From 42fd409d5487c06adbb7afbfe3bec058dae139cd Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Tue, 31 May 2016 17:22:09 +0200 Subject: [PATCH 01/16] More readable error codes in dump (strings or hex) Change-Id: I89be3a82842f5586ee552a5fa9b2d7be9d49e38c --- src/debug.c | 29 ++++++++++++++++++++++++++++- 1 file changed, 28 insertions(+), 1 deletion(-) diff --git a/src/debug.c b/src/debug.c index 2cb0236..ac7fe9a 100644 --- a/src/debug.c +++ b/src/debug.c @@ -26,6 +26,8 @@ #include +#include + #include "internal.h" #include "debug.h" @@ -38,6 +40,26 @@ API void yaca_debug_set_error_cb(yaca_error_cb fn) error_cb = fn; } +char *error_translate(yaca_error_e err) +{ + switch (err) { + case YACA_ERROR_NONE: + return "YACA_ERROR_NONE"; + case YACA_ERROR_INVALID_ARGUMENT: + return "YACA_ERROR_INVALID_ARGUMENT"; + case YACA_ERROR_OUT_OF_MEMORY: + return "YACA_ERROR_OUT_OF_MEMORY"; + case YACA_ERROR_INTERNAL: + return "YACA_ERROR_INTERNAL"; + case YACA_ERROR_DATA_MISMATCH: + return "YACA_ERROR_DATA_MISMATCH"; + case YACA_ERROR_PASSWORD_INVALID: + return "YACA_ERROR_PASSWORD_INVALID"; + default: + return NULL; + } +} + // TODO use peeking function to intercept common errors //unsigned long ERR_peek_error(); @@ -54,8 +76,13 @@ void error_dump(const char *file, int line, const char *function, int code) char buf[BUF_SIZE]; unsigned long err; size_t written; + const char *err_str = error_translate(code); - written = snprintf(buf, BUF_SIZE, "%s:%d %s() API error: %d\n", file, line, function, code); + written = snprintf(buf, BUF_SIZE, "%s:%d %s() API error: ", file, line, function); + if (err_str != NULL) + written += snprintf(buf + written, BUF_SIZE - written, "%s\n", err_str); + else + written += snprintf(buf + written, BUF_SIZE - written, "0x%X\n", code); while ((err = ERR_get_error()) != 0 && written < BUF_SIZE - 1) { if (!error_strings_loaded) { -- 2.7.4 From 95afa04e0b93f4c7ae726469024a08cad7a5f5ce Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Tue, 31 May 2016 18:31:54 +0200 Subject: [PATCH 02/16] Make sure we have enough entropy on start, bail if we don't Change-Id: I4095c95aac3644db62bec902320cd10f59322e3f --- src/crypto.c | 16 ++++++++++++++++ src/key.c | 2 -- 2 files changed, 16 insertions(+), 2 deletions(-) diff --git a/src/crypto.c b/src/crypto.c index 3622579..1011aec 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -74,6 +74,21 @@ API int yaca_init(void) return YACA_ERROR_INTERNAL; // TODO introduce new one? OPENSSL_init(); + + /* This should never fail on a /dev/random equipped system. If it does it + * means we might need to figure out another way of a truly random seed. + * https://wiki.openssl.org/index.php/Random_Numbers + * + * Another things to maybe consider for the future: + * - entropy on a mobile device (no mouse/keyboard) + * - fork safety: https://wiki.openssl.org/index.php/Random_fork-safety + * - hardware random generator (RdRand on new Intels, Samsung hardware?) + */ + if (RAND_status() != 1) { + ERROR_DUMP(YACA_ERROR_INTERNAL); + return YACA_ERROR_INTERNAL; + } + OpenSSL_add_all_digests(); OpenSSL_add_all_ciphers(); @@ -120,6 +135,7 @@ API void yaca_exit(void) ERR_free_strings(); ERR_remove_thread_state(NULL); EVP_cleanup(); + RAND_cleanup(); CRYPTO_cleanup_all_ex_data(); /* threads support cleanup */ diff --git a/src/key.c b/src/key.c index 3813941..3f3e037 100755 --- a/src/key.c +++ b/src/key.c @@ -1086,8 +1086,6 @@ API int yaca_key_export(const yaca_key_h key, return YACA_ERROR_INVALID_ARGUMENT; } -// TODO: this NEEDS random number generator initialized -// there is some other TODO elsewhere about it API int yaca_key_gen(yaca_key_type_e key_type, size_t key_bits, yaca_key_h *key) -- 2.7.4 From 17ba88e7ec5383c89a570f1c31c08b62dfe3474e Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Wed, 1 Jun 2016 12:41:18 +0200 Subject: [PATCH 03/16] Fix unix modes (dirs 755, files 644) Change-Id: I12bd0ac68a613ef4641ca3d7b535eedd3a596c98 --- api/yaca/yaca_error.h | 0 api/yaca/yaca_key.h | 0 src/key.c | 0 3 files changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 api/yaca/yaca_error.h mode change 100755 => 100644 api/yaca/yaca_key.h mode change 100755 => 100644 src/key.c diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h old mode 100755 new mode 100644 diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h old mode 100755 new mode 100644 diff --git a/src/key.c b/src/key.c old mode 100755 new mode 100644 -- 2.7.4 From 43228b50c10b7cab0880bad1af0ea02ef68b2f17 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Wed, 1 Jun 2016 14:27:51 +0200 Subject: [PATCH 04/16] ACR: Remove unimplemented features Remove elliptic curves, ECDH and DH. Change-Id: Ib61efb39e07cfe81a27f265a76103b7347397e8c --- api/yaca/yaca_types.h | 9 ------- examples/key_exchange.c | 6 +++++ src/internal.h | 4 ---- src/key.c | 62 ++++++++++++++++++++++++------------------------- src/sign.c | 10 ++++---- 5 files changed, 40 insertions(+), 51 deletions(-) diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index 810b877..933e584 100644 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -89,12 +89,6 @@ typedef enum { YACA_KEY_TYPE_DSA_PUB, /**< Digital Signature Algorithm public key */ YACA_KEY_TYPE_DSA_PRIV, /**< Digital Signature Algorithm private key */ - - YACA_KEY_TYPE_DH_PUB, /**< Diffie-Hellman public key */ - YACA_KEY_TYPE_DH_PRIV, /**< Diffie-Hellman private key */ - - YACA_KEY_TYPE_EC_PUB, /**< Elliptic Curve public key (for DSA and DH) */ - YACA_KEY_TYPE_EC_PRIV, /**< Elliptic Curve private key (for DSA and DH) */ } yaca_key_type_e; /** @@ -109,9 +103,6 @@ typedef enum { YACA_KEY_IV_64BIT = 64, /**< 64-bit IV */ YACA_KEY_IV_128BIT = 128, /**< 128-bit IV */ YACA_KEY_IV_256BIT = 256, /**< 256-bit IV */ - YACA_KEY_CURVE_P192 = 192, /**< ECC: P192 curve */ - YACA_KEY_CURVE_P256 = 256, /**< ECC: P-256 curve */ - YACA_KEY_CURVE_P384 = 384, /**< ECC: SECP-384 curve */ YACA_KEY_UNSAFE_8BIT = 8, YACA_KEY_UNSAFE_40BIT = 40, YACA_KEY_UNSAFE_64BIT = 64, diff --git a/examples/key_exchange.c b/examples/key_exchange.c index 4432859..6a51e34 100644 --- a/examples/key_exchange.c +++ b/examples/key_exchange.c @@ -32,6 +32,8 @@ void key_exchange_dh(void) { +// TODO DH is not supported yet +#if 0 int ret; yaca_key_h private_key = YACA_KEY_NULL; @@ -88,10 +90,13 @@ clean: if (fp != NULL) fclose(fp); yaca_free(buffer); +#endif } void key_exchange_ecdh(void) { +// TODO ECDH is not supported yet +#if 0 int ret; yaca_key_h private_key = YACA_KEY_NULL; @@ -147,6 +152,7 @@ clean: if (fp != NULL) fclose(fp); yaca_free(buffer); +#endif } int main() diff --git a/src/internal.h b/src/internal.h index 1b5901b..2b437cf 100644 --- a/src/internal.h +++ b/src/internal.h @@ -78,10 +78,6 @@ struct yaca_key_simple_s { * - YACA_KEY_TYPE_RSA_PRIV * - YACA_KEY_TYPE_DSA_PUB * - YACA_KEY_TYPE_DSA_PRIV - * - YACA_KEY_TYPE_DH_PUB - * - YACA_KEY_TYPE_DH_PRIV - * - YACA_KEY_TYPE_EC_PUB - * - YACA_KEY_TYPE_EC_PRIV * */ struct yaca_key_evp_s { diff --git a/src/key.c b/src/key.c index 3f3e037..be62b4a 100644 --- a/src/key.c +++ b/src/key.c @@ -365,9 +365,9 @@ int import_evp(yaca_key_h *key, type = private ? YACA_KEY_TYPE_DSA_PRIV : YACA_KEY_TYPE_DSA_PUB; break; - case EVP_PKEY_EC: - type = private ? YACA_KEY_TYPE_EC_PRIV : YACA_KEY_TYPE_EC_PUB; - break; +// case EVP_PKEY_EC: +// type = private ? YACA_KEY_TYPE_EC_PRIV : YACA_KEY_TYPE_EC_PUB; +// break; default: ret = YACA_ERROR_INVALID_ARGUMENT; @@ -523,11 +523,11 @@ int export_evp_default_bio(struct yaca_key_evp_s *evp_key, ret = PEM_write_bio_PUBKEY(mem, evp_key->evp); break; - case YACA_KEY_TYPE_DH_PRIV: - case YACA_KEY_TYPE_DH_PUB: - case YACA_KEY_TYPE_EC_PRIV: - case YACA_KEY_TYPE_EC_PUB: - //TODO NOT_IMPLEMENTED +// case YACA_KEY_TYPE_DH_PRIV: +// case YACA_KEY_TYPE_DH_PUB: +// case YACA_KEY_TYPE_EC_PRIV: +// case YACA_KEY_TYPE_EC_PUB: +// TODO NOT_IMPLEMENTED default: return YACA_ERROR_INVALID_ARGUMENT; } @@ -550,11 +550,11 @@ int export_evp_default_bio(struct yaca_key_evp_s *evp_key, ret = i2d_PUBKEY_bio(mem, evp_key->evp); break; - case YACA_KEY_TYPE_DH_PRIV: - case YACA_KEY_TYPE_DH_PUB: - case YACA_KEY_TYPE_EC_PRIV: - case YACA_KEY_TYPE_EC_PUB: - //TODO NOT_IMPLEMENTED +// case YACA_KEY_TYPE_DH_PRIV: +// case YACA_KEY_TYPE_DH_PUB: +// case YACA_KEY_TYPE_EC_PRIV: +// case YACA_KEY_TYPE_EC_PUB: +// TODO NOT_IMPLEMENTED default: return YACA_ERROR_INVALID_ARGUMENT; } @@ -599,9 +599,9 @@ int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, ret = PEM_write_bio_PKCS8PrivateKey_nid(mem, evp_key->evp, nid, NULL, 0, NULL, (void*)password); break; - case YACA_KEY_TYPE_DH_PRIV: - case YACA_KEY_TYPE_EC_PRIV: - //TODO NOT_IMPLEMENTED ? +// case YACA_KEY_TYPE_DH_PRIV: +// case YACA_KEY_TYPE_EC_PRIV: +// TODO NOT_IMPLEMENTED default: /* Public keys are not supported by PKCS8 */ return YACA_ERROR_INVALID_ARGUMENT; @@ -618,9 +618,9 @@ int export_evp_pkcs8_bio(struct yaca_key_evp_s *evp_key, NULL, 0, NULL, (void*)password); break; - case YACA_KEY_TYPE_DH_PRIV: - case YACA_KEY_TYPE_EC_PRIV: - //TODO NOT_IMPLEMENTED ? +// case YACA_KEY_TYPE_DH_PRIV: +// case YACA_KEY_TYPE_EC_PRIV: +// TODO NOT_IMPLEMENTED default: /* Public keys are not supported by PKCS8 */ return YACA_ERROR_INVALID_ARGUMENT; @@ -1038,12 +1038,11 @@ API int yaca_key_import(yaca_key_type_e key_type, case YACA_KEY_TYPE_DSA_PUB: case YACA_KEY_TYPE_DSA_PRIV: return import_evp(key, key_type, password, data, data_len); - case YACA_KEY_TYPE_DH_PUB: - case YACA_KEY_TYPE_DH_PRIV: - case YACA_KEY_TYPE_EC_PUB: - case YACA_KEY_TYPE_EC_PRIV: - //TODO NOT_IMPLEMENTED - return YACA_ERROR_INVALID_ARGUMENT; +// case YACA_KEY_TYPE_DH_PUB: +// case YACA_KEY_TYPE_DH_PRIV: +// case YACA_KEY_TYPE_EC_PUB: +// case YACA_KEY_TYPE_EC_PRIV: +// TODO NOT_IMPLEMENTED default: return YACA_ERROR_INVALID_ARGUMENT; } @@ -1139,10 +1138,9 @@ API int yaca_key_gen(yaca_key_type_e key_type, *key = (yaca_key_h)nk_evp; return YACA_ERROR_NONE; - case YACA_KEY_TYPE_DH_PRIV: - case YACA_KEY_TYPE_EC_PRIV: - //TODO NOT_IMPLEMENTED - return YACA_ERROR_INVALID_ARGUMENT; +// case YACA_KEY_TYPE_DH_PRIV: +// case YACA_KEY_TYPE_EC_PRIV: +// TODO NOT_IMPLEMENTED default: return YACA_ERROR_INVALID_ARGUMENT; } @@ -1197,9 +1195,9 @@ API int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key) case YACA_KEY_TYPE_DSA_PRIV: (*pub_key)->type = YACA_KEY_TYPE_DSA_PUB; break; - case YACA_KEY_TYPE_EC_PRIV: - (*pub_key)->type = YACA_KEY_TYPE_EC_PUB; - break; +// case YACA_KEY_TYPE_EC_PRIV: +// (*pub_key)->type = YACA_KEY_TYPE_EC_PUB; +// break; default: ret = YACA_ERROR_INVALID_ARGUMENT; goto free_pkey; diff --git a/src/sign.c b/src/sign.c index 938cf11..e7dedc4 100644 --- a/src/sign.c +++ b/src/sign.c @@ -249,9 +249,8 @@ API int yaca_sign_init(yaca_ctx_h *ctx, case YACA_KEY_TYPE_RSA_PRIV: case YACA_KEY_TYPE_DSA_PRIV: break; - case YACA_KEY_TYPE_EC_PRIV: - //TODO NOT_IMPLEMENTED - return YACA_ERROR_INVALID_ARGUMENT; +// case YACA_KEY_TYPE_EC_PRIV: +// TODO NOT_IMPLEMENTED default: return YACA_ERROR_INVALID_ARGUMENT; } @@ -500,9 +499,8 @@ API int yaca_verify_init(yaca_ctx_h *ctx, case YACA_KEY_TYPE_RSA_PUB: case YACA_KEY_TYPE_DSA_PUB: break; - case YACA_KEY_TYPE_EC_PUB: - //TODO NOT_IMPLEMENTED - return YACA_ERROR_INVALID_ARGUMENT; +// case YACA_KEY_TYPE_EC_PUB: +// TODO NOT_IMPLEMENTED default: return YACA_ERROR_INVALID_ARGUMENT; } -- 2.7.4 From e1989aea086a6cacf0efbc2e5d046843ce9a53ef Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Wed, 1 Jun 2016 17:01:08 +0200 Subject: [PATCH 05/16] Don't clear errors after error strings initialization Change-Id: Idc58cbd7e83916ba5298d366a8be1bffbe2761c2 --- src/debug.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/debug.c b/src/debug.c index ac7fe9a..13c0a9b 100644 --- a/src/debug.c +++ b/src/debug.c @@ -87,13 +87,12 @@ void error_dump(const char *file, int line, const char *function, int code) while ((err = ERR_get_error()) != 0 && written < BUF_SIZE - 1) { if (!error_strings_loaded) { /* - * Both these functions are thread-safe as long as static locks are - * installed according to doc so calling them twice won't break + * This function is thread-safe as long as static locks are + * installed according to doc so calling it twice won't break * anything and I don't want to use synchronization mechanisms * here. */ ERR_load_crypto_strings(); - ERR_clear_error(); error_strings_loaded = true; } -- 2.7.4 From 44ca7c56923e333c381660ee992f66e64b31f2ec Mon Sep 17 00:00:00 2001 From: Lukasz Pawelczyk Date: Wed, 1 Jun 2016 17:04:13 +0200 Subject: [PATCH 06/16] Simplify yaca_key_gen() a little Change-Id: Ie755fb94ca9519681904df81049e984b0abe0827 --- src/key.c | 51 +++++++++++++++++++-------------------------------- 1 file changed, 19 insertions(+), 32 deletions(-) diff --git a/src/key.c b/src/key.c index be62b4a..ea0098e 100644 --- a/src/key.c +++ b/src/key.c @@ -783,6 +783,7 @@ free_nk: return ret; } +// TODO: consider merging gen_evp_*, they share awful lot of common code int gen_evp_rsa(struct yaca_key_evp_s **out, size_t key_bits) { assert(out != NULL); @@ -1100,50 +1101,36 @@ API int yaca_key_gen(yaca_key_type_e key_type, case YACA_KEY_TYPE_SYMMETRIC: case YACA_KEY_TYPE_IV: ret = gen_simple(&nk_simple, key_bits); - if (ret != YACA_ERROR_NONE) - return ret; - - nk_simple->key.type = key_type; - - *key = (yaca_key_h)nk_simple; - return YACA_ERROR_NONE; - + break; case YACA_KEY_TYPE_DES: ret = gen_simple_des(&nk_simple, key_bits); - if (ret != YACA_ERROR_NONE) - return ret; - - nk_simple->key.type = key_type; - - *key = (yaca_key_h)nk_simple; - return YACA_ERROR_NONE; - + break; case YACA_KEY_TYPE_RSA_PRIV: ret = gen_evp_rsa(&nk_evp, key_bits); - if (ret != YACA_ERROR_NONE) - return ret; - - nk_evp->key.type = key_type; - - *key = (yaca_key_h)nk_evp; - return YACA_ERROR_NONE; - + break; case YACA_KEY_TYPE_DSA_PRIV: ret = gen_evp_dsa(&nk_evp, key_bits); - if (ret != YACA_ERROR_NONE) - return ret; - - nk_evp->key.type = key_type; - - *key = (yaca_key_h)nk_evp; - return YACA_ERROR_NONE; - + break; // case YACA_KEY_TYPE_DH_PRIV: // case YACA_KEY_TYPE_EC_PRIV: // TODO NOT_IMPLEMENTED default: return YACA_ERROR_INVALID_ARGUMENT; } + + if (ret != YACA_ERROR_NONE) + return ret; + + if (nk_simple != NULL) { + nk_simple->key.type = key_type; + *key = (yaca_key_h)nk_simple; + } else if (nk_evp != NULL) { + nk_evp->key.type = key_type; + *key = (yaca_key_h)nk_evp; + } + + return YACA_ERROR_NONE; + } API int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key) -- 2.7.4 From cb46d681040f3e90007ef24ef3071cc942b0fdc7 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Wed, 1 Jun 2016 17:02:22 +0200 Subject: [PATCH 07/16] Add common error handling function The function tries to convert openssl errors to yaca ones. If it succeeds it removes the remaining errors from the queue. Otherwise it dumps them. It should be called after each openssl failure. Change-Id: I88c557e8d42f9ea70d5a8b25f2bd3181534e4ff8 --- src/debug.c | 41 ++++++++++++++++++++++++++++++++++++++--- src/internal.h | 14 ++++++++++++++ 2 files changed, 52 insertions(+), 3 deletions(-) diff --git a/src/debug.c b/src/debug.c index 13c0a9b..595626c 100644 --- a/src/debug.c +++ b/src/debug.c @@ -25,6 +25,7 @@ #include #include +#include #include @@ -60,9 +61,6 @@ char *error_translate(yaca_error_e err) } } -// TODO use peeking function to intercept common errors -//unsigned long ERR_peek_error(); - void error_dump(const char *file, int line, const char *function, int code) { if (error_cb == NULL) { @@ -114,3 +112,40 @@ void error_dump(const char *file, int line, const char *function, int code) (*error_cb)(buf); } +int error_handle(const char *file, int line, const char *function) +{ + int ret; + unsigned long err = ERR_peek_error(); + + /* fatal errors */ + if (ERR_FATAL_ERROR(err) > 0) { + switch (ERR_GET_REASON(err)) { + case ERR_R_MALLOC_FAILURE: + ret = YACA_ERROR_OUT_OF_MEMORY; + break; + case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED: + case ERR_R_PASSED_NULL_PARAMETER: + ret = YACA_ERROR_INVALID_ARGUMENT; + break; + case ERR_R_INTERNAL_ERROR: + case ERR_R_DISABLED: + default: + ret = YACA_ERROR_INTERNAL; + } + /* known errors */ + } else { + switch (err) { + case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT): + case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT): + ret = YACA_ERROR_PASSWORD_INVALID; + break; + default: + error_dump(file, line, function, YACA_ERROR_INTERNAL); + ret = YACA_ERROR_INTERNAL; + } + } + + /* remove all errors from queue */ + ERR_clear_error(); + return ret; +} diff --git a/src/internal.h b/src/internal.h index 2b437cf..c22c2ef 100644 --- a/src/internal.h +++ b/src/internal.h @@ -100,4 +100,18 @@ void error_dump(const char *file, int line, const char *function, int code); #define ERROR_DUMP(code) error_dump(__FILE__, __LINE__, __func__, (code)) #define ERROR_CLEAR() ERR_clear_error() +/** + * Function responsible for translating the openssl error to yaca error and + * clearing/dumping the openssl error queue. Use only after openssl function + * failure. + * + * The function checks only first error in the queue. If the function doesn't + * find any error in openssl queue or is not able to translate it, it will + * return YACA_ERROR_INTERNAL and dump openssl errors if any. If the + * translation succeeds the function will clear the error queue and return the + * result of translation. + */ +int error_handle(const char *file, int line, const char *function); +#define ERROR_HANDLE() error_handle(__FILE__, __LINE__, __func__) + #endif /* YACA_INTERNAL_H */ -- 2.7.4 From 5e784ec3c255516a4045f7a667356fb29a53b2aa Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Tue, 31 May 2016 15:18:06 +0200 Subject: [PATCH 08/16] Fix key generation error handling - Check allowed RSA/DSA key lengths - Translate known openssl errors - Fix SIZE_MAX checks - Update doxygen Change-Id: If230518bb4a4d490cffde61fb2930ee7200fa083 --- api/yaca/yaca_key.h | 4 ++++ src/debug.c | 4 ++++ src/key.c | 24 +++++++++--------------- 3 files changed, 17 insertions(+), 15 deletions(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index 94c46ef..f79115f 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -174,6 +174,10 @@ int yaca_key_export(const yaca_key_h key, * * @remarks This function is used to generate symmetric and private asymmetric keys. * + * Supported key lengths: + * - RSA: length >= 256bits + * - DSA: length >= 512bits, multiple of 64 + * * @param[in] key_type Type of the key to be generated * @param[in] key_bits Length of the key (in bits) to be generated * @param[out] key Newly generated key (must be freed with yaca_key_free()) diff --git a/src/debug.c b/src/debug.c index 595626c..39c15de 100644 --- a/src/debug.c +++ b/src/debug.c @@ -135,6 +135,10 @@ int error_handle(const char *file, int line, const char *function) /* known errors */ } else { switch (err) { + case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS): + case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED): + ret = YACA_ERROR_INVALID_ARGUMENT; + break; case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT): case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT): ret = YACA_ERROR_PASSWORD_INVALID; diff --git a/src/key.c b/src/key.c index ea0098e..f9ed709 100644 --- a/src/key.c +++ b/src/key.c @@ -32,7 +32,6 @@ #include #include #include -#include #include #include @@ -203,7 +202,8 @@ int import_simple(yaca_key_h *key, return ret; } - if (key_data_len > SIZE_MAX - sizeof(struct yaca_key_simple_s)) { + /* key_bits has to fit in size_t */ + if (key_data_len > SIZE_MAX / 8) { ret = YACA_ERROR_INVALID_ARGUMENT; goto out; } @@ -718,9 +718,6 @@ int gen_simple(struct yaca_key_simple_s **out, size_t key_bits) struct yaca_key_simple_s *nk; size_t key_byte_len = key_bits / 8; - if (key_byte_len > SIZE_MAX - sizeof(struct yaca_key_simple_s)) - return YACA_ERROR_INVALID_ARGUMENT; - nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len); if (nk == NULL) return YACA_ERROR_OUT_OF_MEMORY; @@ -748,9 +745,6 @@ int gen_simple_des(struct yaca_key_simple_s **out, size_t key_bits) struct yaca_key_simple_s *nk; size_t key_byte_len = key_bits / 8; - if (key_byte_len > SIZE_MAX - sizeof(struct yaca_key_simple_s)) - return YACA_ERROR_INVALID_ARGUMENT; - nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len); if (nk == NULL) return YACA_ERROR_OUT_OF_MEMORY; @@ -815,8 +809,7 @@ int gen_evp_rsa(struct yaca_key_evp_s **out, size_t key_bits) ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, key_bits); if (ret != 1) { - ret = YACA_ERROR_INTERNAL; - ERROR_DUMP(ret); + ret = ERROR_HANDLE(); goto free_ctx; } @@ -847,6 +840,11 @@ int gen_evp_dsa(struct yaca_key_evp_s **out, size_t key_bits) assert(key_bits > 0); assert(key_bits % 8 == 0); + /* Openssl generates 512-bit key for key lengths smaller than 512. It also + * rounds key size to multiplication of 64. */ + if(key_bits < 512 || key_bits % 64 != 0) + return YACA_ERROR_INVALID_ARGUMENT; + int ret; struct yaca_key_evp_s *nk; EVP_PKEY_CTX *pctx; @@ -874,8 +872,7 @@ int gen_evp_dsa(struct yaca_key_evp_s **out, size_t key_bits) ret = EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, key_bits); if (ret != 1) { - ret = YACA_ERROR_INTERNAL; - ERROR_DUMP(ret); + ret = ERROR_HANDLE(); goto free_pctx; } @@ -1236,9 +1233,6 @@ API int yaca_key_derive_pbkdf2(const char *password, if (key_bits % 8) /* Key length must be multiple of 8-bits */ return YACA_ERROR_INVALID_ARGUMENT; - if (key_byte_len > SIZE_MAX - sizeof(struct yaca_key_simple_s)) - return YACA_ERROR_INVALID_ARGUMENT; - ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) return ret; -- 2.7.4 From a9d20bf89acf10e61409c177aa3e6c9b1de27ff3 Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Wed, 1 Jun 2016 12:00:24 +0200 Subject: [PATCH 09/16] Error handling refactoring. Multiple goto labels replaced with single 'free' label. Change-Id: I4936f2ef178c9b6fbf58a38beda7d21a700232a9 --- examples/digest.c | 8 +- examples/encrypt.c | 35 ++++----- examples/encrypt_aes_gcm_ccm.c | 90 +++++++++++----------- examples/key_exchange.c | 32 ++++---- examples/key_import_export.c | 61 +++++++-------- examples/seal.c | 32 ++++---- examples/sign.c | 84 ++++++++++----------- src/digest.c | 15 ++-- src/encrypt.c | 38 +++++----- src/key.c | 164 ++++++++++++++++++++++------------------- src/seal.c | 59 ++++++++------- src/sign.c | 72 +++++++++--------- src/simple.c | 80 ++++++++++---------- 13 files changed, 382 insertions(+), 388 deletions(-) diff --git a/examples/digest.c b/examples/digest.c index e4699e9..8a77fe4 100644 --- a/examples/digest.c +++ b/examples/digest.c @@ -58,24 +58,24 @@ void digest_advanced(void) ret = yaca_digest_update(ctx, lorem1024, 1024); if (ret != YACA_ERROR_NONE) - goto exit_ctx; + goto exit; size_t digest_len; ret = yaca_get_digest_length(ctx, &digest_len); if (ret != YACA_ERROR_NONE) - goto exit_ctx; + goto exit; { char digest[digest_len]; ret = yaca_digest_final(ctx, digest, &digest_len); if (ret != YACA_ERROR_NONE) - goto exit_ctx; + goto exit; dump_hex(digest, digest_len, "Message digest: "); } -exit_ctx: +exit: yaca_ctx_free(ctx); } diff --git a/examples/encrypt.c b/examples/encrypt.c index 7c18aa9..b56f364 100644 --- a/examples/encrypt.c +++ b/examples/encrypt.c @@ -70,7 +70,6 @@ void encrypt_simple(const yaca_enc_algo_e algo, printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_size, dec); exit: - yaca_free(enc); yaca_free(dec); yaca_key_free(iv); @@ -104,34 +103,34 @@ void encrypt_advanced(const yaca_enc_algo_e algo, return; if (yaca_get_iv_bits(algo, bcm, key_bits, &iv_bits) != YACA_ERROR_NONE) - goto ex_key; + goto exit; if (iv_bits > 0 && yaca_key_gen(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) - goto ex_key; + goto exit; /* Encryption */ { if (yaca_encrypt_init(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto ex_iv; + goto exit; if (yaca_get_block_length(ctx, &block_len) != YACA_ERROR_NONE) - goto ex_ctx; + goto exit; if (yaca_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto ex_ctx; + goto exit; /* Calculate max output: size of update + final chunks */ enc_size = output_len + block_len; if ((enc = yaca_malloc(enc_size)) == NULL) - goto ex_ctx; + goto exit; out_size = enc_size; if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_size) != YACA_ERROR_NONE) - goto ex_of; + goto exit; rem = enc_size - out_size; if (yaca_encrypt_final(ctx, enc + out_size, &rem) != YACA_ERROR_NONE) - goto ex_of; + goto exit; enc_size = rem + out_size; @@ -144,41 +143,37 @@ void encrypt_advanced(const yaca_enc_algo_e algo, /* Decryption */ { if (yaca_decrypt_init(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto ex_of; + goto exit; if (yaca_get_block_length(ctx, &block_len) != YACA_ERROR_NONE) - goto ex_of; + goto exit; if (yaca_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto ex_of; + goto exit; /* Calculate max output: size of update + final chunks */ dec_size = output_len + block_len; if ((dec = yaca_malloc(dec_size)) == NULL) - goto ex_of; + goto exit; out_size = dec_size; if (yaca_decrypt_update(ctx, enc, enc_size, dec, &out_size) != YACA_ERROR_NONE) - goto ex_in; + goto exit; rem = dec_size - out_size; if (yaca_decrypt_final(ctx, dec + out_size, &rem) != YACA_ERROR_NONE) - goto ex_in; + goto exit; dec_size = rem + out_size; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_size, dec); } -ex_in: +exit: yaca_free(dec); -ex_of: yaca_free(enc); -ex_ctx: yaca_ctx_free(ctx); -ex_iv: yaca_key_free(iv); -ex_key: yaca_key_free(key); } diff --git a/examples/encrypt_aes_gcm_ccm.c b/examples/encrypt_aes_gcm_ccm.c index 523153a..08f8e92 100644 --- a/examples/encrypt_aes_gcm_ccm.c +++ b/examples/encrypt_aes_gcm_ccm.c @@ -68,54 +68,54 @@ void encrypt_decrypt_aes_gcm(void) /* IV generation */ if (yaca_key_gen(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) - goto clean; + goto exit; if ((aad = yaca_zalloc(aad_size)) == NULL) - goto clean; + goto exit; if (yaca_rand_bytes(aad, aad_size) != YACA_ERROR_NONE) - goto clean; + goto exit; if ((tag = yaca_zalloc(tag_size)) == NULL) - goto clean; + goto exit; /* Encryption */ { if (yaca_encrypt_init(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto clean; + goto exit; /* Provide any AAD data */ if (yaca_ctx_set_param(ctx, YACA_PARAM_GCM_AAD, aad, aad_size) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_get_block_length(ctx, &block_len) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto clean; + goto exit; /* Calculate max output: size of update + final chunks */ enc_size = output_len + block_len; if ((enc = yaca_malloc(enc_size)) == NULL) - goto clean; + goto exit; out_size = enc_size; if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_size) != YACA_ERROR_NONE) - goto clean; + goto exit; rem = enc_size - out_size; if (yaca_encrypt_final(ctx, enc + out_size, &rem) != YACA_ERROR_NONE) - goto clean; + goto exit; enc_size = rem + out_size; /* Set the tag length and get the tag after final encryption */ if (yaca_ctx_set_param(ctx, YACA_PARAM_GCM_TAG_LEN, (void*)&tag_size, sizeof(tag_size)) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_ctx_get_param(ctx, YACA_PARAM_GCM_TAG, (void**)tag, &tag_size) != YACA_ERROR_NONE) - goto clean; + goto exit; dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size); @@ -126,42 +126,42 @@ void encrypt_decrypt_aes_gcm(void) /* Decryption */ { if (yaca_decrypt_init(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto clean; + goto exit; /* Provide any AAD data */ if (yaca_ctx_set_param(ctx, YACA_PARAM_GCM_AAD, aad, aad_size) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_get_block_length(ctx, &block_len) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto clean; + goto exit; /* Calculate max output: size of update + final chunks */ dec_size = output_len + block_len; if ((dec = yaca_malloc(dec_size)) == NULL) - goto clean; + goto exit; out_size = dec_size; if (yaca_decrypt_update(ctx, enc, enc_size, dec, &out_size) != YACA_ERROR_NONE) - goto clean; + goto exit; rem = dec_size - out_size; /* Set expected tag value before final decryption */ if (yaca_ctx_set_param(ctx, YACA_PARAM_GCM_TAG, tag, tag_size) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_decrypt_final(ctx, dec + out_size, &rem) != YACA_ERROR_NONE) - goto clean; + goto exit; dec_size = rem + out_size; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_size, dec); } -clean: +exit: yaca_free(enc); yaca_free(dec); yaca_free(tag); @@ -208,58 +208,58 @@ void encrypt_decrypt_aes_ccm(void) /* IV generation */ if (yaca_key_gen(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) - goto clean; + goto exit; if ((aad = yaca_zalloc(aad_size)) == NULL) - goto clean; + goto exit; if (yaca_rand_bytes(aad, aad_size) != YACA_ERROR_NONE) - goto clean; + goto exit; if ((tag = yaca_zalloc(tag_size)) == NULL) - goto clean; + goto exit; /* Encryption */ { if (yaca_encrypt_init(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto clean; + goto exit; /* Set tag length (optionally) */ if (yaca_ctx_set_param(ctx, YACA_PARAM_CCM_TAG_LEN, (void*)&tag_size, sizeof(tag_size)) != YACA_ERROR_NONE) - goto clean; + goto exit; /* The total plain text length must be passed (only needed if AAD is passed) */ if (yaca_encrypt_update(ctx, NULL, LOREM4096_SIZE , NULL, &len) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_ctx_set_param(ctx, YACA_PARAM_CCM_AAD, aad, aad_size) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_get_block_length(ctx, &block_len) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto clean; + goto exit; /* Calculate max output: size of update + final chunks */ enc_size = output_len + block_len; if ((enc = yaca_malloc(enc_size)) == NULL) - goto clean; + goto exit; out_size = enc_size; if (yaca_encrypt_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_size) != YACA_ERROR_NONE) - goto clean; + goto exit; rem = enc_size - out_size; if (yaca_encrypt_final(ctx, enc + out_size, &rem) != YACA_ERROR_NONE) - goto clean; + goto exit; enc_size = rem + out_size; /* Get the tag after final encryption */ if (yaca_ctx_get_param(ctx, YACA_PARAM_CCM_TAG, (void**)tag, &tag_size) != YACA_ERROR_NONE) - goto clean; + goto exit; dump_hex(enc, 16, "Encrypted data (16 of %zu bytes): ", enc_size); @@ -270,42 +270,42 @@ void encrypt_decrypt_aes_ccm(void) /* Decryption */ { if (yaca_decrypt_init(&ctx, algo, bcm, key, iv) != YACA_ERROR_NONE) - goto clean; + goto exit; /* Set expected tag value */ if (yaca_ctx_set_param(ctx, YACA_PARAM_CCM_TAG, tag, tag_size) != YACA_ERROR_NONE) - goto clean; + goto exit; /* The total encrypted text length must be passed (only needed if AAD is passed) */ if (yaca_decrypt_update(ctx, NULL, enc_size , NULL, &len) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_ctx_set_param(ctx, YACA_PARAM_CCM_AAD, aad, aad_size) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_get_block_length(ctx, &block_len) != YACA_ERROR_NONE) - goto clean; + goto exit; if (yaca_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto clean; + goto exit; /* Calculate max output: size of update + final chunks */ dec_size = output_len + block_len; if ((dec = yaca_malloc(dec_size)) == NULL) - goto clean; + goto exit; out_size = dec_size; /* The tag verify is performed when you call the final yaca_decrypt_update(), * there is no call to yaca_decrypt_final() */ if (yaca_decrypt_update(ctx, enc, enc_size, dec, &out_size) != YACA_ERROR_NONE) - goto clean; + goto exit; dec_size = out_size; printf("Decrypted data (16 of %zu bytes): %.16s\n\n", dec_size, dec); } -clean: +exit: yaca_free(enc); yaca_free(dec); yaca_free(tag); diff --git a/examples/key_exchange.c b/examples/key_exchange.c index 6a51e34..3bc8e32 100644 --- a/examples/key_exchange.c +++ b/examples/key_exchange.c @@ -48,16 +48,16 @@ void key_exchange_dh(void) // generate private, public key ret = yaca_key_gen(YACA_KEY_TYPE_DH_PRIV, YACA_KEY_2048BIT, &private_key); if (ret != YACA_ERROR_NONE) - goto clean; + goto exit; ret = yaca_key_extract_public(private_key, &public_key); if (ret != YACA_ERROR_NONE) - goto clean; + goto exit; // get peer public key from file // add helper to read key from file to buffer? fp = fopen("key.pub", "r"); - if (!fp) goto clean; + if (!fp) goto exit; fseek(fp, 0L, SEEK_END); size = ftell(fp); @@ -66,23 +66,23 @@ void key_exchange_dh(void) /* allocate memory for entire content */ buffer = yaca_malloc(size+1); if (buffer == NULL) - goto clean; + goto exit; /* copy the file into the buffer */ if (1 != fread(buffer, size, 1, fp)) - goto clean; + goto exit; ret = yaca_key_import(YACA_KEY_TYPE_DH_PUB, NULL, buffer, size, &peer_key); if (ret != YACA_ERROR_NONE) - goto clean; + goto exit; // derive secret ret = yaca_key_derive_dh(private_key, peer_key, &secret); if (ret != YACA_ERROR_NONE) - goto clean; + goto exit; -clean: +exit: yaca_key_free(private_key); yaca_key_free(public_key); yaca_key_free(peer_key); @@ -111,16 +111,16 @@ void key_exchange_ecdh(void) // generate private, public key ret = yaca_key_gen(YACA_KEY_TYPE_EC_PRIV, YACA_KEY_CURVE_P256, &private_key); if (ret != YACA_ERROR_NONE) - goto clean; + goto exit; ret = yaca_key_extract_public(private_key, &public_key); if (ret != YACA_ERROR_NONE) - goto clean; + goto exit; // get peer public key from file fp = fopen("key.pub", "r"); if (fp == NULL) - goto clean; + goto exit; fseek(fp, 0L, SEEK_END); size = ftell(fp); @@ -129,22 +129,22 @@ void key_exchange_ecdh(void) /* allocate memory for entire content */ buffer = yaca_malloc(size+1); if (buffer == NULL) - goto clean; + goto exit; /* copy the file into the buffer */ if (1 != fread(buffer, size, 1, fp)) - goto clean; + goto exit; ret = yaca_key_import(YACA_KEY_TYPE_EC_PUB, NULL, buffer, size, &peer_key); if (ret != YACA_ERROR_NONE) - goto clean; + goto exit; // derive secret ret = yaca_key_derive_dh(private_key, peer_key, &secret); if (ret != YACA_ERROR_NONE) - goto clean; + goto exit; -clean: +exit: yaca_key_free(private_key); yaca_key_free(public_key); yaca_key_free(peer_key); diff --git a/examples/key_import_export.c b/examples/key_import_export.c index f6f77fd..077657c 100644 --- a/examples/key_import_export.c +++ b/examples/key_import_export.c @@ -50,7 +50,7 @@ int key_import_export_sym(yaca_key_h sym) return ret; ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, b64, b64_len, &b64_imported); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; printf("\n\t***** BASE64 exported key: *****\n%.*s\n", (int)b64_len, b64); yaca_free(b64); @@ -58,7 +58,7 @@ int key_import_export_sym(yaca_key_h sym) ret = yaca_key_export(b64_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_BASE64, NULL, &b64, &b64_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; printf("\t***** BASE64 imported key: *****\n%.*s\n", (int)b64_len, b64); @@ -67,10 +67,10 @@ int key_import_export_sym(yaca_key_h sym) ret = yaca_key_export(sym, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, &raw, &raw_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; ret = yaca_key_import(YACA_KEY_TYPE_SYMMETRIC, NULL, raw, raw_len, &raw_imported); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; dump_hex(raw, raw_len, "\n\t***** RAW exported key: *****"); yaca_free(raw); @@ -78,13 +78,11 @@ int key_import_export_sym(yaca_key_h sym) ret = yaca_key_export(raw_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_RAW, NULL, &raw, &raw_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; dump_hex(raw, raw_len, "\t***** RAW imported key: *****"); - ret = YACA_ERROR_NONE; - -free: +exit: yaca_key_free(raw_imported); yaca_key_free(b64_imported); yaca_free(raw); @@ -122,7 +120,7 @@ int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, return ret; ret = yaca_key_import(priv_type, NULL, pem_prv, pem_prv_len, &pem_prv_imported); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; printf("\n\t***** %s PEM exported private key: *****\n%.*s", algo, (int)pem_prv_len, pem_prv); yaca_free(pem_prv); @@ -130,7 +128,7 @@ int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, ret = yaca_key_export(pem_prv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_prv, &pem_prv_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; printf("\t***** %s PEM imported private key: *****\n%.*s", algo, (int)pem_prv_len, pem_prv); @@ -139,10 +137,10 @@ int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, ret = yaca_key_export(priv, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_prv, &der_prv_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; ret = yaca_key_import(priv_type, NULL, der_prv, der_prv_len, &der_prv_imported); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; dump_hex(der_prv, der_prv_len, "\n\t***** %s DER exported private key: *****", algo); yaca_free(der_prv); @@ -150,7 +148,7 @@ int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, ret = yaca_key_export(der_prv_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_prv, &der_prv_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; dump_hex(der_prv, der_prv_len, "\t***** %s DER imported private key: *****", algo); @@ -159,10 +157,10 @@ int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, ret = yaca_key_export(pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_pub, &pem_pub_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; ret = yaca_key_import(pub_type, NULL, pem_pub, pem_pub_len, &pem_pub_imported); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; printf("\n\t***** %s PEM exported public key: *****\n%.*s", algo, (int)pem_pub_len, pem_pub); yaca_free(pem_pub); @@ -170,7 +168,7 @@ int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, ret = yaca_key_export(pem_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pem_pub, &pem_pub_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; printf("\t***** %s PEM imported public key: *****\n%.*s", algo, (int)pem_pub_len, pem_pub); @@ -179,10 +177,10 @@ int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, ret = yaca_key_export(pub, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_pub, &der_pub_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; ret = yaca_key_import(pub_type, NULL, der_pub, der_pub_len, &der_pub_imported); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; dump_hex(der_pub, der_pub_len, "\n\t***** %s DER exported public key: *****", algo); yaca_free(der_pub); @@ -190,13 +188,11 @@ int key_import_export_asym(yaca_key_h priv, yaca_key_h pub, ret = yaca_key_export(der_pub_imported, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_DER, NULL, &der_pub, &der_pub_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; dump_hex(der_pub, der_pub_len, "\t***** %s DER imported public key: *****", algo); - ret = YACA_ERROR_NONE; - -free: +exit: yaca_key_free(der_pub_imported); yaca_key_free(pem_pub_imported); yaca_key_free(der_prv_imported); @@ -226,22 +222,21 @@ int key_import_x509(void) ret = yaca_key_import(YACA_KEY_TYPE_RSA_PUB, NULL, pub, pub_len, &rsa_pub_from_cert); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; yaca_free(pub); pub = NULL; ret = yaca_key_export(rsa_pub_from_cert, YACA_KEY_FORMAT_DEFAULT, YACA_KEY_FILE_FORMAT_PEM, NULL, &pub, &pub_len); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; printf("\n\t***** RSA X509 imported public key: *****\n%.*s", (int)pub_len, pub); - ret = YACA_ERROR_NONE; - -free: +exit: yaca_key_free(rsa_pub_from_cert); yaca_free(pub); + return ret; } @@ -266,19 +261,19 @@ int main() ret = yaca_key_gen(YACA_KEY_TYPE_RSA_PRIV, YACA_KEY_1024BIT, &rsa_priv); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; ret = yaca_key_extract_public(rsa_priv, &rsa_pub); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; ret = yaca_key_gen(YACA_KEY_TYPE_DSA_PRIV, YACA_KEY_1024BIT, &dsa_priv); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; ret = yaca_key_extract_public(dsa_priv, &dsa_pub); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; printf("\t***************************************\n"); printf("\t************** SYMMETRIC **************\n"); @@ -316,13 +311,13 @@ int main() else printf("\n\t*********** X509 - failure ************\n\n"); -free: +exit: yaca_key_free(dsa_pub); yaca_key_free(dsa_priv); yaca_key_free(rsa_pub); yaca_key_free(rsa_priv); yaca_key_free(sym); -exit: + yaca_exit(); return ret; diff --git a/examples/seal.c b/examples/seal.c index be640ff..23d8400 100644 --- a/examples/seal.c +++ b/examples/seal.c @@ -60,32 +60,32 @@ void encrypt_seal(void) return; if (yaca_key_extract_public(key_priv, &key_pub) != YACA_ERROR_NONE) - goto ex_prvk; + goto exit; /* Encrypt a.k.a. seal */ { if (yaca_seal_init(&ctx, key_pub, algo, bcm, key_bits, &aes_key, &iv) != YACA_ERROR_NONE) - goto ex_pubk; + goto exit; if (yaca_get_block_length(ctx, &block_len) != YACA_ERROR_NONE) - goto ex_ak; + goto exit; if (yaca_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto ex_ak; + goto exit; /* Calculate max output: size of update + final chunks */ enc_size = output_len + block_len; if ((enc = yaca_malloc(enc_size)) == NULL) - goto ex_ak; + goto exit; /* Seal and finalize */ out_size = enc_size; if (yaca_seal_update(ctx, lorem4096, LOREM4096_SIZE, enc, &out_size) != YACA_ERROR_NONE) - goto ex_of; + goto exit; rem = enc_size - out_size; if (yaca_seal_final(ctx, enc + out_size, &rem) != YACA_ERROR_NONE) - goto ex_of; + goto exit; enc_size = rem + out_size; @@ -98,44 +98,40 @@ void encrypt_seal(void) /* Decrypt a.k.a. open */ { if (yaca_open_init(&ctx, key_priv, algo, bcm, key_bits, aes_key, iv) != YACA_ERROR_NONE) - goto ex_of; + goto exit; if (yaca_get_block_length(ctx, &block_len) != YACA_ERROR_NONE) - goto ex_of; + goto exit; if (yaca_get_output_length(ctx, LOREM4096_SIZE, &output_len) != YACA_ERROR_NONE) - goto ex_of; + goto exit; /* Calculate max output: size of update + final chunks */ dec_size = output_len + block_len; if ((dec = yaca_malloc(dec_size)) == NULL) - goto ex_of; + goto exit; /* Open and finalize */ out_size = dec_size; if (yaca_open_update(ctx, enc, enc_size, dec, &out_size) != YACA_ERROR_NONE) - goto ex_in; + goto exit; rem = dec_size - out_size; if (yaca_open_final(ctx, dec + out_size, &rem) != YACA_ERROR_NONE) - goto ex_in; + goto exit; dec_size = rem + out_size; printf("Decrypted data (16 of %zu bytes): %.16s\n", dec_size, dec); } -ex_in: +exit: yaca_free(dec); -ex_of: yaca_free(enc); -ex_ak: yaca_ctx_free(ctx); yaca_key_free(aes_key); yaca_key_free(iv); -ex_pubk: yaca_key_free(key_pub); -ex_prvk: yaca_key_free(key_priv); } diff --git a/examples/sign.c b/examples/sign.c index f789f24..fe85a02 100644 --- a/examples/sign.c +++ b/examples/sign.c @@ -47,7 +47,7 @@ void simple_sign_verify_asym(yaca_key_type_e type, const char *algo) return; if (yaca_key_extract_public(prv, &pub) != YACA_ERROR_NONE) - goto finish; + goto exit; // SIGN if (yaca_sign(YACA_DIGEST_SHA512, @@ -56,7 +56,7 @@ void simple_sign_verify_asym(yaca_key_type_e type, const char *algo) LOREM4096_SIZE, &signature, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; dump_hex(signature, signature_len, "[Simple API] %s Signature of lorem4096:", algo); @@ -71,7 +71,7 @@ void simple_sign_verify_asym(yaca_key_type_e type, const char *algo) else printf("[Simple API] %s verification successful\n", algo); -finish: +exit: yaca_free(signature); yaca_key_free(prv); yaca_key_free(pub); @@ -96,7 +96,7 @@ void simple_sign_verify_hmac(void) LOREM4096_SIZE, &signature1, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; dump_hex(signature1, signature_len, "[Simple API] HMAC Signature of lorem4096:"); @@ -107,14 +107,14 @@ void simple_sign_verify_hmac(void) LOREM4096_SIZE, &signature2, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_memcmp(signature1, signature2, signature_len) != YACA_ERROR_NONE) printf("[Simple API] HMAC verification failed\n"); else printf("[Simple API] HMAC verification successful\n"); -finish: +exit: yaca_free(signature1); yaca_free(signature2); yaca_key_free(key); @@ -139,7 +139,7 @@ void simple_sign_verify_cmac(void) LOREM4096_SIZE, &signature1, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; dump_hex(signature1, signature_len, "[Simple API] CMAC Signature of lorem4096:"); @@ -151,14 +151,14 @@ void simple_sign_verify_cmac(void) LOREM4096_SIZE, &signature2, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_memcmp(signature1, signature2, signature_len) != YACA_ERROR_NONE) printf("[Simple API] CMAC verification failed\n"); else printf("[Simple API] CMAC verification successful\n"); -finish: +exit: yaca_free(signature1); yaca_free(signature2); yaca_key_free(key); @@ -180,26 +180,26 @@ void sign_verify_asym(yaca_key_type_e type, const char *algo) return; if (yaca_key_extract_public(prv, &pub) != YACA_ERROR_NONE) - goto finish; + goto exit; // SIGN if (yaca_sign_init(&ctx, YACA_DIGEST_SHA512, prv) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_ctx_set_param(ctx, YACA_PARAM_PADDING, (char*)(&padding), sizeof(padding)) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; if ((signature = yaca_malloc(signature_len)) == NULL) - goto finish; + goto exit; if (yaca_sign_final(ctx, signature, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; dump_hex(signature, signature_len, "[Advanced API] %s Signature of lorem4096:", algo); @@ -209,20 +209,20 @@ void sign_verify_asym(yaca_key_type_e type, const char *algo) // VERIFY if (yaca_verify_init(&ctx, YACA_DIGEST_SHA512, pub) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_ctx_set_param(ctx, YACA_PARAM_PADDING, (char*)(&padding), sizeof(padding)) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_verify_update(ctx, lorem4096, LOREM4096_SIZE) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_verify_final(ctx, signature, signature_len) != YACA_ERROR_NONE) printf("[Advanced API] %s verification failed\n", algo); else printf("[Advanced API] %s verification successful\n", algo); -finish: +exit: yaca_free(signature); yaca_key_free(prv); yaca_key_free(pub); @@ -244,19 +244,19 @@ void sign_verify_hmac(void) // SIGN if (yaca_sign_hmac_init(&ctx, YACA_DIGEST_SHA512, key) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; if ((signature1 = yaca_malloc(signature_len)) == NULL) - goto finish; + goto exit; if (yaca_sign_final(ctx, signature1, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; dump_hex(signature1, signature_len, "[Advanced API] HMAC Signature of lorem4096:"); @@ -266,26 +266,26 @@ void sign_verify_hmac(void) // VERIFY if (yaca_sign_hmac_init(&ctx, YACA_DIGEST_SHA512, key) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; if ((signature2 = yaca_malloc(signature_len)) == NULL) - goto finish; + goto exit; if (yaca_sign_final(ctx, signature2, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_memcmp(signature1, signature2, signature_len) != YACA_ERROR_NONE) printf("[Advanced API] HMAC verification failed\n"); else printf("[Advanced API] HMAC verification successful\n"); -finish: +exit: yaca_free(signature1); yaca_free(signature2); yaca_key_free(key); @@ -307,19 +307,19 @@ void sign_verify_cmac(void) // SIGN if (yaca_sign_cmac_init(&ctx, YACA_ENC_AES, key) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE)) - goto finish; + goto exit; if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; if ((signature1 = yaca_malloc(signature_len)) == NULL) - goto finish; + goto exit; if (yaca_sign_final(ctx, signature1, &signature_len)) - goto finish; + goto exit; dump_hex(signature1, signature_len, "[Advanced API] CMAC Signature of lorem4096:"); @@ -329,26 +329,26 @@ void sign_verify_cmac(void) // VERIFY if (yaca_sign_cmac_init(&ctx, YACA_ENC_AES, key) != YACA_ERROR_NONE) - goto finish; + goto exit; if (yaca_sign_update(ctx, lorem4096, LOREM4096_SIZE)) - goto finish; + goto exit; if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) - goto finish; + goto exit; if ((signature2 = yaca_malloc(signature_len)) == NULL) - goto finish; + goto exit; if (yaca_sign_final(ctx, signature2, &signature_len)) - goto finish; + goto exit; if (yaca_memcmp(signature1, signature2, signature_len) != YACA_ERROR_NONE) printf("[Advanced API] CMAC verification failed\n"); else printf("[Advanced API] CMAC verification successful\n"); -finish: +exit: yaca_free(signature1); yaca_free(signature2); yaca_key_free(key); diff --git a/src/digest.c b/src/digest.c index 47d8f57..7a19e4a 100644 --- a/src/digest.c +++ b/src/digest.c @@ -132,30 +132,29 @@ API int yaca_digest_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo) ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) - goto free; + goto exit; nc->mdctx = EVP_MD_CTX_create(); if (nc->mdctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free; + goto exit; } ret = EVP_DigestInit(nc->mdctx, md); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto ctx; + goto exit; } *ctx = (yaca_ctx_h)nc; + nc = NULL; + ret = YACA_ERROR_NONE; - return YACA_ERROR_NONE; +exit: + yaca_ctx_free((yaca_ctx_h)nc); -ctx: - EVP_MD_CTX_destroy(nc->mdctx); -free: - yaca_free(nc); return ret; } diff --git a/src/encrypt.c b/src/encrypt.c index 27eeb57..d56aad1 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -341,42 +341,42 @@ static int encrypt_init(yaca_ctx_h *ctx, ret = yaca_key_get_bits(sym_key, &key_bits); if (ret != YACA_ERROR_NONE) - goto err_free; + goto exit; ret = encrypt_get_algorithm(algo, bcm, key_bits, &cipher); if (ret != YACA_ERROR_NONE) - goto err_free; + goto exit; ret = EVP_CIPHER_iv_length(cipher); if (ret < 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_free; + goto exit; } iv_bits = ret * 8; if (iv_bits == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */ ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_free; + goto exit; } if (iv_bits != 0) { /* cipher requires iv*/ liv = key_get_simple(iv); if (liv == NULL) { /* iv was not provided */ ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_free; + goto exit; } ret = yaca_key_get_bits(iv, &iv_bits_check); if (ret != YACA_ERROR_NONE) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_free; + goto exit; } /* IV length doesn't match cipher (GCM & CCM supports variable IV length) */ if (iv_bits != iv_bits_check && bcm != YACA_BCM_GCM && bcm != YACA_BCM_CCM) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_free; + goto exit; } iv_data = (unsigned char*)liv->d; } @@ -385,7 +385,7 @@ static int encrypt_init(yaca_ctx_h *ctx, if (nc->cipher_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_free; + goto exit; } switch (op_type) { @@ -397,13 +397,13 @@ static int encrypt_init(yaca_ctx_h *ctx, break; default: ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_ctx; + goto exit; } if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_ctx; + goto exit; } /* Handling of algorithms with variable key length */ @@ -411,7 +411,7 @@ static int encrypt_init(yaca_ctx_h *ctx, if (ret != 1) { ret = YACA_ERROR_INVALID_ARGUMENT; ERROR_DUMP(ret); - goto err_ctx; + goto exit; } /* Handling of algorithms with variable IV length */ @@ -427,7 +427,7 @@ static int encrypt_init(yaca_ctx_h *ctx, if (ret != 1) { ret = YACA_ERROR_INVALID_ARGUMENT; ERROR_DUMP(ret); - goto err_ctx; + goto exit; } } @@ -444,22 +444,22 @@ static int encrypt_init(yaca_ctx_h *ctx, break; default: ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_ctx; + goto exit; } if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_ctx; + goto exit; } *ctx = (yaca_ctx_h)nc; - return YACA_ERROR_NONE; + nc = NULL; + ret = YACA_ERROR_NONE; + +exit: + yaca_ctx_free((yaca_ctx_h)nc); -err_ctx: - EVP_CIPHER_CTX_free(nc->cipher_ctx); -err_free: - yaca_free(nc); return ret; } diff --git a/src/key.c b/src/key.c index f9ed709..7a6c043 100644 --- a/src/key.c +++ b/src/key.c @@ -110,7 +110,7 @@ int base64_decode(const char *data, size_t data_len, BIO **output) if (src == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } BIO_push(b64, src); @@ -119,7 +119,7 @@ int base64_decode(const char *data, size_t data_len, BIO **output) if (dst == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } BIO_set_flags(b64, BIO_FLAGS_BASE64_NO_NL); @@ -130,7 +130,7 @@ int base64_decode(const char *data, size_t data_len, BIO **output) if (ret < 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } if (ret == YACA_ERROR_NONE) @@ -139,7 +139,7 @@ int base64_decode(const char *data, size_t data_len, BIO **output) if (BIO_write(dst, tmpbuf, ret) != ret) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } } @@ -150,18 +150,18 @@ int base64_decode(const char *data, size_t data_len, BIO **output) if (out_len < 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } if ((size_t)out_len != b64_len) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto free_bio; + goto exit; } *output = dst; dst = NULL; ret = YACA_ERROR_NONE; -free_bio: +exit: BIO_free_all(b64); BIO_free_all(dst); @@ -205,7 +205,7 @@ int import_simple(yaca_key_h *key, /* key_bits has to fit in size_t */ if (key_data_len > SIZE_MAX / 8) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto out; + goto exit; } /* DES key length verification */ @@ -215,14 +215,14 @@ int import_simple(yaca_key_h *key, key_bits != YACA_KEY_UNSAFE_128BIT && key_bits != YACA_KEY_192BIT) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto out; + goto exit; } } nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_data_len); if (nk == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; - goto out; + goto exit; } memcpy(nk->d, key_data, key_data_len); @@ -230,10 +230,12 @@ int import_simple(yaca_key_h *key, nk->key.type = key_type; *key = (yaca_key_h)nk; + nk = NULL; ret = YACA_ERROR_NONE; -out: +exit: BIO_free_all(decoded); + return ret; } @@ -371,18 +373,18 @@ int import_evp(yaca_key_h *key, default: ret = YACA_ERROR_INVALID_ARGUMENT; - goto free; + goto exit; } if (type != key_type) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto free; + goto exit; } nk = yaca_zalloc(sizeof(struct yaca_key_evp_s)); if (nk == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; - goto free; + goto exit; } nk->evp = pkey; @@ -392,8 +394,9 @@ int import_evp(yaca_key_h *key, pkey = NULL; ret = YACA_ERROR_NONE; -free: +exit: EVP_PKEY_free(pkey); + return ret; } @@ -445,7 +448,7 @@ int export_simple_base64(struct yaca_key_simple_s *simple_key, if (mem == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } BIO_push(b64, mem); @@ -455,35 +458,35 @@ int export_simple_base64(struct yaca_key_simple_s *simple_key, if (ret <= 0 || (unsigned)ret != key_len) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } ret = BIO_flush(b64); if (ret <= 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } bio_data_len = BIO_get_mem_data(mem, &bio_data); if (bio_data_len <= 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } *data = yaca_malloc(bio_data_len); if (*data == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; ERROR_DUMP(ret); - goto free_bio; + goto exit; } memcpy(*data, bio_data, bio_data_len); *data_len = bio_data_len; ret = YACA_ERROR_NONE; -free_bio: +exit: BIO_free_all(b64); return ret; @@ -678,35 +681,36 @@ int export_evp(struct yaca_key_evp_s *evp_key, } if (ret != YACA_ERROR_NONE) - goto free_bio; + goto exit; ret = BIO_flush(mem); if (ret <= 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } bio_data_len = BIO_get_mem_data(mem, &bio_data); if (bio_data_len <= 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } *data = yaca_malloc(bio_data_len); if (*data == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; ERROR_DUMP(ret); - goto free_bio; + goto exit; } memcpy(*data, bio_data, bio_data_len); *data_len = bio_data_len; ret = YACA_ERROR_NONE; -free_bio: +exit: BIO_free_all(mem); + return ret; } @@ -752,28 +756,37 @@ int gen_simple_des(struct yaca_key_simple_s **out, size_t key_bits) DES_cblock *des_key = (DES_cblock*)nk->d; if (key_byte_len >= 8) { ret = DES_random_key(des_key); - if (ret != 1) - goto free_nk; + if (ret != 1) { + ret = YACA_ERROR_INTERNAL; + ERROR_DUMP(ret); + goto exit; + } } if (key_byte_len >= 16) { ret = DES_random_key(des_key + 1); - if (ret != 1) - goto free_nk; + if (ret != 1) { + ret = YACA_ERROR_INTERNAL; + ERROR_DUMP(ret); + goto exit; + } } if (key_byte_len >= 24) { ret = DES_random_key(des_key + 2); - if (ret != 1) - goto free_nk; + if (ret != 1) { + ret = YACA_ERROR_INTERNAL; + ERROR_DUMP(ret); + goto exit; + } } nk->bits = key_bits; *out = nk; - return YACA_ERROR_NONE; + nk = NULL; + ret = YACA_ERROR_NONE; -free_nk: +exit: yaca_free(nk); - ret = YACA_ERROR_INTERNAL; - ERROR_DUMP(ret); + return ret; } @@ -797,38 +810,38 @@ int gen_evp_rsa(struct yaca_key_evp_s **out, size_t key_bits) if (ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_nk; + goto exit; } ret = EVP_PKEY_keygen_init(ctx); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_ctx; + goto exit; } ret = EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, key_bits); if (ret != 1) { ret = ERROR_HANDLE(); - goto free_ctx; + goto exit; } ret = EVP_PKEY_keygen(ctx, &pkey); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_ctx; + goto exit; } nk->evp = pkey; - + pkey = NULL; *out = nk; nk = NULL; + ret = YACA_ERROR_NONE; -free_ctx: +exit: EVP_PKEY_CTX_free(ctx); -free_nk: yaca_free(nk); return ret; @@ -847,8 +860,8 @@ int gen_evp_dsa(struct yaca_key_evp_s **out, size_t key_bits) int ret; struct yaca_key_evp_s *nk; - EVP_PKEY_CTX *pctx; - EVP_PKEY_CTX *kctx; + EVP_PKEY_CTX *pctx = NULL; + EVP_PKEY_CTX *kctx = NULL; EVP_PKEY *pkey = NULL; EVP_PKEY *params = NULL; @@ -860,63 +873,61 @@ int gen_evp_dsa(struct yaca_key_evp_s **out, size_t key_bits) if (pctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_nk; + goto exit; } ret = EVP_PKEY_paramgen_init(pctx); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_pctx; + goto exit; } ret = EVP_PKEY_CTX_set_dsa_paramgen_bits(pctx, key_bits); if (ret != 1) { ret = ERROR_HANDLE(); - goto free_pctx; + goto exit; } ret = EVP_PKEY_paramgen(pctx, ¶ms); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_pctx; + goto exit; } kctx = EVP_PKEY_CTX_new(params, NULL); if (kctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_params; + goto exit; } ret = EVP_PKEY_keygen_init(kctx); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_kctx; + goto exit; } ret = EVP_PKEY_keygen(kctx, &pkey); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_kctx; + goto exit; } nk->evp = pkey; - + pkey = NULL; *out = nk; nk = NULL; + ret = YACA_ERROR_NONE; -free_kctx: +exit: EVP_PKEY_CTX_free(kctx); -free_params: EVP_PKEY_free(params); -free_pctx: EVP_PKEY_CTX_free(pctx); -free_nk: yaca_free(nk); return ret; @@ -1135,8 +1146,8 @@ API int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key) int ret; struct yaca_key_evp_s *evp_key = key_get_evp(prv_key); struct yaca_key_evp_s *nk; - BIO *mem; - EVP_PKEY *pkey; + BIO *mem = NULL; + EVP_PKEY *pkey = NULL; if (prv_key == YACA_KEY_NULL || evp_key == NULL || pub_key == NULL) return YACA_ERROR_INVALID_ARGUMENT; @@ -1149,51 +1160,50 @@ API int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key) if (mem == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_nk; + goto exit; } ret = i2d_PUBKEY_bio(mem, evp_key->evp); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } pkey = d2i_PUBKEY_bio(mem, NULL); if (pkey == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_bio; + goto exit; } BIO_free(mem); mem = NULL; - nk->evp = pkey; - *pub_key = (yaca_key_h)nk; - switch (prv_key->type) { case YACA_KEY_TYPE_RSA_PRIV: - (*pub_key)->type = YACA_KEY_TYPE_RSA_PUB; + nk->key.type = YACA_KEY_TYPE_RSA_PUB; break; case YACA_KEY_TYPE_DSA_PRIV: - (*pub_key)->type = YACA_KEY_TYPE_DSA_PUB; + nk->key.type = YACA_KEY_TYPE_DSA_PUB; break; // case YACA_KEY_TYPE_EC_PRIV: -// (*pub_key)->type = YACA_KEY_TYPE_EC_PUB; +// nk->key.type = YACA_KEY_TYPE_EC_PUB; // break; default: ret = YACA_ERROR_INVALID_ARGUMENT; - goto free_pkey; + goto exit; } - return YACA_ERROR_NONE; + nk->evp = pkey; + pkey = NULL; + *pub_key = (yaca_key_h)nk; + nk = NULL; + ret = YACA_ERROR_NONE; -free_pkey: +exit: EVP_PKEY_free(pkey); -free_bio: BIO_free(mem); -free_nk: yaca_free(nk); return ret; @@ -1250,12 +1260,14 @@ API int yaca_key_derive_pbkdf2(const char *password, if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err; + goto exit; } *key = (yaca_key_h)nk; - return YACA_ERROR_NONE; -err: + nk = NULL; + ret = YACA_ERROR_NONE; +exit: yaca_free(nk); + return ret; } diff --git a/src/seal.c b/src/seal.c index cdd3cbf..c07fe3f 100644 --- a/src/seal.c +++ b/src/seal.c @@ -105,8 +105,8 @@ static int seal_init(yaca_ctx_h *ctx, yaca_key_h *iv) { struct yaca_key_evp_s *lpub; - struct yaca_key_simple_s *lkey; - struct yaca_key_simple_s *liv; + struct yaca_key_simple_s *lkey = NULL; + struct yaca_key_simple_s *liv = NULL; struct yaca_seal_ctx_s *nc; const EVP_CIPHER *cipher; int pub_key_length; @@ -134,39 +134,39 @@ static int seal_init(yaca_ctx_h *ctx, if (nc->cipher_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_free; + goto exit; } ret = EVP_PKEY_size(lpub->evp); if (ret <= 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_ctx; + goto exit; } pub_key_length = ret; lkey = yaca_zalloc(sizeof(struct yaca_key_simple_s) + pub_key_length); if (lkey == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; - goto err_ctx; + goto exit; } ret = encrypt_get_algorithm(algo, bcm, sym_key_bits, &cipher); if (ret != YACA_ERROR_NONE) - goto err_key; + goto exit; ret = EVP_CIPHER_iv_length(cipher); if (ret < 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_key; + goto exit; } iv_length = ret; liv = yaca_zalloc(sizeof(struct yaca_key_simple_s) + iv_length); if (liv == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; - goto err_key; + goto exit; } unsigned char *key_data = (unsigned char*)lkey->d; @@ -183,29 +183,28 @@ static int seal_init(yaca_ctx_h *ctx, if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_iv; + goto exit; } lkey->bits = key_data_length * 8; lkey->key.type = YACA_KEY_TYPE_SYMMETRIC; *sym_key = (yaca_key_h)lkey; + lkey = NULL; liv->bits = iv_length * 8; liv->key.type = YACA_KEY_TYPE_IV; *iv = (yaca_key_h)liv; + liv = NULL; *ctx = (yaca_ctx_h)nc; + nc = NULL; + ret = YACA_ERROR_NONE; - return YACA_ERROR_NONE; - -err_iv: +exit: yaca_free(liv); -err_key: yaca_free(lkey); -err_ctx: - EVP_CIPHER_CTX_free(nc->cipher_ctx); -err_free: - yaca_free(nc); + yaca_ctx_free((yaca_ctx_h)nc); + return ret; } @@ -249,44 +248,44 @@ static int open_init(yaca_ctx_h *ctx, ret = encrypt_get_algorithm(algo, bcm, sym_key_bits, &cipher); if (ret != YACA_ERROR_NONE) - goto err_free; + goto exit; ret = EVP_CIPHER_iv_length(cipher); if (ret < 0) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_free; + goto exit; } iv_bits = ret * 8; if (iv_bits == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */ ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_free; + goto exit; } liv = key_get_simple(iv); /* cipher requires iv, but none was provided, or provided wrong iv */ if (iv_bits != 0 && (liv == NULL || liv->key.type != YACA_KEY_TYPE_IV)) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_free; + goto exit; } // TODO: handling of algorithms with variable IV length ret = yaca_key_get_bits(iv, &iv_bits_check); if (ret != YACA_ERROR_NONE) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_free; + goto exit; } if (iv_bits != iv_bits_check) { /* IV length doesn't match cipher */ ret = YACA_ERROR_INVALID_ARGUMENT; - goto err_free; + goto exit; } nc->cipher_ctx = EVP_CIPHER_CTX_new(); if (nc->cipher_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_free; + goto exit; } ret = EVP_OpenInit(nc->cipher_ctx, cipher, @@ -297,16 +296,16 @@ static int open_init(yaca_ctx_h *ctx, if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto err_ctx; + goto exit; } *ctx = (yaca_ctx_h)nc; - return YACA_ERROR_NONE; + nc = NULL; + ret = YACA_ERROR_NONE; + +exit: + yaca_ctx_free((yaca_ctx_h)nc); -err_ctx: - EVP_CIPHER_CTX_free(nc->cipher_ctx); -err_free: - yaca_free(nc); return ret; } diff --git a/src/sign.c b/src/sign.c index e7dedc4..54ad806 100644 --- a/src/sign.c +++ b/src/sign.c @@ -268,27 +268,27 @@ API int yaca_sign_init(yaca_ctx_h *ctx, ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) - goto free_ctx; + goto exit; nc->mdctx = EVP_MD_CTX_create(); if (nc->mdctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_ctx; + goto exit; } ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, evp_key->evp); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_ctx; + goto exit; } *ctx = (yaca_ctx_h)nc; + nc = NULL; + ret = YACA_ERROR_NONE; - return YACA_ERROR_NONE; - -free_ctx: +exit: yaca_ctx_free((yaca_ctx_h)nc); return ret; @@ -324,33 +324,35 @@ API int yaca_sign_hmac_init(yaca_ctx_h *ctx, if (pkey == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_ctx; + goto exit; } ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) - goto free_pkey; + goto exit; nc->mdctx = EVP_MD_CTX_create(); if (nc->mdctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_pkey; + goto exit; } ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, pkey); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_pkey; + goto exit; } + pkey = NULL; + *ctx = (yaca_ctx_h)nc; - return YACA_ERROR_NONE; + nc = NULL; + ret = YACA_ERROR_NONE; -free_pkey: +exit: EVP_PKEY_free(pkey); -free_ctx: yaca_ctx_free((yaca_ctx_h)nc); return ret; @@ -382,60 +384,60 @@ API int yaca_sign_cmac_init(yaca_ctx_h *ctx, ret = encrypt_get_algorithm(algo, YACA_BCM_CBC, simple_key->bits, &cipher); if (ret != YACA_ERROR_NONE) - goto free_ctx; + goto exit; // create and initialize low level CMAC context cmac_ctx = CMAC_CTX_new(); if (cmac_ctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_ctx; + goto exit; } - if (CMAC_Init(cmac_ctx, simple_key->d, simple_key->bits/8, cipher, NULL) != 1) { + if (CMAC_Init(cmac_ctx, simple_key->d, simple_key->bits / 8, cipher, NULL) != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - // TODO refactor error handling: use single cleanup label - goto free_cmac_ctx; + goto exit; } // create key and assign CMAC context to it pkey = EVP_PKEY_new(); - if (!pkey) { + if (pkey == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_cmac_ctx; + goto exit; } if (EVP_PKEY_assign(pkey, EVP_PKEY_CMAC, cmac_ctx) != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_pkey; + goto exit; } - // TODO refactor error handling: set cmac_ctx to NULL + + cmac_ctx = NULL; nc->mdctx = EVP_MD_CTX_create(); if (nc->mdctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_pkey; + goto exit; } if (EVP_DigestSignInit(nc->mdctx, NULL, NULL, NULL, pkey) != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_pkey; + goto exit; } - // TODO refactor error handling: set mdctx to NULL, set pkey to NULL + + pkey = NULL; *ctx = (yaca_ctx_h)nc; - return YACA_ERROR_NONE; + nc = NULL; + ret = YACA_ERROR_NONE; -free_pkey: +exit: EVP_PKEY_free(pkey); -free_cmac_ctx: CMAC_CTX_free(cmac_ctx); -free_ctx: yaca_ctx_free((yaca_ctx_h)nc); return ret; @@ -518,27 +520,27 @@ API int yaca_verify_init(yaca_ctx_h *ctx, ret = digest_get_algorithm(algo, &md); if (ret != YACA_ERROR_NONE) - goto free_ctx; + goto exit; nc->mdctx = EVP_MD_CTX_create(); if (nc->mdctx == NULL) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_ctx; + goto exit; } ret = EVP_DigestVerifyInit(nc->mdctx, NULL, md, NULL, evp_key->evp); if (ret != 1) { ret = YACA_ERROR_INTERNAL; ERROR_DUMP(ret); - goto free_ctx; + goto exit; } *ctx = (yaca_ctx_h)nc; + nc = NULL; + ret = YACA_ERROR_NONE; - return YACA_ERROR_NONE; - -free_ctx: +exit: yaca_ctx_free((yaca_ctx_h)nc); return ret; diff --git a/src/simple.c b/src/simple.c index 6779b0d..f759af3 100644 --- a/src/simple.c +++ b/src/simple.c @@ -41,7 +41,7 @@ API int yaca_digest_calc(yaca_digest_algo_e algo, { yaca_ctx_h ctx; int ret; - char *ldigest; + char *ldigest = NULL; size_t ldigest_len; if (data == NULL || data_len == 0 || digest == NULL || digest_len == NULL) @@ -53,30 +53,28 @@ API int yaca_digest_calc(yaca_digest_algo_e algo, ret = yaca_digest_update(ctx, data, data_len); if (ret != YACA_ERROR_NONE) - goto err; + goto exit; ret = yaca_get_digest_length(ctx, &ldigest_len); if (ret != YACA_ERROR_NONE) - goto err; + goto exit; ldigest = yaca_malloc(ldigest_len); - if (!ldigest) - goto err; + if (ldigest == NULL) + goto exit; ret = yaca_digest_final(ctx, ldigest, &ldigest_len); if (ret != YACA_ERROR_NONE) - goto err_free; - - yaca_ctx_free(ctx); + goto exit; *digest_len = ldigest_len; *digest = ldigest; - return YACA_ERROR_NONE; + ldigest = NULL; -err_free: +exit: yaca_free(ldigest); -err: yaca_ctx_free(ctx); + return ret; } @@ -91,8 +89,8 @@ API int yaca_encrypt(yaca_enc_algo_e algo, { yaca_ctx_h ctx; int ret; - char *lcipher; - char *rcipher; + char *lcipher = NULL; + char *rcipher = NULL; size_t out_len, lcipher_len, written; if (plain == NULL || plain_len == 0 || cipher == NULL || cipher_len == NULL || @@ -105,27 +103,27 @@ API int yaca_encrypt(yaca_enc_algo_e algo, ret = yaca_get_block_length(ctx, &lcipher_len); if (ret != YACA_ERROR_NONE) - goto err; + goto exit; ret = yaca_get_output_length(ctx, plain_len, &out_len); if (ret != YACA_ERROR_NONE) - goto err; + goto exit; if (out_len > SIZE_MAX - lcipher_len) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto err; + goto exit; } lcipher_len += out_len; lcipher = yaca_malloc(lcipher_len); if (lcipher == NULL) - goto err; + goto exit; out_len = lcipher_len; ret = yaca_encrypt_update(ctx, plain, plain_len, lcipher, &out_len); if (ret != YACA_ERROR_NONE) - goto err_free; + goto exit; assert(out_len <= lcipher_len); @@ -133,7 +131,7 @@ API int yaca_encrypt(yaca_enc_algo_e algo, out_len = lcipher_len - written; ret = yaca_encrypt_final(ctx, lcipher + written, &out_len); if (ret != YACA_ERROR_NONE) - goto err_free; + goto exit; written += out_len; assert(written <= lcipher_len); @@ -141,19 +139,18 @@ API int yaca_encrypt(yaca_enc_algo_e algo, rcipher = yaca_realloc(lcipher, written); if (rcipher == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; - goto err_free; + goto exit; } - yaca_ctx_free(ctx); - *cipher = rcipher; *cipher_len = written; - return YACA_ERROR_NONE; + lcipher = NULL; + ret = YACA_ERROR_NONE; -err_free: +exit: yaca_free(lcipher); -err: yaca_ctx_free(ctx); + return ret; } @@ -168,8 +165,8 @@ API int yaca_decrypt(yaca_enc_algo_e algo, { yaca_ctx_h ctx; int ret; - char *lplain; - char *rplain; + char *lplain = NULL; + char *rplain = NULL; size_t out_len, lplain_len, written; if (cipher == NULL || cipher_len == 0 || plain == NULL || plain_len == NULL || @@ -182,27 +179,27 @@ API int yaca_decrypt(yaca_enc_algo_e algo, ret = yaca_get_block_length(ctx, &lplain_len); if (ret != YACA_ERROR_NONE) - goto err; + goto exit; ret = yaca_get_output_length(ctx, cipher_len, &out_len); if (ret != YACA_ERROR_NONE) - goto err; + goto exit; if (out_len > SIZE_MAX - lplain_len) { ret = YACA_ERROR_INVALID_ARGUMENT; - goto err; + goto exit; } lplain_len += out_len; lplain = yaca_malloc(lplain_len); - if (!lplain) - goto err; + if (lplain == NULL) + goto exit; out_len = lplain_len; ret = yaca_decrypt_update(ctx, cipher, cipher_len, lplain, &out_len); if (ret != YACA_ERROR_NONE) - goto err_free; + goto exit; assert(out_len <= lplain_len); @@ -210,7 +207,7 @@ API int yaca_decrypt(yaca_enc_algo_e algo, out_len = lplain_len - written; ret = yaca_decrypt_final(ctx, lplain + written, &out_len); if (ret != YACA_ERROR_NONE) - goto err_free; + goto exit; written += out_len; assert(written <= lplain_len); @@ -218,19 +215,18 @@ API int yaca_decrypt(yaca_enc_algo_e algo, rplain = yaca_realloc(lplain, written); if (rplain == NULL) { ret = YACA_ERROR_OUT_OF_MEMORY; - goto err_free; + goto exit; } - yaca_ctx_free(ctx); - *plain = rplain; *plain_len = written; - return YACA_ERROR_NONE; + lplain = NULL; + ret = YACA_ERROR_NONE; -err_free: +exit: yaca_free(lplain); -err: yaca_ctx_free(ctx); + return ret; } @@ -300,11 +296,11 @@ API int yaca_verify(yaca_digest_algo_e algo, ret = yaca_verify_update(ctx, data, data_len); if (ret != YACA_ERROR_NONE) - goto free_ctx; + goto exit; ret = yaca_verify_final(ctx, signature, signature_len); -free_ctx: +exit: yaca_ctx_free(ctx); return ret; -- 2.7.4 From 5f1f762a618449a833259c529caacb7ad7e38d21 Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Wed, 1 Jun 2016 16:19:43 +0200 Subject: [PATCH 10/16] Fix seal/open, ECB mode does not use an IV. Change-Id: I953bf874f2bb760d129e90dac3246c9f24e0c5ec --- src/seal.c | 69 +++++++++++++++++++++++++++++++++++--------------------------- 1 file changed, 39 insertions(+), 30 deletions(-) diff --git a/src/seal.c b/src/seal.c index c07fe3f..7dd3ba8 100644 --- a/src/seal.c +++ b/src/seal.c @@ -110,6 +110,9 @@ static int seal_init(yaca_ctx_h *ctx, struct yaca_seal_ctx_s *nc; const EVP_CIPHER *cipher; int pub_key_length; + unsigned char *key_data = NULL; + int key_data_length; + unsigned char *iv_data = NULL; int iv_length; int ret; @@ -150,6 +153,7 @@ static int seal_init(yaca_ctx_h *ctx, ret = YACA_ERROR_OUT_OF_MEMORY; goto exit; } + key_data = (unsigned char*)lkey->d; ret = encrypt_get_algorithm(algo, bcm, sym_key_bits, &cipher); if (ret != YACA_ERROR_NONE) @@ -163,20 +167,20 @@ static int seal_init(yaca_ctx_h *ctx, } iv_length = ret; - liv = yaca_zalloc(sizeof(struct yaca_key_simple_s) + iv_length); - if (liv == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; - goto exit; + if (iv_length > 0) { + liv = yaca_zalloc(sizeof(struct yaca_key_simple_s) + iv_length); + if (liv == NULL) { + ret = YACA_ERROR_OUT_OF_MEMORY; + goto exit; + } + iv_data = (unsigned char*)liv->d; } - unsigned char *key_data = (unsigned char*)lkey->d; - int key_data_length; - ret = EVP_SealInit(nc->cipher_ctx, cipher, &key_data, &key_data_length, - (unsigned char*)liv->d, + iv_data, &lpub->evp, 1); @@ -191,11 +195,14 @@ static int seal_init(yaca_ctx_h *ctx, *sym_key = (yaca_key_h)lkey; lkey = NULL; - liv->bits = iv_length * 8; - liv->key.type = YACA_KEY_TYPE_IV; - *iv = (yaca_key_h)liv; - liv = NULL; - + if (iv_length > 0) { + liv->bits = iv_length * 8; + liv->key.type = YACA_KEY_TYPE_IV; + *iv = (yaca_key_h)liv; + liv = NULL; + } else { + *iv = NULL; + } *ctx = (yaca_ctx_h)nc; nc = NULL; ret = YACA_ERROR_NONE; @@ -221,6 +228,7 @@ static int open_init(yaca_ctx_h *ctx, const struct yaca_key_simple_s *liv; struct yaca_seal_ctx_s *nc; const EVP_CIPHER *cipher; + unsigned char *iv_data = NULL; size_t iv_bits; size_t iv_bits_check; int ret; @@ -263,22 +271,23 @@ static int open_init(yaca_ctx_h *ctx, goto exit; } - liv = key_get_simple(iv); - /* cipher requires iv, but none was provided, or provided wrong iv */ - if (iv_bits != 0 && (liv == NULL || liv->key.type != YACA_KEY_TYPE_IV)) { - ret = YACA_ERROR_INVALID_ARGUMENT; - goto exit; - } - - // TODO: handling of algorithms with variable IV length - ret = yaca_key_get_bits(iv, &iv_bits_check); - if (ret != YACA_ERROR_NONE) { - ret = YACA_ERROR_INVALID_ARGUMENT; - goto exit; - } - if (iv_bits != iv_bits_check) { /* IV length doesn't match cipher */ - ret = YACA_ERROR_INVALID_ARGUMENT; - goto exit; + if (iv_bits > 0) { /* cipher requires iv*/ + liv = key_get_simple(iv); + if (liv == NULL || liv->key.type != YACA_KEY_TYPE_IV) { /* iv was not provided */ + ret = YACA_ERROR_INVALID_ARGUMENT; + goto exit; + } + ret = yaca_key_get_bits(iv, &iv_bits_check); + if (ret != YACA_ERROR_NONE) { + ret = YACA_ERROR_INVALID_ARGUMENT; + goto exit; + } + /* IV length doesn't match cipher */ + if (iv_bits != iv_bits_check) { + ret = YACA_ERROR_INVALID_ARGUMENT; + goto exit; + } + iv_data = (unsigned char*)liv->d; } nc->cipher_ctx = EVP_CIPHER_CTX_new(); @@ -291,7 +300,7 @@ static int open_init(yaca_ctx_h *ctx, ret = EVP_OpenInit(nc->cipher_ctx, cipher, (unsigned char*)lkey->d, EVP_PKEY_size(lprv->evp), - (unsigned char*)liv->d, + iv_data, lprv->evp); if (ret != 1) { ret = YACA_ERROR_INTERNAL; -- 2.7.4 From 9616af7a3d91e509715ad4e183c13070be048a4f Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Thu, 2 Jun 2016 12:26:03 +0200 Subject: [PATCH 11/16] ACR: Fix notation for pointer variables. Change-Id: I6060a5a0d632ad3d647059cd08efce65fed57f30 --- api/yaca/yaca_simple.h | 16 ++++++++-------- examples/key_password.c | 2 +- examples/misc.c | 2 +- examples/misc.h | 2 +- examples/sign.c | 4 ++-- src/crypto.c | 2 +- src/simple.c | 16 ++++++++-------- 7 files changed, 22 insertions(+), 22 deletions(-) diff --git a/api/yaca/yaca_simple.h b/api/yaca/yaca_simple.h index 00149af..352b138 100644 --- a/api/yaca/yaca_simple.h +++ b/api/yaca/yaca_simple.h @@ -142,7 +142,7 @@ int yaca_decrypt(yaca_enc_algo_e algo, const char *cipher, size_t cipher_len, char **plain, - size_t * plain_len); + size_t *plain_len); /** * @brief Create a signature using asymmetric private key. @@ -176,8 +176,8 @@ int yaca_sign(yaca_digest_algo_e algo, const yaca_key_h key, const char *data, size_t data_len, - char** signature, - size_t* signature_len); + char **signature, + size_t *signature_len); /** * @brief Verify a signature using asymmetric public key. @@ -211,7 +211,7 @@ int yaca_verify(yaca_digest_algo_e algo, const yaca_key_h key, const char *data, size_t data_len, - const char* signature, + const char *signature, size_t signature_len); /** @@ -247,8 +247,8 @@ int yaca_hmac(yaca_digest_algo_e algo, const yaca_key_h key, const char *data, size_t data_len, - char** mac, - size_t* mac_len); + char **mac, + size_t *mac_len); /** * @brief Calculate a CMAC of given message using symmetric key. @@ -283,8 +283,8 @@ int yaca_cmac(yaca_enc_algo_e algo, const yaca_key_h key, const char *data, size_t data_len, - char** mac, - size_t* mac_len); + char **mac, + size_t *mac_len); /**@}*/ diff --git a/examples/key_password.c b/examples/key_password.c index 772aca3..133ee75 100644 --- a/examples/key_password.c +++ b/examples/key_password.c @@ -76,7 +76,7 @@ exit: yaca_key_free(lkey); } -int main(int argc, char* argv[]) +int main(int argc, char *argv[]) { int ret; yaca_key_h key = YACA_KEY_NULL; diff --git a/examples/misc.c b/examples/misc.c index ad7bc40..04e30fd 100644 --- a/examples/misc.c +++ b/examples/misc.c @@ -44,7 +44,7 @@ void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...) BIO_dump_fp(stdout, buf, dump_size); } -void debug_func(const char* buf) +void debug_func(const char *buf) { puts(buf); } diff --git a/examples/misc.h b/examples/misc.h index 6eaa12f..e59b382 100644 --- a/examples/misc.h +++ b/examples/misc.h @@ -35,7 +35,7 @@ void dump_hex(const char *buf, size_t dump_size, const char *fmt, ...); -void debug_func(const char* buf); +void debug_func(const char *buf); int write_file(const char *path, char *data, size_t data_len); diff --git a/examples/sign.c b/examples/sign.c index fe85a02..111f704 100644 --- a/examples/sign.c +++ b/examples/sign.c @@ -36,7 +36,7 @@ // Signature creation and verification using simple API void simple_sign_verify_asym(yaca_key_type_e type, const char *algo) { - char* signature = NULL; + char *signature = NULL; size_t signature_len; yaca_key_h prv = YACA_KEY_NULL; @@ -167,7 +167,7 @@ exit: // Signature creation and verification using advanced API void sign_verify_asym(yaca_key_type_e type, const char *algo) { - char* signature = NULL; + char *signature = NULL; size_t signature_len; yaca_ctx_h ctx = YACA_CTX_NULL; diff --git a/src/crypto.c b/src/crypto.c index 1011aec..57c7371 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -37,7 +37,7 @@ static pthread_mutex_t *mutexes = NULL; -static void locking_callback(int mode, int type, const char* file, int line) +static void locking_callback(int mode, int type, const char *file, int line) { /* Ignore NULL mutexes and lock/unlock error codes as we can't do anything * about them. */ diff --git a/src/simple.c b/src/simple.c index f759af3..e3196aa 100644 --- a/src/simple.c +++ b/src/simple.c @@ -231,7 +231,7 @@ exit: } static int sign(const yaca_ctx_h ctx, const char *data, size_t data_len, - char** signature, size_t* signature_len) + char **signature, size_t *signature_len) { int ret; @@ -263,8 +263,8 @@ API int yaca_sign(yaca_digest_algo_e algo, const yaca_key_h key, const char *data, size_t data_len, - char** signature, - size_t* signature_len) + char **signature, + size_t *signature_len) { int ret; yaca_ctx_h ctx = YACA_CTX_NULL; @@ -284,7 +284,7 @@ API int yaca_verify(yaca_digest_algo_e algo, const yaca_key_h key, const char *data, size_t data_len, - const char* signature, + const char *signature, size_t signature_len) { int ret; @@ -310,8 +310,8 @@ API int yaca_hmac(yaca_digest_algo_e algo, const yaca_key_h key, const char *data, size_t data_len, - char** mac, - size_t* mac_len) + char **mac, + size_t *mac_len) { int ret; yaca_ctx_h ctx = YACA_CTX_NULL; @@ -331,8 +331,8 @@ API int yaca_cmac(yaca_enc_algo_e algo, const yaca_key_h key, const char *data, size_t data_len, - char** mac, - size_t* mac_len) + char **mac, + size_t *mac_len) { int ret; yaca_ctx_h ctx = YACA_CTX_NULL; -- 2.7.4 From 981f78383aac017ac3ff776c7e11edb4f202ee4b Mon Sep 17 00:00:00 2001 From: Dariusz Michaluk Date: Thu, 2 Jun 2016 13:26:40 +0200 Subject: [PATCH 12/16] ACR: Apply changes from API review part 2 Change-Id: I13a1a8e49eef233bf748ea0c871e872f67708ea5 --- api/yaca/yaca_error.h | 2 +- api/yaca/yaca_key.h | 9 +++- api/yaca/yaca_seal.h | 3 ++ api/yaca/yaca_types.h | 120 ++++++++++++++++++++++++++++++-------------------- 4 files changed, 84 insertions(+), 50 deletions(-) diff --git a/api/yaca/yaca_error.h b/api/yaca/yaca_error.h index edbbfe7..263f3d7 100644 --- a/api/yaca/yaca_error.h +++ b/api/yaca/yaca_error.h @@ -40,7 +40,7 @@ extern "C" { */ /** - * @brief Error enums + * @brief Enumeration of YACA error values. * * @since_tizen 3.0 */ diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index f79115f..c5aca0f 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -39,6 +39,11 @@ extern "C" { * @{ */ +/** + * @brief NULL value for yaca_key_h type. + * + * @since_tizen 3.0 + */ #define YACA_KEY_NULL ((yaca_key_h) NULL) /** @@ -76,7 +81,7 @@ int yaca_key_get_bits(const yaca_key_h key, size_t *key_bits); * @since_tizen 3.0 * * @remarks This function imports a key trying to match it to the key_type specified. - * It should autodetect both, key format and file format. + * It should autodetect both the key format and the file format. * * For symmetric, IV and DES keys RAW binary format and BASE64 encoded * binary format are supported. @@ -246,7 +251,7 @@ void yaca_key_free(yaca_key_h key); * @since_tizen 3.0 * * @param[in] password User password as a NULL-terminated string - * @param[in] salt Salt, should be non-zero + * @param[in] salt Salt, should be a non-empty string * @param[in] salt_len Length of the salt * @param[in] iter Number of iterations * @param[in] algo Digest algorithm that should be used in key generation diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h index cd1eed3..beea34d 100644 --- a/api/yaca/yaca_seal.h +++ b/api/yaca/yaca_seal.h @@ -55,7 +55,9 @@ extern "C" { * @param[in] sym_key_bits Symmetric key length (in bits) that will be generated * @param[out] sym_key Generated symmetric key that will be used, * it is encrypted with peer's public key + * (must be freed with yaca_key_free()) * @param[out] iv Generated initialization vector that will be used + * (must be freed with yaca_key_free()) * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful @@ -68,6 +70,7 @@ extern "C" { * @see #yaca_block_cipher_mode_e * @see yaca_seal_update() * @see yaca_seal_final() + * @see yaca_key_free() */ int yaca_seal_init(yaca_ctx_h *ctx, const yaca_key_h pub_key, diff --git a/api/yaca/yaca_types.h b/api/yaca/yaca_types.h index 933e584..15cfe12 100644 --- a/api/yaca/yaca_types.h +++ b/api/yaca/yaca_types.h @@ -51,7 +51,7 @@ typedef struct yaca_ctx_s *yaca_ctx_h; typedef struct yaca_key_s *yaca_key_h; /** - * @brief Key formats. + * @brief Enumeration of YACA key formats. * * @since_tizen 3.0 */ @@ -63,46 +63,57 @@ typedef enum { } yaca_key_fmt_e; /** - * @brief Key file formats. + * @brief Enumeration of YACA key file formats. * * @since_tizen 3.0 */ typedef enum { - YACA_KEY_FILE_FORMAT_RAW, /**< key file is in raw binary format, used for symmetric keys */ - YACA_KEY_FILE_FORMAT_BASE64, /**< key file is encoded in ASCII-base64, used for symmetric keys */ - YACA_KEY_FILE_FORMAT_PEM, /**< key file is in PEM file format, used for asymmetric keys */ - YACA_KEY_FILE_FORMAT_DER /**< key file is in DER file format, used for asymmetric keys */ + /** Key file is in raw binary format, used for symmetric keys */ + YACA_KEY_FILE_FORMAT_RAW, + /** Key file is encoded in ASCII-base64, used for symmetric keys */ + YACA_KEY_FILE_FORMAT_BASE64, + /** Key file is in PEM file format, used for asymmetric keys */ + YACA_KEY_FILE_FORMAT_PEM, + /** Key file is in DER file format, used for asymmetric keys */ + YACA_KEY_FILE_FORMAT_DER } yaca_key_file_fmt_e; /** - * @brief Key types, IV is considered as key. + * @brief Enumeration of YACA key types, IV is considered as key. * * @since_tizen 3.0 */ typedef enum { - YACA_KEY_TYPE_SYMMETRIC, /**< Generic symmetric cipher KEY */ - YACA_KEY_TYPE_DES, /**< DES* key - must be handled differently because of parity bits */ - YACA_KEY_TYPE_IV, /**< Initialization Vector for symmetric algorithms */ - - YACA_KEY_TYPE_RSA_PUB, /**< RSA public key */ - YACA_KEY_TYPE_RSA_PRIV, /**< RSA private key */ - - YACA_KEY_TYPE_DSA_PUB, /**< Digital Signature Algorithm public key */ - YACA_KEY_TYPE_DSA_PRIV, /**< Digital Signature Algorithm private key */ + /** Generic symmetric cipher KEY */ + YACA_KEY_TYPE_SYMMETRIC, + /** DES* key - must be handled differently because of parity bits */ + YACA_KEY_TYPE_DES, + /** Initialization Vector for symmetric algorithms */ + YACA_KEY_TYPE_IV, + + /** RSA public key */ + YACA_KEY_TYPE_RSA_PUB, + /** RSA private key */ + YACA_KEY_TYPE_RSA_PRIV, + + /** Digital Signature Algorithm public key */ + YACA_KEY_TYPE_DSA_PUB, + /** Digital Signature Algorithm private key */ + YACA_KEY_TYPE_DSA_PRIV, } yaca_key_type_e; /** - * @brief Key length. + * @brief Enumeration of YACA key lengths. * It is possible to use arbitrary integer instead, * this enums are placed here to avoid magic numbers. * * @since_tizen 3.0 */ typedef enum { - YACA_KEY_IV_UNSAFE_24BIT = 24, /**< 24-bit IV */ - YACA_KEY_IV_64BIT = 64, /**< 64-bit IV */ - YACA_KEY_IV_128BIT = 128, /**< 128-bit IV */ - YACA_KEY_IV_256BIT = 256, /**< 256-bit IV */ + YACA_KEY_IV_UNSAFE_24BIT = 24, + YACA_KEY_IV_64BIT = 64, + YACA_KEY_IV_128BIT = 128, + YACA_KEY_IV_256BIT = 256, YACA_KEY_UNSAFE_8BIT = 8, YACA_KEY_UNSAFE_40BIT = 40, YACA_KEY_UNSAFE_64BIT = 64, @@ -118,21 +129,27 @@ typedef enum { } yaca_key_bits_e; /** - * @brief Message digest algorithms. + * @brief Enumeration of YACA message digest algorithms. * * @since_tizen 3.0 */ typedef enum { - YACA_DIGEST_MD5, /**< Message digest algorithm MD5 */ - YACA_DIGEST_SHA1, /**< Message digest algorithm SHA1 */ - YACA_DIGEST_SHA224, /**< Message digest algorithm SHA2, 224bit */ - YACA_DIGEST_SHA256, /**< Message digest algorithm SHA2, 256bit */ - YACA_DIGEST_SHA384, /**< Message digest algorithm SHA2, 384bit */ - YACA_DIGEST_SHA512, /**< Message digest algorithm SHA2, 512bit */ + /** Message digest algorithm MD5 */ + YACA_DIGEST_MD5, + /** Message digest algorithm SHA1 */ + YACA_DIGEST_SHA1, + /** Message digest algorithm SHA2, 224bit */ + YACA_DIGEST_SHA224, + /** Message digest algorithm SHA2, 256bit */ + YACA_DIGEST_SHA256, + /** Message digest algorithm SHA2, 384bit */ + YACA_DIGEST_SHA384, + /** Message digest algorithm SHA2, 512bit */ + YACA_DIGEST_SHA512, } yaca_digest_algo_e; /** - * @brief Symmetric encryption algorithms. + * @brief Enumeration of YACA symmetric encryption algorithms. * * @since_tizen 3.0 */ @@ -233,7 +250,7 @@ typedef enum { } yaca_enc_algo_e; /** - * @brief Chaining modes for block ciphers. + * @brief Enumeration of YACA chaining modes for block ciphers. * * @since_tizen 3.0 */ @@ -346,34 +363,43 @@ typedef enum { /** - * @brief Non-standard parameters for algorithms. + * @brief Enumeration of YACA non-standard parameters for algorithms. * * @since_tizen 3.0 */ typedef enum { - YACA_PARAM_PADDING, /**< Padding */ - - YACA_PARAM_GCM_AAD, /**< GCM Additional Authentication Data */ - YACA_PARAM_GCM_TAG, /**< GCM Tag bits */ - YACA_PARAM_GCM_TAG_LEN, /**< GCM Tag length */ - - YACA_PARAM_CCM_AAD, /**< CCM Additional Authentication Data */ - YACA_PARAM_CCM_TAG, /**< CCM Tag bits */ - YACA_PARAM_CCM_TAG_LEN, /**< CCM Tag length */ + /** Padding */ + YACA_PARAM_PADDING, + + /** GCM Additional Authentication Data */ + YACA_PARAM_GCM_AAD, + /** GCM Tag bits */ + YACA_PARAM_GCM_TAG, + /** GCM Tag length */ + YACA_PARAM_GCM_TAG_LEN, + + /** CCM Additional Authentication Data */ + YACA_PARAM_CCM_AAD, + /** CCM Tag bits */ + YACA_PARAM_CCM_TAG, + /** CCM Tag length */ + YACA_PARAM_CCM_TAG_LEN } yaca_ex_param_e; /** - * @brief Paddings supported by Yet Another Crypto API. + * @brief Enumeration of YACA paddings. * * @since_tizen 3.0 */ typedef enum { - YACA_PADDING_NONE = 0, /**< total number of data MUST multiple of block size, Default */ - YACA_PADDING_X931, /**< RSA X9.31 padding*/ - YACA_PADDING_PKCS1, /**< RSA signature/verify operations */ - YACA_PADDING_PKCS1_PSS, /**< RSA signature/verify operations */ - YACA_PADDING_SSLV23, /**< RSA SSLv23 */ - YACA_PADDING_PKCS1_OAEP /**< RSA encrypt/decrypt operations */ + /** The total number of data bytes MUST be a multiple of block size */ + YACA_PADDING_NONE = 0, + /** RSA X9.31 padding */ + YACA_PADDING_X931, + /** RSA signature/verify operations */ + YACA_PADDING_PKCS1, + /** RSA signature/verify operations */ + YACA_PADDING_PKCS1_PSS, } yaca_padding_e; /**@}*/ -- 2.7.4 From 3552a24df04099223eb4061079c3e1dd6c7b6146 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Thu, 2 Jun 2016 09:29:49 +0200 Subject: [PATCH 13/16] ACR: Apply changes from API review part 1 - "bogus" -> "incorrect" - Add missing @see entries for mentioned functions - "recomend" -> "recommend" - Remove EC key type from documentation Change-Id: I311ccb00a099c5c156c97b5821782a57c14e2c98 --- api/yaca/yaca_crypto.h | 15 ++++++++------- api/yaca/yaca_digest.h | 14 ++++++++------ api/yaca/yaca_encrypt.h | 34 ++++++++++++++++++++-------------- api/yaca/yaca_key.h | 17 ++++++++++------- api/yaca/yaca_seal.h | 31 ++++++++++++++++++------------- api/yaca/yaca_sign.h | 40 ++++++++++++++++++++++------------------ api/yaca/yaca_simple.h | 36 ++++++++++++++++++++---------------- 7 files changed, 106 insertions(+), 81 deletions(-) diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h index 1d4a601..3105e34 100644 --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -139,7 +139,7 @@ void yaca_free(void *ptr); * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0) * @retval #YACA_ERROR_INTERNAL Internal error */ int yaca_rand_bytes(char *data, size_t data_len); @@ -157,8 +157,8 @@ int yaca_rand_bytes(char *data, size_t data_len); * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect context, invalid param) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid context or param) * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_ex_param_e @@ -182,13 +182,14 @@ int yaca_ctx_set_param(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context, invalid param) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context or param) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_ex_param_e * @see yaca_ctx_set_param() + * @see yaca_free() */ int yaca_ctx_get_param(const yaca_ctx_h ctx, yaca_ex_param_e param, @@ -220,8 +221,8 @@ void yaca_ctx_free(yaca_ctx_h ctx); * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context, invalid input_len) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context or input_len) * @retval #YACA_ERROR_INTERNAL Internal error */ int yaca_get_output_length(const yaca_ctx_h ctx, size_t input_len, size_t *output_len); diff --git a/api/yaca/yaca_digest.h b/api/yaca/yaca_digest.h index b38ccf8..b599fe1 100644 --- a/api/yaca/yaca_digest.h +++ b/api/yaca/yaca_digest.h @@ -49,14 +49,15 @@ extern "C" { * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_digest_algo_e * @see yaca_digest_update() * @see yaca_digest_final() + * @see yaca_ctx_free() */ int yaca_digest_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo); @@ -71,8 +72,8 @@ int yaca_digest_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo); * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_digest_init() @@ -93,12 +94,13 @@ int yaca_digest_update(yaca_ctx_h ctx, const char *data, size_t data_len); * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_digest_init() * @see yaca_digest_update() + * @see yaca_get_digest_length() */ int yaca_digest_final(yaca_ctx_h ctx, char *digest, size_t *digest_len); diff --git a/api/yaca/yaca_encrypt.h b/api/yaca/yaca_encrypt.h index 7c7cad4..d7a38f2 100644 --- a/api/yaca/yaca_encrypt.h +++ b/api/yaca/yaca_encrypt.h @@ -52,8 +52,8 @@ extern "C" { * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo, bcm, invalid sym_key or iv) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo, bcm, sym_key or iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -61,6 +61,7 @@ extern "C" { * @see #yaca_block_cipher_mode_e * @see yaca_encrypt_update() * @see yaca_encrypt_final() + * @see yaca_ctx_free() */ int yaca_encrypt_init(yaca_ctx_h *ctx, yaca_enc_algo_e algo, @@ -83,12 +84,13 @@ int yaca_encrypt_init(yaca_ctx_h *ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_encrypt_init() * @see yaca_encrypt_final() + * @see yaca_get_output_length() */ int yaca_encrypt_update(yaca_ctx_h ctx, const char *plain, @@ -109,12 +111,13 @@ int yaca_encrypt_update(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_encrypt_init() * @see yaca_encrypt_update() + * @see yaca_get_output_length() */ int yaca_encrypt_final(yaca_ctx_h ctx, char *cipher, @@ -133,8 +136,8 @@ int yaca_encrypt_final(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo, bcm, invalid sym_key or iv) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo, bcm, sym_key or iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -142,6 +145,7 @@ int yaca_encrypt_final(yaca_ctx_h ctx, * @see #yaca_block_cipher_mode_e * @see yaca_decrypt_update() * @see yaca_decrypt_final() + * @see yaca_ctx_free() */ int yaca_decrypt_init(yaca_ctx_h *ctx, yaca_enc_algo_e algo, @@ -164,12 +168,13 @@ int yaca_decrypt_init(yaca_ctx_h *ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_decrypt_init() * @see yaca_decrypt_final() + * @see yaca_get_output_length() */ int yaca_decrypt_update(yaca_ctx_h ctx, const char *cipher, @@ -190,19 +195,20 @@ int yaca_decrypt_update(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_decrypt_init() * @see yaca_decrypt_update() + * @see yaca_get_block_length() */ int yaca_decrypt_final(yaca_ctx_h ctx, char *plain, size_t *plain_len); /** - * @brief Returns the recomended/default length of the IV for a given encryption configuration. + * @brief Returns the recommended/default length of the IV for a given encryption configuration. * * @since_tizen 3.0 * @@ -216,7 +222,7 @@ int yaca_decrypt_final(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, * invalid algo, bcm or key_bits) * @retval #YACA_ERROR_INTERNAL Internal error * diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index c5aca0f..daf55a8 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -104,8 +104,8 @@ int yaca_key_get_bits(const yaca_key_h key, size_t *key_bits); * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect key_type or data_len too big) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid key_type or data_len too big) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_PASSWORD_INVALID Invalid password given or password was required @@ -155,8 +155,8 @@ int yaca_key_import(yaca_key_type_e key_type, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect key formats or data_len too big) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid key/file format or data_len too big) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -212,7 +212,7 @@ int yaca_key_gen(yaca_key_type_e key_type, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT prv_key is of incorrect type or pub_key is NULL + * @retval #YACA_ERROR_INVALID_ARGUMENT prv_key is of invalid type or pub_key is NULL * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -260,10 +260,13 @@ void yaca_key_free(yaca_key_h key); * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect algo or key_bits not dividable by 8) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid algo or key_bits not dividable by 8) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error + * + * @see #yaca_digest_algo_e + * @see yaca_key_free() */ int yaca_key_derive_pbkdf2(const char *password, const char *salt, diff --git a/api/yaca/yaca_seal.h b/api/yaca/yaca_seal.h index beea34d..5bf3f2e 100644 --- a/api/yaca/yaca_seal.h +++ b/api/yaca/yaca_seal.h @@ -61,8 +61,8 @@ extern "C" { * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo, bcm, sym_key_bits, invalid pub_key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo, bcm, sym_key_bits or pub_key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -71,6 +71,7 @@ extern "C" { * @see yaca_seal_update() * @see yaca_seal_final() * @see yaca_key_free() + * @see yaca_ctx_free() */ int yaca_seal_init(yaca_ctx_h *ctx, const yaca_key_h pub_key, @@ -95,12 +96,13 @@ int yaca_seal_init(yaca_ctx_h *ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_seal_init() * @see yaca_seal_final() + * @see yaca_get_output_length() */ int yaca_seal_update(yaca_ctx_h ctx, const char *plain, @@ -121,12 +123,13 @@ int yaca_seal_update(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_seal_init() * @see yaca_seal_update() + * @see yaca_get_block_length() */ int yaca_seal_final(yaca_ctx_h ctx, char *cipher, @@ -148,9 +151,8 @@ int yaca_seal_final(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo, bcm, sym_key_bits, - * invalid prv_key, sym_key or iv) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo, bcm, sym_key_bits, prv_key, sym_key or iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -158,6 +160,7 @@ int yaca_seal_final(yaca_ctx_h ctx, * @see #yaca_block_cipher_mode_e * @see yaca_open_update() * @see yaca_open_final() + * @see yaca_ctx_free() */ int yaca_open_init(yaca_ctx_h *ctx, const yaca_key_h prv_key, @@ -182,12 +185,13 @@ int yaca_open_init(yaca_ctx_h *ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_open_init() * @see yaca_open_final() + * @see yaca_get_output_length() */ int yaca_open_update(yaca_ctx_h ctx, const char *cipher, @@ -208,12 +212,13 @@ int yaca_open_update(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_open_init() * @see yaca_open_update() + * @see yaca_get_block_length() */ int yaca_open_final(yaca_ctx_h ctx, char *plain, diff --git a/api/yaca/yaca_sign.h b/api/yaca/yaca_sign.h index 658eb67..75ef56c 100644 --- a/api/yaca/yaca_sign.h +++ b/api/yaca/yaca_sign.h @@ -54,12 +54,11 @@ extern "C" { * on key type, supported key types: * - #YACA_KEY_TYPE_RSA_PRIV, * - #YACA_KEY_TYPE_DSA_PRIV, - * - #YACA_KEY_TYPE_EC_PRIV * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo, invalid key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo or key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -70,6 +69,7 @@ extern "C" { * @see yaca_verify_init() * @see yaca_verify_update() * @see yaca_verify_final() + * @see yaca_ctx_free() */ int yaca_sign_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo, @@ -91,8 +91,8 @@ int yaca_sign_init(yaca_ctx_h *ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo, invalid key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo or key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -101,6 +101,7 @@ int yaca_sign_init(yaca_ctx_h *ctx, * @see yaca_sign_update() * @see yaca_sign_final() * @see yaca_memcmp() + * @see yaca_ctx_free() */ int yaca_sign_hmac_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo, @@ -122,8 +123,8 @@ int yaca_sign_hmac_init(yaca_ctx_h *ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo, invalid key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo or key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -132,6 +133,7 @@ int yaca_sign_hmac_init(yaca_ctx_h *ctx, * @see yaca_sign_update() * @see yaca_sign_final() * @see yaca_memcmp() + * @see yaca_ctx_free() */ int yaca_sign_cmac_init(yaca_ctx_h *ctx, yaca_enc_algo_e algo, @@ -149,8 +151,8 @@ int yaca_sign_cmac_init(yaca_ctx_h *ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_sign_init() @@ -175,14 +177,15 @@ int yaca_sign_update(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_sign_init() * @see yaca_sign_update() * @see yaca_sign_hmac_init() * @see yaca_sign_cmac_init() + * @see yaca_get_sign_length() */ int yaca_sign_final(yaca_ctx_h ctx, char *signature, @@ -199,12 +202,11 @@ int yaca_sign_final(yaca_ctx_h ctx, * key type, supported key types: * - #YACA_KEY_TYPE_RSA_PUB, * - #YACA_KEY_TYPE_DSA_PUB, - * - #YACA_KEY_TYPE_EC_PUB * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect algo, invalid key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid algo or key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @@ -212,6 +214,7 @@ int yaca_sign_final(yaca_ctx_h ctx, * @see #yaca_digest_algo_e * @see yaca_verify_update() * @see yaca_verify_final() + * @see yaca_ctx_free() */ int yaca_verify_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo, @@ -228,8 +231,8 @@ int yaca_verify_init(yaca_ctx_h *ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * * @see yaca_verify_init() @@ -250,13 +253,14 @@ int yaca_verify_update(yaca_ctx_h ctx, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, - * incorrect context) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, + * invalid context) * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_DATA_MISMATCH The verification failed * * @see yaca_verify_init() * @see yaca_verify_update() + * @see yaca_sign_final() */ int yaca_verify_final(yaca_ctx_h ctx, const char *signature, diff --git a/api/yaca/yaca_simple.h b/api/yaca/yaca_simple.h index 352b138..c72f2d6 100644 --- a/api/yaca/yaca_simple.h +++ b/api/yaca/yaca_simple.h @@ -61,12 +61,13 @@ extern "C" { * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0 - * incorrect algo) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0 + * invalid algo) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_digest_algo_e + * @see yaca_free() */ int yaca_digest_calc(yaca_digest_algo_e algo, const char *data, @@ -91,14 +92,15 @@ int yaca_digest_calc(yaca_digest_algo_e algo, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0 - * incorrect algo, bcm, invalid sym_key, iv) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0 + * invalid algo, bcm, sym_key or iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_enc_algo_e * @see #yaca_block_cipher_mode_e * @see yaca_decrypt() + * @see yaca_free() */ int yaca_encrypt(yaca_enc_algo_e algo, yaca_block_cipher_mode_e bcm, @@ -126,14 +128,15 @@ int yaca_encrypt(yaca_enc_algo_e algo, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0 - * incorrect algo, bcm, invalid sym_key, iv) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0 + * invalid algo, bcm, sym_key or iv) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_enc_algo_e * @see #yaca_block_cipher_mode_e * @see yaca_encrypt() + * @see yaca_free() */ int yaca_decrypt(yaca_enc_algo_e algo, yaca_block_cipher_mode_e bcm, @@ -154,7 +157,6 @@ int yaca_decrypt(yaca_enc_algo_e algo, * deduced based on key type, supported key types: * - #YACA_KEY_TYPE_RSA_PRIV, * - #YACA_KEY_TYPE_DSA_PRIV, - * - #YACA_KEY_TYPE_EC_PRIV * @param[in] data Data to be signed * @param[in] data_len Length of the data * @param[out] signature Message signature, will be allocated by the @@ -163,14 +165,15 @@ int yaca_decrypt(yaca_enc_algo_e algo, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0 - * incorrect algo, invalid key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0 + * invalid algo or key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_key_type_e * @see #yaca_digest_algo_e * @see yaca_verify() + * @see yaca_free() */ int yaca_sign(yaca_digest_algo_e algo, const yaca_key_h key, @@ -189,7 +192,6 @@ int yaca_sign(yaca_digest_algo_e algo, * deduced based on key type, supported key types: * - #YACA_KEY_TYPE_RSA_PUB, * - #YACA_KEY_TYPE_DSA_PUB, - * - #YACA_KEY_TYPE_EC_PUB * @param[in] data Signed data * @param[in] data_len Length of the data * @param[in] signature Message signature @@ -197,8 +199,8 @@ int yaca_sign(yaca_digest_algo_e algo, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0 - * incorrect algo, invalid key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0 + * invalid algo or key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * @retval #YACA_ERROR_DATA_MISMATCH The verification failed @@ -234,14 +236,15 @@ int yaca_verify(yaca_digest_algo_e algo, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0 - * incorrect algo, invalid key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0 + * invalid algo or key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_key_type_e * @see #yaca_digest_algo_e * @see yaca_memcmp() + * @see yaca_free() */ int yaca_hmac(yaca_digest_algo_e algo, const yaca_key_h key, @@ -270,14 +273,15 @@ int yaca_hmac(yaca_digest_algo_e algo, * * @return #YACA_ERROR_NONE on success, negative on error * @retval #YACA_ERROR_NONE Successful - * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have bogus values (NULL, 0 - * incorrect algo, invalid key) + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0 + * invalid algo or key) * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * @retval #YACA_ERROR_INTERNAL Internal error * * @see #yaca_key_type_e * @see #yaca_enc_algo_e * @see yaca_memcmp() + * @see yaca_free() */ int yaca_cmac(yaca_enc_algo_e algo, const yaca_key_h key, -- 2.7.4 From 0290a55204e405abf8d06d14eb35ad7a4d2fcfd4 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Fri, 3 Jun 2016 13:06:47 +0200 Subject: [PATCH 14/16] ACR: Return error codes from all API functions According to HQ Tizen API development Team all API functions must return error codes. Code adjusted. Change-Id: Ie6e80480cad0cf32094e78898575fa6c4af91a5e --- api/yaca/yaca_crypto.h | 52 +++++++++++++++++++++-------- api/yaca/yaca_key.h | 5 ++- examples/encrypt.c | 4 +-- examples/encrypt_aes_gcm_ccm.c | 16 ++++----- examples/key_exchange.c | 6 ++-- examples/misc.c | 12 +++---- examples/seal.c | 4 +-- examples/sign.c | 10 +++--- src/crypto.c | 60 ++++++++++++++++++++++++--------- src/digest.c | 6 ++-- src/encrypt.c | 6 ++-- src/key.c | 75 +++++++++++++++++++----------------------- src/seal.c | 24 ++++++-------- src/sign.c | 30 ++++++++--------- src/simple.c | 36 +++++++++----------- 15 files changed, 190 insertions(+), 156 deletions(-) diff --git a/api/yaca/yaca_crypto.h b/api/yaca/yaca_crypto.h index 3105e34..b342ec0 100644 --- a/api/yaca/yaca_crypto.h +++ b/api/yaca/yaca_crypto.h @@ -66,54 +66,74 @@ int yaca_init(void); * @since_tizen 3.0 * * @see yaca_init() + * + * @return #YACA_ERROR_NONE on success + * @retval #YACA_ERROR_NONE Successful */ -void yaca_exit(void); +int yaca_exit(void); /** * @brief Allocates the memory. * * @since_tizen 3.0 * - * @param[in] size Size of the allocation (bytes) + * @param[in] size Size of the allocation (bytes) + * @param[out] memory Allocated memory * - * @return NULL on failure, pointer to allocated memory otherwise + * @return #YACA_ERROR_NONE on success, negative on error + * @retval #YACA_ERROR_NONE Successful + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0) + * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * * @see yaca_zalloc() * @see yaca_realloc() * @see yaca_free() */ -void *yaca_malloc(size_t size); +int yaca_malloc(size_t size, void **memory); /** * @brief Allocates the zeroed memory. * * @since_tizen 3.0 * - * @param[in] size Size of the allocation (bytes) + * @param[in] size Size of the allocation (bytes) + * @param[out] memory Allocated memory * - * @return NULL on failure, pointer to allocated and zeroed memory otherwise + * @return #YACA_ERROR_NONE on success, negative on error + * @retval #YACA_ERROR_NONE Successful + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0) + * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * * @see yaca_malloc() * @see yaca_realloc() * @see yaca_free() */ -void *yaca_zalloc(size_t size); +int yaca_zalloc(size_t size, void **memory); /** * @brief Re-allocates the memory. * * @since_tizen 3.0 * - * @param[in] addr Address of the memory to be reallocated - * @param[in] size Size of the new allocation (bytes) + * @remarks In case of failure the function doesn't free the memory pointed by @b memory. + * + * @remarks If @b *memory is NULL then the call is equivalent to yaca_malloc(). * - * @return NULL on failure, pointer to allocated memory otherwise + * @remarks If the function fails the contents of @b memory will be left unchanged. + * + * @param[in] size Size of the new allocation (bytes) + * @param[in,out] memory Memory to be reallocated + * + * @return #YACA_ERROR_NONE on success, negative on error + * @retval #YACA_ERROR_NONE Successful + * @retval #YACA_ERROR_INVALID_ARGUMENT Required parameters have incorrect values (NULL, 0) + * @retval #YACA_ERROR_OUT_OF_MEMORY Out of memory error * * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_free() */ -void *yaca_realloc(void *addr, size_t size); +int yaca_realloc(size_t size, void **memory); /** * @brief Frees the memory allocated by yaca_malloc(), yaca_zalloc(), @@ -123,11 +143,14 @@ void *yaca_realloc(void *addr, size_t size); * * @param[in] ptr Pointer to the memory to be freed * + * @return #YACA_ERROR_NONE on success + * @retval #YACA_ERROR_NONE Successful + * * @see yaca_malloc() * @see yaca_zalloc() * @see yaca_realloc() */ -void yaca_free(void *ptr); +int yaca_free(void *ptr); /** * @brief Generates random data. @@ -204,10 +227,13 @@ int yaca_ctx_get_param(const yaca_ctx_h ctx, * * @param[in,out] ctx Crypto context * + * @return #YACA_ERROR_NONE on success + * @retval #YACA_ERROR_NONE Successful + * * @see #yaca_ctx_h * */ -void yaca_ctx_free(yaca_ctx_h ctx); +int yaca_ctx_free(yaca_ctx_h ctx); /** * @brief Returns the output length for a given algorithm. Can only be called diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index daf55a8..8c70a1e 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -229,11 +229,14 @@ int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key); * * @param[in,out] key Key to be freed * + * @return #YACA_ERROR_NONE on success + * @retval #YACA_ERROR_NONE Successful + * * @see yaca_key_import() * @see yaca_key_export() * @see yaca_key_gen() */ -void yaca_key_free(yaca_key_h key); +int yaca_key_free(yaca_key_h key); /**@}*/ diff --git a/examples/encrypt.c b/examples/encrypt.c index b56f364..f4a460a 100644 --- a/examples/encrypt.c +++ b/examples/encrypt.c @@ -121,7 +121,7 @@ void encrypt_advanced(const yaca_enc_algo_e algo, /* Calculate max output: size of update + final chunks */ enc_size = output_len + block_len; - if ((enc = yaca_malloc(enc_size)) == NULL) + if (yaca_malloc(enc_size, (void**)&enc) != YACA_ERROR_NONE) goto exit; out_size = enc_size; @@ -153,7 +153,7 @@ void encrypt_advanced(const yaca_enc_algo_e algo, /* Calculate max output: size of update + final chunks */ dec_size = output_len + block_len; - if ((dec = yaca_malloc(dec_size)) == NULL) + if (yaca_malloc(dec_size, (void**)&dec) != YACA_ERROR_NONE) goto exit; out_size = dec_size; diff --git a/examples/encrypt_aes_gcm_ccm.c b/examples/encrypt_aes_gcm_ccm.c index 08f8e92..11f58e5 100644 --- a/examples/encrypt_aes_gcm_ccm.c +++ b/examples/encrypt_aes_gcm_ccm.c @@ -70,13 +70,13 @@ void encrypt_decrypt_aes_gcm(void) if (yaca_key_gen(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) goto exit; - if ((aad = yaca_zalloc(aad_size)) == NULL) + if (yaca_zalloc(aad_size, (void**)&aad) != YACA_ERROR_NONE) goto exit; if (yaca_rand_bytes(aad, aad_size) != YACA_ERROR_NONE) goto exit; - if ((tag = yaca_zalloc(tag_size)) == NULL) + if (yaca_zalloc(tag_size, (void**)&tag) != YACA_ERROR_NONE) goto exit; /* Encryption */ @@ -96,7 +96,7 @@ void encrypt_decrypt_aes_gcm(void) /* Calculate max output: size of update + final chunks */ enc_size = output_len + block_len; - if ((enc = yaca_malloc(enc_size)) == NULL) + if (yaca_malloc(enc_size, (void**)&enc) != YACA_ERROR_NONE) goto exit; out_size = enc_size; @@ -140,7 +140,7 @@ void encrypt_decrypt_aes_gcm(void) /* Calculate max output: size of update + final chunks */ dec_size = output_len + block_len; - if ((dec = yaca_malloc(dec_size)) == NULL) + if (yaca_malloc(dec_size, (void**)&dec) != YACA_ERROR_NONE) goto exit; out_size = dec_size; @@ -210,13 +210,13 @@ void encrypt_decrypt_aes_ccm(void) if (yaca_key_gen(YACA_KEY_TYPE_IV, iv_bits, &iv) != YACA_ERROR_NONE) goto exit; - if ((aad = yaca_zalloc(aad_size)) == NULL) + if (yaca_zalloc(aad_size, (void**)&aad) != YACA_ERROR_NONE) goto exit; if (yaca_rand_bytes(aad, aad_size) != YACA_ERROR_NONE) goto exit; - if ((tag = yaca_zalloc(tag_size)) == NULL) + if (yaca_zalloc(tag_size, (void**)&tag) != YACA_ERROR_NONE) goto exit; /* Encryption */ @@ -244,7 +244,7 @@ void encrypt_decrypt_aes_ccm(void) /* Calculate max output: size of update + final chunks */ enc_size = output_len + block_len; - if ((enc = yaca_malloc(enc_size)) == NULL) + if (yaca_malloc(enc_size, (void**)&enc) != YACA_ERROR_NONE) goto exit; out_size = enc_size; @@ -291,7 +291,7 @@ void encrypt_decrypt_aes_ccm(void) /* Calculate max output: size of update + final chunks */ dec_size = output_len + block_len; - if ((dec = yaca_malloc(dec_size)) == NULL) + if (yaca_malloc(dec_size, (void**)&dec) != YACA_ERROR_NONE) goto exit; out_size = dec_size; diff --git a/examples/key_exchange.c b/examples/key_exchange.c index 3bc8e32..7a3ee5c 100644 --- a/examples/key_exchange.c +++ b/examples/key_exchange.c @@ -64,8 +64,7 @@ void key_exchange_dh(void) rewind(fp); /* allocate memory for entire content */ - buffer = yaca_malloc(size+1); - if (buffer == NULL) + if (yaca_malloc(size + 1, (void**)&buffer) != YACA_ERROR_NONE) goto exit; /* copy the file into the buffer */ @@ -127,8 +126,7 @@ void key_exchange_ecdh(void) rewind(fp); /* allocate memory for entire content */ - buffer = yaca_malloc(size+1); - if (buffer == NULL) + if (yaca_malloc(size + 1, (void**)&buffer) != YACA_ERROR_NONE) goto exit; /* copy the file into the buffer */ diff --git a/examples/misc.c b/examples/misc.c index 04e30fd..5a121a8 100644 --- a/examples/misc.c +++ b/examples/misc.c @@ -30,6 +30,7 @@ #include #include +#include #include "misc.h" @@ -92,18 +93,15 @@ int read_file(const char *path, char **data, size_t *data_len) if (read > 0) { if (buf == NULL) { - buf = yaca_malloc(read); - if (buf == NULL) { + if (yaca_malloc(read, (void**)&buf) != YACA_ERROR_NONE) { ret = -1; break; } } else { - char *new_buf = yaca_realloc(buf, buf_len + read); - if (new_buf == NULL) { + if (yaca_realloc(buf_len + read, (void**)&buf) != YACA_ERROR_NONE) { ret = -1; break; } - buf = new_buf; } memcpy(buf + buf_len, tmp, read); @@ -132,7 +130,6 @@ int read_file(const char *path, char **data, size_t *data_len) int read_stdin_line(const char *prompt, char **string) { char *buf = NULL; - char *ret; size_t size; ssize_t read; @@ -145,8 +142,7 @@ int read_stdin_line(const char *prompt, char **string) return -1; } - ret = yaca_realloc(buf, read); - if (ret == NULL) { + if (yaca_realloc(read, (void**)&buf) != YACA_ERROR_NONE) { free(buf); return -1; } diff --git a/examples/seal.c b/examples/seal.c index 23d8400..db5ab36 100644 --- a/examples/seal.c +++ b/examples/seal.c @@ -75,7 +75,7 @@ void encrypt_seal(void) /* Calculate max output: size of update + final chunks */ enc_size = output_len + block_len; - if ((enc = yaca_malloc(enc_size)) == NULL) + if (yaca_malloc(enc_size, (void**)&enc) != YACA_ERROR_NONE) goto exit; /* Seal and finalize */ @@ -108,7 +108,7 @@ void encrypt_seal(void) /* Calculate max output: size of update + final chunks */ dec_size = output_len + block_len; - if ((dec = yaca_malloc(dec_size)) == NULL) + if (yaca_malloc(dec_size, (void**)&dec) != YACA_ERROR_NONE) goto exit; /* Open and finalize */ diff --git a/examples/sign.c b/examples/sign.c index 111f704..e4c2a6f 100644 --- a/examples/sign.c +++ b/examples/sign.c @@ -195,7 +195,7 @@ void sign_verify_asym(yaca_key_type_e type, const char *algo) if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) goto exit; - if ((signature = yaca_malloc(signature_len)) == NULL) + if (yaca_malloc(signature_len, (void**)&signature) != YACA_ERROR_NONE) goto exit; if (yaca_sign_final(ctx, signature, &signature_len) != YACA_ERROR_NONE) @@ -252,7 +252,7 @@ void sign_verify_hmac(void) if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) goto exit; - if ((signature1 = yaca_malloc(signature_len)) == NULL) + if (yaca_malloc(signature_len, (void**)&signature1) != YACA_ERROR_NONE) goto exit; if (yaca_sign_final(ctx, signature1, &signature_len) != YACA_ERROR_NONE) @@ -274,7 +274,7 @@ void sign_verify_hmac(void) if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) goto exit; - if ((signature2 = yaca_malloc(signature_len)) == NULL) + if (yaca_malloc(signature_len, (void**)&signature2) != YACA_ERROR_NONE) goto exit; if (yaca_sign_final(ctx, signature2, &signature_len) != YACA_ERROR_NONE) @@ -315,7 +315,7 @@ void sign_verify_cmac(void) if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) goto exit; - if ((signature1 = yaca_malloc(signature_len)) == NULL) + if (yaca_malloc(signature_len, (void**)&signature1) != YACA_ERROR_NONE) goto exit; if (yaca_sign_final(ctx, signature1, &signature_len)) @@ -337,7 +337,7 @@ void sign_verify_cmac(void) if (yaca_get_sign_length(ctx, &signature_len) != YACA_ERROR_NONE) goto exit; - if ((signature2 = yaca_malloc(signature_len)) == NULL) + if (yaca_malloc(signature_len, (void**)&signature2) != YACA_ERROR_NONE) goto exit; if (yaca_sign_final(ctx, signature2, &signature_len)) diff --git a/src/crypto.c b/src/crypto.c index 57c7371..79ead7a 100644 --- a/src/crypto.c +++ b/src/crypto.c @@ -70,6 +70,7 @@ static void destroy_mutexes(int count) API int yaca_init(void) { + int ret; if (mutexes != NULL) return YACA_ERROR_INTERNAL; // TODO introduce new one? @@ -93,9 +94,9 @@ API int yaca_init(void) OpenSSL_add_all_ciphers(); /* enable threads support */ - mutexes = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t)); - if (mutexes == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_malloc(CRYPTO_num_locks() * sizeof(pthread_mutex_t), (void**)&mutexes); + if (ret != YACA_ERROR_NONE) + return ret; for (int i = 0; i < CRYPTO_num_locks(); i++) { if (pthread_mutex_init(&mutexes[i], NULL) != 0) { @@ -130,7 +131,7 @@ API int yaca_init(void) return YACA_ERROR_NONE; } -API void yaca_exit(void) +API int yaca_exit(void) { ERR_free_strings(); ERR_remove_thread_state(NULL); @@ -143,29 +144,56 @@ API void yaca_exit(void) CRYPTO_set_locking_callback(NULL); destroy_mutexes(CRYPTO_num_locks()); + + return YACA_ERROR_NONE; } -API void *yaca_malloc(size_t size) +API int yaca_malloc(size_t size, void **memory) { - return OPENSSL_malloc(size); + if (size == 0 || memory == NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + *memory = OPENSSL_malloc(size); + if (*memory == NULL) { + ERROR_DUMP(YACA_ERROR_OUT_OF_MEMORY); + return YACA_ERROR_OUT_OF_MEMORY; + } + + return YACA_ERROR_NONE; } -API void *yaca_zalloc(size_t size) +API int yaca_zalloc(size_t size, void **memory) { - void *blob = OPENSSL_malloc(size); - if (blob != NULL) - memset(blob, 0, size); - return blob; + int ret = yaca_malloc(size, memory); + if (ret != YACA_ERROR_NONE) + return ret; + + memset(*memory, 0, size); + + return YACA_ERROR_NONE; } -API void *yaca_realloc(void *addr, size_t size) +API int yaca_realloc(size_t size, void **memory) { - return OPENSSL_realloc(addr, size); + if (size == 0 || memory == NULL) + return YACA_ERROR_INVALID_ARGUMENT; + + void *tmp = OPENSSL_realloc(*memory, size); + if (tmp == NULL) { + ERROR_DUMP(YACA_ERROR_OUT_OF_MEMORY); + return YACA_ERROR_OUT_OF_MEMORY; + } + + *memory = tmp; + + return YACA_ERROR_NONE; } -API void yaca_free(void *ptr) +API int yaca_free(void *ptr) { OPENSSL_free(ptr); + + return YACA_ERROR_NONE; } API int yaca_rand_bytes(char *data, size_t data_len) @@ -203,13 +231,15 @@ API int yaca_ctx_get_param(const yaca_ctx_h ctx, yaca_ex_param_e param, return ctx->get_param(ctx, param, value, value_len); } -API void yaca_ctx_free(yaca_ctx_h ctx) +API int yaca_ctx_free(yaca_ctx_h ctx) { if (ctx != YACA_CTX_NULL) { assert(ctx->ctx_destroy != NULL); ctx->ctx_destroy(ctx); yaca_free(ctx); } + + return YACA_ERROR_NONE; } API int yaca_get_output_length(const yaca_ctx_h ctx, size_t input_len, size_t *output_len) diff --git a/src/digest.c b/src/digest.c index 7a19e4a..d36ce67 100644 --- a/src/digest.c +++ b/src/digest.c @@ -122,9 +122,9 @@ API int yaca_digest_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo) if (ctx == NULL) return YACA_ERROR_INVALID_ARGUMENT; - nc = yaca_zalloc(sizeof(struct yaca_digest_ctx_s)); - if (nc == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_digest_ctx_s), (void**)&nc); + if (ret != YACA_ERROR_NONE) + return ret; nc->ctx.type = YACA_CTX_DIGEST; nc->ctx.ctx_destroy = destroy_digest_context; diff --git a/src/encrypt.c b/src/encrypt.c index d56aad1..ab623f9 100644 --- a/src/encrypt.c +++ b/src/encrypt.c @@ -327,9 +327,9 @@ static int encrypt_init(yaca_ctx_h *ctx, if (lkey == NULL) return YACA_ERROR_INVALID_ARGUMENT; - nc = yaca_zalloc(sizeof(struct yaca_encrypt_ctx_s)); - if (nc == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_encrypt_ctx_s), (void**)&nc); + if (ret != YACA_ERROR_NONE) + return ret; nc->ctx.type = YACA_CTX_ENCRYPT; nc->ctx.ctx_destroy = destroy_encrypt_ctx; diff --git a/src/key.c b/src/key.c index 7a6c043..7f7a605 100644 --- a/src/key.c +++ b/src/key.c @@ -219,11 +219,9 @@ int import_simple(yaca_key_h *key, } } - nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_data_len); - if (nk == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_data_len, (void**)&nk); + if (ret != YACA_ERROR_NONE) goto exit; - } memcpy(nk->d, key_data, key_data_len); nk->bits = key_data_len * 8; @@ -381,11 +379,9 @@ int import_evp(yaca_key_h *key, goto exit; } - nk = yaca_zalloc(sizeof(struct yaca_key_evp_s)); - if (nk == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_evp_s), (void**)&nk); + if (ret != YACA_ERROR_NONE) goto exit; - } nk->evp = pkey; *key = (yaca_key_h)nk; @@ -404,17 +400,16 @@ int export_simple_raw(struct yaca_key_simple_s *simple_key, char **data, size_t *data_len) { + int ret; assert(simple_key != NULL); assert(data != NULL); assert(data_len != NULL); size_t key_len = simple_key->bits / 8; - *data = yaca_malloc(key_len); - if (*data == NULL) { - ERROR_DUMP(YACA_ERROR_OUT_OF_MEMORY); - return YACA_ERROR_OUT_OF_MEMORY; - } + ret = yaca_malloc(key_len, (void**)data); + if (ret != YACA_ERROR_NONE) + return ret; memcpy(*data, simple_key->d, key_len); *data_len = key_len; @@ -475,12 +470,9 @@ int export_simple_base64(struct yaca_key_simple_s *simple_key, goto exit; } - *data = yaca_malloc(bio_data_len); - if (*data == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; - ERROR_DUMP(ret); + ret = yaca_malloc(bio_data_len, (void**)data); + if (ret != YACA_ERROR_NONE) goto exit; - } memcpy(*data, bio_data, bio_data_len); *data_len = bio_data_len; @@ -697,12 +689,9 @@ int export_evp(struct yaca_key_evp_s *evp_key, goto exit; } - *data = yaca_malloc(bio_data_len); - if (*data == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; - ERROR_DUMP(ret); + ret = yaca_malloc(bio_data_len, (void**)data); + if (ret != YACA_ERROR_NONE) goto exit; - } memcpy(*data, bio_data, bio_data_len); *data_len = bio_data_len; @@ -722,9 +711,9 @@ int gen_simple(struct yaca_key_simple_s **out, size_t key_bits) struct yaca_key_simple_s *nk; size_t key_byte_len = key_bits / 8; - nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len); - if (nk == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len, (void**)&nk); + if (ret != YACA_ERROR_NONE) + return ret; nk->bits = key_bits; @@ -749,9 +738,9 @@ int gen_simple_des(struct yaca_key_simple_s **out, size_t key_bits) struct yaca_key_simple_s *nk; size_t key_byte_len = key_bits / 8; - nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len); - if (nk == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len, (void**)&nk); + if (ret != YACA_ERROR_NONE) + return ret; DES_cblock *des_key = (DES_cblock*)nk->d; if (key_byte_len >= 8) { @@ -802,9 +791,9 @@ int gen_evp_rsa(struct yaca_key_evp_s **out, size_t key_bits) EVP_PKEY_CTX *ctx; EVP_PKEY *pkey = NULL; - nk = yaca_zalloc(sizeof(struct yaca_key_evp_s)); - if (nk == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_evp_s), (void**)&nk); + if (ret != YACA_ERROR_NONE) + return ret; ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); if (ctx == NULL) { @@ -865,9 +854,9 @@ int gen_evp_dsa(struct yaca_key_evp_s **out, size_t key_bits) EVP_PKEY *pkey = NULL; EVP_PKEY *params = NULL; - nk = yaca_zalloc(sizeof(struct yaca_key_evp_s)); - if (nk == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_evp_s), (void**)&nk); + if (ret != YACA_ERROR_NONE) + return ret; pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_DSA, NULL); if (pctx == NULL) { @@ -1152,9 +1141,9 @@ API int yaca_key_extract_public(const yaca_key_h prv_key, yaca_key_h *pub_key) if (prv_key == YACA_KEY_NULL || evp_key == NULL || pub_key == NULL) return YACA_ERROR_INVALID_ARGUMENT; - nk = yaca_zalloc(sizeof(struct yaca_key_evp_s)); - if (nk == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_evp_s), (void**)&nk); + if (ret != YACA_ERROR_NONE) + return ret; mem = BIO_new(BIO_s_mem()); if (mem == NULL) { @@ -1209,7 +1198,7 @@ exit: return ret; } -API void yaca_key_free(yaca_key_h key) +API int yaca_key_free(yaca_key_h key) { struct yaca_key_simple_s *simple_key = key_get_simple(key); struct yaca_key_evp_s *evp_key = key_get_evp(key); @@ -1221,6 +1210,8 @@ API void yaca_key_free(yaca_key_h key) EVP_PKEY_free(evp_key->evp); yaca_free(evp_key); } + + return YACA_ERROR_NONE; } API int yaca_key_derive_pbkdf2(const char *password, @@ -1247,9 +1238,9 @@ API int yaca_key_derive_pbkdf2(const char *password, if (ret != YACA_ERROR_NONE) return ret; - nk = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len); - if (nk == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + key_byte_len, (void**)&nk); + if (ret != YACA_ERROR_NONE) + return ret; nk->bits = key_bits; nk->key.type = YACA_KEY_TYPE_SYMMETRIC; // TODO: how to handle other keys? diff --git a/src/seal.c b/src/seal.c index 7dd3ba8..aab049b 100644 --- a/src/seal.c +++ b/src/seal.c @@ -124,9 +124,9 @@ static int seal_init(yaca_ctx_h *ctx, lpub = key_get_evp(pub_key); assert(lpub); - nc = yaca_zalloc(sizeof(struct yaca_seal_ctx_s)); - if (nc == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_seal_ctx_s), (void**)&nc); + if (ret != YACA_ERROR_NONE) + return ret; nc->ctx.type = YACA_CTX_SEAL; nc->ctx.ctx_destroy = destroy_seal_ctx; @@ -148,11 +148,9 @@ static int seal_init(yaca_ctx_h *ctx, } pub_key_length = ret; - lkey = yaca_zalloc(sizeof(struct yaca_key_simple_s) + pub_key_length); - if (lkey == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + pub_key_length, (void**)&lkey); + if (ret != YACA_ERROR_NONE) goto exit; - } key_data = (unsigned char*)lkey->d; ret = encrypt_get_algorithm(algo, bcm, sym_key_bits, &cipher); @@ -168,11 +166,9 @@ static int seal_init(yaca_ctx_h *ctx, iv_length = ret; if (iv_length > 0) { - liv = yaca_zalloc(sizeof(struct yaca_key_simple_s) + iv_length); - if (liv == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_key_simple_s) + iv_length, (void**)&liv); + if (ret != YACA_ERROR_NONE) goto exit; - } iv_data = (unsigned char*)liv->d; } @@ -245,9 +241,9 @@ static int open_init(yaca_ctx_h *ctx, if (lkey == NULL || lkey->key.type != YACA_KEY_TYPE_SYMMETRIC) return YACA_ERROR_INVALID_ARGUMENT; - nc = yaca_zalloc(sizeof(struct yaca_seal_ctx_s)); - if (nc == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_seal_ctx_s), (void**)&nc); + if (ret != YACA_ERROR_NONE) + return ret; nc->ctx.type = YACA_CTX_SEAL; nc->ctx.ctx_destroy = destroy_seal_ctx; diff --git a/src/sign.c b/src/sign.c index 54ad806..2d8046d 100644 --- a/src/sign.c +++ b/src/sign.c @@ -223,9 +223,9 @@ int get_sign_param(const yaca_ctx_h ctx, return ret; } - *value = yaca_malloc(sizeof(yaca_padding_e)); - if (*value == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_malloc(sizeof(yaca_padding_e), value); + if (ret != YACA_ERROR_NONE) + return ret; memcpy(*value, &padding, sizeof(yaca_padding_e)); *value_len = sizeof(yaca_padding_e); @@ -255,9 +255,9 @@ API int yaca_sign_init(yaca_ctx_h *ctx, return YACA_ERROR_INVALID_ARGUMENT; } - nc = yaca_zalloc(sizeof(struct yaca_sign_ctx_s)); - if (nc == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_sign_ctx_s), (void**)&nc); + if (ret != YACA_ERROR_NONE) + return ret; nc->op_type = OP_SIGN; nc->ctx.type = YACA_CTX_SIGN; @@ -308,9 +308,9 @@ API int yaca_sign_hmac_init(yaca_ctx_h *ctx, (key->type != YACA_KEY_TYPE_SYMMETRIC && key->type != YACA_KEY_TYPE_DES)) return YACA_ERROR_INVALID_ARGUMENT; - nc = yaca_zalloc(sizeof(struct yaca_sign_ctx_s)); - if (nc == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_sign_ctx_s), (void**)&nc); + if (ret != YACA_ERROR_NONE) + return ret; nc->op_type = OP_SIGN; nc->ctx.type = YACA_CTX_SIGN; @@ -373,9 +373,9 @@ API int yaca_sign_cmac_init(yaca_ctx_h *ctx, (key->type != YACA_KEY_TYPE_SYMMETRIC && key->type != YACA_KEY_TYPE_DES)) return YACA_ERROR_INVALID_ARGUMENT; - nc = yaca_zalloc(sizeof(struct yaca_sign_ctx_s)); - if (nc == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_sign_ctx_s), (void**)&nc); + if (ret != YACA_ERROR_NONE) + return ret; nc->op_type = OP_SIGN; nc->ctx.type = YACA_CTX_SIGN; @@ -507,9 +507,9 @@ API int yaca_verify_init(yaca_ctx_h *ctx, return YACA_ERROR_INVALID_ARGUMENT; } - nc = yaca_zalloc(sizeof(struct yaca_sign_ctx_s)); - if (nc == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_zalloc(sizeof(struct yaca_sign_ctx_s), (void**)&nc); + if (ret != YACA_ERROR_NONE) + return ret; nc->op_type = OP_VERIFY; nc->ctx.type = YACA_CTX_SIGN; diff --git a/src/simple.c b/src/simple.c index e3196aa..889e858 100644 --- a/src/simple.c +++ b/src/simple.c @@ -59,8 +59,8 @@ API int yaca_digest_calc(yaca_digest_algo_e algo, if (ret != YACA_ERROR_NONE) goto exit; - ldigest = yaca_malloc(ldigest_len); - if (ldigest == NULL) + ret = yaca_malloc(ldigest_len, (void**)&ldigest); + if (ret != YACA_ERROR_NONE) goto exit; ret = yaca_digest_final(ctx, ldigest, &ldigest_len); @@ -90,7 +90,6 @@ API int yaca_encrypt(yaca_enc_algo_e algo, yaca_ctx_h ctx; int ret; char *lcipher = NULL; - char *rcipher = NULL; size_t out_len, lcipher_len, written; if (plain == NULL || plain_len == 0 || cipher == NULL || cipher_len == NULL || @@ -116,8 +115,8 @@ API int yaca_encrypt(yaca_enc_algo_e algo, lcipher_len += out_len; - lcipher = yaca_malloc(lcipher_len); - if (lcipher == NULL) + ret = yaca_malloc(lcipher_len, (void**)&lcipher); + if (ret != YACA_ERROR_NONE) goto exit; out_len = lcipher_len; @@ -136,13 +135,11 @@ API int yaca_encrypt(yaca_enc_algo_e algo, written += out_len; assert(written <= lcipher_len); - rcipher = yaca_realloc(lcipher, written); - if (rcipher == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_realloc(written, (void**)&lcipher); + if (ret != YACA_ERROR_NONE) goto exit; - } - *cipher = rcipher; + *cipher = lcipher; *cipher_len = written; lcipher = NULL; ret = YACA_ERROR_NONE; @@ -166,7 +163,6 @@ API int yaca_decrypt(yaca_enc_algo_e algo, yaca_ctx_h ctx; int ret; char *lplain = NULL; - char *rplain = NULL; size_t out_len, lplain_len, written; if (cipher == NULL || cipher_len == 0 || plain == NULL || plain_len == NULL || @@ -192,8 +188,8 @@ API int yaca_decrypt(yaca_enc_algo_e algo, lplain_len += out_len; - lplain = yaca_malloc(lplain_len); - if (lplain == NULL) + ret = yaca_malloc(lplain_len, (void**)&lplain); + if (ret != YACA_ERROR_NONE) goto exit; out_len = lplain_len; @@ -212,13 +208,11 @@ API int yaca_decrypt(yaca_enc_algo_e algo, written += out_len; assert(written <= lplain_len); - rplain = yaca_realloc(lplain, written); - if (rplain == NULL) { - ret = YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_realloc(written, (void**)&lplain); + if (ret != YACA_ERROR_NONE) goto exit; - } - *plain = rplain; + *plain = lplain; *plain_len = written; lplain = NULL; ret = YACA_ERROR_NONE; @@ -246,9 +240,9 @@ static int sign(const yaca_ctx_h ctx, const char *data, size_t data_len, if (ret != YACA_ERROR_NONE) return ret; - *signature = yaca_malloc(*signature_len); - if (signature == NULL) - return YACA_ERROR_OUT_OF_MEMORY; + ret = yaca_malloc(*signature_len, (void**)signature); + if (ret != YACA_ERROR_NONE) + return ret; ret = yaca_sign_final(ctx, *signature, signature_len); if (ret != YACA_ERROR_NONE) { -- 2.7.4 From a34409b7942bc74329d3cd24b3b03b5c54c42829 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Fri, 3 Jun 2016 13:14:56 +0200 Subject: [PATCH 15/16] Simplify memory allocation in read_file Change-Id: Ia3cc7dd2d04fb4279ec3cc60c5858f84ace20daa --- examples/misc.c | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/examples/misc.c b/examples/misc.c index 5a121a8..693044d 100644 --- a/examples/misc.c +++ b/examples/misc.c @@ -92,16 +92,9 @@ int read_file(const char *path, char **data, size_t *data_len) size_t read = fread(tmp, 1, BUF_SIZE, f); if (read > 0) { - if (buf == NULL) { - if (yaca_malloc(read, (void**)&buf) != YACA_ERROR_NONE) { - ret = -1; - break; - } - } else { - if (yaca_realloc(buf_len + read, (void**)&buf) != YACA_ERROR_NONE) { - ret = -1; - break; - } + if (yaca_realloc(buf_len + read, (void**)&buf) != YACA_ERROR_NONE) { + ret = -1; + break; } memcpy(buf + buf_len, tmp, read); -- 2.7.4 From cd70af649c4cacb5e33fed26731f9a5c4244bac2 Mon Sep 17 00:00:00 2001 From: Krzysztof Jackiewicz Date: Fri, 3 Jun 2016 13:24:32 +0200 Subject: [PATCH 16/16] ACR: Each paragraph needs a separate @remarks command Change-Id: I05ee6ceef9db355a8e6fc01f1b9c801518a7f343 --- api/yaca/yaca_key.h | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/api/yaca/yaca_key.h b/api/yaca/yaca_key.h index 8c70a1e..32fd671 100644 --- a/api/yaca/yaca_key.h +++ b/api/yaca/yaca_key.h @@ -83,16 +83,16 @@ int yaca_key_get_bits(const yaca_key_h key, size_t *key_bits); * @remarks This function imports a key trying to match it to the key_type specified. * It should autodetect both the key format and the file format. * - * For symmetric, IV and DES keys RAW binary format and BASE64 encoded + * @remarks For symmetric, IV and DES keys RAW binary format and BASE64 encoded * binary format are supported. * For asymmetric keys PEM and DER file formats are supported. * - * Asymmetric keys can be in PKCS#1 or SSleay key formats (for RSA and + * @remarks Asymmetric keys can be in PKCS#1 or SSleay key formats (for RSA and * DSA respectively). Asymmetric private keys can also be in PKCS#8 * format. Additionally it is possible to import public RSA key from * X509 certificate. * - * If the key is encrypted the algorithm will be autodetected and password + * @remarks If the key is encrypted the algorithm will be autodetected and password * used. If it's not known if the key is encrypted one should pass NULL as * password and check for the #YACA_ERROR_PASSWORD_INVALID return code. * @@ -126,24 +126,25 @@ int yaca_key_import(yaca_key_type_e key_type, * * @since_tizen 3.0 * - * @remarks This function exports the key to an arbitrary key format and key file format. + * @remarks This function exports the key to an arbitrary key format and key file format. * - * For key formats two values are allowed: - * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric keys (or IV), - * for asymmetric keys it will choose PKCS#1 for RSA and SSLeay for DSA. - * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. + * @remarks For key formats two values are allowed: + * - #YACA_KEY_FORMAT_DEFAULT: this is the only option possible in case of symmetric + * keys (or IV), for asymmetric keys it will choose PKCS#1 + * for RSA and SSLeay for DSA. + * - #YACA_KEY_FORMAT_PKCS8: this will only work for private asymmetric keys. * - * The following file formats are supported: - * - #YACA_KEY_FILE_FORMAT_RAW: used only for symmetric, raw binary format - * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form - * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format - * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format + * @remarks The following file formats are supported: + * - #YACA_KEY_FILE_FORMAT_RAW: used only for symmetric, raw binary format + * - #YACA_KEY_FILE_FORMAT_BASE64: used only for symmetric, BASE64 encoded binary form + * - #YACA_KEY_FILE_FORMAT_PEM: used only for asymmetric, PEM file format + * - #YACA_KEY_FILE_FORMAT_DER: used only for asymmetric, DER file format * - * If no password is provided the exported key will be unencrypted. Only private - * RSA/DSA exported as PEM can be encrypted. + * @remarks If no password is provided the exported key will be unencrypted. Only private + * RSA/DSA exported as PEM can be encrypted. * - * TODO:document the default encryption algorithm (AES256 for FORMAT_DEFAULT, - * unknown yet for the FORMAT_PKCS8). + * @remarks TODO:document the default encryption algorithm (AES256 for FORMAT_DEFAULT, + * unknown yet for the FORMAT_PKCS8). * * @param[in] key Key to be exported * @param[in] key_fmt Format of the key -- 2.7.4