8 #include <openssl/x509_vfy.h>
9 #include <openssl/evp.h>
10 #include <openssl/obj_mac.h>
11 #include <openssl/ec.h>
12 #include <openssl/dsa.h>
13 #include <openssl/dh.h>
14 #include <openssl/rsa.h>
15 #include <openssl/bio.h>
16 #include <openssl/rand.h>
17 #include <openssl/crypto.h>
18 #include <openssl/err.h>
19 #include <openssl/x509v3.h>
20 #include <openssl/obj_mac.h>
21 #include <ckm/ckm-error.h>
22 #include <ckm/ckm-type.h>
24 #include <CryptoService.h>
26 #include <dpl/log/log.h>
28 #define OPENSSL_SUCCESS 1 // DO NOTCHANGE THIS VALUE
29 #define OPENSSL_FAIL 0 // DO NOTCHANGE THIS VALUE
31 #define RAND_READ_BYTES 32
35 CryptoService::CryptoService(){
38 CryptoService::~CryptoService(){
43 void CryptoService::initialize() {
44 // try to initialize using ERR_load_crypto_strings and OpenSSL_add_all_algorithms
45 ERR_load_crypto_strings();
46 OpenSSL_add_all_algorithms();
49 std::ifstream ifile(DEV_HW_RANDOM_FILE);
52 && (RAND_READ_BYTES == RAND_load_file(DEV_HW_RANDOM_FILE, RAND_READ_BYTES)))
53 LogDebug("Success to read from [" << DEV_HW_RANDOM_FILE << "]");
54 else if (RAND_READ_BYTES == RAND_load_file(DEV_URANDOM_FILE, RAND_READ_BYTES))
55 LogDebug("Success to read from [" << DEV_URANDOM_FILE << "]");
57 ThrowMsg(CryptoService::Exception::Crypto_internal,
58 "Error in U_RAND_file_load");
61 const EVP_MD *CryptoService::getMdAlgo(const HashAlgorithm hashAlgo) {
62 const EVP_MD *md_algo=NULL;
64 case HashAlgorithm::NONE:
67 case HashAlgorithm::SHA1:
70 case HashAlgorithm::SHA256:
71 md_algo = EVP_sha256();
73 case HashAlgorithm::SHA384:
74 md_algo = EVP_sha384();
76 case HashAlgorithm::SHA512:
77 md_algo = EVP_sha512();
80 LogError("Error in hashAlgorithm value");
81 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in hashAlgorithm value");
86 int CryptoService::getRsaPadding(const RSAPaddingAlgorithm padAlgo) {
89 case RSAPaddingAlgorithm::NONE:
90 rsa_padding = RSA_NO_PADDING;
92 case RSAPaddingAlgorithm::PKCS1:
93 rsa_padding = RSA_PKCS1_PADDING;
95 case RSAPaddingAlgorithm::X931:
96 rsa_padding = RSA_X931_PADDING;
99 LogError("Error in RSAPaddingAlgorithm value");
100 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in RSAPaddingAlgorithm value");
105 int CryptoService::createKeyPairRSA(const int size, // size in bits [1024, 2048, 4096]
106 KeyImpl &createdPrivateKey, // returned value
107 KeyImpl &createdPublicKey) // returned value
109 EVP_PKEY_CTX *ctx = NULL;
110 EVP_PKEY *pkey = NULL;
111 EVP_PKEY *pparam = NULL;
113 // check the parameters of functions
114 if(size != 1024 && size !=2048 && size != 4096) {
115 LogError("Error in RSA input size");
116 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in RSA input size");
119 // check the parameters of functions
120 if(&createdPrivateKey == NULL) {
121 LogError("Error in createdPrivateKey value");
122 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value");
125 // check the parameters of functions
126 if(&createdPublicKey == NULL) {
127 LogError("Error in createdPrivateKey value");
128 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value");
132 if(!(ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL))) {
133 LogError("Error in EVP_PKEY_CTX_new_id function !!");
134 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function !!");
137 if(EVP_PKEY_keygen_init(ctx) <= 0) {
138 LogError("Error in EVP_PKEY_keygen_init function !!");
139 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function !!");
142 if(EVP_PKEY_CTX_set_rsa_keygen_bits(ctx,size) <= 0) {
143 LogError("Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
144 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_keygen_bits function !!");
147 if(!EVP_PKEY_keygen(ctx, &pkey)) {
148 LogError("Error in EVP_PKEY_keygen function !!");
149 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function !!");
151 } Catch(CryptoService::Exception::opensslError) {
157 EVP_PKEY_free(pparam);
161 EVP_PKEY_CTX_free(ctx);
164 ReThrowMsg(CryptoService::Exception::opensslError,"Error in opensslError function !!");
167 KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
169 createdPrivateKey = KeyImpl(ptr, KeyType::KEY_RSA_PRIVATE);
170 createdPublicKey = KeyImpl(ptr, KeyType::KEY_RSA_PUBLIC);
173 EVP_PKEY_free(pparam);
177 EVP_PKEY_CTX_free(ctx);
180 return CKM_CRYPTO_CREATEKEY_SUCCESS;
184 int CryptoService::createKeyPairDSA(const int size, // size in bits [1024, 2048, 3072, 4096]
185 KeyImpl &createdPrivateKey, // returned value
186 KeyImpl &createdPublicKey) // returned value
188 EVP_PKEY_CTX *pctx = NULL;
189 EVP_PKEY_CTX *kctx = NULL;
190 EVP_PKEY *pkey = NULL;
191 EVP_PKEY *pparam = NULL;
193 // check the parameters of functions
194 if(size != 1024 && size !=2048 && size !=3072 && size != 4096) {
195 LogError("Error in DSA input size");
196 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in DSA input size");
199 // check the parameters of functions
200 if(&createdPrivateKey == NULL) {
201 LogError("Error in createdPrivateKey value");
202 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value");
205 // check the parameters of functions
206 if(&createdPublicKey == NULL) {
207 LogError("Error in createdPrivateKey value");
208 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value");
212 /* Create the context for generating the parameters */
213 if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL))) {
214 LogError("Error in EVP_PKEY_CTX_new_id function");
215 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function");
218 if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) {
219 LogError("Error in EVP_PKEY_paramgen_init function");
220 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen_init function");
223 if(EVP_SUCCESS != EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, size)) {
224 LogError("Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
225 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_dsa_paramgen_bits(" << size << ") function");
228 /* Generate parameters */
229 if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) {
230 LogError("Error in EVP_PKEY_paramgen function");
231 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen function");
234 // Start to generate key
235 if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) {
236 LogError("Error in EVP_PKEY_CTX_new function");
237 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function");
240 if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) {
241 LogError("Error in EVP_PKEY_keygen_init function");
242 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function");
245 /* Generate the key */
246 if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) {
247 LogError("Error in EVP_PKEY_keygen function");
248 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function");
251 Catch(CryptoService::Exception::opensslError)
258 EVP_PKEY_free(pparam);
262 EVP_PKEY_CTX_free(pctx);
266 EVP_PKEY_CTX_free(kctx);
269 ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
272 KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
274 createdPrivateKey = KeyImpl(ptr, KeyType::KEY_DSA_PRIVATE);
275 createdPublicKey = KeyImpl(ptr, KeyType::KEY_DSA_PUBLIC);
278 EVP_PKEY_free(pparam);
282 EVP_PKEY_CTX_free(pctx);
286 EVP_PKEY_CTX_free(kctx);
289 return CKM_CRYPTO_CREATEKEY_SUCCESS;
293 int CryptoService::createKeyPairECDSA(ElipticCurve type,
294 KeyImpl &createdPrivateKey, // returned value
295 KeyImpl &createdPublicKey) // returned value
297 int ecCurve = NOT_DEFINED;
298 EVP_PKEY_CTX *pctx = NULL;
299 EVP_PKEY_CTX *kctx = NULL;
300 EVP_PKEY *pkey = NULL;
301 EVP_PKEY *pparam = NULL;
304 case ElipticCurve::prime192v1:
305 ecCurve = NID_X9_62_prime192v1;
307 case ElipticCurve::prime256v1:
308 ecCurve = NID_X9_62_prime256v1;
310 case ElipticCurve::secp384r1:
311 ecCurve = NID_secp384r1;
314 LogError("Error in EC type");
315 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in EC type");
318 // check the parameters of functions
319 if(&createdPrivateKey == NULL) {
320 LogError("Error in createdPrivateKey value");
321 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPrivateKey value");
324 // check the parameters of functions
325 if(&createdPublicKey == NULL) {
326 LogError("Error in createdPrivateKey value");
327 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in createdPublicKey value");
331 /* Create the context for generating the parameters */
332 if(!(pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_EC, NULL))) {
333 LogError("Error in EVP_PKEY_CTX_new_id function");
334 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new_id function");
337 if(EVP_SUCCESS != EVP_PKEY_paramgen_init(pctx)) {
338 LogError("Error in EVP_PKEY_paramgen_init function");
339 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen_init function");
342 if(EVP_SUCCESS != EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx, ecCurve)) {
343 LogError("Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
344 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_ec_paramgen_curve_nid function");
347 /* Generate parameters */
348 if(EVP_SUCCESS != EVP_PKEY_paramgen(pctx, &pparam)) {
349 LogError("Error in EVP_PKEY_paramgen function");
350 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_paramgen function");
353 // Start to generate key
354 if(!(kctx = EVP_PKEY_CTX_new(pparam, NULL))) {
355 LogError("Error in EVP_PKEY_CTX_new function");
356 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function");
359 if(EVP_SUCCESS != EVP_PKEY_keygen_init(kctx)) {
360 LogError("Error in EVP_PKEY_keygen_init function");
361 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen_init function");
364 /* Generate the key */
365 if(EVP_SUCCESS != EVP_PKEY_keygen(kctx, &pkey)) {
366 LogError("Error in EVP_PKEY_keygen function");
367 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function");
369 } Catch(CryptoService::Exception::opensslError) {
375 EVP_PKEY_free(pparam);
379 EVP_PKEY_CTX_free(pctx);
383 EVP_PKEY_CTX_free(kctx);
386 ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
389 KeyImpl::EvpShPtr ptr(pkey, EVP_PKEY_free); // shared ptr will free pkey
391 createdPrivateKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PRIVATE);
392 createdPublicKey = KeyImpl(ptr, KeyType::KEY_ECDSA_PUBLIC);
395 EVP_PKEY_free(pparam);
399 EVP_PKEY_CTX_free(pctx);
403 EVP_PKEY_CTX_free(kctx);
406 return CKM_CRYPTO_CREATEKEY_SUCCESS;
409 int CryptoService::createSignature(const KeyImpl &privateKey,
410 const RawBuffer &message,
411 const HashAlgorithm hashAlgo,
412 const RSAPaddingAlgorithm padAlgo,
413 RawBuffer &signature)
415 int retCode = CKM_API_SUCCESS;
416 int rsa_padding = NOT_DEFINED;
417 const EVP_MD *md_algo = NULL;
419 md_algo = getMdAlgo(hashAlgo);
422 if((privateKey.getType() != KeyType::KEY_RSA_PRIVATE) &&
423 (privateKey.getType() != KeyType::KEY_DSA_PRIVATE) &&
424 (privateKey.getType() != KeyType::KEY_ECDSA_PRIVATE))
426 LogError("Error in private key type");
427 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in private key type");
430 if(privateKey.getType()==KeyType::KEY_RSA_PRIVATE) {
431 rsa_padding = getRsaPadding(padAlgo);
434 auto shrPKey = privateKey.getEvpShPtr();
435 if (NULL == shrPKey.get()) {
436 LogError("Error in EVP_PKEY_keygen function");
437 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_keygen function");
440 if(md_algo == NULL) {
441 retCode = signMessage(shrPKey.get(), message, rsa_padding, signature);
443 retCode = digestSignMessage(shrPKey.get(),message, md_algo, rsa_padding, signature);
449 int CryptoService::signMessage(EVP_PKEY *privKey,
450 const RawBuffer &message,
451 const int rsa_padding,
452 RawBuffer &signature)
454 int retCode = CKM_API_SUCCESS;
455 EVP_PKEY_CTX *pctx = NULL;
458 if(!(pctx = EVP_PKEY_CTX_new(privKey, NULL))) {
459 LogError("Error in EVP_PKEY_CTX_new function");
460 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function");
463 if(EVP_PKEY_sign_init(pctx) != EVP_SUCCESS) {
464 LogError("Error in EVP_PKEY_sign_init function");
465 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_sign_init function");
468 /* Set padding algorithm */
469 if(EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) {
470 if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
471 LogError("Error in EVP_PKEY_CTX_set_rsa_padding function");
472 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
476 /* Finalize the Sign operation */
477 /* First call EVP_PKEY_sign with a NULL sig parameter to obtain the length of the
478 * signature. Length is returned in slen */
480 if(EVP_SUCCESS != EVP_PKEY_sign(pctx, NULL, &slen, message.data(), message.size())) {
481 LogError("Error in EVP_PKEY_sign function");
482 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_sign function");
485 /* Allocate memory for the signature based on size in slen */
486 unsigned char sig[slen];
488 if(EVP_SUCCESS == EVP_PKEY_sign(pctx, sig, &slen, message.data(), message.size())) {
489 // Set value to return RawData
490 signature.assign(sig, sig+slen);
491 retCode = CKM_API_SUCCESS;
493 LogError("Error in EVP_PKEY_sign function: check input parameter");
494 retCode = CKM_API_ERROR_INPUT_PARAM;
496 } Catch(CryptoService::Exception::opensslError) {
498 EVP_PKEY_CTX_free(pctx);
500 ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
504 EVP_PKEY_CTX_free(pctx);
509 int CryptoService::digestSignMessage(EVP_PKEY *privKey,
510 const RawBuffer &message,
511 const EVP_MD *md_algo,
512 const int rsa_padding,
513 RawBuffer &signature)
515 EVP_MD_CTX *mdctx = NULL;
516 EVP_PKEY_CTX *pctx = NULL;
519 // Create the Message Digest Context
520 if(!(mdctx = EVP_MD_CTX_create())) {
521 LogError("Error in EVP_MD_CTX_create function");
522 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_MD_CTX_create function");
525 if(EVP_SUCCESS != EVP_DigestSignInit(mdctx, &pctx, md_algo, NULL, privKey)) {
526 LogError("Error in EVP_DigestSignInit function");
527 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestSignInit function");
530 /* Set padding algorithm */
531 if(EVP_PKEY_type(privKey->type) == EVP_PKEY_RSA) {
532 if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
533 LogError("Error in EVP_PKEY_CTX_set_rsa_padding function");
534 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
538 /* Call update with the message */
539 if(EVP_SUCCESS != EVP_DigestSignUpdate(mdctx, message.data(), message.size())) {
540 LogError("Error in EVP_DigestSignUpdate function");
541 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestSignUpdate function");
544 /* Finalize the DigestSign operation */
545 /* First call EVP_DigestSignFinal with a NULL sig parameter to obtain the length of the
546 * signature. Length is returned in slen */
548 if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx, NULL, &slen)) {
549 LogError("Error in EVP_DigestSignFinal function");
550 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestSignFinal function");
552 /* Allocate memory for the signature based on size in slen */
553 unsigned char sig[slen];
555 /* Obtain the signature */
556 if(EVP_SUCCESS != EVP_DigestSignFinal(mdctx, sig, &slen)) {
557 LogError("Error in EVP_DigestSignFinal function");
558 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestSignFinal function");
561 // Set value to return RawData
562 signature.assign(sig, sig+slen);
563 } Catch(CryptoService::Exception::opensslError) {
565 EVP_MD_CTX_destroy(mdctx);
568 ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
572 EVP_MD_CTX_destroy(mdctx);
575 return CKM_API_SUCCESS;
578 int CryptoService::verifySignature(const KeyImpl &publicKey,
579 const RawBuffer &message,
580 const RawBuffer &signature,
581 const HashAlgorithm hashAlgo,
582 const RSAPaddingAlgorithm padAlgo)
584 int rsa_padding = NOT_DEFINED;
585 const EVP_MD *md_algo;
586 int retCode = CKM_API_ERROR_VERIFICATION_FAILED;
588 md_algo = getMdAlgo(hashAlgo);
591 if((publicKey.getType() != KeyType::KEY_RSA_PUBLIC) &&
592 (publicKey.getType() != KeyType::KEY_DSA_PUBLIC) &&
593 (publicKey.getType() != KeyType::KEY_ECDSA_PUBLIC))
595 LogError("Error in private key type");
596 ThrowMsg(CryptoService::Exception::Crypto_internal, "Error in private key type");
599 if(publicKey.getType()==KeyType::KEY_RSA_PUBLIC) {
600 rsa_padding = getRsaPadding(padAlgo);
603 auto shrPKey = publicKey.getEvpShPtr();
604 if (NULL == shrPKey.get()) {
605 LogError("Error in getEvpShPtr function");
606 ThrowMsg(CryptoService::Exception::opensslError, "Error in getEvpShPtr function");
609 if(md_algo == NULL) {
610 retCode = verifyMessage(shrPKey.get(), message, signature, rsa_padding);
612 retCode = digestVerifyMessage(shrPKey.get(),message, signature, md_algo, rsa_padding);
618 int CryptoService::verifyMessage(EVP_PKEY *pubKey,
619 const RawBuffer &message,
620 const RawBuffer &signature,
621 const int rsa_padding)
623 int ret = CKM_API_ERROR_VERIFICATION_FAILED;
624 EVP_PKEY_CTX *pctx = NULL;
627 if(!(pctx = EVP_PKEY_CTX_new(pubKey, NULL))) {
628 LogError("Error in EVP_PKEY_CTX_new function");
629 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_new function");
632 if(EVP_PKEY_verify_init(pctx) != EVP_SUCCESS) {
633 LogError("Error in EVP_PKEY_verify_init function");
634 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_verify_init function");
637 /* Set padding algorithm */
638 if(EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) {
639 if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
640 LogError("Error in EVP_PKEY_CTX_set_rsa_padding function");
641 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
645 if(EVP_SUCCESS == EVP_PKEY_verify(pctx, signature.data(), signature.size(), message.data(), message.size())) {
646 ret = CKM_API_SUCCESS;
648 LogError("EVP_PKEY_verify Failed");
649 ret = CKM_API_ERROR_VERIFICATION_FAILED;
651 } Catch(CryptoService::Exception::opensslError) {
653 EVP_PKEY_CTX_free(pctx);
655 ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
659 EVP_PKEY_CTX_free(pctx);
665 int CryptoService::digestVerifyMessage(EVP_PKEY *pubKey,
666 const RawBuffer &message,
667 const RawBuffer &signature,
668 const EVP_MD *md_algo,
669 const int rsa_padding)
671 int ret = CKM_API_ERROR_VERIFICATION_FAILED;
672 EVP_MD_CTX *mdctx = NULL;
673 EVP_PKEY_CTX *pctx = NULL;
676 /* Create the Message Digest Context */
677 if(!(mdctx = EVP_MD_CTX_create())) {
678 LogError("Error in EVP_MD_CTX_create function");
679 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_MD_CTX_create function");
682 if(EVP_SUCCESS != EVP_DigestVerifyInit(mdctx, &pctx, md_algo, NULL, pubKey)) {
683 LogError("Error in EVP_DigestVerifyInit function");
684 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyInit function");
687 if(EVP_PKEY_type(pubKey->type) == EVP_PKEY_RSA) {
688 if(EVP_SUCCESS != EVP_PKEY_CTX_set_rsa_padding(pctx, rsa_padding)) {
689 LogError("Error in EVP_PKEY_CTX_set_rsa_padding function");
690 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_PKEY_CTX_set_rsa_padding function");
694 if(EVP_SUCCESS != EVP_DigestVerifyUpdate(mdctx, message.data(), message.size()) ) {
695 LogError("Error in EVP_DigestVerifyUpdate function");
696 ThrowMsg(CryptoService::Exception::opensslError, "Error in EVP_DigestVerifyUpdate function");
699 if(EVP_SUCCESS == EVP_DigestVerifyFinal(mdctx, const_cast<unsigned char*>(signature.data()), signature.size()) ) {
700 ret = CKM_API_SUCCESS;
702 LogError("EVP_PKEY_verify Failed");
703 ret = CKM_API_ERROR_VERIFICATION_FAILED;
705 } Catch(CryptoService::Exception::opensslError) {
707 EVP_MD_CTX_destroy(mdctx);
709 ReThrowMsg(CryptoService::Exception::opensslError,"Error in openssl function !!");
713 EVP_MD_CTX_destroy(mdctx);