diff options
Diffstat (limited to 'src/openssl/evp_signatures.c')
| -rw-r--r-- | src/openssl/evp_signatures.c | 150 |
1 files changed, 45 insertions, 105 deletions
diff --git a/src/openssl/evp_signatures.c b/src/openssl/evp_signatures.c index 4dc493ca..5ed61c97 100644 --- a/src/openssl/evp_signatures.c +++ b/src/openssl/evp_signatures.c @@ -1,11 +1,19 @@ -/** - * XMLSec library +/* + * XML Security Library (http://www.aleksey.com/xmlsec). + * * * This is free software; see Copyright file in the source * distribution for preciese wording. * * Copyright (C) 2002-2016 Aleksey Sanin <aleksey@aleksey.com>. All Rights Reserved. */ +/** + * SECTION:evp_signatures + * @Short_description: Private/public (EVP) signatures implementation for OpenSSL. + * @Stability: Private + * + */ + #include "globals.h" #include <string.h> @@ -21,17 +29,7 @@ #include <xmlsec/openssl/crypto.h> #include <xmlsec/openssl/evp.h> - -/* new API from OpenSSL 1.1.0 (https://www.openssl.org/docs/manmaster/crypto/EVP_DigestInit.html): - * - * EVP_MD_CTX_create() and EVP_MD_CTX_destroy() were renamed to EVP_MD_CTX_new() and EVP_MD_CTX_free() in OpenSSL 1.1. - */ -#if !defined(XMLSEC_OPENSSL_110) -#define EVP_MD_CTX_new() EVP_MD_CTX_create() -#define EVP_MD_CTX_free(x) EVP_MD_CTX_destroy((x)) -#define EVP_MD_CTX_md_data(x) ((x)->md_data) -#endif /* !defined(XMLSEC_OPENSSL_110) */ - +#include "openssl_compat.h" /************************************************************************** * @@ -141,8 +139,6 @@ xmlSecOpenSSLEvpSignatureCheckId(xmlSecTransformPtr transform) { { return(0); } - - return(0); } static int @@ -215,11 +211,7 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { ctx->keyId = xmlSecOpenSSLKeyDataGost2001Id; ctx->digest = EVP_get_digestbyname("md_gost94"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else @@ -230,11 +222,7 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { ctx->keyId = xmlSecOpenSSLKeyDataGostR3410_2012_256Id; ctx->digest = EVP_get_digestbyname("md_gost12_256"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else @@ -243,33 +231,22 @@ xmlSecOpenSSLEvpSignatureInitialize(xmlSecTransformPtr transform) { ctx->keyId = xmlSecOpenSSLKeyDataGostR3410_2012_512Id; ctx->digest = EVP_get_digestbyname("md_gost12_512"); if (!ctx->digest) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } } else #endif /* XMLSEC_NO_GOST2012 */ if(1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_TRANSFORM, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInvalidTransfromError(transform) return(-1); } /* create digest CTX */ ctx->digestCtx = EVP_MD_CTX_new(); if(ctx->digestCtx == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_MD_CTX_new", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_MD_CTX_new", + xmlSecTransformGetName(transform)); return(-1); } @@ -320,11 +297,8 @@ xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) pKey = xmlSecOpenSSLEvpKeyDataGetEvp(value); if(pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpKeyDataGetEvp", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDataGetEvp", + xmlSecTransformGetName(transform)); return(-1); } @@ -334,11 +308,8 @@ xmlSecOpenSSLEvpSignatureSetKey(xmlSecTransformPtr transform, xmlSecKeyPtr key) ctx->pKey = xmlSecOpenSSLEvpKeyDup(pKey); if(ctx->pKey == NULL) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecOpenSSLEvpKeyDup", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecOpenSSLEvpKeyDup", + xmlSecTransformGetName(transform)); return(-1); } @@ -390,18 +361,13 @@ xmlSecOpenSSLEvpSignatureVerify(xmlSecTransformPtr transform, ret = EVP_VerifyFinal(ctx->digestCtx, (xmlSecByte*)data, dataSize, ctx->pKey); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_VerifyFinal", + xmlSecTransformGetName(transform)); return(-1); } else if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyFinal", - XMLSEC_ERRORS_R_DATA_NOT_MATCH, - "signature do not match"); + xmlSecOtherError(XMLSEC_ERRORS_R_DATA_NOT_MATCH, + xmlSecTransformGetName(transform), + "EVP_VerifyFinal: signature does not verify"); transform->status = xmlSecTransformStatusFail; return(0); } @@ -443,21 +409,15 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT if(transform->operation == xmlSecTransformOperationSign) { ret = EVP_SignInit(ctx->digestCtx, ctx->digest); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_SignInit", + xmlSecTransformGetName(transform)); return(-1); } } else { ret = EVP_VerifyInit(ctx->digestCtx, ctx->digest); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyInit", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_VerifyInit", + xmlSecTransformGetName(transform)); return(-1); } } @@ -470,32 +430,23 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT if(transform->operation == xmlSecTransformOperationSign) { ret = EVP_SignUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_SignUpdate", + xmlSecTransformGetName(transform)); return(-1); } } else { ret = EVP_VerifyUpdate(ctx->digestCtx, xmlSecBufferGetData(in), inSize); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_VerifyUpdate", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_VerifyUpdate", + xmlSecTransformGetName(transform)); return(-1); } } ret = xmlSecBufferRemoveHead(in, inSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferRemoveHead", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecInternalError("xmlSecBufferRemoveHead", + xmlSecTransformGetName(transform)); return(-1); } } @@ -509,31 +460,24 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT signSize = EVP_PKEY_size(ctx->pKey); ret = xmlSecBufferSetMaxSize(out, signSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetMaxSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%u", signSize); + xmlSecInternalError2("xmlSecBufferSetMaxSize", + xmlSecTransformGetName(transform), + "size=%u", signSize); return(-1); } ret = EVP_SignFinal(ctx->digestCtx, xmlSecBufferGetData(out), &signSize, ctx->pKey); if(ret != 1) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "EVP_SignFinal", - XMLSEC_ERRORS_R_CRYPTO_FAILED, - XMLSEC_ERRORS_NO_MESSAGE); + xmlSecOpenSSLError("EVP_SignFinal", + xmlSecTransformGetName(transform)); return(-1); } ret = xmlSecBufferSetSize(out, signSize); if(ret < 0) { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - "xmlSecBufferSetSize", - XMLSEC_ERRORS_R_XMLSEC_FAILED, - "size=%u", signSize); + xmlSecInternalError2("xmlSecBufferSetSize", + xmlSecTransformGetName(transform), + "size=%u", signSize); return(-1); } } @@ -544,11 +488,7 @@ xmlSecOpenSSLEvpSignatureExecute(xmlSecTransformPtr transform, int last, xmlSecT /* the only way we can get here is if there is no input */ xmlSecAssert2(xmlSecBufferGetSize(&(transform->inBuf)) == 0, -1); } else { - xmlSecError(XMLSEC_ERRORS_HERE, - xmlSecErrorsSafeString(xmlSecTransformGetName(transform)), - NULL, - XMLSEC_ERRORS_R_INVALID_STATUS, - "status=%d", transform->status); + xmlSecInvalidTransfromStatusError(transform); return(-1); } |