { ctx->keyExpectedSize = XMLSEC_KW_AES256_KEY_SIZE; } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } @@ -321,12 +319,8 @@ xmlSecNssKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < ctx->keyExpectedSize) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key=%d;expected=%d", - keySize, ctx->keyExpectedSize); + xmlSecInvalidKeyDataSizeError(keySize, ctx->keyExpectedSize, + xmlSecTransformGetName(transform)); return(-1); } @@ -334,12 +328,9 @@ xmlSecNssKWAesSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecBufferGetData(buffer), ctx->keyExpectedSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "expected-size=%d", - ctx->keyExpectedSize); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "expected-size=%d", ctx->keyExpectedSize); return(-1); } @@ -378,11 +369,9 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % 8) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "size=%d(not 8 bytes aligned)", inSize); + xmlSecInvalidSizeNotMultipleOfError("Input data", + inSize, 8, + xmlSecTransformGetName(transform)); return(-1); } @@ -396,11 +385,9 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "outSize=%d", outSize); return(-1); } @@ -410,11 +397,9 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx /* create key */ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 1); /* encrypt */ if(aeskey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssMakeAesKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError2("xmlSecNssMakeAesKey", + xmlSecTransformGetName(transform), + "keySize=%lu", (unsigned long)keySize); return(-1); } @@ -424,11 +409,11 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesEncode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError3("xmlSecKWAesEncode", + xmlSecTransformGetName(transform), + "inSize=%lu; outSize=%lu", + (unsigned long)inSize, + (unsigned long)outSize); PK11_FreeSymKey(aeskey); return(-1); } @@ -441,11 +426,9 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx /* create key */ aeskey = xmlSecNssMakeAesKey(xmlSecBufferGetData(&(ctx->keyBuffer)), keySize, 0); /* decrypt */ if(aeskey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssMakeAesKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError2("xmlSecNssMakeAesKey", + xmlSecTransformGetName(transform), + "keySize=%lu", (unsigned long)keySize); return(-1); } @@ -454,11 +437,11 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWAesDecode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError3("xmlSecKWAesDecode", + xmlSecTransformGetName(transform), + "inSize=%lu; outSize=%lu", + (unsigned long)inSize, + (unsigned long)outSize); PK11_FreeSymKey(aeskey); return(-1); } @@ -469,21 +452,17 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "outSize=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "outSize=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "inSize%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "inSize%d", inSize); return(-1); } @@ -492,11 +471,7 @@ xmlSecNssKWAesExecute(xmlSecTransformPtr transform, int last, xmlSecTransformCtx /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -523,11 +498,7 @@ xmlSecNSSKWAesBlockEncrypt(const xmlSecByte * in, xmlSecSize inSize, /* one block */ ret = xmlSecNssAesOp(aeskey, in, out, 1); /* encrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAesOp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAesOp", NULL); return(-1); } return(XMLSEC_KW_AES_BLOCK_SIZE); @@ -549,11 +520,7 @@ xmlSecNSSKWAesBlockDecrypt(const xmlSecByte * in, xmlSecSize inSize, /* one block */ ret = xmlSecNssAesOp(aeskey, in, out, 0); /* decrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssAesOp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssAesOp", NULL); return(-1); } return(XMLSEC_KW_AES_BLOCK_SIZE); @@ -572,11 +539,7 @@ xmlSecNssMakeAesKey(const xmlSecByte *key, xmlSecSize keySize, int enc) { cipherMech = CKM_AES_ECB; slot = PK11_GetBestSlot(cipherMech, NULL); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", NULL); goto done; } @@ -585,11 +548,7 @@ xmlSecNssMakeAesKey(const xmlSecByte *key, xmlSecSize keySize, int enc) { aeskey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL); if (aeskey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportSymKey", NULL); goto done; } @@ -619,11 +578,7 @@ xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int en cipherMech = CKM_AES_ECB; SecParam = PK11_ParamFromIV(cipherMech, NULL); if (SecParam == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ParamFromIV", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ParamFromIV", NULL); goto done; } @@ -631,11 +586,7 @@ xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int en enc ? CKA_ENCRYPT : CKA_DECRYPT, aeskey, SecParam); if (EncContext == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CreateContextBySymKey", NULL); goto done; } @@ -644,22 +595,14 @@ xmlSecNssAesOp(PK11SymKey *aeskey, const xmlSecByte *in, xmlSecByte *out, int en XMLSEC_KW_AES_BLOCK_SIZE, (unsigned char *)in, XMLSEC_KW_AES_BLOCK_SIZE); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CipherOp", NULL); goto done; } rv = PK11_DigestFinal(EncContext, out+tmp1_outlen, &tmp2_outlen, XMLSEC_KW_AES_BLOCK_SIZE-tmp1_outlen); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestFinal", NULL); goto done; } diff --git a/src/nss/kw_des.c b/src/nss/kw_des.c index 4025d35e..7c6b00b1 100644 --- a/src/nss/kw_des.c +++ b/src/nss/kw_des.c @@ -1,8 +1,6 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES KW Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. @@ -10,6 +8,13 @@ * Copyright (c) 2003 America Online, Inc. All rights reserved. * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:kw_des + * @Short_description: DES Key Transport transforms implementation for NSS. + * @Stability: Private + * + */ + #ifndef XMLSEC_NO_DES #include "globals.h" @@ -160,11 +165,8 @@ xmlSecNssKWDes3Initialize(xmlSecTransformPtr transform) { ret = xmlSecBufferInitialize(&(ctx->keyBuffer), 0); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferInitialize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferInitialize", + xmlSecTransformGetName(transform)); return(-1); } @@ -228,22 +230,16 @@ xmlSecNssKWDes3SetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { keySize = xmlSecBufferGetSize(buffer); if(keySize < XMLSEC_KW_DES3_KEY_LENGTH) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA_SIZE, - "key length %d is not enough (%d expected)", - keySize, XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInvalidKeyDataSizeError(keySize, XMLSEC_KW_DES3_KEY_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferSetData(&(ctx->keyBuffer), xmlSecBufferGetData(buffer), XMLSEC_KW_DES3_KEY_LENGTH); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", XMLSEC_KW_DES3_KEY_LENGTH); return(-1); } @@ -282,12 +278,9 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt /* just do nothing */ } else if((transform->status == xmlSecTransformStatusWorking) && (last != 0)) { if((inSize % XMLSEC_KW_DES3_BLOCK_LENGTH) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "%d bytes - not %d bytes aligned", - inSize, XMLSEC_KW_DES3_BLOCK_LENGTH); + xmlSecInvalidSizeNotMultipleOfError("Input data", + inSize, XMLSEC_KW_DES3_BLOCK_LENGTH, + xmlSecTransformGetName(transform)); return(-1); } @@ -303,11 +296,9 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt ret = xmlSecBufferSetMaxSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } @@ -316,12 +307,9 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Encode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", + keySize, inSize, outSize); return(-1); } outSize = ret; @@ -330,12 +318,9 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt xmlSecBufferGetData(in), inSize, xmlSecBufferGetData(out), outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecKWDes3Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "key=%d,in=%d,out=%d", - keySize, inSize, outSize); + xmlSecInternalError4("xmlSecKWDes3Decode", xmlSecTransformGetName(transform), + "key=%d,in=%d,out=%d", + keySize, inSize, outSize); return(-1); } outSize = ret; @@ -343,21 +328,17 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt ret = xmlSecBufferSetSize(out, outSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", outSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%d", outSize); return(-1); } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", inSize); + xmlSecInternalError2("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform), + "size=%d", inSize); return(-1); } @@ -366,11 +347,7 @@ xmlSecNssKWDes3Execute(xmlSecTransformPtr transform, int last, xmlSecTransformCt /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } return(0); @@ -399,43 +376,27 @@ xmlSecNssKWDes3Sha1(void * context, /* Create a pk11ctx for hashing (digesting) */ pk11ctx = PK11_CreateDigestContext(SEC_OID_SHA1); if (pk11ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CreateDigestContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CreateDigestContext", NULL); return(-1); } status = PK11_DigestBegin(pk11ctx); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestBegin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestBegin", NULL); PK11_DestroyContext(pk11ctx, PR_TRUE); return(-1); } status = PK11_DigestOp(pk11ctx, in, inSize); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestOp", NULL); PK11_DestroyContext(pk11ctx, PR_TRUE); return(-1); } status = PK11_DigestFinal(pk11ctx, out, &outLen, outSize); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestFinal", NULL); PK11_DestroyContext(pk11ctx, PR_TRUE); return(-1); } @@ -458,11 +419,7 @@ xmlSecNssKWDes3GenerateRandom(void * context, status = PK11_GenerateRandom(out, outSize); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GenerateRandom", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GenerateRandom", NULL); return(-1); } @@ -493,11 +450,7 @@ xmlSecNssKWDes3BlockEncrypt(void * context, out, outSize, 1); /* encrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKWDes3Encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKWDes3Encrypt", NULL); return(-1); } @@ -528,11 +481,7 @@ xmlSecNssKWDes3BlockDecrypt(void * context, out, outSize, 0); /* decrypt */ if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssKWDes3Encrypt", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKWDes3Encrypt", NULL); return(-1); } @@ -570,11 +519,7 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, cipherMech = CKM_DES3_CBC; slot = PK11_GetBestSlot(cipherMech, NULL); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", NULL); goto done; } @@ -583,11 +528,7 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, symKey = PK11_ImportSymKey(slot, cipherMech, PK11_OriginUnwrap, enc ? CKA_ENCRYPT : CKA_DECRYPT, &keyItem, NULL); if (symKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ImportSymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportSymKey", NULL); goto done; } @@ -596,11 +537,7 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, param = PK11_ParamFromIV(cipherMech, &ivItem); if (param == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ParamFromIV", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ParamFromIV", NULL); goto done; } @@ -608,11 +545,7 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, enc ? CKA_ENCRYPT : CKA_DECRYPT, symKey, param); if (pk11ctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CreateContextBySymKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CreateContextBySymKey", NULL); goto done; } @@ -620,22 +553,14 @@ xmlSecNssKWDes3Encrypt(const xmlSecByte *key, xmlSecSize keySize, status = PK11_CipherOp(pk11ctx, out, &tmp1_outlen, outSize, (unsigned char *)in, inSize); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_CipherOp", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_CipherOp", NULL); goto done; } status = PK11_DigestFinal(pk11ctx, out+tmp1_outlen, &tmp2_outlen, outSize-tmp1_outlen); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_DigestFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_DigestFinal", NULL); goto done; } diff --git a/src/nss/pkikeys.c b/src/nss/pkikeys.c index 5ede4ccb..1b8ea2db 100644 --- a/src/nss/pkikeys.c +++ b/src/nss/pkikeys.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:pkikeys + * @Short_description: Private/public keys implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #include <string.h> @@ -118,11 +126,7 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst, if (ctxSrc->privkey != NULL) { ctxDst->privkey = SECKEY_CopyPrivateKey(ctxSrc->privkey); if(ctxDst->privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_CopyPrivateKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SECKEY_CopyPrivateKey", NULL); return(-1); } } @@ -130,11 +134,7 @@ xmlSecNSSPKIKeyDataCtxDup(xmlSecNssPKIKeyDataCtxPtr ctxDst, if (ctxSrc->pubkey != NULL) { ctxDst->pubkey = SECKEY_CopyPublicKey(ctxSrc->pubkey); if(ctxDst->pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SECKEY_CopyPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SECKEY_CopyPublicKey", NULL); return(-1); } } @@ -147,30 +147,27 @@ xmlSecNssPKIKeyDataAdoptKey(xmlSecKeyDataPtr data, SECKEYPublicKey *pubkey) { xmlSecNssPKIKeyDataCtxPtr ctx; - KeyType pubType = nullKey ; - KeyType priType = nullKey ; + KeyType pubType = nullKey; + KeyType priType = nullKey; xmlSecAssert2(xmlSecKeyDataIsValid(data), -1); xmlSecAssert2(xmlSecKeyDataCheckSize(data, xmlSecNssPKIKeyDataSize), -1); - if( privkey != NULL ) { - priType = SECKEY_GetPrivateKeyType( privkey ) ; - } + if(privkey != NULL) { + priType = SECKEY_GetPrivateKeyType(privkey); + } - if( pubkey != NULL ) { - pubType = SECKEY_GetPublicKeyType( pubkey ) ; - } + if(pubkey != NULL) { + pubType = SECKEY_GetPublicKeyType(pubkey); + } - if( priType != nullKey && pubType != nullKey ) { - if( pubType != priType ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - "different type of private and public key" ) ; - return -1 ; - } + if(priType != nullKey && pubType != nullKey) { + if(pubType != priType) { + xmlSecInvalidIntegerTypeError2("pubType", pubType, "priType", priType, + "pubType == priType", NULL); + return -1; } + } ctx = xmlSecNssPKIKeyDataGetCtx(data); xmlSecAssert2(ctx != NULL, -1); @@ -204,39 +201,32 @@ xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey, { xmlSecKeyDataPtr data = NULL; int ret; - KeyType pubType = nullKey ; - KeyType priType = nullKey ; + KeyType pubType = nullKey; + KeyType priType = nullKey; - if( privkey != NULL ) { - priType = SECKEY_GetPrivateKeyType( privkey ) ; - } + if(privkey != NULL) { + priType = SECKEY_GetPrivateKeyType(privkey); + } - if( pubkey != NULL ) { - pubType = SECKEY_GetPublicKeyType( pubkey ) ; - } + if(pubkey != NULL) { + pubType = SECKEY_GetPublicKeyType(pubkey); + } - if( priType != nullKey && pubType != nullKey ) { - if( pubType != priType ) { - xmlSecError( XMLSEC_ERRORS_HERE , - NULL , - NULL , - XMLSEC_ERRORS_R_CRYPTO_FAILED , - "different type of private and public key" ) ; - return( NULL ) ; - } + if(priType != nullKey && pubType != nullKey) { + if(pubType != priType) { + xmlSecInvalidIntegerTypeError2("pubType", pubType, "priType", priType, + "pubType == priType", NULL); + return(NULL); } + } - pubType = priType != nullKey ? priType : pubType ; + pubType = (priType != nullKey) ? priType : pubType; switch(pubType) { #ifndef XMLSEC_NO_RSA case rsaKey: data = xmlSecKeyDataCreate(xmlSecNssKeyDataRsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeyDataRsaId"); + xmlSecInternalError("xmlSecKeyDataCreate(KeyDataRsaId)", NULL); return(NULL); } break; @@ -245,32 +235,30 @@ xmlSecNssPKIAdoptKey(SECKEYPrivateKey *privkey, case dsaKey: data = xmlSecKeyDataCreate(xmlSecNssKeyDataDsaId); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "xmlSecNssKeyDataDsaId"); + xmlSecInternalError("xmlSecKeyDataCreate", NULL); return(NULL); } break; #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA + case ecKey: + data = xmlSecKeyDataCreate(xmlSecNssKeyDataEcdsaId); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", NULL); + return(NULL); + } + break; +#endif /* XMLSEC_NO_ECDSA */ default: - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_TYPE, - "PKI key type %d not supported", pubType); + xmlSecInvalidIntegerTypeError("pubType", pubType, + "supported PKI key type", NULL); return(NULL); } xmlSecAssert2(data != NULL, NULL); ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", NULL); xmlSecKeyDataDestroy(data); return(NULL); } @@ -380,11 +368,8 @@ xmlSecNssPKIKeyDataDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { xmlSecAssert2(ctxSrc != NULL, -1); if (xmlSecNSSPKIKeyDataCtxDup(ctxDst, ctxSrc) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssPKIKeydataCtxDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeydataCtxDup", + xmlSecKeyDataGetName(dst)); return(-1); } @@ -579,45 +564,31 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); ret = -1; goto done; } slot = PK11_GetBestSlot(CKM_DSA, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if(arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PORT_NewArena", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } - pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, - sizeof(SECKEYPublicKey)); - if(pubkey == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); + if(pubkey == NULL) { + xmlSecNssError2("PORT_ArenaZAlloc", xmlSecKeyDataKlassGetName(id), + "size=%lu", (unsigned long)sizeof(SECKEYPublicKey)); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; @@ -630,22 +601,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAP, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAP, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.prime)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -653,22 +615,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Q node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAQ, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAQ, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.subPrime)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -676,22 +629,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is G node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAG, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAG, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.params.base)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -706,21 +650,13 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeDSAY, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInvalidNodeError(cur, xmlSecNodeDSAY, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.dsa.publicValue)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -742,55 +678,39 @@ xmlSecNssKeyDataDsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)) ret = -1; goto done; } handle = PK11_ImportPublicKey(slot, pubkey, PR_FALSE); if(handle == CK_INVALID_HANDLE) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_ImportPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_ImportPublicKey", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } data = xmlSecKeyDataCreate(id); - if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } pubkey = NULL; ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); goto done; } data = NULL; @@ -837,66 +757,42 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is P node */ cur = xmlSecAddChild(node, xmlSecNodeDSAP, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecAddChild(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.prime), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAP)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAP)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is Q node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAQ, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecAddChild(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.subPrime), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAQ)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAQ)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is G node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAG, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecAddChild(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.params.base), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAG)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAG)", + xmlSecKeyDataKlassGetName(id)); return(-1); } @@ -905,25 +801,18 @@ xmlSecNssKeyDataDsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Y node. */ cur = xmlSecAddChild(node, xmlSecNodeDSAY, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecAddChild(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.dsa.publicValue), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeDSAY)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeDSAY)", + xmlSecKeyDataKlassGetName(id)); return(-1); } + /* done */ return(0); } @@ -945,46 +834,43 @@ xmlSecNssKeyDataDsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe j = PQG_PBITS_TO_INDEX(sizeBits); rv = PK11_PQG_ParamGen(j, &pqgParams, &pqgVerify); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_ParamGen", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + xmlSecNssError2("PK11_PQG_ParamGen", xmlSecKeyDataGetName(data), + "size=%lu", (unsigned long)sizeBits); goto done; } rv = PK11_PQG_VerifyParams(pqgParams, pqgVerify, &res); if (rv != SECSuccess || res != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_PQG_VerifyParams", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "size=%d", sizeBits); + xmlSecNssError2("PK11_PQG_VerifyParams", xmlSecKeyDataGetName(data), + "size=%lu", (unsigned long)sizeBits); goto done; } slot = PK11_GetBestSlot(CKM_DSA_KEY_PAIR_GEN, NULL); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if(slot == NULL) { + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data)); + goto done; + } + + rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if (rv != SECSuccess) { + xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data), + "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot))); + goto done; + } + privkey = PK11_GenerateKeyPair(slot, CKM_DSA_KEY_PAIR_GEN, pqgParams, &pubkey, PR_FALSE, PR_TRUE, NULL); if((privkey == NULL) || (pubkey == NULL)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - + xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data)); goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } @@ -1216,45 +1102,31 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(keyInfoCtx != NULL, -1); if(xmlSecKeyGetValue(key) != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - NULL, - XMLSEC_ERRORS_R_INVALID_KEY_DATA, - "key already has a value"); + xmlSecOtherError(XMLSEC_ERRORS_R_INVALID_KEY_DATA, + xmlSecKeyDataKlassGetName(id), + "key already has a value"); ret = -1; goto done; } slot = PK11_GetBestSlot(CKM_RSA_PKCS, NULL); if(slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PK11_GetBestSlot", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if(arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PORT_NewArena", xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } pubkey = (SECKEYPublicKey *)PORT_ArenaZAlloc(arena, sizeof(SECKEYPublicKey)); - if(pubkey == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "PORT_ArenaZAlloc", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + if(pubkey == NULL) { + xmlSecNssError("PORT_ArenaZAlloc", xmlSecKeyDataKlassGetName(id)); PORT_FreeArena(arena, PR_FALSE); ret = -1; goto done; @@ -1266,22 +1138,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAModulus, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAModulus, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.modulus)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -1289,22 +1152,13 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, /* next is Exponent node. It is REQUIRED because we do not support Seed and PgenCounter*/ if((cur == NULL) || (!xmlSecCheckNodeName(cur, xmlSecNodeRSAExponent, xmlSecDSigNs))) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInvalidNodeError(cur, xmlSecNodeRSAExponent, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } if(xmlSecNssNodeGetBigNumValue(arena, cur, &(pubkey->u.rsa.publicExponent)) == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeGetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecNssNodeGetBigNumValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } @@ -1317,33 +1171,23 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, } if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE, - "no nodes expected"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } data = xmlSecKeyDataCreate(id); - if(data == NULL ) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyDataCreate", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + if(data == NULL) { + xmlSecInternalError("xmlSecKeyDataCreate", + xmlSecKeyDataKlassGetName(id)); ret = -1; goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, NULL, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); goto done; } @@ -1351,11 +1195,8 @@ xmlSecNssKeyDataRsaXmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, ret = xmlSecKeySetValue(key, data); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataKlassGetName(id)); xmlSecKeyDataDestroy(data); goto done; } @@ -1404,44 +1245,28 @@ xmlSecNssKeyDataRsaXmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, /* first is Modulus node */ cur = xmlSecAddChild(node, xmlSecNodeRSAModulus, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecAddChild(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.modulus), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAModulus)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeRSAModulus)", + xmlSecKeyDataKlassGetName(id)); return(-1); } /* next is Exponent node. */ cur = xmlSecAddChild(node, xmlSecNodeRSAExponent, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecAddChild(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssNodeSetBigNumValue(cur, &(ctx->pubkey->u.rsa.publicExponent), 1); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssNodeSetBigNumValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeRSAExponent)); + xmlSecInternalError("xmlSecNssNodeSetBigNumValue(NodeRSAExponent)", + xmlSecKeyDataKlassGetName(id)); return(-1); } @@ -1456,7 +1281,8 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe PK11SlotInfo *slot = NULL; SECKEYPrivateKey *privkey = NULL; SECKEYPublicKey *pubkey = NULL; - int ret = -1; + SECStatus rv; + int ret = -1; xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataRsaId), -1); xmlSecAssert2(sizeBits > 0, -1); @@ -1465,27 +1291,29 @@ xmlSecNssKeyDataRsaGenerate(xmlSecKeyDataPtr data, xmlSecSize sizeBits, xmlSecKe params.pe = 65537; slot = PK11_GetBestSlot(CKM_RSA_PKCS_KEY_PAIR_GEN, NULL); - PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if(slot == NULL) { + xmlSecNssError("PK11_GetBestSlot", xmlSecKeyDataGetName(data)); + goto done; + } + + rv = PK11_Authenticate(slot, PR_TRUE, NULL /* default pwd callback */); + if (rv != SECSuccess) { + xmlSecNssError2("PK11_Authenticate", xmlSecKeyDataGetName(data), + "token=%s", xmlSecErrorsSafeString(PK11_GetTokenName(slot))); + goto done; + } + privkey = PK11_GenerateKeyPair(slot, CKM_RSA_PKCS_KEY_PAIR_GEN, ¶ms, &pubkey, PR_FALSE, PR_TRUE, NULL); - if(privkey == NULL || pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PK11_GenerateKeyPair", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - + xmlSecNssError("PK11_GenerateKeyPair", xmlSecKeyDataGetName(data)); goto done; } ret = xmlSecNssPKIKeyDataAdoptKey(data, privkey, pubkey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssPKIKeyDataAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataAdoptKey", + xmlSecKeyDataGetName(data)); goto done; } @@ -1559,5 +1387,133 @@ xmlSecNssKeyDataRsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { #endif /* XMLSEC_NO_RSA */ +#ifndef XMLSEC_NO_ECDSA +static int xmlSecNssKeyDataEcdsaInitialize(xmlSecKeyDataPtr data); +static int xmlSecNssKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, + xmlSecKeyDataPtr src); +static void xmlSecNssKeyDataEcdsaFinalize(xmlSecKeyDataPtr data); + +static xmlSecKeyDataType xmlSecNssKeyDataEcdsaGetType(xmlSecKeyDataPtr data); +static xmlSecSize xmlSecNssKeyDataEcdsaGetSize(xmlSecKeyDataPtr data); +static void xmlSecNssKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, + FILE* output); +static void xmlSecNssKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, + FILE* output); + +static xmlSecKeyDataKlass xmlSecNssKeyDataEcdsaKlass = { + sizeof(xmlSecKeyDataKlass), + xmlSecNssPKIKeyDataSize, + + /* data */ + xmlSecNameECDSAKeyValue, + xmlSecKeyDataUsageKeyValueNode | xmlSecKeyDataUsageRetrievalMethodNodeXml, + /* xmlSecKeyDataUsage usage; */ + xmlSecHrefECDSAKeyValue, /* const xmlChar* href; */ + xmlSecNodeECDSAKeyValue, /* const xmlChar* dataNodeName; */ + xmlSecDSigNs, /* const xmlChar* dataNodeNs; */ + + /* constructors/destructor */ + xmlSecNssKeyDataEcdsaInitialize, /* xmlSecKeyDataInitializeMethod initialize; */ + xmlSecNssKeyDataEcdsaDuplicate, /* xmlSecKeyDataDuplicateMethod duplicate; */ + xmlSecNssKeyDataEcdsaFinalize, /* xmlSecKeyDataFinalizeMethod finalize; */ + NULL, /* xmlSecKeyDataGenerateMethod generate; */ + /* get info */ + xmlSecNssKeyDataEcdsaGetType, /* xmlSecKeyDataGetTypeMethod getType; */ + xmlSecNssKeyDataEcdsaGetSize, /* xmlSecKeyDataGetSizeMethod getSize; */ + NULL, /* xmlSecKeyDataGetIdentifier getIdentifier; */ + /* read/write */ + NULL, /* xmlSecKeyDataXmlReadMethod xmlRead; */ + NULL, /* xmlSecKeyDataXmlWriteMethod xmlWrite; */ + NULL, /* xmlSecKeyDataBinReadMethod binRead; */ + NULL, /* xmlSecKeyDataBinWriteMethod binWrite; */ + + /* debug */ + xmlSecNssKeyDataEcdsaDebugDump, /* xmlSecKeyDataDebugDumpMethod debugDump; */ + xmlSecNssKeyDataEcdsaDebugXmlDump, /* xmlSecKeyDataDebugDumpMethod debugXmlDump; */ + + /* reserved for the future */ + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssKeyDataEcdsaGetKlass: + * + * The ECDSA key data klass. + * + * Returns: pointer to ECDSA key data klass. + */ +xmlSecKeyDataId +xmlSecNssKeyDataEcdsaGetKlass(void) { + return(&xmlSecNssKeyDataEcdsaKlass); +} + +static int +xmlSecNssKeyDataEcdsaInitialize(xmlSecKeyDataPtr data) { + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), -1); + + return(xmlSecNssPKIKeyDataInitialize(data)); +} + +static int +xmlSecNssKeyDataEcdsaDuplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { + xmlSecAssert2(xmlSecKeyDataCheckId(dst, xmlSecNssKeyDataEcdsaId), -1); + xmlSecAssert2(xmlSecKeyDataCheckId(src, xmlSecNssKeyDataEcdsaId), -1); + + return(xmlSecNssPKIKeyDataDuplicate(dst, src)); +} + +static void +xmlSecNssKeyDataEcdsaFinalize(xmlSecKeyDataPtr data) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + + xmlSecNssPKIKeyDataFinalize(data); +} + +static xmlSecKeyDataType +xmlSecNssKeyDataEcdsaGetType(xmlSecKeyDataPtr data) { + xmlSecNssPKIKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), xmlSecKeyDataTypeUnknown); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(ctx->pubkey == NULL || SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1); + if (ctx->privkey != NULL) { + return(xmlSecKeyDataTypePrivate | xmlSecKeyDataTypePublic); + } else { + return(xmlSecKeyDataTypePublic); + } +} + +static xmlSecSize +xmlSecNssKeyDataEcdsaGetSize(xmlSecKeyDataPtr data) { + xmlSecNssPKIKeyDataCtxPtr ctx; + + xmlSecAssert2(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId), 0); + ctx = xmlSecNssPKIKeyDataGetCtx(data); + xmlSecAssert2(ctx != NULL, -1); + xmlSecAssert2(SECKEY_GetPublicKeyType(ctx->pubkey) == ecKey, -1); + + return(SECKEY_SignatureLen(ctx->pubkey)); +} + +static void +xmlSecNssKeyDataEcdsaDebugDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "=== ecdsa key: size = %d\n", + xmlSecNssKeyDataEcdsaGetSize(data)); +} + +static void +xmlSecNssKeyDataEcdsaDebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { + xmlSecAssert(xmlSecKeyDataCheckId(data, xmlSecNssKeyDataEcdsaId)); + xmlSecAssert(output != NULL); + + fprintf(output, "<ECDSAKeyValue size=\"%d\" />\n", + xmlSecNssKeyDataEcdsaGetSize(data)); +} +#endif /* XMLSEC_NO_ECDSA */ diff --git a/src/nss/signatures.c b/src/nss/signatures.c index 4f54170e..35ac4598 100644 --- a/src/nss/signatures.c +++ b/src/nss/signatures.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:signatures + * @Short_description: Signatures implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -78,11 +86,46 @@ static int xmlSecNssSignatureExecute (xmlSecTransformPtr tran static int xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) { #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) { return(1); } +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha256Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha1Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha256Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha384Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha512Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -97,6 +140,12 @@ xmlSecNssSignatureCheckId(xmlSecTransformPtr transform) { } #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha224Id)) { + return(1); + } +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) { return(1); @@ -132,13 +181,60 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { memset(ctx, 0, sizeof(xmlSecNssSignatureCtx)); #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha1Id)) { ctx->keyId = xmlSecNssKeyDataDsaId; /* This creates a signature which is ASN1 encoded */ ctx->alg = SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST; } else +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformDsaSha256Id)) { + ctx->keyId = xmlSecNssKeyDataDsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST; + } else +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha1Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha224Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA24 */ +#ifndef XMLSEC_NO_SHA256 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha256Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha384Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformEcdsaSha512Id)) { + ctx->keyId = xmlSecNssKeyDataEcdsaId; + /* This creates a signature which is ASN1 encoded */ + ctx->alg = SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE; + } else +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -156,6 +252,13 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { } else #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 + if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha224Id)) { + ctx->keyId = xmlSecNssKeyDataRsaId; + ctx->alg = SEC_OID_PKCS1_SHA224_WITH_RSA_ENCRYPTION; + } else +#endif /* XMLSEC_NO_SHA224 */ + #ifndef XMLSEC_NO_SHA256 if(xmlSecTransformCheckId(transform, xmlSecNssTransformRsaSha256Id)) { ctx->keyId = xmlSecNssKeyDataRsaId; @@ -180,11 +283,7 @@ xmlSecNssSignatureInitialize(xmlSecTransformPtr transform) { #endif /* XMLSEC_NO_RSA */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } @@ -236,48 +335,38 @@ xmlSecNssSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) { xmlSecAssert2(value != NULL, -1); if (transform->operation == xmlSecTransformOperationSign) { - if (ctx->u.sig.privkey) + if (ctx->u.sig.privkey) { SECKEY_DestroyPrivateKey(ctx->u.sig.privkey); + } ctx->u.sig.privkey = xmlSecNssPKIKeyDataGetPrivKey(value); if(ctx->u.sig.privkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssPKIKeyDataGetPrivKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataGetPrivKey", + xmlSecTransformGetName(transform)); return(-1); } ctx->u.sig.sigctx = SGN_NewContext(ctx->alg, ctx->u.sig.privkey); if (ctx->u.sig.sigctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_NewContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_NewContext", + xmlSecTransformGetName(transform)); return(-1); } } else { - if (ctx->u.vfy.pubkey) + if (ctx->u.vfy.pubkey) { SECKEY_DestroyPublicKey(ctx->u.vfy.pubkey); + } ctx->u.vfy.pubkey = xmlSecNssPKIKeyDataGetPubKey(value); if(ctx->u.vfy.pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecNssPKIKeyDataGetPubKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIKeyDataGetPubKey", + xmlSecTransformGetName(transform)); return(-1); } ctx->u.vfy.vfyctx = VFY_CreateContext(ctx->u.vfy.pubkey, NULL, ctx->alg, NULL); if (ctx->u.vfy.vfyctx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_CreateContext", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_CreateContext", + xmlSecTransformGetName(transform)); return(-1); } } @@ -309,6 +398,26 @@ xmlSecNssSignatureSetKeyReq(xmlSecTransformPtr transform, xmlSecKeyReqPtr keyRe return(0); } +/** + * xmlSecNssSignatureAlgorithmEncoded: + * + * Determines if the given algorithm requires a signature which is ASN1 encoded. + */ +static int +xmlSecNssSignatureAlgorithmEncoded(SECOidTag alg) { + switch(alg) { + case SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST: + case SEC_OID_NIST_DSA_SIGNATURE_WITH_SHA256_DIGEST: + case SEC_OID_ANSIX962_ECDSA_SHA1_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA224_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA256_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA384_SIGNATURE: + case SEC_OID_ANSIX962_ECDSA_SHA512_SIGNATURE: + return(1); + default: + return(0); + } +} static int xmlSecNssSignatureVerify(xmlSecTransformPtr transform, @@ -331,19 +440,16 @@ xmlSecNssSignatureVerify(xmlSecTransformPtr transform, signature.data = (unsigned char *)data; signature.len = dataSize; - if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + if(xmlSecNssSignatureAlgorithmEncoded(ctx->alg)) { /* This creates a signature which is ASN1 encoded */ SECItem signatureDer; SECStatus statusDer; - statusDer = DSAU_EncodeDerSig(&signatureDer, &signature); + memset(&signatureDer, 0, sizeof(signatureDer)); + statusDer = DSAU_EncodeDerSigWithLen(&signatureDer, &signature, signature.len); if(statusDer != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "DSAU_EncodeDerSig", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); + xmlSecNssError("DSAU_EncodeDerSigWithLen", + xmlSecTransformGetName(transform)); return(-1); } status = VFY_EndWithSignature(ctx->u.vfy.vfyctx, &signatureDer); @@ -353,20 +459,14 @@ xmlSecNssSignatureVerify(xmlSecTransformPtr transform, } if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_EndWithSignature", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); - if (PORT_GetError() == SEC_ERROR_PKCS7_BAD_SIGNATURE) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_EndWithSignature", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature does not verify"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "VFY_EndWithSignature: signature does not verify"); transform->status = xmlSecTransformStatusFail; + } else { + xmlSecNssError("VFY_EndWithSignature", + xmlSecTransformGetName(transform)); } return(-1); } @@ -413,21 +513,15 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor if(transform->operation == xmlSecTransformOperationSign) { status = SGN_Begin(ctx->u.sig.sigctx); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_Begin", + xmlSecTransformGetName(transform)); return(-1); } } else { status = VFY_Begin(ctx->u.vfy.vfyctx); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Begin", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_Begin", + xmlSecTransformGetName(transform)); return(-1); } } @@ -440,32 +534,23 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor if(transform->operation == xmlSecTransformOperationSign) { status = SGN_Update(ctx->u.sig.sigctx, xmlSecBufferGetData(in), inSize); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_Update", + xmlSecTransformGetName(transform)); return(-1); } } else { status = VFY_Update(ctx->u.vfy.vfyctx, xmlSecBufferGetData(in), inSize); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "VFY_Update", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("VFY_Update", + xmlSecTransformGetName(transform)); return(-1); } } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); return(-1); } } @@ -476,38 +561,48 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor memset(&signature, 0, sizeof(signature)); status = SGN_End(ctx->u.sig.sigctx, &signature); if(status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "SGN_End", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SGN_End", + xmlSecTransformGetName(transform)); return(-1); } - if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + if(xmlSecNssSignatureAlgorithmEncoded(ctx->alg)) { /* This creates a signature which is ASN1 encoded */ SECItem * signatureClr; - signatureClr = DSAU_DecodeDerSig(&signature); - if(signatureClr == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "DSAU_EncodeDerSig", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", - PORT_GetError()); - SECITEM_FreeItem(&signature, PR_FALSE); - return(-1); + if(ctx->alg == SEC_OID_ANSIX9_DSA_SIGNATURE_WITH_SHA1_DIGEST) { + signatureClr = DSAU_DecodeDerSig(&signature); + if(signatureClr == NULL) { + xmlSecNssError("DSAU_DecodeDerSig", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } + } else { + /* In the ECDSA case the signature length depends on the + * key parameters. */ + int signatureSize = PK11_SignatureLen(ctx->u.sig.privkey); + if(signatureSize < 1) { + xmlSecNssError("PK11_SignatureLen", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } + + signatureClr = DSAU_DecodeDerSigToLen(&signature, signatureSize); + if(signatureClr == NULL) { + xmlSecNssError("DSAU_DecodeDerSigToLen", + xmlSecTransformGetName(transform)); + SECITEM_FreeItem(&signature, PR_FALSE); + return(-1); + } } ret = xmlSecBufferSetData(out, signatureClr->data, signatureClr->len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - signatureClr->len); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", signatureClr->len); SECITEM_FreeItem(&signature, PR_FALSE); return(-1); } @@ -517,12 +612,9 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* This signature is used as-is */ ret = xmlSecBufferSetData(out, signature.data, signature.len); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%d", - signature.len); + xmlSecInternalError2("xmlSecBufferSetData", + xmlSecTransformGetName(transform), + "size=%d", signature.len); SECITEM_FreeItem(&signature, PR_FALSE); return(-1); } @@ -539,11 +631,7 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } @@ -551,6 +639,7 @@ xmlSecNssSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecTransfor } #ifndef XMLSEC_NO_DSA +#ifndef XMLSEC_NO_SHA1 /**************************************************************************** * * DSA-SHA1 signature transform @@ -595,9 +684,295 @@ xmlSecTransformId xmlSecNssTransformDsaSha1GetKlass(void) { return(&xmlSecNssDsaSha1Klass); } +#endif /* XMLSEC_NO_SHA1 */ + +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * DSA-SHA256 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssDsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameDsaSha256, /* const xmlChar* name; */ + xmlSecHrefDsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformDsaSha256GetKlass: + * + * The DSA-SHA256 signature transform klass. + * + * Returns: DSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformDsaSha256GetKlass(void) { + return(&xmlSecNssDsaSha256Klass); +} +#endif /* XMLSEC_NO_SHA256 */ #endif /* XMLSEC_NO_DSA */ +#ifndef XMLSEC_NO_ECDSA +#ifndef XMLSEC_NO_SHA1 +/**************************************************************************** + * + * ECDSA-SHA1 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha1Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha1, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha1, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha1GetKlass: + * + * The ECDSA-SHA1 signature transform klass. + * + * Returns: ECDSA-SHA1 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha1GetKlass(void) { + return(&xmlSecNssEcdsaSha1Klass); +} + +#endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/**************************************************************************** + * + * ECDSA-SHA224 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha224, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha224GetKlass: + * + * The ECDSA-SHA224 signature transform klass. + * + * Returns: ECDSA-SHA224 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha224GetKlass(void) { + return(&xmlSecNssEcdsaSha224Klass); +} + +#endif /* XMLSEC_NO_SHA224 */ +#ifndef XMLSEC_NO_SHA256 +/**************************************************************************** + * + * ECDSA-SHA256 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha256Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha256, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha256, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha256GetKlass: + * + * The ECDSA-SHA256 signature transform klass. + * + * Returns: ECDSA-SHA256 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha256GetKlass(void) { + return(&xmlSecNssEcdsaSha256Klass); +} + +#endif /* XMLSEC_NO_SHA256 */ +#ifndef XMLSEC_NO_SHA384 +/**************************************************************************** + * + * ECDSA-SHA384 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha384Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha384, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha384, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha384GetKlass: + * + * The ECDSA-SHA384 signature transform klass. + * + * Returns: ECDSA-SHA384 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha384GetKlass(void) { + return(&xmlSecNssEcdsaSha384Klass); +} + +#endif /* XMLSEC_NO_SHA384 */ +#ifndef XMLSEC_NO_SHA512 +/**************************************************************************** + * + * ECDSA-SHA512 signature transform + * + ***************************************************************************/ + +static xmlSecTransformKlass xmlSecNssEcdsaSha512Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameEcdsaSha512, /* const xmlChar* name; */ + xmlSecHrefEcdsaSha512, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformEcdsaSha512GetKlass: + * + * The ECDSA-SHA512 signature transform klass. + * + * Returns: ECDSA-SHA512 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformEcdsaSha512GetKlass(void) { + return(&xmlSecNssEcdsaSha512Klass); +} + +#endif /* XMLSEC_NO_SHA512 */ +#endif /* XMLSEC_NO_ECDSA */ + #ifndef XMLSEC_NO_RSA #ifndef XMLSEC_NO_MD5 @@ -695,6 +1070,52 @@ xmlSecNssTransformRsaSha1GetKlass(void) { #endif /* XMLSEC_NO_SHA1 */ +#ifndef XMLSEC_NO_SHA224 +/**************************************************************************** + * + * RSA-SHA224 signature transform + * + ***************************************************************************/ +static xmlSecTransformKlass xmlSecNssRsaSha224Klass = { + /* klass/object sizes */ + sizeof(xmlSecTransformKlass), /* xmlSecSize klassSize */ + xmlSecNssSignatureSize, /* xmlSecSize objSize */ + + xmlSecNameRsaSha224, /* const xmlChar* name; */ + xmlSecHrefRsaSha224, /* const xmlChar* href; */ + xmlSecTransformUsageSignatureMethod, /* xmlSecTransformUsage usage; */ + + xmlSecNssSignatureInitialize, /* xmlSecTransformInitializeMethod initialize; */ + xmlSecNssSignatureFinalize, /* xmlSecTransformFinalizeMethod finalize; */ + NULL, /* xmlSecTransformNodeReadMethod readNode; */ + NULL, /* xmlSecTransformNodeWriteMethod writeNode; */ + xmlSecNssSignatureSetKeyReq, /* xmlSecTransformSetKeyReqMethod setKeyReq; */ + xmlSecNssSignatureSetKey, /* xmlSecTransformSetKeyMethod setKey; */ + xmlSecNssSignatureVerify, /* xmlSecTransformVerifyMethod verify; */ + xmlSecTransformDefaultGetDataType, /* xmlSecTransformGetDataTypeMethod getDataType; */ + xmlSecTransformDefaultPushBin, /* xmlSecTransformPushBinMethod pushBin; */ + xmlSecTransformDefaultPopBin, /* xmlSecTransformPopBinMethod popBin; */ + NULL, /* xmlSecTransformPushXmlMethod pushXml; */ + NULL, /* xmlSecTransformPopXmlMethod popXml; */ + xmlSecNssSignatureExecute, /* xmlSecTransformExecuteMethod execute; */ + + NULL, /* void* reserved0; */ + NULL, /* void* reserved1; */ +}; + +/** + * xmlSecNssTransformRsaSha224GetKlass: + * + * The RSA-SHA224 signature transform klass. + * + * Returns: RSA-SHA224 signature transform klass. + */ +xmlSecTransformId +xmlSecNssTransformRsaSha224GetKlass(void) { + return(&xmlSecNssRsaSha224Klass); +} + +#endif /* XMLSEC_NO_SHA224 */ #ifndef XMLSEC_NO_SHA256 /**************************************************************************** * diff --git a/src/nss/symkeys.c b/src/nss/symkeys.c index b98dd493..2fd3e4e7 100644 --- a/src/nss/symkeys.c +++ b/src/nss/symkeys.c @@ -1,14 +1,19 @@ -/** - * - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * - * DES Algorithm support * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:symkeys + * @Short_description: Symmetric keys implementation for NSS. + * @Stability: Private + * + */ + #include "globals.h" #include <stdlib.h> diff --git a/src/nss/x509.c b/src/nss/x509.c index 887c77cf..933e5bfe 100644 --- a/src/nss/x509.c +++ b/src/nss/x509.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +7,13 @@ * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:x509 + * @Short_description: X509 certificates implementation for NSS. + * @Stability: Stable + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -374,22 +379,14 @@ xmlSecNssKeyDataX509AdoptCert(xmlSecKeyDataPtr data, CERTCertificate* cert) { if(ctx->certsList == NULL) { ctx->certsList = CERT_NewCertList(); if(ctx->certsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_NewCertList", xmlSecKeyDataGetName(data)); return(-1); } } ret = CERT_AddCertToListTail(ctx->certsList, cert); if(ret != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_AddCertToListTail", xmlSecKeyDataGetName(data)); return(-1); } ctx->numCerts++; @@ -470,13 +467,8 @@ xmlSecNssKeyDataX509AdoptCrl(xmlSecKeyDataPtr data, CERTSignedCrl* crl) { xmlSecAssert2(ctx != NULL, -1); crlnode = (xmlSecNssX509CrlNodePtr)PR_Malloc(sizeof(xmlSecNssX509CrlNode)); - if(crlnode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "PR_Malloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PR_Malloc", xmlSecKeyDataGetName(data)); return(-1); } @@ -574,31 +566,22 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { */ certSrc = xmlSecNssKeyDataX509GetCert(src, pos); if(certSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } certDst = CERT_DupCertificate(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_DupCertificate", xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(dst)); CERT_DestroyCertificate(certDst); return(-1); } @@ -609,31 +592,22 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { for(pos = 0; pos < size; ++pos) { crlSrc = xmlSecNssKeyDataX509GetCrl(src, pos); if(crlSrc == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(src)), - "xmlSecNssKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl", + xmlSecKeyDataGetName(src), + "pos=%d", pos); return(-1); } crlDst = SEC_DupCrl(crlSrc); if(crlDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "SEC_DupCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SEC_DupCrl", xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptCrl(dst, crlDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCrl", + xmlSecKeyDataGetName(dst)); SEC_DestroyCrl(crlDst); return(-1); } @@ -644,20 +618,14 @@ xmlSecNssKeyDataX509Duplicate(xmlSecKeyDataPtr dst, xmlSecKeyDataPtr src) { if(certSrc != NULL) { certDst = CERT_DupCertificate(certSrc); if(certDst == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(dst)); return(-1); } ret = xmlSecNssKeyDataX509AdoptKeyCert(dst, certDst); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(dst)), - "xmlSecNssKeyDataX509AdoptKeyCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptKeyCert", + xmlSecKeyDataGetName(dst)); CERT_DestroyCertificate(certDst); return(-1); } @@ -701,7 +669,7 @@ xmlSecNssKeyDataX509Finalize(xmlSecKeyDataPtr data) { static int xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, - xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { + xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx) { xmlSecKeyDataPtr data; int ret; @@ -712,34 +680,23 @@ xmlSecNssKeyDataX509XmlRead(xmlSecKeyDataId id, xmlSecKeyPtr key, data = xmlSecKeyEnsureData(key, id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); return(-1); } ret = xmlSecNssX509DataNodeRead(data, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509DataNodeRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509DataNodeRead", + xmlSecKeyDataKlassGetName(id)); return(-1); } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { - ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } + ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); + return(-1); } return(0); } @@ -759,13 +716,11 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, xmlSecAssert2(node != NULL, -1); xmlSecAssert2(keyInfoCtx != NULL, -1); - content = xmlSecX509DataGetNodeContent (node, 1, keyInfoCtx); + content = xmlSecX509DataGetNodeContent (node, keyInfoCtx); if (content < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecX509DataGetNodeContent", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "content=%d", content); + xmlSecInternalError2("xmlSecX509DataGetNodeContent", + xmlSecKeyDataKlassGetName(id), + "content=%d", content); return(-1); } else if(content == 0) { /* by default we are writing certificates and crls */ @@ -784,22 +739,18 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } if((content & XMLSEC_X509DATA_CERTIFICATE_NODE) != 0) { ret = xmlSecNssX509CertificateNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509CertificateNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509CertificateNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -807,11 +758,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SUBJECTNAME_NODE) != 0) { ret = xmlSecNssX509SubjectNameNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509SubjectNameNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509SubjectNameNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -819,11 +768,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_ISSUERSERIAL_NODE) != 0) { ret = xmlSecNssX509IssuerSerialNodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509IssuerSerialNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509IssuerSerialNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -831,11 +778,9 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, if((content & XMLSEC_X509DATA_SKI_NODE) != 0) { ret = xmlSecNssX509SKINodeWrite(cert, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509SKINodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509SKINodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -847,21 +792,17 @@ xmlSecNssKeyDataX509XmlWrite(xmlSecKeyDataId id, xmlSecKeyPtr key, for(pos = 0; pos < size; ++pos) { crl = xmlSecNssKeyDataX509GetCrl(data, pos); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509GetCrl", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCrl", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } ret = xmlSecNssX509CRLNodeWrite(crl, node, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssX509CRLNodeWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssX509CRLNodeWrite", + xmlSecKeyDataKlassGetName(id), + "pos=%d", pos); return(-1); } } @@ -905,11 +846,9 @@ xmlSecNssKeyDataX509DebugDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "==== Certificate:\n"); @@ -939,11 +878,9 @@ xmlSecNssKeyDataX509DebugXmlDump(xmlSecKeyDataPtr data, FILE* output) { for(pos = 0; pos < size; ++pos) { cert = xmlSecNssKeyDataX509GetCert(data, pos); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509GetCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "pos=%d", pos); + xmlSecInternalError2("xmlSecNssKeyDataX509GetCert", + xmlSecKeyDataGetName(data), + "pos=%d", pos); return; } fprintf(output, "<Certificate>\n"); @@ -968,32 +905,44 @@ xmlSecNssX509DataNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoC cur != NULL; cur = xmlSecGetNextElementNode(cur->next)) { - ret = 0; if(xmlSecCheckNodeName(cur, xmlSecNodeX509Certificate, xmlSecDSigNs)) { ret = xmlSecNssX509CertificateNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509CertificateNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SubjectName, xmlSecDSigNs)) { ret = xmlSecNssX509SubjectNameNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509SubjectNameNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerSerial, xmlSecDSigNs)) { ret = xmlSecNssX509IssuerSerialNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509IssuerSerialNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509SKI, xmlSecDSigNs)) { ret = xmlSecNssX509SKINodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509SKINodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if(xmlSecCheckNodeName(cur, xmlSecNodeX509CRL, xmlSecDSigNs)) { ret = xmlSecNssX509CRLNodeRead(data, cur, keyInfoCtx); + if(ret < 0) { + xmlSecInternalError("xmlSecNssX509CRLNodeRead", + xmlSecKeyDataGetName(data)); + return(-1); + } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CHILD) != 0) { /* laxi schema validation: ignore unknown nodes */ - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); - return(-1); - } - if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "read node failed"); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); return(-1); } } @@ -1016,11 +965,7 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1028,22 +973,16 @@ xmlSecNssX509CertificateNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK cert = xmlSecNssX509CertBase64DerRead(content); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(content); return(-1); @@ -1065,29 +1004,20 @@ xmlSecNssX509CertificateNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSec /* set base64 lines size from context */ buf = xmlSecNssX509CertBase64DerWrite(cert, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509Certificate, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509Certificate)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509Certificate)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); return(0); @@ -1107,11 +1037,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1121,11 +1048,7 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK xmlFree(subject); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1135,12 +1058,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "subject=%s", - xmlSecErrorsSafeString(subject)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "subject=%s", xmlSecErrorsSafeString(subject)); xmlFree(subject); return(-1); } @@ -1151,11 +1070,8 @@ xmlSecNssX509SubjectNameNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecK ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(subject); return(-1); @@ -1169,32 +1085,32 @@ static int xmlSecNssX509SubjectNameNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar* buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); buf = xmlSecNssX509NameWrite(&(cert->subject)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->subject))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->subject))", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SubjectName, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SubjectName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SubjectName)", NULL); + xmlFree(buf); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); + + /* done */ xmlFree(buf); return(0); } @@ -1215,23 +1131,16 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } cur = xmlSecGetNextElementNode(node->children); if(cur == NULL) { if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecNodeNotFoundError("xmlSecGetNextElementNode", node, NULL, + xmlSecKeyDataGetName(data)); return(-1); } return(0); @@ -1239,56 +1148,32 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec /* the first is required node X509IssuerName */ if(!xmlSecCheckNodeName(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeError(cur, xmlSecNodeX509IssuerName, xmlSecKeyDataGetName(data)); return(-1); } issuerName = xmlNodeGetContent(cur); if(issuerName == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); return(-1); } cur = xmlSecGetNextElementNode(cur->next); /* next is required node X509SerialNumber */ if((cur == NULL) || !xmlSecCheckNodeName(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs)) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_NODE_NOT_FOUND, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInvalidNodeError(cur, xmlSecNodeX509SerialNumber, xmlSecKeyDataGetName(data)); xmlFree(issuerName); return(-1); } issuerSerial = xmlNodeGetContent(cur); if(issuerSerial == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeGetName(cur))); + xmlSecInvalidNodeContentError(cur, xmlSecKeyDataGetName(data), "empty"); xmlFree(issuerName); return(-1); } cur = xmlSecGetNextElementNode(cur->next); if(cur != NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(cur)), - XMLSEC_ERRORS_R_UNEXPECTED_NODE, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecUnexpectedNodeError(cur, xmlSecKeyDataGetName(data)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1297,13 +1182,10 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec cert = xmlSecNssX509StoreFindCert(x509Store, NULL, issuerName, issuerSerial, NULL, keyInfoCtx); if(cert == NULL){ if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "issuerName=%s;issuerSerial=%s", - xmlSecErrorsSafeString(issuerName), - xmlSecErrorsSafeString(issuerSerial)); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "issuerName=%s;issuerSerial=%s", + xmlSecErrorsSafeString(issuerName), + xmlSecErrorsSafeString(issuerSerial)); xmlFree(issuerSerial); xmlFree(issuerName); return(-1); @@ -1316,11 +1198,8 @@ xmlSecNssX509IssuerSerialNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSec ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(issuerSerial); xmlFree(issuerName); @@ -1338,64 +1217,48 @@ xmlSecNssX509IssuerSerialNodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSe xmlNodePtr issuerNameNode; xmlNodePtr issuerNumberNode; xmlChar* buf; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); /* create xml nodes */ - cur = xmlSecAddChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509IssuerSerial, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerSerial)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerSerial)", NULL); return(-1); } - issuerNameNode = xmlSecAddChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); + issuerNameNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509IssuerName, xmlSecDSigNs); if(issuerNameNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509IssuerName)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509IssuerName)", NULL); return(-1); } - issuerNumberNode = xmlSecAddChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); + issuerNumberNode = xmlSecEnsureEmptyChild(cur, xmlSecNodeX509SerialNumber, xmlSecDSigNs); if(issuerNumberNode == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SerialNumber)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SerialNumber)", NULL); return(-1); } /* write data */ buf = xmlSecNssX509NameWrite(&(cert->issuer)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameWrite(&(cert->issuer))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameWrite(&(cert->issuer))", NULL); + return(-1); + } + + ret = xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent(issuerNameNode)", NULL); + xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(issuerNameNode, buf); xmlFree(buf); buf = xmlSecNssASN1IntegerWrite(&(cert->serialNumber)); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssASN1IntegerWrite(&(cert->serialNumber))", NULL); return(-1); } xmlNodeSetContent(issuerNumberNode, buf); @@ -1418,11 +1281,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1432,12 +1292,7 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(ski); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - "node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1448,12 +1303,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(ski); if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_UNKNOWN_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), + "ski=%s", xmlSecErrorsSafeString(ski)); return(-1); } return(0); @@ -1461,11 +1312,8 @@ xmlSecNssX509SKINodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataGetName(data)); CERT_DestroyCertificate(cert); xmlFree(ski); return(-1); @@ -1479,34 +1327,33 @@ static int xmlSecNssX509SKINodeWrite(CERTCertificate* cert, xmlNodePtr node, xmlSecKeyInfoCtxPtr keyInfoCtx ATTRIBUTE_UNUSED) { xmlChar *buf = NULL; xmlNodePtr cur = NULL; + int ret; xmlSecAssert2(cert != NULL, -1); xmlSecAssert2(node != NULL, -1); buf = xmlSecNssX509SKIWrite(cert); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509SKIWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509SKIWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509SKI, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509SKI)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509SKI)", NULL); xmlFree(buf); return(-1); } - xmlSecNodeEncodeAndSetContent(cur, buf); - xmlFree(buf); + ret = xmlSecNodeEncodeAndSetContent(cur, buf); + if(ret < 0) { + xmlSecInternalError("xmlSecNodeEncodeAndSetContent", NULL); + xmlFree(buf); + return(-1); + } + + /* done */ + xmlFree(buf); return(0); } @@ -1525,11 +1372,7 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt xmlFree(content); } if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_STOP_ON_EMPTY_NODE) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - xmlSecErrorsSafeString(xmlSecNodeGetName(node)), - XMLSEC_ERRORS_R_INVALID_NODE_CONTENT, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidNodeContentError(node, xmlSecKeyDataGetName(data), "empty"); return(-1); } return(0); @@ -1537,11 +1380,8 @@ xmlSecNssX509CRLNodeRead(xmlSecKeyDataPtr data, xmlNodePtr node, xmlSecKeyInfoCt crl = xmlSecNssX509CrlBase64DerRead(content, keyInfoCtx); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CrlBase64DerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CrlBase64DerRead", + xmlSecKeyDataGetName(data)); xmlFree(content); return(-1); } @@ -1563,28 +1403,19 @@ xmlSecNssX509CRLNodeWrite(CERTSignedCrl* crl, xmlNodePtr node, xmlSecKeyInfoCtxP /* set base64 lines size from context */ buf = xmlSecNssX509CrlBase64DerWrite(crl, keyInfoCtx->base64LineSize); if(buf == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CrlBase64DerWrite", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CrlBase64DerWrite", NULL); return(-1); } - cur = xmlSecAddChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); + cur = xmlSecEnsureEmptyChild(node, xmlSecNodeX509CRL, xmlSecDSigNs); if(cur == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecAddChild", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "new_node=%s", - xmlSecErrorsSafeString(xmlSecNodeX509CRL)); + xmlSecInternalError("xmlSecEnsureEmptyChild(NodeX509CRL)", NULL); xmlFree(buf); return(-1); } /* todo: add \n around base64 data - from context */ /* todo: add errors check */ - xmlNodeSetContent(cur, xmlSecStringCR); + xmlNodeSetContent(cur, xmlSecGetDefaultLineFeed()); xmlNodeSetContent(cur, buf); xmlFree(buf); @@ -1611,11 +1442,8 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, x509Store = xmlSecKeysMngrGetDataStore(keyInfoCtx->keysMngr, xmlSecNssX509StoreId); if(x509Store == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeysMngrGetDataStore", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeysMngrGetDataStore", + xmlSecKeyDataGetName(data)); return(-1); } @@ -1628,42 +1456,30 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, ctx->keyCert = CERT_DupCertificate(cert); if(ctx->keyCert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_DupCertificate", + xmlSecKeyDataGetName(data)); return(-1); } keyValue = xmlSecNssX509CertGetKey(ctx->keyCert); if(keyValue == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertGetKey", + xmlSecKeyDataGetName(data)); return(-1); } /* verify that the key matches our expectations */ if(xmlSecKeyReqMatchKeyValue(&(keyInfoCtx->keyReq), keyValue) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeyReqMatchKeyValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyReqMatchKeyValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } ret = xmlSecKeySetValue(key, keyValue); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecKeySetValue", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeySetValue", + xmlSecKeyDataGetName(data)); xmlSecKeyDataDestroy(keyValue); return(-1); } @@ -1672,31 +1488,21 @@ xmlSecNssKeyDataX509VerifyAndExtractKey(xmlSecKeyDataPtr data, xmlSecKeyPtr key, if (status == SECSuccess) { ret = xmlSecNssX509CertGetTime(¬Before, &(key->notValidBefore)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidBefore"); + xmlSecInternalError("xmlSecNssX509CertGetTime(notValidBefore)", + xmlSecKeyDataGetName(data)); return(-1); } ret = xmlSecNssX509CertGetTime(¬After, &(key->notValidAfter)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - "xmlSecNssX509CertGetTime", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "notValidAfter"); + xmlSecInternalError("xmlSecNssX509CertGetTime(notValidAfter)", + xmlSecKeyDataGetName(data)); return(-1); } } else { key->notValidBefore = key->notValidAfter = 0; } } else if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_STOP_ON_INVALID_CERT) != 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataGetName(data)), - NULL, - XMLSEC_ERRORS_R_CERT_NOT_FOUND, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOtherError(XMLSEC_ERRORS_R_CERT_NOT_FOUND, xmlSecKeyDataGetName(data), NULL); return(-1); } } @@ -1742,21 +1548,13 @@ xmlSecNssX509CertGetKey(CERTCertificate* cert) { pubkey = CERT_ExtractPublicKey(cert); if(pubkey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_ExtractPublicKey", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_ExtractPublicKey", NULL); return(NULL); } data = xmlSecNssPKIAdoptKey(NULL, pubkey); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssPKIAdoptKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssPKIAdoptKey", NULL); SECKEY_DestroyPublicKey(pubkey); return(NULL); } @@ -1773,11 +1571,7 @@ xmlSecNssX509CertBase64DerRead(xmlChar* buf) { /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1800,11 +1594,7 @@ xmlSecNssX509CertDerRead(const xmlSecByte* buf, xmlSecSize size) { cert = __CERT_NewTempCertificate(CERT_GetDefaultCertDB(), &derCert, NULL, PR_FALSE, PR_TRUE); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "__CERT_NewTempCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("__CERT_NewTempCertificate", NULL); return(NULL); } @@ -1821,23 +1611,14 @@ xmlSecNssX509CertBase64DerWrite(CERTCertificate* cert, int base64LineWrap) { xmlSecAssert2(cert != NULL, NULL); p = cert->derCert.data; + xmlSecAssert2(p != NULL, NULL); + size = cert->derCert.len; - if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "cert->derCert", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - return(NULL); - } + xmlSecAssert2(size > 0, NULL); res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(NULL); } @@ -1854,11 +1635,7 @@ xmlSecNssX509CrlBase64DerRead(xmlChar* buf, /* usual trick with base64 decoding "in-place" */ ret = xmlSecBase64Decode(buf, (xmlSecByte*)buf, xmlStrlen(buf)); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Decode", NULL); return(NULL); } @@ -1886,26 +1663,19 @@ xmlSecNssX509CrlDerRead(xmlSecByte* buf, xmlSecSize size, */ slot = xmlSecNssGetInternalKeySlot(); if (slot == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetInternalKeySlot", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssGetInternalKeySlot", NULL); return NULL; } - if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_SKIP_STRICT_CHECKS) != 0) { importOptions |= CRL_IMPORT_BYPASS_CHECKS; + } crl = PK11_ImportCRL(slot, &derCrl, NULL, SEC_CRL_TYPE, NULL, importOptions, NULL, CRL_DECODE_DEFAULT_OPTIONS); if(crl == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PK11_ImportCRL", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("PK11_ImportCRL", NULL); PK11_FreeSlot(slot); return(NULL); } @@ -1923,23 +1693,14 @@ xmlSecNssX509CrlBase64DerWrite(CERTSignedCrl* crl, int base64LineWrap) { xmlSecAssert2(crl != NULL && crl->derCrl != NULL, NULL); p = crl->derCrl->data; + xmlSecAssert2(p != NULL, NULL); + size = crl->derCrl->len; - if((size <= 0) || (p == NULL)){ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "crl->derCrl", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); - return(NULL); - } + xmlSecAssert2(size > 0, NULL); res = xmlSecBase64Encode(p, size, base64LineWrap); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); return(NULL); } @@ -1955,21 +1716,13 @@ xmlSecNssX509NameWrite(CERTName* nm) { str = CERT_NameToAscii(nm); if (str == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_NameToAscii", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_NameToAscii", NULL); return(NULL); } res = xmlStrdup(BAD_CAST str); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecStrdupError(BAD_CAST str, NULL); PORT_Free(str); return(NULL); } @@ -1987,23 +1740,21 @@ xmlSecNssASN1IntegerWrite(SECItem *num) { xmlSecAssert2(num != NULL, NULL); xmlSecAssert2(num->type == siBuffer, NULL); - xmlSecAssert2(num->len <= 9, NULL); xmlSecAssert2(num->data != NULL, NULL); /* HACK : to be fixed after * NSS bug http://bugzilla.mozilla.org/show_bug.cgi?id=212864 is fixed */ for(ii = num->len; ii > 0; --ii, shift += 8) { - val |= ((PRUint64)num->data[ii - 1]) << shift; + xmlSecAssert2(shift < 64 || num->data[ii - 1] == 0, NULL); + if(num->data[ii - 1] != 0) { + val |= ((PRUint64)num->data[ii - 1]) << shift; + } } res = (xmlChar*)xmlMalloc(resLen + 1); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlStrdup", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecMallocError(resLen + 1, NULL); return (NULL); } @@ -2023,22 +1774,14 @@ xmlSecNssX509SKIWrite(CERTCertificate* cert) { rv = CERT_FindSubjectKeyIDExtension(cert, &ski); if (rv != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_FindSubjectKeyIDExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("CERT_FindSubjectKeyIDExtension", NULL); SECITEM_FreeItem(&ski, PR_FALSE); return(NULL); } res = xmlSecBase64Encode(ski.data, ski.len, 0); if(res == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Encode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBase64Encode", NULL); SECITEM_FreeItem(&ski, PR_FALSE); return(NULL); } @@ -2178,43 +1921,30 @@ xmlSecNssKeyDataRawX509CertBinRead(xmlSecKeyDataId id, xmlSecKeyPtr key, cert = xmlSecNssX509CertDerRead(buf, bufSize); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509CertDerRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509CertDerRead", NULL); return(-1); } data = xmlSecKeyEnsureData(key, xmlSecNssKeyDataX509Id); if(data == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecKeyEnsureData", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecKeyEnsureData", + xmlSecKeyDataKlassGetName(id)); CERT_DestroyCertificate(cert); return(-1); } ret = xmlSecNssKeyDataX509AdoptCert(data, cert); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509AdoptCert", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509AdoptCert", + xmlSecKeyDataKlassGetName(id)); CERT_DestroyCertificate(cert); return(-1); } ret = xmlSecNssKeyDataX509VerifyAndExtractKey(data, key, keyInfoCtx); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataKlassGetName(id)), - "xmlSecNssKeyDataX509VerifyAndExtractKey", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssKeyDataX509VerifyAndExtractKey", + xmlSecKeyDataKlassGetName(id)); return(-1); } return(0); diff --git a/src/nss/x509vfy.c b/src/nss/x509vfy.c index 9e957fea..b5ffc8c4 100644 --- a/src/nss/x509vfy.c +++ b/src/nss/x509vfy.c @@ -1,7 +1,5 @@ -/** - * XMLSec library - * - * X509 support +/* + * XML Security Library (http://www.aleksey.com/xmlsec). * * * This is free software; see Copyright file in the source @@ -9,6 +7,13 @@ * * Copyright (c) 2003 America Online, Inc. All rights reserved. */ +/** + * SECTION:x509vfy + * @Short_description: X509 certificates verification support functions for NSS. + * @Stability: Private + * + */ + #include "globals.h" #ifndef XMLSEC_NO_X509 @@ -168,6 +173,7 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, SECStatus status = SECFailure; int64 timeboundary; int64 tmp1, tmp2; + PRErrorCode err; xmlSecAssert2(xmlSecKeyDataStoreCheckId(store, xmlSecNssX509StoreId), NULL); xmlSecAssert2(certs != NULL, NULL); @@ -176,19 +182,20 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, ctx = xmlSecNssX509StoreGetCtx(store); xmlSecAssert2(ctx != NULL, NULL); + if(keyInfoCtx->certsVerificationTime > 0) { + /* convert the time since epoch in seconds to microseconds */ + LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); + tmp1 = (int64)PR_USEC_PER_SEC; + tmp2 = timeboundary; + LL_MUL(timeboundary, tmp1, tmp2); + } else { + timeboundary = PR_Now(); + } + for (head = CERT_LIST_HEAD(certs); !CERT_LIST_END(head, certs); head = CERT_LIST_NEXT(head)) { cert = head->cert; - if(keyInfoCtx->certsVerificationTime > 0) { - /* convert the time since epoch in seconds to microseconds */ - LL_UI2L(timeboundary, keyInfoCtx->certsVerificationTime); - tmp1 = (int64)PR_USEC_PER_SEC; - tmp2 = timeboundary; - LL_MUL(timeboundary, tmp1, tmp2); - } else { - timeboundary = PR_Now(); - } /* if cert is the issuer of any other cert in the list, then it is * to be skipped */ @@ -211,11 +218,18 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, continue; } - status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), - cert, PR_FALSE, - (SECCertificateUsage)0, - timeboundary , NULL, NULL, NULL); - if (status == SECSuccess) { + if((keyInfoCtx->flags & XMLSEC_KEYINFO_FLAGS_X509DATA_DONT_VERIFY_CERTS) == 0) { + /* it's important to set the usage here, otherwise no real verification + * is performed. */ + status = CERT_VerifyCertificate(CERT_GetDefaultCertDB(), + cert, PR_FALSE, + certificateUsageEmailSigner, + timeboundary , NULL, NULL, NULL); + if(status == SECSuccess) { + break; + } + } else { + status = SECSuccess; break; } } @@ -224,44 +238,34 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, return (cert); } - switch(PORT_GetError()) { + err = PORT_GetError(); + switch(err) { case SEC_ERROR_EXPIRED_ISSUER_CERTIFICATE: case SEC_ERROR_CA_CERT_INVALID: case SEC_ERROR_UNKNOWN_SIGNER: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, - "cert with subject name %s could not be verified because the issuer's cert is expired/invalid or not found", - (cert != NULL) ? cert->subjectName : "(NULL)" - ); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_ISSUER_FAILED, + xmlSecKeyDataStoreGetName(store), + "subject=\"%s\"; reason=the issuer's cert is expired/invalid or not found", + xmlSecErrorsSafeString(cert->subjectName)); break; case SEC_ERROR_EXPIRED_CERTIFICATE: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, - "cert with subject name %s has expired", - (cert != NULL) ? cert->subjectName : "(NULL)" - ); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_HAS_EXPIRED, + xmlSecKeyDataStoreGetName(store), + "subject=\"%s\"; reason=expired", + xmlSecErrorsSafeString(cert->subjectName)); break; case SEC_ERROR_REVOKED_CERTIFICATE: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_REVOKED, - "cert with subject name %s has been revoked", - (cert != NULL) ? cert->subjectName : "(NULL)" - ); + xmlSecOtherError2(XMLSEC_ERRORS_R_CERT_REVOKED, + xmlSecKeyDataStoreGetName(store), + "subject=\"%s\"; reason=revoked", + xmlSecErrorsSafeString(cert->subjectName)); break; default: - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - NULL, - XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, - "cert with subject name %s could not be verified, errcode %d", - (cert != NULL) ? cert->subjectName : "(NULL)", - PORT_GetError()); + xmlSecOtherError3(XMLSEC_ERRORS_R_CERT_VERIFY_FAILED, + xmlSecKeyDataStoreGetName(store), + "subject=\"%s\"; reason=%d", + xmlSecErrorsSafeString(cert->subjectName), + (int)err); break; } @@ -279,7 +283,7 @@ xmlSecNssX509StoreVerify(xmlSecKeyDataStorePtr store, CERTCertList* certs, * Returns: 0 on success or a negative value if an error occurs. */ int -xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type ATTRIBUTE_UNUSED) { +xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, xmlSecKeyDataType type) { xmlSecNssX509StoreCtxPtr ctx; int ret; @@ -292,25 +296,34 @@ xmlSecNssX509StoreAdoptCert(xmlSecKeyDataStorePtr store, CERTCertificate* cert, if(ctx->certsList == NULL) { ctx->certsList = CERT_NewCertList(); if(ctx->certsList == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CERT_NewCertList", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_NewCertList", xmlSecKeyDataStoreGetName(store)); return(-1); } } ret = CERT_AddCertToListTail(ctx->certsList, cert); if(ret != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecKeyDataStoreGetName(store)), - "CERT_AddCertToListTail", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_AddCertToListTail", xmlSecKeyDataStoreGetName(store)); return(-1); } + if(type == xmlSecKeyDataTypeTrusted) { + SECStatus status; + + /* if requested, mark the certificate as trusted */ + CERTCertTrust trust; + status = CERT_DecodeTrustString(&trust, "TCu,Cu,Tu"); + if(status != SECSuccess) { + xmlSecNssError("CERT_DecodeTrustString", xmlSecKeyDataStoreGetName(store)); + return(-1); + } + CERT_ChangeCertTrust(CERT_GetDefaultCertDB(), cert, &trust); + if(status != SECSuccess) { + xmlSecNssError("CERT_ChangeCertTrust", xmlSecKeyDataStoreGetName(store)); + return(-1); + } + } + return(0); } @@ -364,12 +377,7 @@ xmlSecNssGetCertName(const xmlChar * name) { */ name2 = xmlStrdup(name); if(name2 == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_MALLOC_FAILED, - "xmlStrlen(name)=%d", - xmlStrlen(name)); + xmlSecStrdupError(name, NULL); return(NULL); } while( (p = (xmlChar*)xmlStrstr(name2, BAD_CAST "emailAddress=")) != NULL) { @@ -378,31 +386,23 @@ xmlSecNssGetCertName(const xmlChar * name) { tmp = xmlSecNssX509NameRead(name2, xmlStrlen(name2)); if(tmp == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "name2=\"%s\"", - xmlSecErrorsSafeString(name2)); + xmlSecInternalError2("xmlSecNssX509NameRead", NULL, + "name2=\"%s\"", xmlSecErrorsSafeString(name2)); xmlFree(name2); return(NULL); } res = CERT_AsciiToName((char*)tmp); - if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_AsciiToName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ascii=\"%s\", error code=%d", - xmlSecErrorsSafeString((char*)tmp), - PORT_GetError()); + if (res == NULL) { + xmlSecNssError2("CERT_AsciiToName", NULL, + "ascii=\"%s\"", xmlSecErrorsSafeString((char*)tmp)); PORT_Free(tmp); xmlFree(name2); return(NULL); } PORT_Free(tmp); + xmlFree(name2); return(res); } @@ -422,23 +422,16 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, if ((cert == NULL) && (subjectName != NULL)) { name = xmlSecNssGetCertName(subjectName); if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetCertName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "subject=%s", - xmlSecErrorsSafeString(subjectName)); + xmlSecInternalError2("xmlSecNssGetCertName", NULL, + "subject=%s", + xmlSecErrorsSafeString(subjectName)); goto done; } if(arena == NULL) { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PORT_NewArena", NULL); goto done; } } @@ -446,11 +439,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, SEC_ASN1_GET(CERT_NameTemplate)); if (nameitem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_ASN1EncodeItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SEC_ASN1EncodeItem", NULL); goto done; } @@ -463,23 +452,16 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, name = xmlSecNssGetCertName(issuerName); if (name == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssGetCertName", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "issuer=%s", - xmlSecErrorsSafeString(issuerName)); + xmlSecInternalError2("xmlSecNssGetCertName", NULL, + "issuer=%s", + xmlSecErrorsSafeString(issuerName)); goto done; } if(arena == NULL) { arena = PORT_NewArena(DER_DEFAULT_CHUNKSIZE); if (arena == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_NewArena", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError("PORT_NewArena", NULL); goto done; } } @@ -487,11 +469,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, nameitem = SEC_ASN1EncodeItem(arena, NULL, (void *)name, SEC_ASN1_GET(CERT_NameTemplate)); if (nameitem == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "SEC_ASN1EncodeItem", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("SEC_ASN1EncodeItem", NULL); goto done; } @@ -502,22 +480,14 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, /* TBD: serial num can be arbitrarily long */ if(PR_sscanf((char *)issuerSerial, "%llu", &issuerSN) != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PR_sscanf", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "error code=%d", PR_GetError()); + xmlSecNssError("PR_sscanf(issuerSerial)", NULL); SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); goto done; } rv = xmlSecNssNumToItem(&issuerAndSN.serialNumber, issuerSN); if(rv <= 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssNumToItem", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "error code=%d", PR_GetError()); + xmlSecInternalError("xmlSecNssNumToItem(serialNumber)", NULL); SECITEM_FreeItem(&issuerAndSN.serialNumber, PR_FALSE); goto done; } @@ -532,12 +502,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, len = xmlSecBase64Decode(ski, (xmlSecByte*)ski, xmlStrlen(ski)); if(len < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecBase64Decode", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "ski=%s", - xmlSecErrorsSafeString(ski)); + xmlSecInternalError("xmlSecBase64Decode", NULL); goto done; } @@ -561,11 +526,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, memset(&tmpitem, 0, sizeof(tmpitem)); status = CERT_FindSubjectKeyIDExtension(head->cert, &tmpitem); if (status != SECSuccess) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_FindSubjectKeyIDExtension", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "ski"); + xmlSecNssError("CERT_FindSubjectKeyIDExtension(ski)", NULL); SECITEM_FreeItem(&tmpitem, PR_FALSE); goto done; } @@ -575,11 +536,7 @@ xmlSecNssX509FindCert(CERTCertList* certsList, const xmlChar *subjectName, ) { cert = CERT_DupCertificate(head->cert); if(cert == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "CERT_DupCertificate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - "error code=%d", PORT_GetError()); + xmlSecNssError("CERT_DupCertificate", NULL); SECITEM_FreeItem(&tmpitem, PR_FALSE); goto done; } @@ -613,11 +570,8 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { /* return string should be no longer than input string */ retval = (xmlSecByte *)PORT_Alloc(len+1); if(retval == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "PORT_Alloc", - XMLSEC_ERRORS_R_MALLOC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecNssError2("PORT_Alloc", NULL, + "size=%d", (len+1)); return(NULL); } p = retval; @@ -630,11 +584,7 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { nameLen = xmlSecNssX509NameStringRead(&str, &len, name, sizeof(name), '=', 0); if(nameLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameStringRead", NULL); goto done; } memcpy(p, name, nameLen); @@ -646,11 +596,7 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { valueLen = xmlSecNssX509NameStringRead(&str, &len, value, sizeof(value), '"', 1); if(valueLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameStringRead", NULL); goto done; } /* skip spaces before comma or semicolon */ @@ -658,11 +604,7 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { ++str; --len; } if((len > 0) && ((*str) != ',')) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "comma is expected"); + xmlSecInvalidIntegerDataError("char", (*str), "comma ','", NULL); goto done; } if(len > 0) { @@ -674,21 +616,13 @@ xmlSecNssX509NameRead(xmlSecByte *str, int len) { *p++='\"'; } else if((*str) == '#') { /* TODO: read octect values */ - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "reading octect values is not implemented yet"); + xmlSecNotImplementedError("reading octect values is not implemented yet"); goto done; } else { valueLen = xmlSecNssX509NameStringRead(&str, &len, value, sizeof(value), ',', 1); if(valueLen < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - "xmlSecNssX509NameStringRead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecNssX509NameStringRead", NULL); goto done; } memcpy(p, value, valueLen); @@ -734,22 +668,14 @@ xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, nonSpace = q; if(xmlSecIsHex((*p))) { if((p - (*str) + 1) >= (*strLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "two hex digits expected"); + xmlSecInvalidDataError("two hex digits expected", NULL); return(-1); } *(q++) = xmlSecGetHex(p[0]) * 16 + xmlSecGetHex(p[1]); p += 2; } else { if(((++p) - (*str)) >= (*strLen)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_DATA, - "escaped symbol missed"); + xmlSecInvalidDataError("escaped symbol missed", NULL); return(-1); } *(q++) = *(p++); @@ -757,11 +683,7 @@ xmlSecNssX509NameStringRead(xmlSecByte **str, int *strLen, } } if(((p - (*str)) < (*strLen)) && ((*p) != delim)) { - xmlSecError(XMLSEC_ERRORS_HERE, - NULL, - NULL, - XMLSEC_ERRORS_R_INVALID_SIZE, - "buffer is too small"); + xmlSecInvalidSizeOtherError("buffer is too small", NULL); return(-1); } (*strLen) -= (p - (*str)); @@ -793,7 +715,8 @@ xmlSecNssNumToItem(SECItem *it, PRUint64 ui) ** require progressively more space. Start from 1 because byte at ** position 0 is zero */ - for(zeros_len = 1; (zeros_len < sizeof(bb)) && (bb[zeros_len] == 0); ++zeros_len); + for(zeros_len = 1; (zeros_len < sizeof(bb)) && (bb[zeros_len] == 0); ++zeros_len) { + } it->len = sizeof(bb) - (zeros_len - 1); it->data = (unsigned char *)PORT_Alloc(it->len); |