return YACA_ERROR_INVALID_ARGUMENT;
ret = RAND_bytes((unsigned char *)data, data_len);
- if (ret == -1)
- return YACA_ERROR_NOT_SUPPORTED;
if (ret == 1)
return 0;
- return YACA_ERROR_OPENSSL_FAILURE;
+ if (ret == -1)
+ ret = YACA_ERROR_NOT_SUPPORTED;
+ else
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+
+ ERROR_DUMP(ret);
+ return ret;
}
API int yaca_ctx_set_param(yaca_ctx_h ctx, yaca_ex_param_e param,
break;
}
- if (ret == 0 && *md == NULL)
+ if (ret == 0 && *md == NULL) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
+ }
return ret;
}
nc->mdctx = EVP_MD_CTX_create();
if (nc->mdctx == NULL) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto free;
}
ret = EVP_DigestInit(nc->mdctx, md);
if (ret != 1) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto ctx;
}
return YACA_ERROR_INVALID_ARGUMENT;
ret = EVP_DigestUpdate(c->mdctx, data, data_len);
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE;
+ if (ret != 1) {
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
+ return ret;
+ }
return 0;
}
return YACA_ERROR_INVALID_ARGUMENT;
ret = EVP_DigestFinal_ex(c->mdctx, (unsigned char*)digest, &len);
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE;
+ if (ret != 1) {
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
+ return ret;
+ }
*digest_len = len;
return YACA_ERROR_INVALID_ARGUMENT;
block_size = EVP_CIPHER_CTX_block_size(nc->cipher_ctx);
- if (block_size == 0)
- return YACA_ERROR_OPENSSL_FAILURE; // TODO: extract openssl error here
+ if (block_size == 0) {
+ ERROR_DUMP(YACA_ERROR_OPENSSL_FAILURE);
+ return YACA_ERROR_OPENSSL_FAILURE;
+ }
if (input_len > 0)
return block_size + input_len - 1;
return YACA_ERROR_INVALID_ARGUMENT;
lcipher = EVP_get_cipherbyname(cipher_name);
- if (lcipher == NULL)
- return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+ if (lcipher == NULL) {
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
+ return ret;
+ }
*cipher = lcipher;
return 0;
goto err_free;
ret = EVP_CIPHER_iv_length(cipher);
- if (ret < 0)
+ if (ret < 0) {
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto err_free;
+ }
iv_bits = ret * 8;
if (iv_bits == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */
nc->cipher_ctx = EVP_CIPHER_CTX_new();
if (nc->cipher_ctx == NULL) {
- ret = YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto err_free;
}
}
if (ret != 1) {
- ret = YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto err_ctx;
}
return YACA_ERROR_INVALID_ARGUMENT;
}
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+ if (ret != 1) {
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
+ return ret;
+ }
*output_len = loutput_len;
return 0;
return YACA_ERROR_INVALID_ARGUMENT;
}
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+ if (ret != 1) {
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
+ return ret;
+ }
*output_len = loutput_len;
return 0;
// TODO: handle ECC keys when they're implemented
ret = EVP_PKEY_bits(evp_key->evp);
- if (ret <= 0)
- return YACA_ERROR_OPENSSL_FAILURE;
+ if (ret <= 0) {
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
+ return ret;
+ }
return ret;
}
bne = BN_new();
if (bne == NULL) {
ret = YACA_ERROR_OUT_OF_MEMORY;
+ ERROR_DUMP(ret);
goto free_pub;
}
ret = BN_set_word(bne, RSA_F4);
if (ret != 1) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto free_bne;
}
rsa = RSA_new();
if (rsa == NULL) {
- ret = YACA_ERROR_OPENSSL_FAILURE;
+ ret = YACA_ERROR_OUT_OF_MEMORY;
+ ERROR_DUMP(ret);
goto free_bne;
}
ret = RSA_generate_key_ex(rsa, key_bits, bne, NULL);
if (ret != 1) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto free_rsa;
}
nk_prv->evp = EVP_PKEY_new();
if (nk_prv->evp == NULL) {
ret = YACA_ERROR_OUT_OF_MEMORY;
+ ERROR_DUMP(ret);
goto free_rsa;
}
nk_pub->evp = EVP_PKEY_new();
if (nk_prv->evp == NULL) {
ret = YACA_ERROR_OUT_OF_MEMORY;
+ ERROR_DUMP(ret);
goto free_evp_prv;
}
ret = EVP_PKEY_assign_RSA(nk_prv->evp, RSAPrivateKey_dup(rsa));
if (ret != 1) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto free_evp_pub;
}
ret = EVP_PKEY_assign_RSA(nk_pub->evp, RSAPublicKey_dup(rsa));
if (ret != 1) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto free_evp_pub;
}
salt_len, iter, md, key_byte_len,
(unsigned char*)nk->d);
if (ret != 1) {
- ret = YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+ ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto err;
}
return YACA_ERROR_INVALID_ARGUMENT;
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(c->mdctx->pctx);
- if (pkey == NULL)
+ if (pkey == NULL) {
+ ERROR_DUMP(YACA_ERROR_INVALID_ARGUMENT);
return YACA_ERROR_INVALID_ARGUMENT;
+ }
size_t len = EVP_PKEY_size(pkey);
- if (len <= 0)
+ if (len <= 0) {
+ ERROR_DUMP(YACA_ERROR_INVALID_ARGUMENT);
return YACA_ERROR_INVALID_ARGUMENT;
+ }
return len;
}
NULL,
(unsigned char *)simple_key->d,
simple_key->bits / 8);
- if (*pkey == NULL)
+ if (*pkey == NULL) {
+ ERROR_DUMP(YACA_ERROR_OPENSSL_FAILURE);
return YACA_ERROR_OPENSSL_FAILURE;
+ }
return 0;
}
nc->mdctx = EVP_MD_CTX_create();
if (nc->mdctx == NULL) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto free_ctx;
}
ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, pkey);
if (ret == -2) {
ret = YACA_ERROR_NOT_SUPPORTED;
+ ERROR_DUMP(ret);
goto ctx;
}
if (ret != 1) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto ctx;
}
return YACA_ERROR_INVALID_ARGUMENT;
ret = EVP_DigestSignUpdate(c->mdctx, data, data_len);
+ if (ret == 1)
+ return 0;
+
if (ret == -2)
- return YACA_ERROR_NOT_SUPPORTED;
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE;
+ ret = YACA_ERROR_NOT_SUPPORTED;
+ else
+ ret = YACA_ERROR_OPENSSL_FAILURE;
- return 0;
+ ERROR_DUMP(ret);
+ return ret;
}
API int yaca_sign_final(yaca_ctx_h ctx,
return YACA_ERROR_INVALID_ARGUMENT;
ret = EVP_DigestSignFinal(c->mdctx, (unsigned char *)mac, mac_len);
+ if(ret == 1)
+ return 0;
+
if (ret == -2)
- return YACA_ERROR_NOT_SUPPORTED;
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE;
+ ret = YACA_ERROR_NOT_SUPPORTED;
+ else
+ ret = YACA_ERROR_OPENSSL_FAILURE;
- return 0;
+ ERROR_DUMP(ret);
+ return ret;
}
API int yaca_verify_init(yaca_ctx_h *ctx,
nc->mdctx = EVP_MD_CTX_create();
if (nc->mdctx == NULL) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto free_ctx;
}
if (ret == -2) {
ret = YACA_ERROR_NOT_SUPPORTED;
+ ERROR_DUMP(ret);
goto ctx;
}
if (ret != 1) {
ret = YACA_ERROR_OPENSSL_FAILURE;
+ ERROR_DUMP(ret);
goto ctx;
}
return YACA_ERROR_INVALID_ARGUMENT;
}
+ if (ret == 1)
+ return 0;
+
if (ret == -2)
- return YACA_ERROR_NOT_SUPPORTED;
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE;
+ ret = YACA_ERROR_NOT_SUPPORTED;
+ else
+ ret = YACA_ERROR_OPENSSL_FAILURE;
- return 0;
+ ERROR_DUMP(ret);
+ return ret;
}
API int yaca_verify_final(yaca_ctx_h ctx,
ret = EVP_DigestSignFinal(c->mdctx,
(unsigned char *)mac_cmp,
&mac_cmp_len);
- if (ret == -2)
- return YACA_ERROR_NOT_SUPPORTED;
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE;
+ if (ret == 1) {
+ if (mac_len != mac_cmp_len || CRYPTO_memcmp(mac, mac_cmp, mac_len) != 0)
+ return YACA_ERROR_SIGNATURE_INVALID;
+ return 0;
+ }
- if (mac_len != mac_cmp_len ||
- CRYPTO_memcmp(mac, mac_cmp, mac_len) != 0)
- return YACA_ERROR_SIGNATURE_INVALID;
+ if (ret == -2)
+ ret = YACA_ERROR_NOT_SUPPORTED;
+ else
+ ret = YACA_ERROR_OPENSSL_FAILURE;
- return 0;
+ ERROR_DUMP(ret);
+ return ret;
case OP_VERIFY_ASYMMETRIC:
ret = EVP_DigestVerifyFinal(c->mdctx,
(unsigned char *)mac,
mac_len);
+ if (ret == 1)
+ return 0;
+
if (ret == 0)
- return YACA_ERROR_SIGNATURE_INVALID;
- if (ret == -2)
- return YACA_ERROR_NOT_SUPPORTED;
- if (ret != 1)
- return YACA_ERROR_OPENSSL_FAILURE;
+ ret = YACA_ERROR_SIGNATURE_INVALID;
+ else if (ret == -2)
+ ret = YACA_ERROR_NOT_SUPPORTED;
+ else
+ ret = YACA_ERROR_OPENSSL_FAILURE;
- return 0;
+ ERROR_DUMP(ret);
+ return ret;
default:
return YACA_ERROR_INVALID_ARGUMENT;
}
projects / platform / core / security / yaca.git / commitdiff