From e60a3353d3ad24df7c93633c2a2e316df3071bcc Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee <66395252+mamckee@users.noreply.github.com> Date: Wed, 15 Jan 2025 14:52:04 -0800 Subject: [PATCH] Update error handling and debug logging (#92) * Add RSA fallback test * Update error function codes to match refactor * Surface SymCrypt errors from provider * Allow logging configuration * Add debug logging to keysinuse init * Add RSA and ECC keysinuse debug logs * PR comments * Add FIPS compliance logging to unpadded RSA encrypt/decrypt * PR comments * Create separate provider loggin calls without func code --- ScosslCommon/inc/scossl_helpers.h | 192 +++++++++++------- ScosslCommon/src/scossl_aes_aead.c | 82 ++++---- ScosslCommon/src/scossl_dh.c | 28 +-- ScosslCommon/src/scossl_ecc.c | 56 ++--- ScosslCommon/src/scossl_helpers.c | 181 +++++++++-------- ScosslCommon/src/scossl_hkdf.c | 6 +- ScosslCommon/src/scossl_mac.c | 20 +- ScosslCommon/src/scossl_rsa.c | 124 +++++------ ScosslCommon/src/scossl_sshkdf.c | 10 +- ScosslCommon/src/scossl_tls1prf.c | 10 +- SslPlay/SslPlay.cpp | 4 + SymCryptEngine/src/e_scossl_ciphers.c | 12 +- SymCryptEngine/src/e_scossl_dh.c | 46 ++--- SymCryptEngine/src/e_scossl_digests.c | 30 +-- SymCryptEngine/src/e_scossl_ecc.c | 106 +++++----- SymCryptEngine/src/e_scossl_hkdf.c | 16 +- SymCryptEngine/src/e_scossl_hmac.c | 10 +- SymCryptEngine/src/e_scossl_pkey_meths.c | 12 +- SymCryptEngine/src/e_scossl_rsa.c | 48 ++--- SymCryptEngine/src/e_scossl_rsapss.c | 24 +-- SymCryptEngine/src/e_scossl_sshkdf.c | 22 +- SymCryptEngine/src/e_scossl_tls1prf.c | 8 +- .../src/asymcipher/p_scossl_rsa_cipher.c | 4 +- SymCryptProvider/src/ciphers/p_scossl_aes.c | 9 +- .../src/ciphers/p_scossl_aes_xts.c | 10 +- SymCryptProvider/src/kdf/p_scossl_kbkdf.c | 4 +- SymCryptProvider/src/keyexch/p_scossl_dh.c | 6 +- SymCryptProvider/src/keyexch/p_scossl_ecdh.c | 2 +- .../src/keymgmt/p_scossl_dh_keymgmt.c | 85 ++++---- .../src/keymgmt/p_scossl_ecc_keymgmt.c | 60 +++--- .../src/keymgmt/p_scossl_rsa_keymgmt.c | 104 +++++----- SymCryptProvider/src/mac/p_scossl_hmac.c | 1 - SymCryptProvider/src/mac/p_scossl_kmac.c | 33 ++- SymCryptProvider/src/p_scossl_base.c | 62 +++++- SymCryptProvider/src/p_scossl_ecc.c | 12 +- SymCryptProvider/src/p_scossl_keysinuse.c | 4 + SymCryptProvider/src/p_scossl_rsa.c | 14 +- .../src/signature/p_scossl_rsa_signature.c | 2 +- 38 files changed, 836 insertions(+), 623 deletions(-) diff --git a/ScosslCommon/inc/scossl_helpers.h b/ScosslCommon/inc/scossl_helpers.h index 65762dcc..06f1f85d 100644 --- a/ScosslCommon/inc/scossl_helpers.h +++ b/ScosslCommon/inc/scossl_helpers.h @@ -43,7 +43,7 @@ typedef _Return_type_success_(return >= 0) int SCOSSL_RETURNLENGTH; // For funct // pointer before using it with SymCrypt. // // In the SCOSSL provider, it is our responsibility to perform the allocation and free ourselves. -// Here we allocate SYMCRYPT_ALIGN_VALUE extra bytes, and store the offset into our allocation in the byte before the aligned +// Here we allocate SYMCRYPT_ALIGN_VALUE extra bytes, and store the offset into our allocation in the byte before the aligned // pointer we use in SymCrypt. On free, we look at the byte before the aligned pointer we have been using, to determine the start // of the allocation and free it correctly. // @@ -91,62 +91,94 @@ void scossl_destroy_logging(); // SCOSSL function codes typedef enum { + // ScosslCommon SCOSSL_ERR_F_ENUM_START= 100, SCOSSL_ERR_F_AES_CCM_CIPHER, - SCOSSL_ERR_F_AES_CCM_CTRL, + SCOSSL_ERR_F_AES_CCM_SET_IV_FIXED, + SCOSSL_ERR_F_AES_CCM_SET_IV_LEN, + SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, SCOSSL_ERR_F_AES_CCM_TLS, - SCOSSL_ERR_F_AES_GCM_CTRL, + SCOSSL_ERR_F_AES_GCM_CIPHER, + SCOSSL_ERR_F_AES_GCM_IV_GEN, + SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, + SCOSSL_ERR_F_AES_GCM_SET_IV_INV, + SCOSSL_ERR_F_AES_GCM_SET_IV_LEN, + SCOSSL_ERR_F_AES_GCM_SET_TLS1_AAD, SCOSSL_ERR_F_AES_GCM_TLS, - SCOSSL_ERR_F_AES_XTS_CIPHER, - SCOSSL_ERR_F_AES_XTS_CTRL, - SCOSSL_ERR_F_DH_COMPUTE_KEY, - SCOSSL_ERR_F_DH_GENERATE_KEY, SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, + SCOSSL_ERR_F_DH_GET_GROUP_BY_NID, SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, - SCOSSL_ERR_F_DIGESTS, - SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, - SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, + SCOSSL_ERR_F_ECC_GROUP_TO_SYMCRYPT_CURVE, + SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, SCOSSL_ERR_F_ECDSA_APPLY_DER, SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, SCOSSL_ERR_F_ECDSA_REMOVE_DER, - SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, - SCOSSL_ERR_F_ECKEY_KEYGEN, - SCOSSL_ERR_F_ECKEY_SIGN, - SCOSSL_ERR_F_ECKEY_SIGN_SETUP, - SCOSSL_ERR_F_ECKEY_SIGN_SIG, - SCOSSL_ERR_F_ECKEY_VERIFY, - SCOSSL_ERR_F_ECKEY_VERIFY_SIG, - SCOSSL_ERR_F_GET_DH_CONTEXT_EX, - SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, + SCOSSL_ERR_F_ECDSA_SIGN, + SCOSSL_ERR_F_ECDSA_VERIFY, SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_F_GET_SYMCRYPT_MAC_ALGORITHM, - SCOSSL_ERR_F_HKDF_CTRL, SCOSSL_ERR_F_HKDF_DERIVE, - SCOSSL_ERR_F_HKDF_INIT, - SCOSSL_ERR_F_INITIALIZE_RSA_KEY, - SCOSSL_ERR_F_PKEY_METHODS, - SCOSSL_ERR_F_PKEY_RSA_SIGN, - SCOSSL_ERR_F_PKEY_RSA_VERIFY, - SCOSSL_ERR_F_RSA_INIT, - SCOSSL_ERR_F_RSA_KEYGEN, - SCOSSL_ERR_F_RSA_PRIV_DEC, - SCOSSL_ERR_F_RSA_PRIV_ENC, - SCOSSL_ERR_F_RSA_PUB_DEC, - SCOSSL_ERR_F_RSA_PUB_ENC, - SCOSSL_ERR_F_RSA_SIGN, - SCOSSL_ERR_F_RSA_VERIFY, + SCOSSL_ERR_F_MAC_INIT, + SCOSSL_ERR_F_MAC_SET_HMAC_MD, + SCOSSL_ERR_F_RSA_DECRYPT, + SCOSSL_ERR_F_RSA_ENCRYPT, + SCOSSL_ERR_F_RSA_EXPORT_KEY, + SCOSSL_ERR_F_RSA_NEW_EXPORT_PARAMS, + SCOSSL_ERR_F_RSA_PKCS1_SIGN, + SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_F_RSAPSS_VERIFY, - SCOSSL_ERR_F_TLS1PRF_CTRL, - SCOSSL_ERR_F_TLS1PRF_DERIVE, - SCOSSL_ERR_F_TLS1PRF_INIT, - SCOSSL_ERR_F_HMAC_INIT, - SCOSSL_ERR_F_HMAC_CTRL, - SCOSSL_ERR_F_HMAC_CTRL_STR, - SCOSSL_ERR_F_SSHKDF_NEW, - SCOSSL_ERR_F_SSHKDF_CTRL, - SCOSSL_ERR_F_SSHKDF_CTRL_STR, SCOSSL_ERR_F_SSHKDF_DERIVE, + SCOSSL_ERR_F_TLS1PRF_DERIVE, + // SymCryptEngine + SCOSSL_ERR_F_ENG_AES_CCM_CTRL, + SCOSSL_ERR_F_ENG_AES_GCM_CTRL, + SCOSSL_ERR_F_ENG_AES_XTS_CIPHER, + SCOSSL_ERR_F_ENG_AES_XTS_CTRL, + SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, + SCOSSL_ERR_F_ENG_DH_GENERATE_KEY, + SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, + SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, + SCOSSL_ERR_F_ENG_DIGESTS, + SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, + SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, + SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, + SCOSSL_ERR_F_ENG_ECKEY_KEYGEN, + SCOSSL_ERR_F_ENG_ECKEY_SIGN, + SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, + SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, + SCOSSL_ERR_F_ENG_ECKEY_VERIFY, + SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, + SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, + SCOSSL_ERR_F_ENG_GET_ECC_CONTEXT_EX, + SCOSSL_ERR_F_ENG_GET_SYMCRYPT_HASH_ALGORITHM, + SCOSSL_ERR_F_ENG_HKDF_CTRL, + SCOSSL_ERR_F_ENG_HKDF_DERIVE, + SCOSSL_ERR_F_ENG_HKDF_INIT, + SCOSSL_ERR_F_ENG_HMAC_COPY, + SCOSSL_ERR_F_ENG_HMAC_CTRL, + SCOSSL_ERR_F_ENG_HMAC_INIT, + SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, + SCOSSL_ERR_F_ENG_PKEY_METHODS, + SCOSSL_ERR_F_ENG_PKEY_RSA_SIGN, + SCOSSL_ERR_F_ENG_PKEY_RSA_VERIFY, + SCOSSL_ERR_F_ENG_PKEY_RSAPSS_VERIFY, + SCOSSL_ERR_F_ENG_RSA_INIT, + SCOSSL_ERR_F_ENG_RSA_KEYGEN, + SCOSSL_ERR_F_ENG_RSA_PRIV_DEC, + SCOSSL_ERR_F_ENG_RSA_PRIV_ENC, + SCOSSL_ERR_F_ENG_RSA_PUB_DEC, + SCOSSL_ERR_F_ENG_RSA_PUB_ENC, + SCOSSL_ERR_F_ENG_RSA_SIGN, + SCOSSL_ERR_F_ENG_RSA_VERIFY, + SCOSSL_ERR_F_ENG_RSAPSS_SIGN, + SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, + SCOSSL_ERR_F_ENG_SSHKDF_CTRL, + SCOSSL_ERR_F_ENG_SSHKDF_CTRL_STR, + SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, + SCOSSL_ERR_F_ENG_SSHKDF_NEW, + SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, + SCOSSL_ERR_F_ENG_TLS1PRF_INIT, SCOSSL_ERR_F_ENUM_END } SCOSSL_ERR_FUNC; @@ -158,6 +190,7 @@ typedef enum { SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, SCOSSL_ERR_R_OPENSSL_FALLBACK, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_ERR_R_KEYSINUSE_FAILURE, SCOSSL_ERR_R_ENUM_END } SCOSSL_ERR_REASON; @@ -179,19 +212,9 @@ void _scossl_log_bytes( int len, const char *format, ...); -void _scossl_log_bignum( - int trace_level, - SCOSSL_ERR_FUNC func_code, - SCOSSL_ERR_REASON reason_code, - const char *file, - int line, - char *description, - BIGNUM *bn); - void _scossl_log_SYMCRYPT_ERROR( int trace_level, SCOSSL_ERR_FUNC func_code, - SCOSSL_ERR_REASON reason_code, const char *file, int line, char *description, @@ -211,26 +234,18 @@ void _scossl_log_SYMCRYPT_ERROR( #define SCOSSL_LOG_BYTES_INFO(func_code, reason_code, description, s, len) \ _scossl_log_bytes(SCOSSL_LOG_LEVEL_INFO, func_code, reason_code, __FILE__, __LINE__, (const char*) s, len, description) - #define SCOSSL_LOG_BIGNUM_DEBUG(func_code, reason_code, description, bn) \ - _scossl_log_bignum(SCOSSL_LOG_LEVEL_DEBUG, func_code, reason_code, __FILE__, __LINE__, description, bn) - - #define SCOSSL_LOG_BIGNUM_INFO(func_code, reason_code, description, s, len) \ - _scossl_log_bignum(SCOSSL_LOG_LEVEL_INFO, func_code, reason_code, __FILE__, __LINE__, description, bn) + #define SCOSSL_LOG_SYMCRYPT_DEBUG(func_code, description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_DEBUG, func_code, __FILE__, __LINE__, description, scError) - #define SCOSSL_LOG_SYMCRYPT_DEBUG(func_code, reason_code, description, scError) \ - _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_DEBUG, func_code, reason_code, __FILE__, __LINE__, description, scError) - - #define SCOSSL_LOG_SYMCRYPT_INFO(func_code, reason_code, description, scError) \ - _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_INFO, func_code, reason_code, __FILE__, __LINE__, description, scError) + #define SCOSSL_LOG_SYMCRYPT_INFO(func_code, description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_INFO, func_code, __FILE__, __LINE__, description, scError) #else #define SCOSSL_LOG_DEBUG(func_code, reason_code, ...) #define SCOSSL_LOG_INFO(func_code, reason_code, ...) #define SCOSSL_LOG_BYTES_DEBUG(func_code, reason_code, description, s, len) #define SCOSSL_LOG_BYTES_INFO(func_code, reason_code, description, s, len) - #define SCOSSL_LOG_BIGNUM_DEBUG(func_code, reason_code, description, bn) - #define SCOSSL_LOG_BIGNUM_INFO(func_code, reason_code, description, s, len) - #define SCOSSL_LOG_SYMCRYPT_DEBUG(func_code, reason_code, description, scError) - #define SCOSSL_LOG_SYMCRYPT_INFO(func_code, reason_code, description, scError) + #define SCOSSL_LOG_SYMCRYPT_DEBUG(func_code, description, scError) + #define SCOSSL_LOG_SYMCRYPT_INFO(func_code, description, scError) #endif #define SCOSSL_LOG_ERROR(func_code, reason_code, ...) \ @@ -239,11 +254,48 @@ void _scossl_log_SYMCRYPT_ERROR( #define SCOSSL_LOG_BYTES_ERROR(func_code, reason_code, description, s, len) \ _scossl_log_bytes(SCOSSL_LOG_LEVEL_ERROR, func_code, reason_code, __FILE__, __LINE__, (const char*) s, len, description) -#define SCOSSL_LOG_BIGNUM_ERROR(func_code, reason_code, description, s, len) \ - _scossl_log_bignum(SCOSSL_LOG_LEVEL_ERROR, func_code, reason_code, __FILE__, __LINE__, description, bn) +#define SCOSSL_LOG_SYMCRYPT_ERROR(func_code, description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_ERROR, func_code, __FILE__, __LINE__, description, scError) + +#if OPENSSL_API_LEVEL >= 30000 + // Enable debug and info messages in debug builds, but compile them out in release builds + #if DBG + #define SCOSSL_PROV_LOG_DEBUG(reason_code, ...) \ + _scossl_log(SCOSSL_LOG_LEVEL_DEBUG, 0, reason_code, __FILE__, __LINE__, __VA_ARGS__) + + #define SCOSSL_PROV_LOG_INFO(reason_code, ...) \ + _scossl_log(SCOSSL_LOG_LEVEL_INFO, 0, reason_code, __FILE__, __LINE__, __VA_ARGS__) + + #define SCOSSL_PROV_LOG_BYTES_DEBUG(reason_code, description, s, len) \ + _scossl_log_bytes(SCOSSL_LOG_LEVEL_DEBUG, 0, reason_code, __FILE__, __LINE__, (const char*) s, len, description) + + #define SCOSSL_PROV_LOG_BYTES_INFO(reason_code, description, s, len) \ + _scossl_log_bytes(SCOSSL_LOG_LEVEL_INFO, 0, reason_code, __FILE__, __LINE__, (const char*) s, len, description) + + #define SCOSSL_PROV_LOG_SYMCRYPT_DEBUG(description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_DEBUG, 0, __FILE__, __LINE__, description, scError) -#define SCOSSL_LOG_SYMCRYPT_ERROR(func_code, reason_code, description, scError) \ - _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_ERROR, func_code, reason_code, __FILE__, __LINE__, description, scError) + #define SCOSSL_PROV_LOG_SYMCRYPT_INFO(description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_INFO, 0, __FILE__, __LINE__, description, scError) + #else + #define SCOSSL_PROV_LOG_DEBUG(reason_code, ...) + #define SCOSSL_PROV_LOG_INFO(reason_code, ...) + #define SCOSSL_PROV_LOG_BYTES_DEBUG(reason_code, description, s, len) + #define SCOSSL_PROV_LOG_BYTES_INFO(reason_code, description, s, len) + #define SCOSSL_PROV_LOG_SYMCRYPT_DEBUG(description, scError) + #define SCOSSL_PROV_LOG_SYMCRYPT_INFO(description, scError) + #endif + + #define SCOSSL_PROV_LOG_ERROR(reason_code, ...) \ + _scossl_log(SCOSSL_LOG_LEVEL_ERROR, 0, reason_code, __FILE__, __LINE__, __VA_ARGS__) + + #define SCOSSL_PROV_LOG_BYTES_ERROR(reason_code, description, s, len) \ + _scossl_log_bytes(SCOSSL_LOG_LEVEL_ERROR, 0, reason_code, __FILE__, __LINE__, (const char*) s, len, description) + + #define SCOSSL_PROV_LOG_SYMCRYPT_ERROR(description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_ERROR, 0, __FILE__, __LINE__, description, scError) + +#endif // // Common helper functions diff --git a/ScosslCommon/src/scossl_aes_aead.c b/ScosslCommon/src/scossl_aes_aead.c index 2406fdd1..2874184e 100644 --- a/ScosslCommon/src/scossl_aes_aead.c +++ b/ScosslCommon/src/scossl_aes_aead.c @@ -74,25 +74,25 @@ static SCOSSL_STATUS scossl_aes_gcm_tls(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, INT3 if (in != out) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-GCM TLS does not support out-of-place operation"); + "AES-GCM TLS does not support out-of-place operation"); goto cleanup; } if (inl < EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-GCM TLS buffer too small"); + "AES-GCM TLS buffer too small"); goto cleanup; } if (ctx->operationInProgress) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-GCM TLS operation cannot be multi-stage"); + "AES-GCM TLS operation cannot be multi-stage"); goto cleanup; } if (ctx->taglen != EVP_GCM_TLS_TAG_LEN) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-GCM TLS taglen must be %d", EVP_GCM_TLS_TAG_LEN); + "AES-GCM TLS taglen must be %d", EVP_GCM_TLS_TAG_LEN); goto cleanup; } @@ -106,7 +106,7 @@ static SCOSSL_STATUS scossl_aes_gcm_tls(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, INT3 if (scossl_aes_gcm_iv_gen(ctx, out, EVP_GCM_TLS_EXPLICIT_IV_LEN) != SCOSSL_SUCCESS) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_INTERNAL_ERROR, - "AES-GCM TLS failed to generate IV"); + "AES-GCM TLS failed to generate IV"); goto cleanup; } @@ -156,8 +156,8 @@ SCOSSL_STATUS scossl_aes_gcm_cipher(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encrypt, if (ctx->iv == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "IV must be set before calling cipher"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CIPHER, ERR_R_PASSED_INVALID_ARGUMENT, + "IV must be set before calling cipher"); return SCOSSL_FAILURE; } @@ -258,8 +258,8 @@ SCOSSL_STATUS scossl_aes_gcm_iv_gen(SCOSSL_CIPHER_GCM_CTX *ctx, if (ctx->iv == NULL && (ctx->iv = OPENSSL_zalloc(ctx->ivlen)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, - "Failed to allocate IV"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_IV_GEN, ERR_R_MALLOC_FAILURE, + "Failed to allocate IV"); return SCOSSL_FAILURE; } @@ -282,8 +282,8 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_len(SCOSSL_CIPHER_GCM_CTX *ctx, size_t ivlen { if (ivlen < SCOSSL_GCM_MIN_IV_LENGTH) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "GCM IV length must be at least 1 byte"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_LEN, ERR_R_PASSED_INVALID_ARGUMENT, + "GCM IV length must be at least 1 byte"); return SCOSSL_FAILURE; } @@ -304,16 +304,16 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_fixed(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encr { if (ctx->ivlen != EVP_GCM_TLS_IV_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "set_iv_fixed only works with TLS IV length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, ERR_R_PASSED_INVALID_ARGUMENT, + "set_iv_fixed only works with TLS IV length"); return SCOSSL_FAILURE; } if (ctx->iv == NULL && (ctx->iv = OPENSSL_zalloc(ctx->ivlen)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, - "Failed to allocate IV"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, ERR_R_MALLOC_FAILURE, + "Failed to allocate IV"); return SCOSSL_FAILURE; } @@ -328,8 +328,8 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_fixed(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encr } if (ivlen > 4) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "set_iv_fixed incorrect length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, ERR_R_PASSED_INVALID_ARGUMENT, + "set_iv_fixed incorrect length"); return SCOSSL_FAILURE; } // Set first up to 4B of IV @@ -362,8 +362,8 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_inv(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encryp if (ctx->iv == NULL && (ctx->iv = OPENSSL_zalloc(ctx->ivlen)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, - "Failed to allocate IV"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_INV, ERR_R_MALLOC_FAILURE, + "Failed to allocate IV"); return SCOSSL_FAILURE; } @@ -385,8 +385,8 @@ UINT16 scossl_aes_gcm_set_tls1_aad(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encrypt, if (aadlen != EVP_AEAD_TLS1_AAD_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "tls1_aad only works with TLS1 AAD length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "tls1_aad only works with TLS1 AAD length"); return SCOSSL_FAILURE; } memcpy(ctx->tlsAad, aad, EVP_AEAD_TLS1_AAD_LEN); @@ -406,8 +406,8 @@ UINT16 scossl_aes_gcm_set_tls1_aad(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encrypt, tls_buffer_len = SYMCRYPT_LOAD_MSBFIRST16(ctx->tlsAad + EVP_AEAD_TLS1_AAD_LEN - 2); if (tls_buffer_len < min_tls_buffer_len) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "tls_buffer_len too short"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "tls_buffer_len too short"); return SCOSSL_FAILURE; } tls_buffer_len -= min_tls_buffer_len; @@ -478,19 +478,19 @@ static SCOSSL_STATUS scossl_aes_ccm_tls(_Inout_ SCOSSL_CIPHER_CCM_CTX *ctx, INT3 if (in != out) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-CCM TLS does not support out-of-place operation"); + "AES-CCM TLS does not support out-of-place operation"); goto cleanup; } if (inl < (SIZE_T)EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->taglen) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-CCM TLS buffer too small"); + "AES-CCM TLS buffer too small"); goto cleanup; } if (ctx->ccmStage != SCOSSL_CCM_STAGE_INIT) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-CCM TLS operation cannot be multi-stage"); + "AES-CCM TLS operation cannot be multi-stage"); goto cleanup; } if (ctx->ivlen != EVP_CCM_TLS_IV_LEN) @@ -591,7 +591,7 @@ SCOSSL_STATUS scossl_aes_ccm_cipher(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encrypt, else { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, - "Data provided to CCM after CCM operation is complete"); + "Data provided to CCM after CCM operation is complete"); return SCOSSL_FAILURE; } } @@ -600,7 +600,7 @@ SCOSSL_STATUS scossl_aes_ccm_cipher(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encrypt, if (in != NULL && out == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, - "AAD provided to CCM before cbData has been set"); + "AAD provided to CCM before cbData has been set"); return SCOSSL_FAILURE; } @@ -711,9 +711,9 @@ SCOSSL_STATUS scossl_aes_ccm_set_iv_len(SCOSSL_CIPHER_CCM_CTX *ctx, size_t ivlen { if (ivlen < SCOSSL_CCM_MIN_IV_LENGTH || ivlen > SCOSSL_CCM_MAX_IV_LENGTH) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "SCOSSL only supports [%d-%d] byte IVs for AES-CCM", - SCOSSL_CCM_MIN_IV_LENGTH, SCOSSL_CCM_MAX_IV_LENGTH); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_IV_LEN, ERR_R_PASSED_INVALID_ARGUMENT, + "SCOSSL only supports [%d-%d] byte IVs for AES-CCM", + SCOSSL_CCM_MIN_IV_LENGTH, SCOSSL_CCM_MAX_IV_LENGTH); return SCOSSL_FAILURE; } @@ -727,8 +727,8 @@ SCOSSL_STATUS scossl_aes_ccm_set_iv_fixed(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encr { if (ctx->ivlen != EVP_CCM_TLS_IV_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "set_iv_fixed only works with TLS IV length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_IV_FIXED, ERR_R_PASSED_INVALID_ARGUMENT, + "set_iv_fixed only works with TLS IV length"); return SCOSSL_FAILURE; } if (ivlen == (size_t)-1) @@ -738,8 +738,8 @@ SCOSSL_STATUS scossl_aes_ccm_set_iv_fixed(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encr } if (ivlen != ctx->ivlen - EVP_CCM_TLS_EXPLICIT_IV_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "set_iv_fixed incorrect length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_IV_FIXED, ERR_R_PASSED_INVALID_ARGUMENT, + "set_iv_fixed incorrect length"); return SCOSSL_FAILURE; } // Set first 4B of IV @@ -763,14 +763,14 @@ UINT16 scossl_aes_ccm_set_tls1_aad(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encrypt, UINT16 min_tls_buffer_len = 0; if (aadlen != EVP_AEAD_TLS1_AAD_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "tls1_aad only works with TLS1 AAD length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "tls1_aad only works with TLS1 AAD length"); return SCOSSL_FAILURE; } if (ctx->taglen != EVP_CCM_TLS_TAG_LEN && ctx->taglen != EVP_CCM8_TLS_TAG_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "Invalid taglen for TLS"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "Invalid taglen for TLS"); return SCOSSL_FAILURE; } memcpy(ctx->tlsAad, aad, EVP_AEAD_TLS1_AAD_LEN); @@ -790,8 +790,8 @@ UINT16 scossl_aes_ccm_set_tls1_aad(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encrypt, tls_buffer_len = SYMCRYPT_LOAD_MSBFIRST16(ctx->tlsAad + EVP_AEAD_TLS1_AAD_LEN - 2); if (tls_buffer_len < min_tls_buffer_len) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "tls_buffer_len too short"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "tls_buffer_len too short"); return SCOSSL_FAILURE; } tls_buffer_len -= min_tls_buffer_len; diff --git a/ScosslCommon/src/scossl_dh.c b/ScosslCommon/src/scossl_dh.c index a0050748..3ec47e9a 100644 --- a/ScosslCommon/src/scossl_dh.c +++ b/ScosslCommon/src/scossl_dh.c @@ -176,7 +176,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (ctx->dlkey == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeyAllocate returned NULL."); + "SymCryptDlkeyAllocate returned NULL."); goto cleanup; } @@ -185,7 +185,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, scError = SymCryptDlkeySetPrivateKeyLength(ctx->dlkey, nBitsPriv, 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, "SymCryptDlkeySetPrivateKeyLength failed", scError); goto cleanup; } @@ -205,7 +205,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if ((pbData = OPENSSL_zalloc(cbData)) == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, - "OPENSSL_zalloc returned NULL."); + "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -215,7 +215,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if ((SIZE_T)BN_bn2binpad(privateKey, pbPrivateKey, cbPrivateKey) != cbPrivateKey) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_INTERNAL_ERROR, - "BN_bn2binpad did not write expected number of private key bytes."); + "BN_bn2binpad did not write expected number of private key bytes."); goto cleanup; } } @@ -230,7 +230,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if ((SIZE_T)BN_bn2binpad(publicKey, pbPublicKey, cbPublicKey) != cbPublicKey) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_INTERNAL_ERROR, - "BN_bn2binpad did not write expected number of public key bytes."); + "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } } @@ -244,7 +244,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (skipGroupValidation) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Importing DH key in non-FIPS group."); + "Importing DH key in non-FIPS group."); flags |= SYMCRYPT_FLAG_KEY_NO_FIPS; } @@ -256,8 +256,8 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, ctx->dlkey); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeySetValue failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, + "SymCryptDlkeySetValue failed", scError); goto cleanup; } @@ -290,7 +290,7 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (ctx->dlkey == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeyAllocate returned NULL."); + "SymCryptDlkeyAllocate returned NULL."); goto cleanup; } @@ -299,8 +299,8 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, scError = SymCryptDlkeySetPrivateKeyLength(ctx->dlkey, nBitsPriv, 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeySetPrivateKeyLength failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, + "SymCryptDlkeySetPrivateKeyLength failed", scError); goto cleanup; } } @@ -308,8 +308,8 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, scError = SymCryptDlkeyGenerate(SYMCRYPT_FLAG_DLKEY_DH, ctx->dlkey); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeyGenerate failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, + "SymCryptDlkeyGenerate failed", scError); goto cleanup; } @@ -501,7 +501,7 @@ SCOSSL_STATUS scossl_dh_get_group_by_nid(int dlGroupNid, const BIGNUM* p, if (*ppDlGroup == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_DH_CONTEXT_EX, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GET_GROUP_BY_NID, ERR_R_INTERNAL_ERROR, "_hidden_dlgroup_* is NULL."); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_ecc.c b/ScosslCommon/src/scossl_ecc.c index 8e617c3e..a2d745ab 100644 --- a/ScosslCommon/src/scossl_ecc.c +++ b/ScosslCommon/src/scossl_ecc.c @@ -100,7 +100,7 @@ PCSYMCRYPT_ECURVE scossl_ecc_group_to_symcrypt_curve(const EC_GROUP *group) case NID_secp521r1: return _hidden_curve_P521; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ECC_GROUP_TO_SYMCRYPT_CURVE, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SCOSSL does not yet support this group (nid %d).", groupNid); } @@ -207,14 +207,14 @@ SCOSSL_STATUS scossl_ec_point_to_pubkey(const EC_POINT* ecPoint, const EC_GROUP if (((ecPubX = BN_new()) == NULL) || ((ecPubY = BN_new()) == NULL)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if (!EC_POINT_get_affine_coordinates(ecGroup, ecPoint, ecPubX, ecPubY, bnCtx)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, ERR_R_OPERATION_FAIL, "EC_POINT_get_affine_coordinates failed."); goto cleanup; } @@ -222,7 +222,7 @@ SCOSSL_STATUS scossl_ec_point_to_pubkey(const EC_POINT* ecPoint, const EC_GROUP if (((SIZE_T) BN_bn2binpad(ecPubX, pbPublicKey, cbPublicKey/2) != cbPublicKey/2) || ((SIZE_T) BN_bn2binpad(ecPubY, pbPublicKey + (cbPublicKey/2), cbPublicKey/2) != cbPublicKey/2)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, ERR_R_OPERATION_FAIL, "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } @@ -248,7 +248,7 @@ static SCOSSL_STATUS scossl_ecdsa_der_check_tag_and_get_value_and_length(_In_rea if (pbDerField[0] != expectedTag) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, ERR_R_PASSED_INVALID_ARGUMENT, - "pbDerField[0] != 0x%x", expectedTag); + "pbDerField[0] != 0x%x", expectedTag); goto cleanup; } @@ -268,14 +268,14 @@ static SCOSSL_STATUS scossl_ecdsa_der_check_tag_and_get_value_and_length(_In_rea else { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, ERR_R_PASSED_INVALID_ARGUMENT, - "Der element length field is not minimal"); + "Der element length field is not minimal"); goto cleanup; } } else { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, ERR_R_PASSED_INVALID_ARGUMENT, - "Unexpected length field encoding. pbDerField[1] == 0x%x", cbContent); + "Unexpected length field encoding. pbDerField[1] == 0x%x", cbContent); goto cleanup; } } @@ -283,8 +283,8 @@ static SCOSSL_STATUS scossl_ecdsa_der_check_tag_and_get_value_and_length(_In_rea if (pbContent + cbContent > pbDerField + cbDerField) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, ERR_R_PASSED_INVALID_ARGUMENT, - "Decoded content length does not fit in derField buffer. pbDerField [0x%lx, 0x%lx), pbContent [0x%lx, 0x%lx)", - pbDerField, pbDerField + cbDerField, pbContent, pbContent + cbContent); + "Decoded content length does not fit in derField buffer. pbDerField [0x%lx, 0x%lx), pbContent [0x%lx, 0x%lx)", + pbDerField, pbDerField + cbDerField, pbContent, pbContent + cbContent); goto cleanup; } @@ -319,10 +319,10 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC (cbSymCryptSignature % 2 == 1)) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "Incorrect size: cbDerSignature %d should be in range [%d, %d]\n" - " cbSymCryptSignature %d should be even integer in range [%d, %d]", - cbDerSignature, SCOSSL_ECDSA_MIN_DER_SIGNATURE_LEN, SCOSSL_ECDSA_MAX_DER_SIGNATURE_LEN, - cbSymCryptSignature, SCOSSL_ECDSA_MIN_SYMCRYPT_SIGNATURE_LEN, SCOSSL_ECDSA_MAX_SYMCRYPT_SIGNATURE_LEN); + "Incorrect size: cbDerSignature %d should be in range [%d, %d]\n" + " cbSymCryptSignature %d should be even integer in range [%d, %d]", + cbDerSignature, SCOSSL_ECDSA_MIN_DER_SIGNATURE_LEN, SCOSSL_ECDSA_MAX_DER_SIGNATURE_LEN, + cbSymCryptSignature, SCOSSL_ECDSA_MIN_SYMCRYPT_SIGNATURE_LEN, SCOSSL_ECDSA_MAX_SYMCRYPT_SIGNATURE_LEN); goto cleanup; } @@ -335,9 +335,9 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC if (pbSeq + cbSeq != pbDerSignature + cbDerSignature) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "Sequence length field (0x%x) does not match cbDerSignature (0x%x)", cbSeq, cbDerSignature); + "Sequence length field (0x%x) does not match cbDerSignature (0x%x)", cbSeq, cbDerSignature); SCOSSL_LOG_BYTES_DEBUG(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbDerSignature", pbDerSignature, cbDerSignature); + "pbDerSignature", pbDerSignature, cbDerSignature); goto cleanup; } @@ -350,9 +350,9 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC if (cbR > cbSeq - 3) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "cbR = pbSeq[1] > cbSeq - 3"); + "cbR = pbSeq[1] > cbSeq - 3"); SCOSSL_LOG_BYTES_DEBUG(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbDerSignature", pbDerSignature, cbDerSignature); + "pbDerSignature", pbDerSignature, cbDerSignature); goto cleanup; } @@ -376,9 +376,9 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC ((cbR > 1) && (pbR[0] == 0x00) && ((pbR[1] & 0x80) != 0x80))) // R is non-zero, and has a redundant leading 0 byte { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbR is not strict DER encoded non-negative integer"); + "pbR is not strict DER encoded non-negative integer"); SCOSSL_LOG_BYTES_DEBUG(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbR", pbR, cbR); + "pbR", pbR, cbR); goto cleanup; } // Trim leading 0 from R @@ -392,9 +392,9 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC ((cbS > 1) && (pbS[0] == 0x00) && ((pbS[1] & 0x80) != 0x80))) // S is non-zero, and has a redundant leading 0 byte { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbS is not strict DER encoded non-negative integer"); + "pbS is not strict DER encoded non-negative integer"); SCOSSL_LOG_BYTES_DEBUG(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbS", pbS, cbS); + "pbS", pbS, cbS); goto cleanup; } // Trim leading 0 from S @@ -407,7 +407,7 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC if ((cbSymCryptSignature < 2 * cbR) || (cbSymCryptSignature < 2 * cbS)) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "cbR (%d) or cbS (%d) too big for cbSymCryptSignature (%d)", cbR, cbS, cbSymCryptSignature); + "cbR (%d) or cbS (%d) too big for cbSymCryptSignature (%d)", cbR, cbS, cbSymCryptSignature); goto cleanup; } @@ -550,7 +550,7 @@ SCOSSL_STATUS scossl_ecdsa_sign(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, scError = SymCryptEckeyExtendKeyUsage(key, SYMCRYPT_FLAG_ECKEY_ECDSA); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, "SymCryptEckeyExtendKeyUsage failed", scError); return SCOSSL_FAILURE; } @@ -565,14 +565,14 @@ SCOSSL_STATUS scossl_ecdsa_sign(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, cbSymCryptSig); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, "SymCryptEcDsaSign failed", scError); return SCOSSL_FAILURE; } if (!scossl_ecdsa_apply_der(buf, cbSymCryptSig, pbSignature, pcbSignature)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, ERR_R_OPERATION_FAIL, "scossl_ecdsa_apply_der failed"); return SCOSSL_FAILURE; } @@ -592,14 +592,14 @@ SCOSSL_STATUS scossl_ecdsa_verify(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, scError = SymCryptEckeyExtendKeyUsage(key, SYMCRYPT_FLAG_ECKEY_ECDSA); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, "SymCryptEckeyExtendKeyUsage failed", scError); return SCOSSL_FAILURE; } if (!scossl_ecdsa_remove_der(pbSignature, pcbSignature, &buf[0], cbSymCryptSig)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, ERR_R_OPERATION_FAIL, "scossl_ecdsa_remove_der failed"); return SCOSSL_FAILURE; } @@ -616,7 +616,7 @@ SCOSSL_STATUS scossl_ecdsa_verify(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, { if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, "SymCryptEcDsaVerify returned unexpected error", scError); } return SCOSSL_FAILURE; diff --git a/ScosslCommon/src/scossl_helpers.c b/ScosslCommon/src/scossl_helpers.c index 3ab245c5..d61def33 100644 --- a/ScosslCommon/src/scossl_helpers.c +++ b/ScosslCommon/src/scossl_helpers.c @@ -39,67 +39,111 @@ static ERR_STRING_DATA SCOSSL_ERR_library_string[] = { {0, NULL} }; +// ERR_put_error is deprecated in 3.0+. We replace the functionality with the equivalent +// function calls in OpenSSL 3.0+. This macro currently exists as ERR_put_error in +// the openssl/err.h but may be removed in the future. +#if OPENSSL_API_LEVEL >= 30000 +#define SCOSSL_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug(file, line, 0), \ + ERR_set_error(lib, reason, NULL)) +#else +#define SCOSSL_put_error(lib, func, reason, file, line) \ + ERR_put_error(lib, func, reason, file, line) + static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { + // ScosslCommon {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_CIPHER, 0), "scossl_aes_ccm_cipher"}, - {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_CTRL, 0), "scossl_aes_ccm_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_SET_IV_FIXED, 0), "scossl_aes_ccm_set_iv_fixed"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_SET_IV_LEN, 0), "scossl_aes_ccm_set_iv_len"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, 0), "scossl_aes_ccm_set_tls1_aad"}, {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_TLS, 0), "scossl_aes_ccm_tls"}, - {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_CTRL, 0), "scossl_aes_gcm_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_CIPHER, 0), "scossl_aes_gcm_cipher"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_IV_GEN, 0), "scossl_aes_gcm_iv_gen"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, 0), "scossl_aes_gcm_set_iv_fixed"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_SET_IV_INV, 0), "scossl_aes_gcm_set_iv_inv"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_SET_IV_LEN, 0), "scossl_aes_gcm_set_iv_len"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_SET_TLS1_AAD, 0), "scossl_aes_gcm_set_tls1_aad"}, {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_TLS, 0), "scossl_aes_gcm_tls"}, - {ERR_PACK(0, SCOSSL_ERR_F_AES_XTS_CIPHER, 0), "scossl_aes_xts_cipher"}, - {ERR_PACK(0, SCOSSL_ERR_F_AES_XTS_CTRL, 0), "scossl_aes_xts_ctrl"}, - {ERR_PACK(0, SCOSSL_ERR_F_DH_COMPUTE_KEY, 0), "scossl_dh_compute_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_DH_GENERATE_KEY, 0), "scossl_dh_generate_key"}, {ERR_PACK(0, SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, 0), "scossl_dh_generate_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_DH_GET_GROUP_BY_NID, 0), "scossl_dh_get_group_by_nid"}, {ERR_PACK(0, SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, 0), "scossl_dh_import_keypair"}, - {ERR_PACK(0, SCOSSL_ERR_F_DIGESTS, 0), "scossl_digests"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, 0), "scossl_ecc_generate_keypair"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, 0), "scossl_ecc_import_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECC_GROUP_TO_SYMCRYPT_CURVE, 0), "scossl_ecc_group_to_symcrypt_curve"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, 0), "scossl_ec_point_to_pubkey"}, {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_APPLY_DER, 0), "scossl_ecdsa_apply_der"}, {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, 0), "scossl_ecdsa_der_check_tag_and_get_value_and_length"}, {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_REMOVE_DER, 0), "scossl_ecdsa_remove_der"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, 0), "scossl_eckey_compute_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_KEYGEN, 0), "scossl_eckey_keygen"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_SIGN, 0), "scossl_eckey_sign"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_SIGN_SETUP, 0), "scossl_eckey_sign_setup"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_SIGN_SIG, 0), "scossl_eckey_sign_sig"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_VERIFY, 0), "scossl_eckey_verify"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_VERIFY_SIG, 0), "scossl_eckey_verify_sig"}, - {ERR_PACK(0, SCOSSL_ERR_F_GET_DH_CONTEXT_EX, 0), "scossl_get_dh_context_ex"}, - {ERR_PACK(0, SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, 0), "scossl_get_ecc_context_ex"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_SIGN, 0), "scossl_ecdsa_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_VERIFY, 0), "scossl_ecdsa_verify"}, {ERR_PACK(0, SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, 0), "scossl_get_symcrypt_hash_algorithm"}, {ERR_PACK(0, SCOSSL_ERR_F_GET_SYMCRYPT_MAC_ALGORITHM, 0), "scossl_get_symcrypt_hmac_algorithm"}, - {ERR_PACK(0, SCOSSL_ERR_F_HKDF_CTRL, 0), "scossl_hkdf_ctrl"}, {ERR_PACK(0, SCOSSL_ERR_F_HKDF_DERIVE, 0), "scossl_hkdf_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_HKDF_INIT, 0), "scossl_hkdf_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_INITIALIZE_RSA_KEY, 0), "scossl_initialize_rsa_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_PKEY_METHODS, 0), "scossl_pkey_methods"}, - {ERR_PACK(0, SCOSSL_ERR_F_PKEY_RSA_SIGN, 0), "scossl_pkey_rsa_sign"}, - {ERR_PACK(0, SCOSSL_ERR_F_PKEY_RSA_VERIFY, 0), "scossl_pkey_rsa_verify"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_INIT, 0), "scossl_rsa_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_KEYGEN, 0), "scossl_rsa_keygen"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_PRIV_DEC, 0), "scossl_rsa_priv_dec"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_PRIV_ENC, 0), "scossl_rsa_priv_enc"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_PUB_DEC, 0), "scossl_rsa_pub_dec"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_PUB_ENC, 0), "scossl_rsa_pub_enc"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_SIGN, 0), "scossl_rsa_sign"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_VERIFY, 0), "scossl_rsa_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_MAC_INIT, 0), "scossl_mac_init"}, + {ERR_PACK(0, SCOSSL_ERR_F_MAC_SET_HMAC_MD, 0), "scossl_mac_set_hmac_md"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_DECRYPT, 0), "scossl_rsa_decrypt"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_ENCRYPT, 0), "scossl_rsa_encrypt"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_EXPORT_KEY, 0), "scossl_rsa_export_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_NEW_EXPORT_PARAMS, 0), "scossl_rsa_new_export_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_PKCS1_SIGN, 0), "scossl_rsa_pkcs1_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_PKCS1_VERIFY, 0), "scossl_rsa_pkcs1_verify"}, {ERR_PACK(0, SCOSSL_ERR_F_RSAPSS_SIGN, 0), "scossl_rsapss_sign"}, {ERR_PACK(0, SCOSSL_ERR_F_RSAPSS_VERIFY, 0), "scossl_rsapss_verify"}, - {ERR_PACK(0, SCOSSL_ERR_F_TLS1PRF_CTRL, 0), "scossl_tls1prf_ctrl"}, - {ERR_PACK(0, SCOSSL_ERR_F_TLS1PRF_DERIVE, 0), "scossl_tls1prf_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_TLS1PRF_INIT, 0), "scossl_tls1prf_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_HMAC_INIT, 0), "scossl_hmac_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_HMAC_CTRL, 0), "scossl_hmac_ctrl"}, - {ERR_PACK(0, SCOSSL_ERR_F_HMAC_CTRL_STR, 0), "scossl_hmac_ctrl_str"}, - {ERR_PACK(0, SCOSSL_ERR_F_SSHKDF_NEW, 0), "scossl_sshkdf_new"}, - {ERR_PACK(0, SCOSSL_ERR_F_SSHKDF_CTRL, 0), "scossl_sshkdf_ctrl"}, - {ERR_PACK(0, SCOSSL_ERR_F_SSHKDF_CTRL_STR, 0), "scossl_sshkdf_ctrl_str"}, {ERR_PACK(0, SCOSSL_ERR_F_SSHKDF_DERIVE, 0), "scossl_sshkdf_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_TLS1PRF_DERIVE, 0), "scossl_tls1prf_derive"}, + // SymCryptEngine + {ERR_PACK(0, SCOSSL_ERR_F_ENG_AES_CCM_CTRL, 0), "e_scossl_aes_ccm_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_AES_GCM_CTRL, 0), "e_scossl_aes_gcm_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_AES_XTS_CIPHER, 0), "e_scossl_aes_xts_cipher"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_AES_XTS_CTRL, 0), "e_scossl_aes_xts_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, 0), "e_scossl_dh_compute_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DH_GENERATE_KEY, 0), "e_scossl_dh_generate_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, 0), "e_scossl_dh_generate_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, 0), "e_scossl_dh_import_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DIGESTS, 0), "e_scossl_digests"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, 0), "e_scossl_ecc_generate_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, 0), "e_scossl_ecc_import_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, 0), "e_scossl_eckey_compute_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_KEYGEN, 0), "e_scossl_eckey_keygen"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_SIGN, 0), "e_scossl_eckey_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, 0), "e_scossl_eckey_sign_setup"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, 0), "e_scossl_eckey_sign_sig"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_VERIFY, 0), "e_scossl_eckey_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, 0), "e_scossl_eckey_verify_sig"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, 0), "e_scossl_get_dh_context_ex"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_GET_ECC_CONTEXT_EX, 0), "e_scossl_get_ecc_context_ex"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_GET_SYMCRYPT_HASH_ALGORITHM, 0), "e_scossl_get_symcrypt_hash_algorithm"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HKDF_CTRL, 0), "e_scossl_hkdf_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HKDF_DERIVE, 0), "e_scossl_hkdf_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HKDF_INIT, 0), "e_scossl_hkdf_init"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HMAC_COPY, 0), "e_scossl_hmac_copy"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HMAC_CTRL, 0), "e_scossl_hmac_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HMAC_INIT, 0), "e_scossl_hmac_init"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, 0), "e_scossl_initialize_rsa_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_PKEY_METHODS, 0), "e_scossl_pkey_methods"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_PKEY_RSA_SIGN, 0), "e_scossl_pkey_rsa_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_PKEY_RSA_VERIFY, 0), "e_scossl_pkey_rsa_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_PKEY_RSAPSS_VERIFY, 0), "e_scossl_pkey_rsapss_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_INIT, 0), "e_scossl_rsa_init"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_KEYGEN, 0), "e_scossl_rsa_keygen"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_PRIV_DEC, 0), "e_scossl_rsa_priv_dec"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_PRIV_ENC, 0), "e_scossl_rsa_priv_enc"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_PUB_DEC, 0), "e_scossl_rsa_pub_dec"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_PUB_ENC, 0), "e_scossl_rsa_pub_enc"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_SIGN, 0), "e_scossl_rsa_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_VERIFY, 0), "e_scossl_rsa_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSAPSS_SIGN, 0), "e_scossl_rsapss_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, 0), "e_scossl_rsapss_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_CTRL, 0), "e_scossl_sshkdf_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_CTRL_STR, 0), "e_scossl_sshkdf_ctrl_str"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, 0), "e_scossl_sshkdf_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_NEW, 0), "e_scossl_sshkdf_new"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, 0), "e_scossl_tls1prf_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_INIT, 0), "e_scossl_tls1prf_init"}, {0, NULL} }; C_ASSERT( (sizeof(SCOSSL_ERR_function_strings) / sizeof(ERR_STRING_DATA)) == SCOSSL_ERR_F_ENUM_END-SCOSSL_ERR_F_ENUM_START ); - +#endif static ERR_STRING_DATA SCOSSL_ERR_reason_strings[] = { {ERR_PACK(0, 0, SCOSSL_ERR_R_MISSING_CTX_DATA), "Missing data in context"}, @@ -107,6 +151,7 @@ static ERR_STRING_DATA SCOSSL_ERR_reason_strings[] = { {ERR_PACK(0, 0, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM), "Algorithm not FIPS certifiable"}, {ERR_PACK(0, 0, SCOSSL_ERR_R_OPENSSL_FALLBACK), "SCOSSL falling back to OpenSSL"}, {ERR_PACK(0, 0, SCOSSL_ERR_R_SYMCRYPT_FAILURE), "SCOSSL triggered SymCrypt failure"}, + {ERR_PACK(0, 0, SCOSSL_ERR_R_KEYSINUSE_FAILURE), "KeysInUse failure"}, {0, NULL} }; @@ -121,9 +166,11 @@ void scossl_setup_logging() // Bind the library name "SCOSSL" to the library code SCOSSL_ERR_library_string[0].error = ERR_PACK(_scossl_err_library_code, 0, 0); ERR_load_strings(_scossl_err_library_code, SCOSSL_ERR_library_string); - ERR_load_strings(_scossl_err_library_code, SCOSSL_ERR_function_strings); ERR_load_strings(_scossl_err_library_code, SCOSSL_ERR_reason_strings); +#if OPENSSL_API_LEVEL < 30000 + ERR_load_strings(_scossl_err_library_code, SCOSSL_ERR_function_strings); +#endif _loggingLock = CRYPTO_THREAD_lock_new(); SCOSSL_set_trace_log_filename(NULL); } @@ -225,7 +272,7 @@ static void _scossl_log_bytes_valist( if( _osslERRLogLevel >= trace_level ) { // Log an OpenSSL error, so calling applications can handle the log appropriately - ERR_put_error(_scossl_err_library_code, func_code, reason_code, file, line); + SCOSSL_put_error(_scossl_err_library_code, func_code, reason_code, file, line); // Add error string indicating the error details as error data ERR_add_error_data(1, paraBuf); } @@ -275,53 +322,9 @@ void _scossl_log( va_end(args); } -void _scossl_log_bignum( - int trace_level, - SCOSSL_ERR_FUNC func_code, - SCOSSL_ERR_REASON reason_code, - const char *file, - int line, - char *description, - BIGNUM *bn) -{ - unsigned char *string = NULL; - int length = 0; - - if( SYMCRYPT_MAX(_traceLogLevel, _osslERRLogLevel) < trace_level ) - { - return; - } - - if( bn == NULL ) - { - return; - } - - length = BN_num_bytes(bn); - if( length < 0 ) - { - return; - } - - string = (unsigned char *)OPENSSL_zalloc(length); - if( string == NULL ) - { - return; - } - - if( BN_bn2bin(bn, string) < 0 ) - { - return; - } - - _scossl_log_bytes(trace_level, func_code, reason_code, file, line, (const char*) string, length, description); - OPENSSL_free(string); -} - void _scossl_log_SYMCRYPT_ERROR( int trace_level, SCOSSL_ERR_FUNC func_code, - SCOSSL_ERR_REASON reason_code, const char *file, int line, char *description, @@ -392,7 +395,7 @@ void _scossl_log_SYMCRYPT_ERROR( scErrorString = "UNKNOWN SYMCRYPT_ERROR"; break; } - _scossl_log(trace_level, func_code, reason_code, file, line, "%s - %s (0x%x)", description, scErrorString, scError); + _scossl_log(trace_level, func_code, SCOSSL_ERR_R_SYMCRYPT_FAILURE, file, line, "%s - %s (0x%x)", description, scErrorString, scError); } BOOL scossl_is_md_supported(int mdnid) diff --git a/ScosslCommon/src/scossl_hkdf.c b/ScosslCommon/src/scossl_hkdf.c index 5e129983..034c2acd 100644 --- a/ScosslCommon/src/scossl_hkdf.c +++ b/ScosslCommon/src/scossl_hkdf.c @@ -97,14 +97,14 @@ SCOSSL_STATUS scossl_hkdf_derive(SCOSSL_HKDF_CTX *ctx, if (ctx->md == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Digest"); + "Missing Digest"); return SCOSSL_FAILURE; } if (ctx->pbKey == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Key"); + "Missing Key"); return SCOSSL_FAILURE; } @@ -160,7 +160,7 @@ SCOSSL_STATUS scossl_hkdf_derive(SCOSSL_HKDF_CTX *ctx, break; default: SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Invalid Mode: %d", ctx->mode); + "Invalid Mode: %d", ctx->mode); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_mac.c b/ScosslCommon/src/scossl_mac.c index d1cb44e1..fae4f48b 100644 --- a/ScosslCommon/src/scossl_mac.c +++ b/ScosslCommon/src/scossl_mac.c @@ -230,8 +230,8 @@ SCOSSL_STATUS scossl_mac_set_hmac_md(SCOSSL_MAC_CTX *ctx, int mdNid) ctx->pMacEx = &SymCryptHmacSha3_512Ex; break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "SCOSSL does not support hash algorithm for MAC %d", mdNid); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_MAC_SET_HMAC_MD, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "SCOSSL does not support hash algorithm for MAC %d", mdNid); return SCOSSL_FAILURE; } @@ -304,17 +304,29 @@ _Use_decl_annotations_ SCOSSL_STATUS scossl_mac_init(SCOSSL_MAC_CTX *ctx, PCBYTE pbKey, SIZE_T cbKey) { + SYMCRYPT_ERROR scError; + if (pbKey != NULL) { if (ctx->expandedKey == NULL) { SCOSSL_COMMON_ALIGNED_ALLOC_EX(expandedKey, OPENSSL_malloc, SCOSSL_MAC_EXPANDED_KEY, ctx->pMac->expandedKeySize); + if (expandedKey == NULL) + { + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_MAC_INIT, ERR_R_INTERNAL_ERROR, + "Failed to aligned allocated expanded key"); + return SCOSSL_FAILURE; + } + ctx->expandedKey = expandedKey; } - if (ctx->expandedKey == NULL || - ctx->pMac->expandKeyFunc(ctx->expandedKey, pbKey, cbKey) != SYMCRYPT_NO_ERROR) + scError = ctx->pMac->expandKeyFunc(ctx->expandedKey, pbKey, cbKey); + + if (scError != SYMCRYPT_NO_ERROR) { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_MAC_INIT, + "SymCryptMacExpandKey failed", scError); return SCOSSL_FAILURE; } } diff --git a/ScosslCommon/src/scossl_rsa.c b/ScosslCommon/src/scossl_rsa.c index 937c878a..8cce9a17 100644 --- a/ScosslCommon/src/scossl_rsa.c +++ b/ScosslCommon/src/scossl_rsa.c @@ -121,8 +121,8 @@ SCOSSL_STATUS scossl_rsa_pkcs1_sign(PSYMCRYPT_RSAKEY key, int mdnid, pkcs1Params = scossl_get_rsa_pkcs1_params(mdnid); if (pkcs1Params == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); goto cleanup; } @@ -130,16 +130,16 @@ SCOSSL_STATUS scossl_rsa_pkcs1_sign(PSYMCRYPT_RSAKEY key, int mdnid, switch (mdnid) { case NID_md5_sha1: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); break; case NID_md5: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm MD5 which is not FIPS compliant"); break; case NID_sha1: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm SHA1 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm SHA1 which is not FIPS compliant"); break; } @@ -164,8 +164,8 @@ SCOSSL_STATUS scossl_rsa_pkcs1_sign(PSYMCRYPT_RSAKEY key, int mdnid, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPkcs1Sign failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PKCS1_SIGN, + "SymCryptRsaPkcs1Sign failed", scError); goto cleanup; } @@ -186,24 +186,24 @@ SCOSSL_STATUS scossl_rsa_pkcs1_verify(PSYMCRYPT_RSAKEY key, int mdnid, if (pkcs1Params == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unsupported hash algorithm: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); goto cleanup; } switch (mdnid) { case NID_md5_sha1: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); break; case NID_md5: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm MD5 which is not FIPS compliant"); break; case NID_sha1: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm SHA1 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm SHA1 which is not FIPS compliant"); break; } @@ -230,8 +230,8 @@ SCOSSL_STATUS scossl_rsa_pkcs1_verify(PSYMCRYPT_RSAKEY key, int mdnid, } else if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPkcs1verify returned unexpected error", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, + "SymCryptRsaPkcs1verify returned unexpected error", scError); } cleanup: @@ -253,7 +253,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (scosslHashAlgo == NULL || expectedHashLength == (SIZE_T)-1) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %d. Size: %d.", mdnid, cbHashValue); + "Unknown type: %d. Size: %d.", mdnid, cbHashValue); goto cleanup; } @@ -276,7 +276,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (cbSalt < 0 || cbSalt > cbSaltMax) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_PASSED_INVALID_ARGUMENT, - "Invalid cbSalt"); + "Invalid cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -284,7 +284,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (pcbSignature == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_PASSED_NULL_PARAMETER, - "pcbSignature is NULL"); + "pcbSignature is NULL"); goto cleanup; } @@ -300,12 +300,12 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (mdnid == NID_md5) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5 which is not FIPS compliant"); + "Using hash algorithm MD5 which is not FIPS compliant"); } else if (mdnid == NID_sha1) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm SHA1 which is not FIPS compliant"); + "Using hash algorithm SHA1 which is not FIPS compliant"); } if (cbHashValue != expectedHashLength) @@ -326,8 +326,8 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPssSign failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, + "SymCryptRsaPssSign failed", scError); goto cleanup; } @@ -351,8 +351,8 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (scosslHashAlgo == NULL || expectedHashLength == (SIZE_T)-1) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %d. Size: %d.", mdnid, cbHashValue); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %d. Size: %d.", mdnid, cbHashValue); goto cleanup; } @@ -381,7 +381,7 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (cbSalt < 0 || cbSalt > cbSaltMax) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, ERR_R_PASSED_INVALID_ARGUMENT, - "Invalid cbSalt"); + "Invalid cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -394,12 +394,12 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (mdnid == NID_md5) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5 which is not FIPS compliant"); + "Using hash algorithm MD5 which is not FIPS compliant"); } else if (mdnid == NID_sha1) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm SHA1 which is not FIPS compliant"); + "Using hash algorithm SHA1 which is not FIPS compliant"); } scError = SymCryptRsaPssVerify( @@ -419,8 +419,8 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, } else if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPssVerify returned unexpected error", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, + "SymCryptRsaPssVerify returned unexpected error", scError); } cleanup: @@ -469,8 +469,8 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPkcs1Encrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, + "SymCryptRsaPkcs1Encrypt failed", scError); goto cleanup; } break; @@ -483,8 +483,8 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, PCSYMCRYPT_HASH scosslHashAlgo = scossl_get_symcrypt_hash_algorithm(mdnid); if (!scosslHashAlgo) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %d.", mdnid); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %d.", mdnid); goto cleanup; } @@ -502,12 +502,15 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaOaepEncrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, + "SymCryptRsaOaepEncrypt failed", scError); goto cleanup; } break; case RSA_NO_PADDING: + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using no padding for RSA encryption which is not FIPS compliant"); + if (cbSrc != cbModulus) { goto cleanup; @@ -523,14 +526,14 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, cbResult = cbModulus; if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaRawEncrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, + "SymCryptRsaRawEncrypt failed", scError); goto cleanup; } break; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, - "Unsupported Padding: %d.", padding); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_OPENSSL_FALLBACK, + "Unsupported Padding: %d.", padding); break; } @@ -610,8 +613,8 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, scosslHashAlgo = scossl_get_symcrypt_hash_algorithm(mdnid); if (!scosslHashAlgo) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %d.", mdnid); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %d.", mdnid); goto cleanup; } @@ -629,12 +632,15 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PRIV_DEC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaOaepDecrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, + "SymCryptRsaOaepDecrypt failed", scError); goto cleanup; } break; case RSA_NO_PADDING: + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using no padding for RSA decryption which is not FIPS compliant"); + scError = SymCryptRsaRawDecrypt( key, pbSrc, @@ -646,14 +652,14 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, cbResult = cbModulus; if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PRIV_DEC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaRawDecrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, + "SymCryptRsaRawDecrypt failed", scError); goto cleanup; } break; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, - "Unsupported Padding: %d.", padding); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_R_OPENSSL_FALLBACK, + "Unsupported Padding: %d.", padding); break; } @@ -672,7 +678,7 @@ SCOSSL_RSA_EXPORT_PARAMS *scossl_rsa_new_export_params(BOOL includePrivate) ((rsaParams->n = BN_new()) == NULL) || ((rsaParams->e = BN_new()) == NULL)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_NEW_EXPORT_PARAMS, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); scossl_rsa_free_export_params(rsaParams, TRUE); rsaParams = NULL; @@ -688,7 +694,7 @@ SCOSSL_RSA_EXPORT_PARAMS *scossl_rsa_new_export_params(BOOL includePrivate) ((rsaParams->privateParams->iqmp = BN_secure_new()) == NULL) || ((rsaParams->privateParams->d = BN_secure_new()) == NULL)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_NEW_EXPORT_PARAMS, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); scossl_rsa_free_export_params(rsaParams, TRUE); rsaParams = NULL; @@ -783,7 +789,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR pbData = OPENSSL_zalloc(cbData); if (pbData == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); goto cleanup; } @@ -827,7 +833,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -838,7 +844,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR if (BN_lebin2bn(pbModulus, cbModulus, rsaParams->n) == NULL || BN_lebin2bn(pbPubExp64, 8, rsaParams->e) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } @@ -854,7 +860,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, "SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -866,7 +872,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR (BN_lebin2bn(pbCrtCoefficient, cbPrime1, rsaParams->privateParams->iqmp) == NULL) || (BN_lebin2bn(pbPrivateExponent, cbPrivateExponent, rsaParams->privateParams->d) == NULL)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } diff --git a/ScosslCommon/src/scossl_sshkdf.c b/ScosslCommon/src/scossl_sshkdf.c index 77728851..79c60ba0 100644 --- a/ScosslCommon/src/scossl_sshkdf.c +++ b/ScosslCommon/src/scossl_sshkdf.c @@ -65,28 +65,28 @@ SCOSSL_STATUS scossl_sshkdf_derive(SCOSSL_SSHKDF_CTX *ctx, ctx->cbHashValue == 0) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Digest"); + "Missing Digest"); return SCOSSL_FAILURE; } if (!ctx->pbKey) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Key"); + "Missing Key"); return SCOSSL_FAILURE; } if (ctx->cbSessionId == 0) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Session ID"); + "Missing Session ID"); return SCOSSL_FAILURE; } if (ctx->label == 0) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Label"); + "Missing Label"); return SCOSSL_FAILURE; } @@ -100,6 +100,8 @@ SCOSSL_STATUS scossl_sshkdf_derive(SCOSSL_SSHKDF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, + "SymCryptSshKdf failed", scError); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_tls1prf.c b/ScosslCommon/src/scossl_tls1prf.c index 85174f72..15678a58 100644 --- a/ScosslCommon/src/scossl_tls1prf.c +++ b/ScosslCommon/src/scossl_tls1prf.c @@ -82,7 +82,7 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, if (ctx->pbSecret == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Secret"); + "Missing Secret"); return SCOSSL_FAILURE; } @@ -90,7 +90,7 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, { // Special case to use TlsPrf1_1 to handle md5_sha1 SCOSSL_LOG_INFO(SCOSSL_ERR_F_TLS1PRF_DERIVE, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); + "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); scError = SymCryptTlsPrf1_1( ctx->pbSecret, ctx->cbSecret, @@ -103,7 +103,7 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, if (ctx->pHmac == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Digest"); + "Missing Digest"); return SCOSSL_FAILURE; } @@ -117,8 +117,8 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptTlsPrf1_x failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, + "SymCryptTlsPrf1_x failed", scError); return SCOSSL_FAILURE; } diff --git a/SslPlay/SslPlay.cpp b/SslPlay/SslPlay.cpp index 9c09d6b3..a8e460d6 100644 --- a/SslPlay/SslPlay.cpp +++ b/SslPlay/SslPlay.cpp @@ -1049,6 +1049,10 @@ void TestRsaEvp(int modulus, uint32_t exponent) // MD5+PKCS1 is not supported by the provider #if OPENSSL_VERSION_MAJOR == 1 + // Test engine fallback + TestRsaSignVerify(privateKey, publicKey, "RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING", RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING, 0, "EVP_sha256", EVP_sha256(), 32); + printf("%s", SeparatorLine); + TestRsaSignVerify(privateKey, publicKey, "RSA_PKCS1_PADDING", RSA_PKCS1_PADDING, 0, "EVP_MD5", EVP_md5(), 16); #endif TestRsaSignVerify(privateKey, publicKey, "RSA_PKCS1_PADDING", RSA_PKCS1_PADDING, 0, "EVP_sha1", EVP_sha1(), 20); diff --git a/SymCryptEngine/src/e_scossl_ciphers.c b/SymCryptEngine/src/e_scossl_ciphers.c index e38ee2f7..2db52fed 100644 --- a/SymCryptEngine/src/e_scossl_ciphers.c +++ b/SymCryptEngine/src/e_scossl_ciphers.c @@ -640,7 +640,7 @@ SCOSSL_RETURNLENGTH e_scossl_aes_xts_cipher(_Inout_ EVP_CIPHER_CTX *ctx, _Out_ u { if( (inl % SYMCRYPT_AES_BLOCK_SIZE) != 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_XTS_CIPHER, ERR_R_PASSED_INVALID_ARGUMENT, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_XTS_CIPHER, ERR_R_PASSED_INVALID_ARGUMENT, "Data length (%d) is not a multiple of the AES block size. SymCrypt does not support this size", inl); return -1; } @@ -688,7 +688,7 @@ static SCOSSL_STATUS e_scossl_aes_xts_ctrl(_In_ EVP_CIPHER_CTX *ctx, int type, o // set EVP_CIPH_CUSTOM_COPY flag on all our AES ciphers // We must explicitly copy the AES key struct using SymCrypt as the AES key structure contains pointers // to itself, so a plain memcpy will maintain pointers to the source context - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_XTS_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_XTS_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "No copy method currently implemented"); // We need a SymCryptXtsKeyCopy function for this as we don't have explicit control over the AES key // struct here @@ -765,8 +765,8 @@ static int e_scossl_aes_gcm_ctrl(_Inout_ EVP_CIPHER_CTX *ctx, int type, int arg, if (cipherCtx->iv != NULL && (dstCtx->iv = OPENSSL_memdup(cipherCtx->iv, cipherCtx->ivlen)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, - "Failed to copy IV"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, + "Failed to copy IV"); return SCOSSL_FAILURE; } @@ -785,7 +785,7 @@ static int e_scossl_aes_gcm_ctrl(_Inout_ EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: return scossl_aes_gcm_set_tls1_aad(cipherCtx, EVP_CIPHER_CTX_encrypting(ctx), ptr, arg); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_GCM_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt Engine does not support control type (%d)", type); return SCOSSL_FAILURE; } @@ -861,7 +861,7 @@ static int e_scossl_aes_ccm_ctrl(_Inout_ EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: return scossl_aes_ccm_set_tls1_aad(cipherCtx, EVP_CIPHER_CTX_encrypting(ctx), ptr, arg); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_CCM_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt Engine does not support control type (%d)", type); return SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_dh.c b/SymCryptEngine/src/e_scossl_dh.c index 0097f270..234d4741 100644 --- a/SymCryptEngine/src/e_scossl_dh.c +++ b/SymCryptEngine/src/e_scossl_dh.c @@ -52,7 +52,7 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( pbData = OPENSSL_zalloc(cbData); if( pbData == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -68,7 +68,7 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -76,7 +76,7 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( if( ((dh_privkey = BN_secure_new()) == NULL) || ((dh_pubkey = BN_new()) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } @@ -84,14 +84,14 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( if( (BN_bin2bn(pbPrivateKey, cbPrivateKey, dh_privkey) == NULL) || (BN_bin2bn(pbPublicKey, cbPublicKey, dh_pubkey) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } if( DH_set0_key(dh, dh_pubkey, dh_privkey) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "DH_set0_key failed."); goto cleanup; } @@ -143,7 +143,7 @@ SCOSSL_STATUS e_scossl_dh_import_keypair( if( dh_pubkey == NULL && dh_privkey == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_INTERNAL_ERROR, "DH_get0_key returned NULL for public and private key."); goto cleanup; } @@ -160,8 +160,8 @@ SCOSSL_STATUS e_scossl_dh_import_keypair( cbPublicKey = SymCryptDlkeySizeofPublicKey(pKeyCtx->dlkey); if( (pbPublicKey = OPENSSL_zalloc(cbPublicKey)) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, - "OPENSSL_zalloc returned NULL."); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -173,28 +173,28 @@ SCOSSL_STATUS e_scossl_dh_import_keypair( 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } if( (generated_dh_pubkey = BN_new()) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if( BN_bin2bn(pbPublicKey, cbPublicKey, generated_dh_pubkey) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } if( DH_set0_key(dh, generated_dh_pubkey, NULL) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "DH_set0_key failed."); goto cleanup; } @@ -252,7 +252,7 @@ SCOSSL_STATUS e_scossl_get_dh_context_ex(_Inout_ DH* dh, _Out_ SCOSSL_DH_KEY_CTX { if (status == SCOSSL_FALLBACK) { - SCOSSL_LOG_INFO(SCOSSL_ERR_F_GET_DH_CONTEXT_EX, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SymCrypt engine does not support this DH dlgroup - falling back to OpenSSL."); } return status; @@ -265,14 +265,14 @@ SCOSSL_STATUS e_scossl_get_dh_context_ex(_Inout_ DH* dh, _Out_ SCOSSL_DH_KEY_CTX SCOSSL_DH_KEY_CTX* pKeyCtx = scossl_dh_new_key_ctx(); if( !pKeyCtx ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_DH_CONTEXT_EX, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); return SCOSSL_FAILURE; } if( DH_set_ex_data(dh, e_scossl_dh_idx, pKeyCtx) == 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_DH_CONTEXT_EX, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, ERR_R_OPERATION_FAIL, "DH_set_ex_data failed"); OPENSSL_free(pKeyCtx); return SCOSSL_FAILURE; @@ -316,7 +316,7 @@ SCOSSL_STATUS e_scossl_dh_generate_key(_Inout_ DH* dh) switch( e_scossl_get_dh_context_ex(dh, &pKeyCtx, TRUE) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEY, ERR_R_OPERATION_FAIL, "e_scossl_get_dh_context_ex failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -329,7 +329,7 @@ SCOSSL_STATUS e_scossl_dh_generate_key(_Inout_ DH* dh) case SCOSSL_SUCCESS: return SCOSSL_SUCCESS; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEY, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_dh_context_ex value"); return SCOSSL_FAILURE; } @@ -352,7 +352,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi switch( e_scossl_get_dh_context(dh, &pKeyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "e_scossl_get_dh_context failed."); return res; case SCOSSL_FALLBACK: @@ -365,7 +365,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_dh_context_ex value"); return res; } @@ -375,14 +375,14 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi pkPublic = SymCryptDlkeyAllocate(pKeyCtx->dlkey->pDlgroup); if( pkPublic == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptDlkeyAllocate returned NULL."); goto cleanup; } if( (SIZE_T) BN_bn2binpad(pub_key, buf, cbPublicKey) != cbPublicKey ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } @@ -395,7 +395,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi pkPublic ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, "SymCryptDlkeySetValue failed", scError); goto cleanup; } @@ -409,7 +409,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi cbPublicKey ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, "SymCryptDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptEngine/src/e_scossl_digests.c b/SymCryptEngine/src/e_scossl_digests.c index 2e0821c1..27504ef0 100644 --- a/SymCryptEngine/src/e_scossl_digests.c +++ b/SymCryptEngine/src/e_scossl_digests.c @@ -215,7 +215,7 @@ static SCOSSL_STATUS e_scossl_digest_md5_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_MD5_STATE state = (PSYMCRYPT_MD5_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -229,7 +229,7 @@ static SCOSSL_STATUS e_scossl_digest_md5_update(_Inout_ EVP_MD_CTX *ctx, _In_rea PSYMCRYPT_MD5_STATE state = (PSYMCRYPT_MD5_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -242,7 +242,7 @@ static SCOSSL_STATUS e_scossl_digest_md5_final(_Inout_ EVP_MD_CTX *ctx, _Out_wri PSYMCRYPT_MD5_STATE state = (PSYMCRYPT_MD5_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -271,7 +271,7 @@ static SCOSSL_STATUS e_scossl_digest_sha1_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_SHA1_STATE state = (PSYMCRYPT_SHA1_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -285,7 +285,7 @@ static SCOSSL_STATUS e_scossl_digest_sha1_update(_Inout_ EVP_MD_CTX *ctx, _In_re PSYMCRYPT_SHA1_STATE state = (PSYMCRYPT_SHA1_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -298,7 +298,7 @@ static SCOSSL_STATUS e_scossl_digest_sha1_final(_Inout_ EVP_MD_CTX *ctx, _Out_wr PSYMCRYPT_SHA1_STATE state = (PSYMCRYPT_SHA1_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -328,7 +328,7 @@ static SCOSSL_STATUS e_scossl_digest_sha256_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_SHA256_STATE state = (PSYMCRYPT_SHA256_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -342,7 +342,7 @@ static SCOSSL_STATUS e_scossl_digest_sha256_update(_Inout_ EVP_MD_CTX *ctx, _In_ PSYMCRYPT_SHA256_STATE state = (PSYMCRYPT_SHA256_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -355,7 +355,7 @@ static SCOSSL_STATUS e_scossl_digest_sha256_final(_Inout_ EVP_MD_CTX *ctx, _Out_ PSYMCRYPT_SHA256_STATE state = (PSYMCRYPT_SHA256_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -384,7 +384,7 @@ static SCOSSL_STATUS e_scossl_digest_sha384_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_SHA384_STATE state = (PSYMCRYPT_SHA384_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -398,7 +398,7 @@ static SCOSSL_STATUS e_scossl_digest_sha384_update(_Inout_ EVP_MD_CTX *ctx, _In_ PSYMCRYPT_SHA384_STATE state = (PSYMCRYPT_SHA384_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -411,7 +411,7 @@ static SCOSSL_STATUS e_scossl_digest_sha384_final(_Inout_ EVP_MD_CTX *ctx, _Out_ PSYMCRYPT_SHA384_STATE state = (PSYMCRYPT_SHA384_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -440,7 +440,7 @@ static SCOSSL_STATUS e_scossl_digest_sha512_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_SHA512_STATE state = (PSYMCRYPT_SHA512_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -454,7 +454,7 @@ static SCOSSL_STATUS e_scossl_digest_sha512_update(_Inout_ EVP_MD_CTX *ctx, _In_ PSYMCRYPT_SHA512_STATE state = (PSYMCRYPT_SHA512_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -467,7 +467,7 @@ static SCOSSL_STATUS e_scossl_digest_sha512_final(_Inout_ EVP_MD_CTX *ctx, _Out_ PSYMCRYPT_SHA512_STATE state = (PSYMCRYPT_SHA512_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_ecc.c b/SymCryptEngine/src/e_scossl_ecc.c index 120257de..57e92cb6 100644 --- a/SymCryptEngine/src/e_scossl_ecc.c +++ b/SymCryptEngine/src/e_scossl_ecc.c @@ -91,7 +91,7 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey pKeyCtx->key = SymCryptEckeyAllocate(pCurve); if( pKeyCtx->key == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyAllocate returned NULL."); goto cleanup; } @@ -103,7 +103,7 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey pbData = OPENSSL_zalloc(cbData); if( pbData == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -111,7 +111,7 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey scError = SymCryptEckeySetRandom( SYMCRYPT_FLAG_ECKEY_ECDH, pKeyCtx->key ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, "SymCryptEckeySetRandom failed", scError); goto cleanup; } @@ -128,14 +128,14 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, "SymCryptEckeyGetValue failed", scError); goto cleanup; } if( (bn_ctx = BN_CTX_new()) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_CTX_new returned NULL."); goto cleanup; } @@ -145,14 +145,14 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey ((ec_pub_x = BN_new()) == NULL) || ((ec_pub_y = BN_new()) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if( (ec_pubkey = EC_POINT_new(ecgroup)) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "EC_POINT_new returned NULL."); goto cleanup; } @@ -161,28 +161,28 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey (BN_bin2bn(pbPublicKey, cbPublicKey/2, ec_pub_x) == NULL) || (BN_bin2bn(pbPublicKey + (cbPublicKey/2), cbPublicKey/2, ec_pub_y) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } if( EC_KEY_set_private_key(eckey, ec_privkey) == 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_KEY_set_private_key failed."); goto cleanup; } if( EC_POINT_set_affine_coordinates(ecgroup, ec_pubkey, ec_pub_x, ec_pub_y, bn_ctx) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_POINT_set_affine_coordinates failed."); goto cleanup; } if( EC_KEY_set_public_key(eckey, ec_pubkey) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_KEY_set_public_key failed."); goto cleanup; } @@ -236,7 +236,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pKeyCtx->key = SymCryptEckeyAllocate(pCurve); if( pKeyCtx->key == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyAllocate returned NULL."); goto cleanup; } @@ -249,7 +249,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E if( ec_pubkey == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_KEY_get0_public_key returned NULL."); goto cleanup; } @@ -261,7 +261,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E if( (bn_ctx = BN_CTX_new()) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_CTX_new returned NULL."); goto cleanup; } @@ -270,14 +270,14 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E if( ((ec_pub_x = BN_new()) == NULL) || ((ec_pub_y = BN_new()) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if( EC_POINT_get_affine_coordinates(ecgroup, ec_pubkey, ec_pub_x, ec_pub_y, bn_ctx) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_POINT_get_affine_coordinates failed."); goto cleanup; } @@ -286,7 +286,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pbData = OPENSSL_zalloc(cbData); if( pbData == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -296,7 +296,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pbPrivateKey = pbData; if( (SIZE_T) BN_bn2binpad(ec_privkey, pbPrivateKey, cbPrivateKey) != cbPrivateKey ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bn2binpad did not write expected number of private key bytes."); goto cleanup; } @@ -306,7 +306,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E if( ((SIZE_T) BN_bn2binpad(ec_pub_x, pbPublicKey, cbPublicKey/2) != cbPublicKey/2) || ((SIZE_T) BN_bn2binpad(ec_pub_y, pbPublicKey + (cbPublicKey/2), cbPublicKey/2) != cbPublicKey/2) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } @@ -320,7 +320,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pKeyCtx->key ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -374,14 +374,14 @@ SCOSSL_STATUS e_scossl_get_ecc_context_ex(_Inout_ EC_KEY* eckey, _Out_ SCOSSL_EC SCOSSL_ECC_KEY_CONTEXT *keyCtx = OPENSSL_zalloc(sizeof(*keyCtx)); if( !keyCtx ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_ECC_CONTEXT_EX, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); return SCOSSL_FAILURE; } if( EC_KEY_set_ex_data(eckey, e_scossl_eckey_idx, keyCtx) == 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_ECC_CONTEXT_EX, ERR_R_OPERATION_FAIL, "EC_KEY_set_ex_data failed"); OPENSSL_free(keyCtx); return SCOSSL_FAILURE; @@ -434,7 +434,7 @@ SCOSSL_STATUS e_scossl_eckey_sign(int type, switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -449,7 +449,7 @@ SCOSSL_STATUS e_scossl_eckey_sign(int type, case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return SCOSSL_FAILURE; } @@ -457,7 +457,7 @@ SCOSSL_STATUS e_scossl_eckey_sign(int type, // SymCrypt does not support taking kinv or r parameters. Fallback to OpenSSL. if( kinv != NULL || r != NULL ) { - SCOSSL_LOG_INFO(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_ECKEY_SIGN, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SymCrypt engine does not yet support explicit setting kinv or r parameters. Falling back to OpenSSL"); ossl_eckey_method = EC_KEY_OpenSSL(); PFN_eckey_sign pfn_eckey_sign = NULL; @@ -481,12 +481,12 @@ SCOSSL_STATUS e_scossl_eckey_sign_setup(_In_ EC_KEY* eckey, _In_ BN_CTX* ctx_in, switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SETUP, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: case SCOSSL_SUCCESS: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_ECKEY_SIGN_SETUP, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SymCrypt engine does not yet support explicit getting kinv or r parameters. Falling back to OpenSSL"); EC_KEY_METHOD_get_sign(ossl_eckey_method, NULL, &pfn_eckey_sign_setup, NULL); if( !pfn_eckey_sign_setup ) @@ -495,7 +495,7 @@ SCOSSL_STATUS e_scossl_eckey_sign_setup(_In_ EC_KEY* eckey, _In_ BN_CTX* ctx_in, } return pfn_eckey_sign_setup(eckey, ctx_in, kinvp, rp); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SETUP, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return SCOSSL_FAILURE; } @@ -517,7 +517,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return NULL; case SCOSSL_FALLBACK: @@ -532,7 +532,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return NULL; } @@ -540,7 +540,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char scError = SymCryptEckeyExtendKeyUsage(keyCtx->key, SYMCRYPT_FLAG_ECKEY_ECDSA); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, "SymCryptEckeyExtendKeyUsage failed", scError); return NULL; } @@ -556,7 +556,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char cbSymCryptSig); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, "SymCryptEcDsaSign failed", scError); return NULL; } @@ -564,7 +564,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char returnSignature = ECDSA_SIG_new(); if( returnSignature == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_MALLOC_FAILURE, "ECDSA_SIG_new returned NULL."); return NULL; } @@ -574,7 +574,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char { BN_free(r); BN_free(s); - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); return NULL; } @@ -582,7 +582,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char if( (BN_bin2bn(buf, cbSymCryptSig/2, r) == NULL) || (BN_bin2bn(buf + cbSymCryptSig/2, cbSymCryptSig/2, s) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); BN_free(r); BN_free(s); @@ -615,7 +615,7 @@ SCOSSL_STATUS e_scossl_eckey_verify(int type, _In_reads_bytes_(dgst_len) const u switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -630,7 +630,7 @@ SCOSSL_STATUS e_scossl_eckey_verify(int type, _In_reads_bytes_(dgst_len) const u case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return SCOSSL_FAILURE; } @@ -653,7 +653,7 @@ SCOSSL_STATUS e_scossl_eckey_verify_sig(_In_reads_bytes_(dgst_len) const unsigne switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY_SIG, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -668,7 +668,7 @@ SCOSSL_STATUS e_scossl_eckey_verify_sig(_In_reads_bytes_(dgst_len) const unsigne case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY_SIG, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return SCOSSL_FAILURE; } @@ -691,7 +691,7 @@ SCOSSL_STATUS e_scossl_eckey_verify_sig(_In_reads_bytes_(dgst_len) const unsigne { if( scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, "SymCryptEcDsaVerify returned unexpected error", scError); } return SCOSSL_FAILURE; @@ -708,7 +708,7 @@ SCOSSL_STATUS e_scossl_eckey_keygen(_Inout_ EC_KEY *key) switch( e_scossl_get_ecc_context_ex(key, &keyCtx, TRUE) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_KEYGEN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_KEYGEN, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context_ex failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -723,7 +723,7 @@ SCOSSL_STATUS e_scossl_eckey_keygen(_Inout_ EC_KEY *key) case SCOSSL_SUCCESS: return SCOSSL_SUCCESS; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_KEYGEN, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_KEYGEN, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context_ex value"); return SCOSSL_FAILURE; } @@ -751,7 +751,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi switch( e_scossl_get_ecc_context((EC_KEY*)ecdh, &keyCtx) ) // removing const cast as code path in this instance will not alter ecdh. TODO: refactor e_scossl_get_ecc_context { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return -1; case SCOSSL_FALLBACK: @@ -766,7 +766,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return -1; } @@ -774,7 +774,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi ecgroup = EC_KEY_get0_group(ecdh); if( ecgroup == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "EC_KEY_get0_group returned NULL."); goto cleanup; } @@ -783,14 +783,14 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi pkPublic = SymCryptEckeyAllocate(keyCtx->key->pCurve); if( pkPublic == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyAllocate returned NULL."); goto cleanup; } if( (bn_ctx = BN_CTX_new()) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "BN_CTX_new returned NULL."); goto cleanup; } @@ -799,14 +799,14 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi if( ((ec_pub_x = BN_new()) == NULL) || ((ec_pub_y = BN_new()) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if( EC_POINT_get_affine_coordinates(ecgroup, pub_key, ec_pub_x, ec_pub_y, bn_ctx) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "EC_POINT_get_affine_coordinates failed."); goto cleanup; } @@ -814,7 +814,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi if( (BN_bn2binpad(ec_pub_x, buf, cbPublicKey/2) != (int) cbPublicKey/2) || (BN_bn2binpad(ec_pub_y, buf + (cbPublicKey/2), cbPublicKey/2) != (int) cbPublicKey/2) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } @@ -828,7 +828,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi pkPublic ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -837,7 +837,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi *psec = OPENSSL_zalloc(*pseclen); if( *psec == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); goto cleanup; } @@ -851,7 +851,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi *pseclen ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, "SymCryptEcDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptEngine/src/e_scossl_hkdf.c b/SymCryptEngine/src/e_scossl_hkdf.c index 251738b0..5ecaf078 100644 --- a/SymCryptEngine/src/e_scossl_hkdf.c +++ b/SymCryptEngine/src/e_scossl_hkdf.c @@ -16,7 +16,7 @@ SCOSSL_STATUS e_scossl_hkdf_init(EVP_PKEY_CTX *ctx) { SCOSSL_HKDF_CTX *e_scossl_hkdf_context; if ((e_scossl_hkdf_context = scossl_hkdf_newctx()) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_INIT, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HKDF_INIT, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc returned NULL"); return SCOSSL_FAILURE; } @@ -77,7 +77,7 @@ SCOSSL_STATUS e_scossl_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return SCOSSL_SUCCESS; return scossl_hkdf_append_info(e_scossl_hkdf_context, p2, p1); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HKDF_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt Engine does not support ctrl type (%d)", type); return SCOSSL_UNSUPPORTED; } @@ -198,15 +198,15 @@ SCOSSL_STATUS e_scossl_hkdf_derive(EVP_PKEY_CTX *ctx, if (e_scossl_hkdf_context->md == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Digest"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, + "Missing Digest"); return SCOSSL_FAILURE; } if (e_scossl_hkdf_context->pbKey == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Key"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, + "Missing Key"); return SCOSSL_FAILURE; } @@ -221,8 +221,8 @@ SCOSSL_STATUS e_scossl_hkdf_derive(EVP_PKEY_CTX *ctx, return scossl_hkdf_derive(e_scossl_hkdf_context, key, *keylen); } - SCOSSL_LOG_INFO(SCOSSL_ERR_F_HKDF_DERIVE, SCOSSL_ERR_R_OPENSSL_FALLBACK, - "SymCrypt engine does not support Hmac algorithm %d - falling back to OpenSSL", EVP_MD_type(e_scossl_hkdf_context->md)); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_HKDF_DERIVE, SCOSSL_ERR_R_OPENSSL_FALLBACK, + "SymCrypt engine does not support Hmac algorithm %d - falling back to OpenSSL", EVP_MD_type(e_scossl_hkdf_context->md)); switch (e_scossl_hkdf_context->mode) { diff --git a/SymCryptEngine/src/e_scossl_hmac.c b/SymCryptEngine/src/e_scossl_hmac.c index 2e140880..3bbaa76e 100644 --- a/SymCryptEngine/src/e_scossl_hmac.c +++ b/SymCryptEngine/src/e_scossl_hmac.c @@ -19,8 +19,8 @@ SCOSSL_STATUS e_scossl_hmac_init(EVP_PKEY_CTX *ctx) if ((e_scossl_hmac_context = OPENSSL_zalloc(sizeof(SCOSSL_MAC_CTX))) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HMAC_INIT, ERR_R_MALLOC_FAILURE, - "OPENSSL_zalloc returned NULL"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HMAC_INIT, ERR_R_MALLOC_FAILURE, + "OPENSSL_zalloc returned NULL"); return SCOSSL_FAILURE; } @@ -52,8 +52,8 @@ SCOSSL_STATUS e_scossl_hmac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) if ((dst_ctx = scossl_mac_dupctx(src_ctx)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HMAC_INIT, ERR_R_MALLOC_FAILURE, - "scossl_hmac_dupctx returned NULL"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HMAC_COPY, ERR_R_MALLOC_FAILURE, + "scossl_hmac_dupctx returned NULL"); return SCOSSL_FAILURE; } @@ -96,7 +96,7 @@ SCOSSL_STATUS e_scossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ret = scossl_mac_init(e_scossl_hmac_context, key->data, key->length); break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HMAC_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HMAC_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt Engine does not support ctrl type (%d)", type); ret = SCOSSL_UNSUPPORTED; } diff --git a/SymCryptEngine/src/e_scossl_pkey_meths.c b/SymCryptEngine/src/e_scossl_pkey_meths.c index 411fc1b3..bdc0b5c2 100644 --- a/SymCryptEngine/src/e_scossl_pkey_meths.c +++ b/SymCryptEngine/src/e_scossl_pkey_meths.c @@ -41,7 +41,7 @@ static int e_scossl_pkey_rsa_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_bytes_( if( EVP_PKEY_CTX_get_rsa_padding(ctx, &padding) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PKEY_RSA_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_PKEY_RSA_SIGN, ERR_R_OPERATION_FAIL, "Failed to get padding"); return SCOSSL_UNSUPPORTED; } @@ -62,7 +62,7 @@ static int e_scossl_pkey_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_byte if( EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, &cbSalt) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PKEY_RSA_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_PKEY_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -70,7 +70,7 @@ static int e_scossl_pkey_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_byte { return e_scossl_rsapss_verify(ctx, sig, siglen, tbs, tbslen); } - SCOSSL_LOG_INFO(SCOSSL_ERR_F_PKEY_RSA_VERIFY, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_PKEY_RSAPSS_VERIFY, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SymCrypt Engine does not support RSA_PSS_SALTLEN_AUTO saltlen - falling back to OpenSSL"); return _openssl_pkey_rsa_verify(ctx, sig, siglen, tbs, tbslen); @@ -84,7 +84,7 @@ static int e_scossl_pkey_rsa_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_( if( EVP_PKEY_CTX_get_rsa_padding(ctx, &padding) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PKEY_RSA_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_PKEY_RSA_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get padding"); return SCOSSL_UNSUPPORTED; } @@ -236,7 +236,7 @@ SCOSSL_STATUS e_scossl_pkey_methods_init_static() (e_scossl_pkey_rsa_pss() == NULL) || (e_scossl_pkey_tls1_prf() == NULL) || (e_scossl_pkey_hkdf() == NULL) || - (e_scossl_pkey_hmac() == NULL) + (e_scossl_pkey_hmac() == NULL) ) { return SCOSSL_FAILURE; @@ -285,7 +285,7 @@ int e_scossl_pkey_methods(_Inout_ ENGINE *e, _Out_opt_ EVP_PKEY_METHOD **pmeth, *pmeth = _e_scossl_pkey_hmac; break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PKEY_METHODS, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_PKEY_METHODS, SCOSSL_ERR_R_NOT_IMPLEMENTED, "NID %d not supported"); ok = 0; *pmeth = NULL; diff --git a/SymCryptEngine/src/e_scossl_rsa.c b/SymCryptEngine/src/e_scossl_rsa.c index ca3ceb95..25fb598d 100644 --- a/SymCryptEngine/src/e_scossl_rsa.c +++ b/SymCryptEngine/src/e_scossl_rsa.c @@ -35,7 +35,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_pub_enc(int flen, _In_reads_bytes_(flen) const if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_PUB_ENC, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); goto cleanup; } @@ -60,7 +60,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_pub_enc(int flen, _In_reads_bytes_(flen) const scossl_rsa_encrypt(keyCtx->key, padding, NID_sha1, NULL, 0, from, flen, to, &ret, -1); break; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_RSA_PUB_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, "Unsupported Padding: %d. Forwarding to OpenSSL. Size: %d.", padding, flen); ossl_rsa_meth = RSA_PKCS1_OpenSSL(); pfn_rsa_meth_pub_enc = RSA_meth_get_pub_enc(ossl_rsa_meth); @@ -85,7 +85,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_priv_dec(int flen, _In_reads_bytes_(flen) const if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PRIV_DEC, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_PRIV_DEC, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); goto cleanup; } @@ -110,7 +110,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_priv_dec(int flen, _In_reads_bytes_(flen) const scossl_rsa_decrypt(keyCtx->key, padding, NID_sha1, NULL, 0, from, flen, to, &ret, -1); break; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PRIV_DEC, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_RSA_PRIV_DEC, SCOSSL_ERR_R_OPENSSL_FALLBACK, "Unsupported Padding: %d. Forwarding to OpenSSL. Size: %d.", padding, flen); ossl_rsa_meth = RSA_PKCS1_OpenSSL(); pfn_rsa_meth_priv_dec = RSA_meth_get_priv_dec(ossl_rsa_meth); @@ -128,7 +128,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_priv_dec(int flen, _In_reads_bytes_(flen) const SCOSSL_RETURNLENGTH e_scossl_rsa_priv_enc(int flen, _In_reads_bytes_(flen) const unsigned char* from, _Out_writes_bytes_(RSA_size(rsa)) unsigned char* to, _In_ RSA* rsa, int padding) { - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PRIV_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_RSA_PRIV_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, "RSA private encrypt equivalent not FIPS certifiable. Forwarding to OpenSSL. Size: %d.", flen); const RSA_METHOD *ossl_rsa_meth = RSA_PKCS1_OpenSSL(); // Use default implementation PFN_RSA_meth_priv_enc pfn_rsa_meth_priv_enc = NULL; @@ -145,7 +145,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_pub_dec(int flen, _In_reads_bytes_(flen) const _Out_writes_bytes_(RSA_size(rsa)) unsigned char* to, _In_ RSA* rsa, int padding) { - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PUB_DEC, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_RSA_PUB_DEC, SCOSSL_ERR_R_OPENSSL_FALLBACK, "RSA public decrypt equivalent not found in SymCrypt. Forwarding to OpenSSL. Size: %d.", flen); const RSA_METHOD *ossl_rsa_meth = RSA_PKCS1_OpenSSL(); // Use default implementation PFN_RSA_meth_pub_dec pfn_rsa_meth_pub_dec = NULL; @@ -168,7 +168,7 @@ SCOSSL_STATUS e_scossl_rsa_sign(int type, _In_reads_bytes_(m_length) const unsig if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); return SCOSSL_FAILURE; } @@ -194,7 +194,7 @@ SCOSSL_STATUS e_scossl_rsa_verify(int dtype, _In_reads_bytes_(m_length) const un if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); return SCOSSL_FAILURE; } @@ -221,7 +221,7 @@ SCOSSL_STATUS e_scossl_rsa_keygen(_Out_ RSA* rsa, int bits, _In_ BIGNUM* e, if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); goto cleanup; } @@ -237,26 +237,26 @@ SCOSSL_STATUS e_scossl_rsa_keygen(_Out_ RSA* rsa, int bits, _In_ BIGNUM* e, keyCtx->key = SymCryptRsakeyAllocate(&SymcryptRsaParam, 0); if( keyCtx->key == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptRsakeyAllocate failed"); goto cleanup; } if( BN_bn2binpad(e, (PBYTE) &pubExp64, sizeof(pubExp64)) != sizeof(pubExp64) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, ERR_R_OPERATION_FAIL, "BN_bn2binpad failed - Probably Public Exponent larger than maximum supported size (8 bytes)"); goto cleanup; } if( SymCryptLoadMsbFirstUint64((PBYTE) &pubExp64, sizeof(pubExp64), &pubExp64) != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptLoadMsbFirstUint64 failed"); goto cleanup; } scError = SymCryptRsakeyGenerate(keyCtx->key, &pubExp64, 1, SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, "SymCryptRsakeyGenerate failed", scError); goto cleanup; } @@ -320,7 +320,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ if( RSA_get_version((RSA*) rsa) != RSA_ASN1_VERSION_DEFAULT ) { // Currently only support normal two-prime RSA with SymCrypt Engine - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, "Unsupported RSA version"); goto cleanup; } @@ -330,7 +330,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ if( rsa_n == NULL || rsa_e == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, ERR_R_PASSED_NULL_PARAMETER, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, ERR_R_PASSED_NULL_PARAMETER, "Not enough Parameters"); goto cleanup; } @@ -355,7 +355,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ pbData = OPENSSL_zalloc(cbData); if( pbData == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); goto cleanup; } @@ -364,13 +364,13 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ if( BN_bn2binpad(rsa_e, (PBYTE) &pubExp64, sizeof(pubExp64)) != sizeof(pubExp64) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, ERR_R_OPERATION_FAIL, "BN_bn2binpad failed - Probably Public Exponent larger than maximum supported size (8 bytes)"); goto cleanup; } if( SymCryptLoadMsbFirstUint64((PBYTE) &pubExp64, sizeof(pubExp64), &pubExp64) != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptLoadMsbFirstUint64 failed"); goto cleanup; } @@ -395,7 +395,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ if( nPrimes != 0 && nPrimes != 2 ) { // Currently only support normal two-prime RSA with SymCrypt Engine - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, "Unsupported RSA version"); goto cleanup; } @@ -407,7 +407,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ keyCtx->key = SymCryptRsakeyAllocate(&SymcryptRsaParam, 0); if( keyCtx->key == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptRsakeyAllocate failed"); goto cleanup; } @@ -425,7 +425,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ keyCtx->key); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, "SymCryptRsakeySetValue failed", scError); goto cleanup; } @@ -437,7 +437,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ cleanup: if( ret != SCOSSL_SUCCESS ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, ERR_R_OPERATION_FAIL, "e_scossl_initialize_rsa_key failed."); e_scossl_rsa_free_key_context(keyCtx); } @@ -484,14 +484,14 @@ SCOSSL_STATUS e_scossl_rsa_init(_Inout_ RSA *rsa) SCOSSL_RSA_KEY_CONTEXT *keyCtx = OPENSSL_zalloc(sizeof(*keyCtx)); if( !keyCtx ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_INIT, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_INIT, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); return SCOSSL_FAILURE; } if( RSA_set_ex_data(rsa, e_scossl_rsa_idx, keyCtx) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_INIT, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_INIT, ERR_R_OPERATION_FAIL, "RSA_set_ex_data failed"); OPENSSL_free(keyCtx); return SCOSSL_FAILURE; diff --git a/SymCryptEngine/src/e_scossl_rsapss.c b/SymCryptEngine/src/e_scossl_rsapss.c index 888383a6..9695e4ae 100644 --- a/SymCryptEngine/src/e_scossl_rsapss.c +++ b/SymCryptEngine/src/e_scossl_rsapss.c @@ -23,13 +23,13 @@ SCOSSL_STATUS e_scossl_rsapss_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_opt_(* if( EVP_PKEY_CTX_get_signature_md(ctx, &messageDigest) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, "Failed to get messageDigest"); return SCOSSL_UNSUPPORTED; } if( EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, &mgf1Digest) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, "Failed to get mgf1Digest"); return SCOSSL_UNSUPPORTED; } @@ -37,7 +37,7 @@ SCOSSL_STATUS e_scossl_rsapss_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_opt_(* if( type != EVP_MD_type(mgf1Digest) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, "messageDigest and mgf1Digest do not match"); return SCOSSL_UNSUPPORTED; } @@ -45,14 +45,14 @@ SCOSSL_STATUS e_scossl_rsapss_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_opt_(* if( ((pkey = EVP_PKEY_CTX_get0_pkey(ctx)) == NULL) || ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, "Failed to get RSA key from ctx"); return SCOSSL_UNSUPPORTED; } if( EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, &cbSalt) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, "Failed to get cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -60,7 +60,7 @@ SCOSSL_STATUS e_scossl_rsapss_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_opt_(* keyCtx = RSA_get_ex_data(rsa, e_scossl_rsa_idx); if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); return SCOSSL_FAILURE; } @@ -88,13 +88,13 @@ SCOSSL_STATUS e_scossl_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_ if( EVP_PKEY_CTX_get_signature_md(ctx, &messageDigest) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get messageDigest"); return SCOSSL_UNSUPPORTED; } if( EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, &mgf1Digest) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get mgf1Digest"); return SCOSSL_UNSUPPORTED; } @@ -102,7 +102,7 @@ SCOSSL_STATUS e_scossl_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_ if( type != EVP_MD_type(mgf1Digest) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, "messageDigest and mgf1Digest do not match"); return SCOSSL_UNSUPPORTED; } @@ -110,14 +110,14 @@ SCOSSL_STATUS e_scossl_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_ if( ((pkey = EVP_PKEY_CTX_get0_pkey(ctx)) == NULL) || ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, "Failed to get RSA key from ctx"); return SCOSSL_UNSUPPORTED; } if( EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, &cbSalt) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -125,7 +125,7 @@ SCOSSL_STATUS e_scossl_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_ keyCtx = RSA_get_ex_data(rsa, e_scossl_rsa_idx); if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); return SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_sshkdf.c b/SymCryptEngine/src/e_scossl_sshkdf.c index 9f9b0211..b59c1979 100644 --- a/SymCryptEngine/src/e_scossl_sshkdf.c +++ b/SymCryptEngine/src/e_scossl_sshkdf.c @@ -36,7 +36,7 @@ EVP_KDF_IMPL* e_scossl_sshkdf_new() EVP_KDF_IMPL *impl = OPENSSL_zalloc(sizeof(*impl)); if (!impl) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_NEW, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_NEW, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc return NULL"); } @@ -67,8 +67,8 @@ static PCSYMCRYPT_HASH e_scossl_get_symcrypt_hash_algorithm(const EVP_MD *md) return SymCryptSha384Algorithm; if (type == NID_sha512) return SymCryptSha512Algorithm; - - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_R_NOT_IMPLEMENTED, + + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt engine does not support hash algorithm %d", type); return NULL; @@ -108,7 +108,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) impl->pbKey = OPENSSL_memdup(buffer, length); if(!impl->pbKey) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL, ERR_R_MALLOC_FAILURE, "OPENSSL_memdup return NULL"); ret = SCOSSL_FAILURE; } @@ -122,7 +122,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) length = va_arg(args, size_t); if(length > sizeof(impl->pbHashValue)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, "Hash value length too large"); ret = SCOSSL_FAILURE; } @@ -136,7 +136,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) length = va_arg(args, size_t); if(length > sizeof(impl->pbSessionId)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, "Session ID length too large"); ret = SCOSSL_FAILURE; } @@ -152,7 +152,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) impl->label = value; } else { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, "Label out of range"); ret = SCOSSL_FAILURE; } @@ -224,7 +224,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, con ret = e_scossl_sshkdf_call_ctrl(impl, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value, strlen(value)); } else { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL_STR, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL_STR, ERR_R_INTERNAL_ERROR, "Unknown command %s", type); } @@ -242,14 +242,14 @@ SCOSSL_STATUS e_scossl_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *out, siz SYMCRYPT_ERROR scError; if(!impl->pHash) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, "Missing Digest"); ret = SCOSSL_FAILURE; goto end; } if(!impl->pbKey) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, "Missing Key"); ret = SCOSSL_FAILURE; goto end; @@ -263,7 +263,7 @@ SCOSSL_STATUS e_scossl_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *out, siz out, out_len); if(scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, "SymCryptSshKdf failed", scError); ret = SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_tls1prf.c b/SymCryptEngine/src/e_scossl_tls1prf.c index 0395f759..ff86deeb 100644 --- a/SymCryptEngine/src/e_scossl_tls1prf.c +++ b/SymCryptEngine/src/e_scossl_tls1prf.c @@ -17,8 +17,8 @@ SCOSSL_STATUS e_scossl_tls1prf_init(EVP_PKEY_CTX *ctx) SCOSSL_TLS1_PRF_CTX *key_context = NULL; if ((key_context = scossl_tls1prf_newctx()) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_TLS1PRF_INIT, ERR_R_MALLOC_FAILURE, - "OPENSSL_zalloc return NULL"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_TLS1PRF_INIT, ERR_R_MALLOC_FAILURE, + "OPENSSL_zalloc return NULL"); return SCOSSL_FAILURE; } EVP_PKEY_CTX_set_data(ctx, key_context); @@ -74,8 +74,8 @@ SCOSSL_STATUS e_scossl_tls1prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p return SCOSSL_SUCCESS; return scossl_tls1prf_append_seed(key_context, p2, p1); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_TLS1PRF_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "SymCrypt Engine does not support ctrl type (%d)", type); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "SymCrypt Engine does not support ctrl type (%d)", type); return SCOSSL_UNSUPPORTED; } } diff --git a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c index ca20cabd..30664db8 100644 --- a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c +++ b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c @@ -170,7 +170,7 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_encrypt(_In_ SCOSSL_RSA_CIPHER_CTX *ctx if (ctx->oaepMdInfo == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "p_scossl_rsa_get_supported_md returned NULL for default digest"); return SCOSSL_FAILURE; } } @@ -216,7 +216,7 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_decrypt(_In_ SCOSSL_RSA_CIPHER_CTX *ctx if (ctx->oaepMdInfo == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "p_scossl_rsa_get_supported_md returned NULL for default digest"); return SCOSSL_FAILURE; } } diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes.c b/SymCryptProvider/src/ciphers/p_scossl_aes.c index 4c5004d9..bfcf606d 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes.c @@ -96,6 +96,8 @@ static SCOSSL_STATUS p_scossl_aes_generic_init_internal(_Inout_ SCOSSL_AES_CTX * _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; + ctx->encrypt = encrypt; ctx->cbBuf = 0; @@ -106,10 +108,11 @@ static SCOSSL_STATUS p_scossl_aes_generic_init_internal(_Inout_ SCOSSL_AES_CTX * ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return SCOSSL_FAILURE; } - SYMCRYPT_ERROR scError = SymCryptAesExpandKey(&ctx->key, key, keylen); + + scError = SymCryptAesExpandKey(&ctx->key, key, keylen); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptAesExpandKey failed", scError); return SCOSSL_FAILURE; } } @@ -914,7 +917,7 @@ static SCOSSL_STATUS scossl_aes_cfb_cipher(_Inout_ SCOSSL_AES_CTX *ctx, { if (ctx->cbBuf != 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "Unexpected partial block in buffer"); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c index eef80fde..a1b6961b 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c @@ -41,7 +41,7 @@ static SCOSSL_STATUS p_scossl_aes_xts_set_ctx_params(_Inout_ SCOSSL_AES_XTS_CTX static SCOSSL_AES_XTS_CTX *p_scossl_aes_xts_newctx_internal(size_t keylen) { SCOSSL_COMMON_ALIGNED_ALLOC(ctx, OPENSSL_malloc, SCOSSL_AES_XTS_CTX); - if (ctx != NULL) + if (ctx != NULL) { ctx->keylen = keylen; } @@ -71,6 +71,7 @@ static SCOSSL_STATUS p_scossl_aes_xts_init_internal(_Inout_ SCOSSL_AES_XTS_CTX * _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; ctx->encrypt = encrypt; if (key != NULL) @@ -80,10 +81,11 @@ static SCOSSL_STATUS p_scossl_aes_xts_init_internal(_Inout_ SCOSSL_AES_XTS_CTX * ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return SCOSSL_FAILURE; } - SYMCRYPT_ERROR scError = SymCryptXtsAesExpandKeyEx(&ctx->key, key, keylen, 0); + + scError = SymCryptXtsAesExpandKeyEx(&ctx->key, key, keylen, 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptXtsAesExpandKeyEx failed", scError); return SCOSSL_FAILURE; } } @@ -160,7 +162,7 @@ static SCOSSL_STATUS p_scossl_aes_xts_cipher(SCOSSL_AES_XTS_CTX *ctx, } *outl = inl; - + return SCOSSL_SUCCESS; } diff --git a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c index 227584f2..137af014 100644 --- a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c @@ -145,7 +145,7 @@ static SCOSSL_STATUS p_scossl_kbkdf_kmac_derive(_In_ SCOSSL_PROV_KBKDF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptKmacXXXExpandKey failed", scError); goto cleanup; } @@ -204,7 +204,7 @@ static SCOSSL_STATUS p_scossl_kbkdf_derive(_In_ SCOSSL_PROV_KBKDF_CTX *ctx, key, keylen); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptSp800_108 failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/keyexch/p_scossl_dh.c b/SymCryptProvider/src/keyexch/p_scossl_dh.c index cda24344..1aaf7cd4 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_dh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_dh.c @@ -196,14 +196,14 @@ static SCOSSL_STATUS p_scossl_dh_X9_42_derive(_In_ SCOSSL_DH_CTX *ctx, cbAgreedSecret); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDhSecretAgreement failed", scError); goto cleanup; } if ((kdf = EVP_KDF_fetch(ctx->libCtx, OSSL_KDF_NAME_X942KDF_ASN1, NULL)) == NULL || (kdfCtx = EVP_KDF_CTX_new(kdf)) == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "Failed to create X9.42 KDF context"); goto cleanup; } @@ -267,7 +267,7 @@ static SCOSSL_STATUS p_scossl_dh_plain_derive(_In_ SCOSSL_DH_CTX *ctx, cbAgreedSecret); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDhSecretAgreement failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c index e6163695..14015cf6 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c @@ -142,7 +142,7 @@ static SCOSSL_STATUS p_scossl_ecdh_derive(_In_ SCOSSL_ECDH_CTX *ctx, cbSecretBuf); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEcDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index 3593da1a..061e0749 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -379,7 +379,7 @@ static SCOSSL_STATUS p_scossl_dh_params_to_group(_In_ OSSL_LIB_CTX *libCtx, _In_ pDlGroupTmp); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlgroupSetValue failed", scError); goto cleanup; } @@ -520,7 +520,7 @@ static SCOSSL_STATUS p_scossl_dh_keygen_set_template(_Inout_ SCOSSL_DH_KEYGEN_CT { if (genCtx == NULL || tmplCtx == NULL || - tmplCtx->groupSetByParams) + tmplCtx->groupSetByParams) { return SCOSSL_FAILURE; } @@ -633,7 +633,8 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_set_params(_In_ SCOSSL_PROV_DH_KEY_CTX { SymCryptDlkeyFree(ctx->keyCtx->dlkey); ctx->keyCtx->dlkey = NULL; - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeySetValue failed", scError); return SCOSSL_FAILURE; } @@ -650,6 +651,7 @@ static const OSSL_PARAM *p_scossl_dh_keymgmt_gettable_params(ossl_unused void *p static SCOSSL_STATUS p_scossl_dh_keymgmt_get_ffc_params(_In_ SYMCRYPT_DLGROUP *pDlGroup, _Inout_ OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; SCOSSL_STATUS ret = SCOSSL_FAILURE; PBYTE pbPrimeP = NULL; PBYTE pbPrimeQ = NULL; @@ -712,17 +714,19 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_ffc_params(_In_ SYMCRYPT_DLGROUP *p pbCur += cbGenG; pbSeed = cbSeed == 0 ? NULL : pbCur; - if (SymCryptDlgroupGetValue( - pDlGroup, - pbPrimeP, cbPrimeP, - pbPrimeQ, cbPrimeQ, - pbGenG, cbGenG, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - NULL, - pbSeed, cbSeed, - NULL) != SYMCRYPT_NO_ERROR) + scError = SymCryptDlgroupGetValue( + pDlGroup, + pbPrimeP, cbPrimeP, + pbPrimeQ, cbPrimeQ, + pbGenG, cbGenG, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + NULL, + pbSeed, cbSeed, + NULL); + + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlgroupGetValue failed", scError); goto cleanup; } } @@ -804,6 +808,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_key_params(_In_ SCOSSL_DH_KEY_CTX * SIZE_T cbData = 0; BIGNUM *bnPrivKey = NULL; BIGNUM *bnPubKey = NULL; + SYMCRYPT_ERROR scError; SCOSSL_STATUS ret = SCOSSL_FAILURE; OSSL_PARAM *paramEncodedKey = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); OSSL_PARAM *paramPrivKey = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY); @@ -847,14 +852,15 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_key_params(_In_ SCOSSL_DH_KEY_CTX * pbPrivateKey = cbPrivateKey == 0 ? NULL : pbData; pbPublicKey = cbPublicKey == 0 ? NULL : pbData + cbPrivateKey; - if (SymCryptDlkeyGetValue( - keyCtx->dlkey, - pbPrivateKey, cbPrivateKey, - pbPublicKey, cbPublicKey, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptDlkeyGetValue( + keyCtx->dlkey, + pbPrivateKey, cbPrivateKey, + pbPublicKey, cbPublicKey, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -955,7 +961,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX int dlGroupNid = scossl_dh_get_group_nid(SymCryptDlkeyGetGroup(ctx->keyCtx->dlkey)); if (dlGroupNid == 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "Failed to get NID for previously set group in DH key context"); return SCOSSL_FAILURE; } @@ -1008,6 +1014,7 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC PBYTE pbPublicKey1 = NULL; PBYTE pbPublicKey2 = NULL; SIZE_T cbPublicKey = 0; + SYMCRYPT_ERROR scError; if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { @@ -1057,20 +1064,27 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC pbPublicKey2 = cbPublicKey == 0 ? NULL : pbData + cbPublicKey + cbPrivateKey; pbPrivateKey2 = cbPrivateKey == 0 ? NULL : pbData + cbPublicKey + cbPrivateKey; - if (SymCryptDlkeyGetValue( + scError = SymCryptDlkeyGetValue( ctx1->keyCtx->dlkey, pbPrivateKey1, cbPrivateKey, pbPublicKey1, cbPublicKey, SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR || - SymCryptDlkeyGetValue( + 0); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeyGetValue failed", scError); + goto cleanup; + } + + scError = SymCryptDlkeyGetValue( ctx2->keyCtx->dlkey, pbPrivateKey2, cbPrivateKey, pbPublicKey2, cbPublicKey, SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -1291,7 +1305,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx if (cbPrimeP == 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "SymCryptDlgroupGetSizes returned 0 for prime P size"); goto cleanup; } @@ -1333,7 +1347,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx &genCounter); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlgroupGetValue failed", scError); goto cleanup; } @@ -1406,14 +1420,15 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx pbPrivateKey = includePrivate ? pbData : NULL; pbPublicKey = includePublic ? pbData + cbPrivateKey : NULL; - if (SymCryptDlkeyGetValue( - ctx->keyCtx->dlkey, - pbPrivateKey, cbPrivateKey, - pbPublicKey, cbPublicKey, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptDlkeyGetValue( + ctx->keyCtx->dlkey, + pbPrivateKey, cbPrivateKey, + pbPublicKey, cbPublicKey, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c index 3a1d0de8..938a197e 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c @@ -219,7 +219,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keymgmt_dup_ctx(_In_ const SCOSSL_ECC_KE 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -239,7 +239,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keymgmt_dup_ctx(_In_ const SCOSSL_ECC_KE copyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -447,7 +447,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keygen(_In_ SCOSSL_ECC_KEYGEN_CTX *genCt scError = SymCryptEckeySetRandom(SYMCRYPT_FLAG_ECKEY_ECDH, keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetRandom failed", scError); goto cleanup; } @@ -498,7 +498,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_pubkey_point(_In_ SCOSSL_ECC_KEY_C 0 ); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -572,7 +572,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_params(_In_ SCOSSL_ECC_KEY_CTX *ke } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && - (keyCtx->curve == NULL || + (keyCtx->curve == NULL || !OSSL_PARAM_set_int(p, SymCryptEcurveBitsizeofGroupOrder(keyCtx->curve)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); @@ -580,7 +580,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_params(_In_ SCOSSL_ECC_KEY_CTX *ke } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL && - (keyCtx->curve == NULL || + (keyCtx->curve == NULL || !OSSL_PARAM_set_int(p, scossl_ecc_get_curve_security_bits(keyCtx->curve)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); @@ -789,7 +789,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_set_params(_Inout_ SCOSSL_ECC_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -900,6 +900,7 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC PBYTE pbPublicKey2 = NULL; SIZE_T cbPrivateKey = 0; SIZE_T cbPublicKey = 0; + SYMCRYPT_ERROR scError; SYMCRYPT_ECPOINT_FORMAT pointFormat = keyCtx1->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; if (keyCtx1->initialized != keyCtx2->initialized || @@ -961,22 +962,29 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC goto cleanup; } - if (SymCryptEckeyGetValue( - keyCtx1->key, - pbPrivateKey1, cbPrivateKey, - pbPublicKey1, cbPublicKey, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - pointFormat, - 0) != SYMCRYPT_NO_ERROR || - SymCryptEckeyGetValue( - keyCtx2->key, - pbPrivateKey2, cbPrivateKey, - pbPublicKey2, cbPublicKey, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - pointFormat, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptEckeyGetValue( + keyCtx1->key, + pbPrivateKey1, cbPrivateKey, + pbPublicKey1, cbPublicKey, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + pointFormat, + 0); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); + goto cleanup; + } + + scError = SymCryptEckeyGetValue( + keyCtx2->key, + pbPrivateKey2, cbPrivateKey, + pbPublicKey2, cbPublicKey, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + pointFormat, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -1182,7 +1190,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_import(_Inout_ SCOSSL_ECC_KEY_CTX *key keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -1370,7 +1378,7 @@ static SCOSSL_STATUS p_scossl_x25519_keymgmt_import(_Inout_ SCOSSL_ECC_KEY_CTX * keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -1434,7 +1442,7 @@ static SCOSSL_STATUS p_scossl_x25519_keymgmt_export(_In_ SCOSSL_ECC_KEY_CTX *key if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -1571,7 +1579,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_private_key(SCOSSL_ECC_KEY_CTX *ke if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c index c40aed41..0557f835 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c @@ -89,7 +89,7 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keymgmt_new_ctx(ossl_unused void *p keyCtx->keyType = EVP_PKEY_RSA; #ifdef KEYSINUSE_ENABLED keyCtx->keysinuseLock = CRYPTO_THREAD_lock_new(); -#endif +#endif } return keyCtx; } @@ -188,7 +188,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_dup_keydata(_In_ PCSYMCRYPT_RSAKEY fro 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -214,7 +214,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_dup_keydata(_In_ PCSYMCRYPT_RSAKEY fro *toKey); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeySetValue failed", scError); goto cleanup; } @@ -424,7 +424,7 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keygen(_In_ SCOSSL_RSA_KEYGEN_CTX * keyCtx->key = SymCryptRsakeyAllocate(&symcryptRsaParam, 0); if (keyCtx->key == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "SymCryptRsakeyAllocate failed"); goto cleanup; } @@ -432,7 +432,7 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keygen(_In_ SCOSSL_RSA_KEYGEN_CTX * scError = SymCryptRsakeyGenerate(keyCtx->key, pPubExp64, genCtx->nPubExp, SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGenerate failed", scError); goto cleanup; } @@ -677,7 +677,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_keydata(_In_ SCOSSL_PROV_RSA_KEY_C 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -698,7 +698,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_keydata(_In_ SCOSSL_PROV_RSA_KEY_C if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptStoreLsbFirstUint64 failed", scError); goto cleanup; } @@ -836,7 +836,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_crt_keydata(_In_ SCOSSL_PROV_RSA_K 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -968,6 +968,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I PBYTE pbModulus2 = NULL; PBYTE pbPrivateExponent1 = NULL; PBYTE pbPrivateExponent2 = NULL; + SYMCRYPT_ERROR scError; UINT32 cbModulus = SymCryptRsakeySizeofModulus(keyCtx1->key); @@ -983,22 +984,29 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I goto cleanup; } - if (SymCryptRsakeyGetValue( - keyCtx1->key, - pbModulus1, cbModulus, - &pubExp1, 1, - NULL, NULL, 0, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR || - SymCryptRsakeyGetValue( - keyCtx2->key, - pbModulus2, cbModulus, - &pubExp2, 1, - NULL, NULL, 0, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptRsakeyGetValue( + keyCtx1->key, + pbModulus1, cbModulus, + &pubExp1, 1, + NULL, NULL, 0, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetValue failed", scError); + goto cleanup; + } + + scError = SymCryptRsakeyGetValue( + keyCtx2->key, + pbModulus2, cbModulus, + &pubExp2, 1, + NULL, NULL, 0, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -1023,22 +1031,29 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I goto cleanup; } - if (SymCryptRsakeyGetCrtValue( - keyCtx1->key, - NULL, NULL, 0, - NULL, 0, - pbPrivateExponent1, cbModulus, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR || - SymCryptRsakeyGetCrtValue( - keyCtx2->key, - NULL, NULL, 0, - NULL, 0, - pbPrivateExponent2, cbModulus, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptRsakeyGetCrtValue( + keyCtx1->key, + NULL, NULL, 0, + NULL, 0, + pbPrivateExponent1, cbModulus, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetCrtValue failed", scError); + goto cleanup; + } + + scError = SymCryptRsakeyGetCrtValue( + keyCtx2->key, + NULL, NULL, 0, + NULL, 0, + pbPrivateExponent2, cbModulus, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -1187,9 +1202,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX if (nPrimes != 0 && nPrimes != 2) { - // Only supporting 2 primes - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unsupported RSA version"); + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED); goto cleanup; } @@ -1210,8 +1223,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX keyCtx->key = SymCryptRsakeyAllocate(&symcryptRsaParam, 0); if (keyCtx->key == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsakeyAllocate failed"); + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); goto cleanup; } @@ -1226,8 +1238,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsakeySetValueFromPrivateExponent failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeySetValueFromPrivateExponent failed", scError); goto cleanup; } } @@ -1242,8 +1253,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsakeySetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeySetValue failed", scError); goto cleanup; } } diff --git a/SymCryptProvider/src/mac/p_scossl_hmac.c b/SymCryptProvider/src/mac/p_scossl_hmac.c index f2d27908..eb766413 100644 --- a/SymCryptProvider/src/mac/p_scossl_hmac.c +++ b/SymCryptProvider/src/mac/p_scossl_hmac.c @@ -195,7 +195,6 @@ static SCOSSL_STATUS p_scossl_hmac_set_ctx_params(_Inout_ SCOSSL_MAC_CTX *ctx, _ if (!scossl_mac_init(ctx, pbMacKey, cbMacKey)) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); goto cleanup; } } diff --git a/SymCryptProvider/src/mac/p_scossl_kmac.c b/SymCryptProvider/src/mac/p_scossl_kmac.c index fcd3b13f..7083f820 100644 --- a/SymCryptProvider/src/mac/p_scossl_kmac.c +++ b/SymCryptProvider/src/mac/p_scossl_kmac.c @@ -121,18 +121,25 @@ static SCOSSL_STATUS p_scossl_kmac_init(_Inout_ SCOSSL_KMAC_CTX *ctx, _In_reads_bytes_opt_(keylen) unsigned char *key, size_t keylen, _In_ const OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; + if (!p_scossl_kmac_set_ctx_params(ctx, params)) { return SCOSSL_FAILURE; } - if (key != NULL && - ctx->pMacEx->expandKeyExFunc( + if (key != NULL) + { + scError = ctx->pMacEx->expandKeyExFunc( &ctx->expandedKey, key, keylen, - ctx->customizationString, ctx->cbCustomizationString) != SYMCRYPT_NO_ERROR) - { - return SCOSSL_FAILURE; + ctx->customizationString, ctx->cbCustomizationString); + + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptKmacXXXExpandKeyEx failed", scError); + return SCOSSL_FAILURE; + } } ctx->pMac->initFunc(&ctx->macState, &ctx->expandedKey); @@ -206,6 +213,7 @@ static SCOSSL_STATUS p_scossl_kmac_get_ctx_params(_In_ SCOSSL_KMAC_CTX *ctx, _In static SCOSSL_STATUS p_scossl_kmac_set_ctx_params(_Inout_ SCOSSL_KMAC_CTX *ctx, _In_ const OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; const OSSL_PARAM *p; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL && @@ -259,15 +267,22 @@ static SCOSSL_STATUS p_scossl_kmac_set_ctx_params(_Inout_ SCOSSL_KMAC_CTX *ctx, { PCBYTE pbMacKey; SIZE_T cbMacKey; - if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&pbMacKey, &cbMacKey) || - ctx->pMacEx->expandKeyExFunc(&ctx->expandedKey, - pbMacKey, cbMacKey, - ctx->customizationString, ctx->cbCustomizationString) != SYMCRYPT_NO_ERROR) + if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&pbMacKey, &cbMacKey)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } + scError = ctx->pMacEx->expandKeyExFunc( + &ctx->expandedKey, + pbMacKey, cbMacKey, + ctx->customizationString, ctx->cbCustomizationString); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptKmacXXXExpandKeyEx failed", scError); + return SCOSSL_FAILURE; + } + ctx->pMac->initFunc(&ctx->macState, &ctx->expandedKey); } diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index ab883188..10ad4e96 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -15,6 +15,11 @@ extern "C" { #endif +// SCOSSL provider debug logging +#define CONF_LOGGING_FILE "logging_file" +#define CONF_LOGGING_LEVEL "logging_level" +#define CONF_ERROR_LEVEL "error_level" + #ifdef KEYSINUSE_ENABLED #define CONF_KEYSINUSE_ENABLED "keysinuse.enabled" #define CONF_KEYSINUSE_MAX_FILE_SIZE "keysinuse.max_file_size" @@ -495,6 +500,61 @@ static void p_scossl_start_keysinuse(_In_ const OSSL_CORE_HANDLE *handle) } #endif +static int p_scossl_level_string_to_id(_In_ const char *level) +{ + if (level == NULL) + { + return SCOSSL_LOG_LEVEL_NO_CHANGE; + } + + if (OPENSSL_strcasecmp(level, "off") == 0) + { + return SCOSSL_LOG_LEVEL_OFF; + } + else if (OPENSSL_strcasecmp(level, "error") == 0) + { + return SCOSSL_LOG_LEVEL_ERROR; + } + else if (OPENSSL_strcasecmp(level, "info") == 0) + { + return SCOSSL_LOG_LEVEL_INFO; + } + else if (OPENSSL_strcasecmp(level, "debug") == 0) + { + return SCOSSL_LOG_LEVEL_DEBUG; + } + + return SCOSSL_LOG_LEVEL_NO_CHANGE; +} + +static void p_scossl_setup_logging(_In_ const OSSL_CORE_HANDLE *handle) +{ + const char *confErrorLevel = NULL; + const char *confLoggingLevel = NULL; + const char *confLoggingFile = NULL; + + OSSL_PARAM confParams[] = { + OSSL_PARAM_utf8_ptr(CONF_LOGGING_FILE, &confLoggingFile, 0), + OSSL_PARAM_utf8_ptr(CONF_LOGGING_LEVEL, &confLoggingLevel, 0), + OSSL_PARAM_utf8_ptr(CONF_ERROR_LEVEL, &confLoggingLevel, 0), + OSSL_PARAM_END}; + + scossl_setup_logging(); + + if (core_get_params != NULL && + core_get_params(handle, confParams)) + { + if (confLoggingFile != NULL) + { + SCOSSL_set_trace_log_filename(confLoggingFile); + } + + SCOSSL_set_trace_level( + p_scossl_level_string_to_id(confLoggingLevel), + p_scossl_level_string_to_id(confErrorLevel)); + } +} + static const OSSL_DISPATCH p_scossl_base_dispatch[] = { {OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_scossl_teardown}, {OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_scossl_gettable_params}, @@ -520,7 +580,7 @@ SCOSSL_STATUS OSSL_provider_init(_In_ const OSSL_CORE_HANDLE *handle, } } - scossl_setup_logging(); + p_scossl_setup_logging(handle); if (!scossl_prov_initialized) { diff --git a/SymCryptProvider/src/p_scossl_ecc.c b/SymCryptProvider/src/p_scossl_ecc.c index 26970e3c..7351c1f9 100644 --- a/SymCryptProvider/src/p_scossl_ecc.c +++ b/SymCryptProvider/src/p_scossl_ecc.c @@ -69,7 +69,7 @@ SCOSSL_STATUS p_scossl_ecc_get_encoded_public_key(const SCOSSL_ECC_KEY_CTX *keyC if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -134,10 +134,20 @@ void p_scossl_ecc_init_keysinuse(SCOSSL_ECC_KEY_CTX *keyCtx) PBYTE pbPublicKey; SIZE_T cbPublicKey; + // KeysInUse related errors shouldn't surface to caller + ERR_set_mark(); + if (p_scossl_ecc_get_encoded_public_key(keyCtx, &pbPublicKey, &cbPublicKey)) { keyCtx->keysinuseInfo = p_scossl_keysinuse_info_new(pbPublicKey, cbPublicKey); } + else + { + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "p_scossl_ecc_get_encoded_public_key failed: %s", ERR_error_string(ERR_get_error(), NULL)); + } + + ERR_pop_to_mark(); OPENSSL_free(pbPublicKey); } diff --git a/SymCryptProvider/src/p_scossl_keysinuse.c b/SymCryptProvider/src/p_scossl_keysinuse.c index e9905b28..775a0935 100644 --- a/SymCryptProvider/src/p_scossl_keysinuse.c +++ b/SymCryptProvider/src/p_scossl_keysinuse.c @@ -124,6 +124,8 @@ static void p_scossl_keysinuse_init_once() if ((procPath = OPENSSL_malloc(cbProcPath)) != NULL && (cbProcPathUsed = readlink(symlinkPath, procPath, cbProcPath)) == -1) { + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "Failed to get process path from /proc/%d/exe with error %d", pid, errno); OPENSSL_free(procPath); procPath = NULL; cbProcPathUsed = 0; @@ -136,6 +138,8 @@ static void p_scossl_keysinuse_init_once() if ((prefix = OPENSSL_malloc(prefix_size + 1)) == NULL || snprintf(prefix, prefix_size + 1, "%ld,%.*s", initTime, cbProcPathUsed, procPath) < 0) { + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "Failed to generate logging prefix with error %d", errno); OPENSSL_free(prefix); prefix = (char*)default_prefix; } diff --git a/SymCryptProvider/src/p_scossl_rsa.c b/SymCryptProvider/src/p_scossl_rsa.c index 3e2e3bea..65e14b54 100644 --- a/SymCryptProvider/src/p_scossl_rsa.c +++ b/SymCryptProvider/src/p_scossl_rsa.c @@ -191,8 +191,8 @@ void p_scossl_rsa_pss_restrictions_get_defaults(SCOSSL_RSA_PSS_RESTRICTIONS* pss pssRestrictions->mgf1MdInfo = &p_scossl_rsa_supported_mds[SCOSSL_PROV_RSA_PSS_DEFAULT_MD]; pssRestrictions->cbSaltMin = SCOSSL_PROV_RSA_PSS_DEFAULT_SALTLEN_MIN; } -} - +} + #ifdef KEYSINUSE_ENABLED // KeyInUse requires the public key encoded in the same format as subjectPublicKey in a certificate. // This was done with i2d_RSAPublicKey for OpenSSL 1.1.1, but now must be done by the provider. @@ -213,16 +213,22 @@ SCOSSL_STATUS p_scossl_rsa_get_encoded_public_key(PCSYMCRYPT_RSAKEY key, int cbEncodedKey; SCOSSL_STATUS ret = SCOSSL_FAILURE; + // KeysInUse related errors shouldn't surface to caller + ERR_set_mark(); + rsaParams = scossl_rsa_new_export_params(FALSE); if (rsaParams == NULL || !scossl_rsa_export_key(key, rsaParams)) { + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "scossl_rsa_export_key failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto cleanup; } if ((cbEncodedKey = i2d_SymcryptRsaPublicKey(rsaParams, &pbEncodedKey)) < 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "i2d_SymcryptRsaPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto cleanup; } @@ -233,6 +239,8 @@ SCOSSL_STATUS p_scossl_rsa_get_encoded_public_key(PCSYMCRYPT_RSAKEY key, cleanup: scossl_rsa_free_export_params(rsaParams, TRUE); + ERR_pop_to_mark(); + return ret; } diff --git a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c index 18204ac0..cec71c1d 100644 --- a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c @@ -777,7 +777,7 @@ static ASN1_STRING *p_scossl_rsa_pss_params_to_asn1_sequence(_In_ SCOSSL_RSA_SIG if (cbSalt < 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "Invalid salt length in key context"); goto cleanup; } }