From 957b11334a7afb14537322f0e4795b2e368b3f59 Mon Sep 17 00:00:00 2001 From: beck <> Date: Sun, 29 Jan 2017 17:49:23 +0000 Subject: Send the function codes from the error functions to the bit bucket, as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@ --- src/lib/libcrypto/ts/ts_asn1.c | 17 +++++----- src/lib/libcrypto/ts/ts_conf.c | 5 ++- src/lib/libcrypto/ts/ts_err.c | 54 ++----------------------------- src/lib/libcrypto/ts/ts_req_utils.c | 10 +++--- src/lib/libcrypto/ts/ts_rsp_sign.c | 62 +++++++++++++++++------------------- src/lib/libcrypto/ts/ts_rsp_utils.c | 26 +++++++-------- src/lib/libcrypto/ts/ts_rsp_verify.c | 42 ++++++++++++------------ src/lib/libcrypto/ts/ts_verify_ctx.c | 4 +-- 8 files changed, 81 insertions(+), 139 deletions(-) (limited to 'src/lib/libcrypto/ts') diff --git a/src/lib/libcrypto/ts/ts_asn1.c b/src/lib/libcrypto/ts/ts_asn1.c index 49232d8073..bc89f1368a 100644 --- a/src/lib/libcrypto/ts/ts_asn1.c +++ b/src/lib/libcrypto/ts/ts_asn1.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_asn1.c,v 1.10 2016/11/04 18:35:30 jsing Exp $ */ +/* $OpenBSD: ts_asn1.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */ /* Written by Nils Larsch for the OpenSSL project 2004. */ /* ==================================================================== @@ -541,19 +541,18 @@ ts_resp_set_tst_info(TS_RESP *a) if (a->token) { if (status != 0 && status != 1) { - TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_PRESENT); + TSerror(TS_R_TOKEN_PRESENT); return 0; } if (a->tst_info != NULL) TS_TST_INFO_free(a->tst_info); a->tst_info = PKCS7_to_TS_TST_INFO(a->token); if (!a->tst_info) { - TSerr(TS_F_TS_RESP_SET_TST_INFO, - TS_R_PKCS7_TO_TS_TST_INFO_FAILED); + TSerror(TS_R_PKCS7_TO_TS_TST_INFO_FAILED); return 0; } } else if (status == 0 || status == 1) { - TSerr(TS_F_TS_RESP_SET_TST_INFO, TS_R_TOKEN_NOT_PRESENT); + TSerror(TS_R_TOKEN_NOT_PRESENT); return 0; } @@ -858,13 +857,13 @@ PKCS7_to_TS_TST_INFO(PKCS7 *token) const unsigned char *p; if (!PKCS7_type_is_signed(token)) { - TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); + TSerror(TS_R_BAD_PKCS7_TYPE); return NULL; } /* Content must be present. */ if (PKCS7_get_detached(token)) { - TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_DETACHED_CONTENT); + TSerror(TS_R_DETACHED_CONTENT); return NULL; } @@ -872,14 +871,14 @@ PKCS7_to_TS_TST_INFO(PKCS7 *token) pkcs7_signed = token->d.sign; enveloped = pkcs7_signed->contents; if (OBJ_obj2nid(enveloped->type) != NID_id_smime_ct_TSTInfo) { - TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_PKCS7_TYPE); + TSerror(TS_R_BAD_PKCS7_TYPE); return NULL; } /* We have a DER encoded TST_INFO as the signed data. */ tst_info_wrapper = enveloped->d.other; if (tst_info_wrapper->type != V_ASN1_OCTET_STRING) { - TSerr(TS_F_PKCS7_TO_TS_TST_INFO, TS_R_BAD_TYPE); + TSerror(TS_R_BAD_TYPE); return NULL; } diff --git a/src/lib/libcrypto/ts/ts_conf.c b/src/lib/libcrypto/ts/ts_conf.c index bb98a6ff4c..c223aa3d46 100644 --- a/src/lib/libcrypto/ts/ts_conf.c +++ b/src/lib/libcrypto/ts/ts_conf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_conf.c,v 1.9 2015/02/11 03:19:37 doug Exp $ */ +/* $OpenBSD: ts_conf.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -245,8 +245,7 @@ TS_CONF_set_default_engine(const char *name) err: if (!ret) { - TSerr(TS_F_TS_CONF_SET_DEFAULT_ENGINE, - TS_R_COULD_NOT_SET_ENGINE); + TSerror(TS_R_COULD_NOT_SET_ENGINE); ERR_asprintf_error_data("engine:%s", name); } if (e) diff --git a/src/lib/libcrypto/ts/ts_err.c b/src/lib/libcrypto/ts/ts_err.c index f71be883f8..4b89909384 100644 --- a/src/lib/libcrypto/ts/ts_err.c +++ b/src/lib/libcrypto/ts/ts_err.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_err.c,v 1.4 2014/07/10 22:45:58 jsing Exp $ */ +/* $OpenBSD: ts_err.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ /* ==================================================================== * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. * @@ -72,57 +72,7 @@ #define ERR_REASON(reason) ERR_PACK(ERR_LIB_TS,0,reason) static ERR_STRING_DATA TS_str_functs[] = { - {ERR_FUNC(TS_F_D2I_TS_RESP), "d2i_TS_RESP"}, - {ERR_FUNC(TS_F_DEF_SERIAL_CB), "DEF_SERIAL_CB"}, - {ERR_FUNC(TS_F_DEF_TIME_CB), "DEF_TIME_CB"}, - {ERR_FUNC(TS_F_ESS_ADD_SIGNING_CERT), "ESS_ADD_SIGNING_CERT"}, - {ERR_FUNC(TS_F_ESS_CERT_ID_NEW_INIT), "ESS_CERT_ID_NEW_INIT"}, - {ERR_FUNC(TS_F_ESS_SIGNING_CERT_NEW_INIT), "ESS_SIGNING_CERT_NEW_INIT"}, - {ERR_FUNC(TS_F_INT_TS_RESP_VERIFY_TOKEN), "INT_TS_RESP_VERIFY_TOKEN"}, - {ERR_FUNC(TS_F_PKCS7_TO_TS_TST_INFO), "PKCS7_to_TS_TST_INFO"}, - {ERR_FUNC(TS_F_TS_ACCURACY_SET_MICROS), "TS_ACCURACY_set_micros"}, - {ERR_FUNC(TS_F_TS_ACCURACY_SET_MILLIS), "TS_ACCURACY_set_millis"}, - {ERR_FUNC(TS_F_TS_ACCURACY_SET_SECONDS), "TS_ACCURACY_set_seconds"}, - {ERR_FUNC(TS_F_TS_CHECK_IMPRINTS), "TS_CHECK_IMPRINTS"}, - {ERR_FUNC(TS_F_TS_CHECK_NONCES), "TS_CHECK_NONCES"}, - {ERR_FUNC(TS_F_TS_CHECK_POLICY), "TS_CHECK_POLICY"}, - {ERR_FUNC(TS_F_TS_CHECK_SIGNING_CERTS), "TS_CHECK_SIGNING_CERTS"}, - {ERR_FUNC(TS_F_TS_CHECK_STATUS_INFO), "TS_CHECK_STATUS_INFO"}, - {ERR_FUNC(TS_F_TS_COMPUTE_IMPRINT), "TS_COMPUTE_IMPRINT"}, - {ERR_FUNC(TS_F_TS_CONF_SET_DEFAULT_ENGINE), "TS_CONF_set_default_engine"}, - {ERR_FUNC(TS_F_TS_GET_STATUS_TEXT), "TS_GET_STATUS_TEXT"}, - {ERR_FUNC(TS_F_TS_MSG_IMPRINT_SET_ALGO), "TS_MSG_IMPRINT_set_algo"}, - {ERR_FUNC(TS_F_TS_REQ_SET_MSG_IMPRINT), "TS_REQ_set_msg_imprint"}, - {ERR_FUNC(TS_F_TS_REQ_SET_NONCE), "TS_REQ_set_nonce"}, - {ERR_FUNC(TS_F_TS_REQ_SET_POLICY_ID), "TS_REQ_set_policy_id"}, - {ERR_FUNC(TS_F_TS_RESP_CREATE_RESPONSE), "TS_RESP_create_response"}, - {ERR_FUNC(TS_F_TS_RESP_CREATE_TST_INFO), "TS_RESP_CREATE_TST_INFO"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO), "TS_RESP_CTX_add_failure_info"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_MD), "TS_RESP_CTX_add_md"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_ADD_POLICY), "TS_RESP_CTX_add_policy"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_NEW), "TS_RESP_CTX_new"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_ACCURACY), "TS_RESP_CTX_set_accuracy"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_CERTS), "TS_RESP_CTX_set_certs"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_DEF_POLICY), "TS_RESP_CTX_set_def_policy"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_SIGNER_CERT), "TS_RESP_CTX_set_signer_cert"}, - {ERR_FUNC(TS_F_TS_RESP_CTX_SET_STATUS_INFO), "TS_RESP_CTX_set_status_info"}, - {ERR_FUNC(TS_F_TS_RESP_GET_POLICY), "TS_RESP_GET_POLICY"}, - {ERR_FUNC(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION), "TS_RESP_SET_GENTIME_WITH_PRECISION"}, - {ERR_FUNC(TS_F_TS_RESP_SET_STATUS_INFO), "TS_RESP_set_status_info"}, - {ERR_FUNC(TS_F_TS_RESP_SET_TST_INFO), "TS_RESP_set_tst_info"}, - {ERR_FUNC(TS_F_TS_RESP_SIGN), "TS_RESP_SIGN"}, - {ERR_FUNC(TS_F_TS_RESP_VERIFY_SIGNATURE), "TS_RESP_verify_signature"}, - {ERR_FUNC(TS_F_TS_RESP_VERIFY_TOKEN), "TS_RESP_verify_token"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_ACCURACY), "TS_TST_INFO_set_accuracy"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_MSG_IMPRINT), "TS_TST_INFO_set_msg_imprint"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_NONCE), "TS_TST_INFO_set_nonce"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_POLICY_ID), "TS_TST_INFO_set_policy_id"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_SERIAL), "TS_TST_INFO_set_serial"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_TIME), "TS_TST_INFO_set_time"}, - {ERR_FUNC(TS_F_TS_TST_INFO_SET_TSA), "TS_TST_INFO_set_tsa"}, - {ERR_FUNC(TS_F_TS_VERIFY), "TS_VERIFY"}, - {ERR_FUNC(TS_F_TS_VERIFY_CERT), "TS_VERIFY_CERT"}, - {ERR_FUNC(TS_F_TS_VERIFY_CTX_NEW), "TS_VERIFY_CTX_new"}, + {ERR_FUNC(0xfff), "CRYPTO_internal"}, {0, NULL} }; diff --git a/src/lib/libcrypto/ts/ts_req_utils.c b/src/lib/libcrypto/ts/ts_req_utils.c index ab813b2b42..bd707c228f 100644 --- a/src/lib/libcrypto/ts/ts_req_utils.c +++ b/src/lib/libcrypto/ts/ts_req_utils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_req_utils.c,v 1.4 2014/07/11 08:44:49 jsing Exp $ */ +/* $OpenBSD: ts_req_utils.c,v 1.5 2017/01/29 17:49:23 beck Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -84,7 +84,7 @@ TS_REQ_set_msg_imprint(TS_REQ *a, TS_MSG_IMPRINT *msg_imprint) return 1; new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); if (new_msg_imprint == NULL) { - TSerr(TS_F_TS_REQ_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } TS_MSG_IMPRINT_free(a->msg_imprint); @@ -107,7 +107,7 @@ TS_MSG_IMPRINT_set_algo(TS_MSG_IMPRINT *a, X509_ALGOR *alg) return 1; new_alg = X509_ALGOR_dup(alg); if (new_alg == NULL) { - TSerr(TS_F_TS_MSG_IMPRINT_SET_ALGO, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } X509_ALGOR_free(a->hash_algo); @@ -142,7 +142,7 @@ TS_REQ_set_policy_id(TS_REQ *a, ASN1_OBJECT *policy) return 1; new_policy = OBJ_dup(policy); if (new_policy == NULL) { - TSerr(TS_F_TS_REQ_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } ASN1_OBJECT_free(a->policy_id); @@ -165,7 +165,7 @@ TS_REQ_set_nonce(TS_REQ *a, const ASN1_INTEGER *nonce) return 1; new_nonce = ASN1_INTEGER_dup(nonce); if (new_nonce == NULL) { - TSerr(TS_F_TS_REQ_SET_NONCE, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } ASN1_INTEGER_free(a->nonce); diff --git a/src/lib/libcrypto/ts/ts_rsp_sign.c b/src/lib/libcrypto/ts/ts_rsp_sign.c index f9e8c53cc8..57e2d7f348 100644 --- a/src/lib/libcrypto/ts/ts_rsp_sign.c +++ b/src/lib/libcrypto/ts/ts_rsp_sign.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_sign.c,v 1.20 2016/03/11 07:08:45 mmcc Exp $ */ +/* $OpenBSD: ts_rsp_sign.c,v 1.21 2017/01/29 17:49:23 beck Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -103,7 +103,7 @@ def_serial_cb(struct TS_resp_ctx *ctx, void *data) return serial; err: - TSerr(TS_F_DEF_SERIAL_CB, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Error during serial number generation."); return NULL; @@ -116,7 +116,7 @@ def_time_cb(struct TS_resp_ctx *ctx, void *data, time_t *sec, long *usec) struct timeval tv; if (gettimeofday(&tv, NULL) != 0) { - TSerr(TS_F_DEF_TIME_CB, TS_R_TIME_SYSCALL_ERROR); + TSerror(TS_R_TIME_SYSCALL_ERROR); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Time is not available."); TS_RESP_CTX_add_failure_info(ctx, TS_INFO_TIME_NOT_AVAILABLE); @@ -147,7 +147,7 @@ TS_RESP_CTX_new(void) TS_RESP_CTX *ctx; if (!(ctx = calloc(1, sizeof(TS_RESP_CTX)))) { - TSerr(TS_F_TS_RESP_CTX_NEW, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return NULL; } @@ -181,8 +181,7 @@ int TS_RESP_CTX_set_signer_cert(TS_RESP_CTX *ctx, X509 *signer) { if (X509_check_purpose(signer, X509_PURPOSE_TIMESTAMP_SIGN, 0) != 1) { - TSerr(TS_F_TS_RESP_CTX_SET_SIGNER_CERT, - TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); + TSerror(TS_R_INVALID_SIGNER_CERTIFICATE_PURPOSE); return 0; } X509_free(ctx->signer_cert); @@ -211,7 +210,7 @@ TS_RESP_CTX_set_def_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *def_policy) return 1; err: - TSerr(TS_F_TS_RESP_CTX_SET_DEF_POLICY, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } @@ -227,7 +226,7 @@ TS_RESP_CTX_set_certs(TS_RESP_CTX *ctx, STACK_OF(X509) *certs) if (!certs) return 1; if (!(ctx->certs = sk_X509_dup(certs))) { - TSerr(TS_F_TS_RESP_CTX_SET_CERTS, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } for (i = 0; i < sk_X509_num(ctx->certs); ++i) { @@ -254,7 +253,7 @@ TS_RESP_CTX_add_policy(TS_RESP_CTX *ctx, ASN1_OBJECT *policy) return 1; err: - TSerr(TS_F_TS_RESP_CTX_ADD_POLICY, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); ASN1_OBJECT_free(copy); return 0; } @@ -272,7 +271,7 @@ TS_RESP_CTX_add_md(TS_RESP_CTX *ctx, const EVP_MD *md) return 1; err: - TSerr(TS_F_TS_RESP_CTX_ADD_MD, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } @@ -302,7 +301,7 @@ TS_RESP_CTX_set_accuracy(TS_RESP_CTX *ctx, int secs, int millis, int micros) err: TS_RESP_CTX_accuracy_free(ctx); - TSerr(TS_F_TS_RESP_CTX_SET_ACCURACY, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } @@ -353,7 +352,7 @@ TS_RESP_CTX_set_status_info(TS_RESP_CTX *ctx, int status, const char *text) err: if (!ret) - TSerr(TS_F_TS_RESP_CTX_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); TS_STATUS_INFO_free(si); ASN1_UTF8STRING_free(utf8_text); return ret; @@ -384,7 +383,7 @@ TS_RESP_CTX_add_failure_info(TS_RESP_CTX *ctx, int failure) return 1; err: - TSerr(TS_F_TS_RESP_CTX_ADD_FAILURE_INFO, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } @@ -421,7 +420,7 @@ TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) /* Creating the response object. */ if (!(ctx->response = TS_RESP_new())) { - TSerr(TS_F_TS_RESP_CREATE_RESPONSE, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); goto end; } @@ -463,7 +462,7 @@ TS_RESP_create_response(TS_RESP_CTX *ctx, BIO *req_bio) end: if (!result) { - TSerr(TS_F_TS_RESP_CREATE_RESPONSE, TS_R_RESPONSE_SETUP_ERROR); + TSerror(TS_R_RESPONSE_SETUP_ERROR); if (ctx->response != NULL) { if (TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, "Error during response " @@ -567,7 +566,7 @@ TS_RESP_get_policy(TS_RESP_CTX *ctx) int i; if (ctx->default_policy == NULL) { - TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_INVALID_NULL_POINTER); + TSerror(TS_R_INVALID_NULL_POINTER); return NULL; } /* Return the default policy if none is requested or the default is @@ -582,7 +581,7 @@ TS_RESP_get_policy(TS_RESP_CTX *ctx) policy = current; } if (!policy) { - TSerr(TS_F_TS_RESP_GET_POLICY, TS_R_UNACCEPTABLE_POLICY); + TSerror(TS_R_UNACCEPTABLE_POLICY); TS_RESP_CTX_set_status_info(ctx, TS_STATUS_REJECTION, "Requested policy is not " "supported."); @@ -665,7 +664,7 @@ end: if (!result) { TS_TST_INFO_free(tst_info); tst_info = NULL; - TSerr(TS_F_TS_RESP_CREATE_TST_INFO, TS_R_TST_INFO_SETUP_ERROR); + TSerror(TS_R_TST_INFO_SETUP_ERROR); TS_RESP_CTX_set_status_info_cond(ctx, TS_STATUS_REJECTION, "Error during TSTInfo " "generation."); @@ -716,14 +715,13 @@ TS_RESP_sign(TS_RESP_CTX *ctx) /* Check if signcert and pkey match. */ if (!X509_check_private_key(ctx->signer_cert, ctx->signer_key)) { - TSerr(TS_F_TS_RESP_SIGN, - TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); + TSerror(TS_R_PRIVATE_KEY_DOES_NOT_MATCH_CERTIFICATE); goto err; } /* Create a new PKCS7 signed object. */ if (!(p7 = PKCS7_new())) { - TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); goto err; } if (!PKCS7_set_type(p7, NID_pkcs7_signed)) @@ -747,7 +745,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx) /* Add a new signer info. */ if (!(si = PKCS7_add_signature(p7, ctx->signer_cert, ctx->signer_key, EVP_sha1()))) { - TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNATURE_ERROR); + TSerror(TS_R_PKCS7_ADD_SIGNATURE_ERROR); goto err; } @@ -755,7 +753,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx) oid = OBJ_nid2obj(NID_id_smime_ct_TSTInfo); if (!PKCS7_add_signed_attribute(si, NID_pkcs9_contentType, V_ASN1_OBJECT, oid)) { - TSerr(TS_F_TS_RESP_SIGN, TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); + TSerror(TS_R_PKCS7_ADD_SIGNED_ATTR_ERROR); goto err; } @@ -767,7 +765,7 @@ TS_RESP_sign(TS_RESP_CTX *ctx) /* Add SigningCertificate signed attribute to the signer info. */ if (!ESS_add_signing_cert(si, sc)) { - TSerr(TS_F_TS_RESP_SIGN, TS_R_ESS_ADD_SIGNING_CERT_ERROR); + TSerror(TS_R_ESS_ADD_SIGNING_CERT_ERROR); goto err; } @@ -777,19 +775,19 @@ TS_RESP_sign(TS_RESP_CTX *ctx) /* Add the DER encoded tst_info to the PKCS7 structure. */ if (!(p7bio = PKCS7_dataInit(p7, NULL))) { - TSerr(TS_F_TS_RESP_SIGN, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); goto err; } /* Convert tst_info to DER. */ if (!i2d_TS_TST_INFO_bio(p7bio, ctx->tst_info)) { - TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); + TSerror(TS_R_TS_DATASIGN); goto err; } /* Create the signature and add it to the signer info. */ if (!PKCS7_dataFinal(p7, p7bio)) { - TSerr(TS_F_TS_RESP_SIGN, TS_R_TS_DATASIGN); + TSerror(TS_R_TS_DATASIGN); goto err; } @@ -840,7 +838,7 @@ ESS_SIGNING_CERT_new_init(X509 *signcert, STACK_OF(X509) *certs) err: ESS_SIGNING_CERT_free(sc); - TSerr(TS_F_ESS_SIGNING_CERT_NEW_INIT, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return NULL; } @@ -886,7 +884,7 @@ ESS_CERT_ID_new_init(X509 *cert, int issuer_needed) err: GENERAL_NAME_free(name); ESS_CERT_ID_free(cid); - TSerr(TS_F_ESS_CERT_ID_NEW_INIT, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return NULL; } @@ -928,13 +926,13 @@ ESS_add_signing_cert(PKCS7_SIGNER_INFO *si, ESS_SIGNING_CERT *sc) len = i2d_ESS_SIGNING_CERT(sc, NULL); if (!(pp = malloc(len))) { - TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); goto err; } p = pp; i2d_ESS_SIGNING_CERT(sc, &p); if (!(seq = ASN1_STRING_new()) || !ASN1_STRING_set(seq, pp, len)) { - TSerr(TS_F_ESS_ADD_SIGNING_CERT, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); goto err; } free(pp); @@ -1017,6 +1015,6 @@ TS_RESP_set_genTime_with_precision(ASN1_GENERALIZEDTIME *asn1_time, return asn1_time; err: - TSerr(TS_F_TS_RESP_SET_GENTIME_WITH_PRECISION, TS_R_COULD_NOT_SET_TIME); + TSerror(TS_R_COULD_NOT_SET_TIME); return NULL; } diff --git a/src/lib/libcrypto/ts/ts_rsp_utils.c b/src/lib/libcrypto/ts/ts_rsp_utils.c index 39eb2a2963..5638331d17 100644 --- a/src/lib/libcrypto/ts/ts_rsp_utils.c +++ b/src/lib/libcrypto/ts/ts_rsp_utils.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_utils.c,v 1.5 2015/07/29 14:58:34 jsing Exp $ */ +/* $OpenBSD: ts_rsp_utils.c,v 1.6 2017/01/29 17:49:23 beck Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -74,7 +74,7 @@ TS_RESP_set_status_info(TS_RESP *a, TS_STATUS_INFO *status_info) return 1; new_status_info = TS_STATUS_INFO_dup(status_info); if (new_status_info == NULL) { - TSerr(TS_F_TS_RESP_SET_STATUS_INFO, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } TS_STATUS_INFO_free(a->status_info); @@ -133,7 +133,7 @@ TS_TST_INFO_set_policy_id(TS_TST_INFO *a, ASN1_OBJECT *policy) return 1; new_policy = OBJ_dup(policy); if (new_policy == NULL) { - TSerr(TS_F_TS_TST_INFO_SET_POLICY_ID, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } ASN1_OBJECT_free(a->policy_id); @@ -156,7 +156,7 @@ TS_TST_INFO_set_msg_imprint(TS_TST_INFO *a, TS_MSG_IMPRINT *msg_imprint) return 1; new_msg_imprint = TS_MSG_IMPRINT_dup(msg_imprint); if (new_msg_imprint == NULL) { - TSerr(TS_F_TS_TST_INFO_SET_MSG_IMPRINT, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } TS_MSG_IMPRINT_free(a->msg_imprint); @@ -179,7 +179,7 @@ TS_TST_INFO_set_serial(TS_TST_INFO *a, const ASN1_INTEGER *serial) return 1; new_serial = ASN1_INTEGER_dup(serial); if (new_serial == NULL) { - TSerr(TS_F_TS_TST_INFO_SET_SERIAL, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } ASN1_INTEGER_free(a->serial); @@ -202,7 +202,7 @@ TS_TST_INFO_set_time(TS_TST_INFO *a, const ASN1_GENERALIZEDTIME *gtime) return 1; new_time = ASN1_STRING_dup(gtime); if (new_time == NULL) { - TSerr(TS_F_TS_TST_INFO_SET_TIME, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } ASN1_GENERALIZEDTIME_free(a->time); @@ -225,7 +225,7 @@ TS_TST_INFO_set_accuracy(TS_TST_INFO *a, TS_ACCURACY *accuracy) return 1; new_accuracy = TS_ACCURACY_dup(accuracy); if (new_accuracy == NULL) { - TSerr(TS_F_TS_TST_INFO_SET_ACCURACY, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } TS_ACCURACY_free(a->accuracy); @@ -248,7 +248,7 @@ TS_ACCURACY_set_seconds(TS_ACCURACY *a, const ASN1_INTEGER *seconds) return 1; new_seconds = ASN1_INTEGER_dup(seconds); if (new_seconds == NULL) { - TSerr(TS_F_TS_ACCURACY_SET_SECONDS, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } ASN1_INTEGER_free(a->seconds); @@ -272,8 +272,7 @@ TS_ACCURACY_set_millis(TS_ACCURACY *a, const ASN1_INTEGER *millis) if (millis != NULL) { new_millis = ASN1_INTEGER_dup(millis); if (new_millis == NULL) { - TSerr(TS_F_TS_ACCURACY_SET_MILLIS, - ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } } @@ -298,8 +297,7 @@ TS_ACCURACY_set_micros(TS_ACCURACY *a, const ASN1_INTEGER *micros) if (micros != NULL) { new_micros = ASN1_INTEGER_dup(micros); if (new_micros == NULL) { - TSerr(TS_F_TS_ACCURACY_SET_MICROS, - ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } } @@ -336,7 +334,7 @@ TS_TST_INFO_set_nonce(TS_TST_INFO *a, const ASN1_INTEGER *nonce) return 1; new_nonce = ASN1_INTEGER_dup(nonce); if (new_nonce == NULL) { - TSerr(TS_F_TS_TST_INFO_SET_NONCE, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } ASN1_INTEGER_free(a->nonce); @@ -359,7 +357,7 @@ TS_TST_INFO_set_tsa(TS_TST_INFO *a, GENERAL_NAME *tsa) return 1; new_tsa = GENERAL_NAME_dup(tsa); if (new_tsa == NULL) { - TSerr(TS_F_TS_TST_INFO_SET_TSA, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return 0; } GENERAL_NAME_free(a->tsa); diff --git a/src/lib/libcrypto/ts/ts_rsp_verify.c b/src/lib/libcrypto/ts/ts_rsp_verify.c index 020658bb02..36ead0671a 100644 --- a/src/lib/libcrypto/ts/ts_rsp_verify.c +++ b/src/lib/libcrypto/ts/ts_rsp_verify.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_rsp_verify.c,v 1.17 2016/11/05 15:19:07 miod Exp $ */ +/* $OpenBSD: ts_rsp_verify.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2002. */ @@ -155,28 +155,27 @@ TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, /* Some sanity checks first. */ if (!token) { - TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_INVALID_NULL_POINTER); + TSerror(TS_R_INVALID_NULL_POINTER); goto err; } /* Check for the correct content type */ if (!PKCS7_type_is_signed(token)) { - TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_WRONG_CONTENT_TYPE); + TSerror(TS_R_WRONG_CONTENT_TYPE); goto err; } /* Check if there is one and only one signer. */ sinfos = PKCS7_get_signer_info(token); if (!sinfos || sk_PKCS7_SIGNER_INFO_num(sinfos) != 1) { - TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, - TS_R_THERE_MUST_BE_ONE_SIGNER); + TSerror(TS_R_THERE_MUST_BE_ONE_SIGNER); goto err; } si = sk_PKCS7_SIGNER_INFO_value(sinfos, 0); /* Check for no content: no data to verify signature. */ if (PKCS7_get_detached(token)) { - TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_NO_CONTENT); + TSerror(TS_R_NO_CONTENT); goto err; } @@ -206,7 +205,7 @@ TS_RESP_verify_signature(PKCS7 *token, STACK_OF(X509) *certs, /* Verifying the signature. */ j = PKCS7_signatureVerify(p7bio, token, si, signer); if (j <= 0) { - TSerr(TS_F_TS_RESP_VERIFY_SIGNATURE, TS_R_SIGNATURE_FAILURE); + TSerror(TS_R_SIGNATURE_FAILURE); goto err; } @@ -241,7 +240,7 @@ TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, /* chain is an out argument. */ *chain = NULL; if (X509_STORE_CTX_init(&cert_ctx, store, signer, untrusted) == 0) { - TSerr(TS_F_TS_VERIFY_CERT, ERR_R_X509_LIB); + TSerror(ERR_R_X509_LIB); goto err; } if (X509_STORE_CTX_set_purpose(&cert_ctx, @@ -251,7 +250,7 @@ TS_verify_cert(X509_STORE *store, STACK_OF(X509) *untrusted, X509 *signer, if (i <= 0) { int j = X509_STORE_CTX_get_error(&cert_ctx); - TSerr(TS_F_TS_VERIFY_CERT, TS_R_CERTIFICATE_VERIFY_ERROR); + TSerror(TS_R_CERTIFICATE_VERIFY_ERROR); ERR_asprintf_error_data("Verify error:%s", X509_verify_cert_error_string(j)); goto err; @@ -298,8 +297,7 @@ TS_check_signing_certs(PKCS7_SIGNER_INFO *si, STACK_OF(X509) *chain) err: if (!ret) - TSerr(TS_F_TS_CHECK_SIGNING_CERTS, - TS_R_ESS_SIGNING_CERTIFICATE_ERROR); + TSerror(TS_R_ESS_SIGNING_CERTIFICATE_ERROR); ESS_SIGNING_CERT_free(ss); return ret; } @@ -446,7 +444,7 @@ int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, /* Check version number of response. */ if ((ctx->flags & TS_VFY_VERSION) && TS_TST_INFO_get_version(tst_info) != 1) { - TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_UNSUPPORTED_VERSION); + TSerror(TS_R_UNSUPPORTED_VERSION); goto err; } @@ -476,14 +474,14 @@ int_TS_RESP_verify_token(TS_VERIFY_CTX *ctx, PKCS7 *token, /* Check whether TSA name and signer certificate match. */ if ((ctx->flags & TS_VFY_SIGNER) && tsa_name && !TS_check_signer_name(tsa_name, signer)) { - TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_NAME_MISMATCH); + TSerror(TS_R_TSA_NAME_MISMATCH); goto err; } /* Check whether the TSA is the expected one. */ if ((ctx->flags & TS_VFY_TSA_NAME) && !TS_check_signer_name(ctx->tsa_name, signer)) { - TSerr(TS_F_INT_TS_RESP_VERIFY_TOKEN, TS_R_TSA_UNTRUSTED); + TSerror(TS_R_TSA_UNTRUSTED); goto err; } @@ -541,7 +539,7 @@ TS_check_status_info(TS_RESP *response) strlcpy(failure_text, "unspecified", TS_STATUS_BUF_SIZE); /* Making up the error string. */ - TSerr(TS_F_TS_CHECK_STATUS_INFO, TS_R_NO_TIME_STAMP_TOKEN); + TSerror(TS_R_NO_TIME_STAMP_TOKEN); ERR_asprintf_error_data ("status code: %s, status text: %s, failure codes: %s", status_text, @@ -567,7 +565,7 @@ TS_get_status_text(STACK_OF(ASN1_UTF8STRING) *text) } /* Allocate memory (closing '\0' included). */ if (!(result = malloc(length))) { - TSerr(TS_F_TS_GET_STATUS_TEXT, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return NULL; } /* Concatenate the descriptions. */ @@ -587,7 +585,7 @@ TS_check_policy(ASN1_OBJECT *req_oid, TS_TST_INFO *tst_info) ASN1_OBJECT *resp_oid = TS_TST_INFO_get_policy_id(tst_info); if (OBJ_cmp(req_oid, resp_oid) != 0) { - TSerr(TS_F_TS_CHECK_POLICY, TS_R_POLICY_MISMATCH); + TSerror(TS_R_POLICY_MISMATCH); return 0; } @@ -614,7 +612,7 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, /* Getting the MD object. */ if (!(md = EVP_get_digestbyobj((*md_alg)->algorithm))) { - TSerr(TS_F_TS_COMPUTE_IMPRINT, TS_R_UNSUPPORTED_MD_ALGORITHM); + TSerror(TS_R_UNSUPPORTED_MD_ALGORITHM); goto err; } @@ -624,7 +622,7 @@ TS_compute_imprint(BIO *data, TS_TST_INFO *tst_info, X509_ALGOR **md_alg, goto err; *imprint_len = length; if (!(*imprint = malloc(*imprint_len))) { - TSerr(TS_F_TS_COMPUTE_IMPRINT, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); goto err; } @@ -675,7 +673,7 @@ TS_check_imprints(X509_ALGOR *algor_a, unsigned char *imprint_a, unsigned len_a, err: if (!ret) - TSerr(TS_F_TS_CHECK_IMPRINTS, TS_R_MESSAGE_IMPRINT_MISMATCH); + TSerror(TS_R_MESSAGE_IMPRINT_MISMATCH); return ret; } @@ -686,13 +684,13 @@ TS_check_nonces(const ASN1_INTEGER *a, TS_TST_INFO *tst_info) /* Error if nonce is missing. */ if (!b) { - TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_NOT_RETURNED); + TSerror(TS_R_NONCE_NOT_RETURNED); return 0; } /* No error if a nonce is returned without being requested. */ if (ASN1_INTEGER_cmp(a, b) != 0) { - TSerr(TS_F_TS_CHECK_NONCES, TS_R_NONCE_MISMATCH); + TSerror(TS_R_NONCE_MISMATCH); return 0; } diff --git a/src/lib/libcrypto/ts/ts_verify_ctx.c b/src/lib/libcrypto/ts/ts_verify_ctx.c index 7dda76e7d9..7608a7d109 100644 --- a/src/lib/libcrypto/ts/ts_verify_ctx.c +++ b/src/lib/libcrypto/ts/ts_verify_ctx.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ts_verify_ctx.c,v 1.8 2015/02/10 09:46:30 miod Exp $ */ +/* $OpenBSD: ts_verify_ctx.c,v 1.9 2017/01/29 17:49:23 beck Exp $ */ /* Written by Zoltan Glozik (zglozik@stones.com) for the OpenSSL * project 2003. */ @@ -68,7 +68,7 @@ TS_VERIFY_CTX_new(void) TS_VERIFY_CTX *ctx = calloc(1, sizeof(TS_VERIFY_CTX)); if (!ctx) - TSerr(TS_F_TS_VERIFY_CTX_NEW, ERR_R_MALLOC_FAILURE); + TSerror(ERR_R_MALLOC_FAILURE); return ctx; } -- cgit v1.2.3-55-g6feb