From 5e37f5a9cb45b7aff4e022521069c89774639db7 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Tue, 10 Sep 2024 16:44:12 +0000 Subject: [PATCH 01/10] Add RSA fallback test --- SslPlay/SslPlay.cpp | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/SslPlay/SslPlay.cpp b/SslPlay/SslPlay.cpp index 9c09d6b..a8e460d 100644 --- a/SslPlay/SslPlay.cpp +++ b/SslPlay/SslPlay.cpp @@ -1049,6 +1049,10 @@ void TestRsaEvp(int modulus, uint32_t exponent) // MD5+PKCS1 is not supported by the provider #if OPENSSL_VERSION_MAJOR == 1 + // Test engine fallback + TestRsaSignVerify(privateKey, publicKey, "RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING", RSA_PKCS1_NO_IMPLICIT_REJECT_PADDING, 0, "EVP_sha256", EVP_sha256(), 32); + printf("%s", SeparatorLine); + TestRsaSignVerify(privateKey, publicKey, "RSA_PKCS1_PADDING", RSA_PKCS1_PADDING, 0, "EVP_MD5", EVP_md5(), 16); #endif TestRsaSignVerify(privateKey, publicKey, "RSA_PKCS1_PADDING", RSA_PKCS1_PADDING, 0, "EVP_sha1", EVP_sha1(), 20); From f4ca884f7b57b5a0bed692ace235d885390e3504 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Wed, 11 Sep 2024 18:54:18 +0000 Subject: [PATCH 02/10] Update error function codes to match refactor --- ScosslCommon/inc/scossl_helpers.h | 117 ++++++++++++------ ScosslCommon/src/scossl_aes_aead.c | 82 ++++++------ ScosslCommon/src/scossl_dh.c | 20 +-- ScosslCommon/src/scossl_ecc.c | 56 ++++----- ScosslCommon/src/scossl_helpers.c | 115 +++++++++++------ ScosslCommon/src/scossl_hkdf.c | 6 +- ScosslCommon/src/scossl_mac.c | 4 +- ScosslCommon/src/scossl_rsa.c | 112 ++++++++--------- ScosslCommon/src/scossl_sshkdf.c | 10 +- ScosslCommon/src/scossl_tls1prf.c | 8 +- SymCryptEngine/src/e_scossl_ciphers.c | 12 +- SymCryptEngine/src/e_scossl_dh.c | 46 +++---- SymCryptEngine/src/e_scossl_digests.c | 30 ++--- SymCryptEngine/src/e_scossl_ecc.c | 106 ++++++++-------- SymCryptEngine/src/e_scossl_hkdf.c | 16 +-- SymCryptEngine/src/e_scossl_hmac.c | 10 +- SymCryptEngine/src/e_scossl_pkey_meths.c | 10 +- SymCryptEngine/src/e_scossl_rsa.c | 48 +++---- SymCryptEngine/src/e_scossl_rsapss.c | 24 ++-- SymCryptEngine/src/e_scossl_sshkdf.c | 20 +-- SymCryptEngine/src/e_scossl_tls1prf.c | 8 +- .../src/keymgmt/p_scossl_rsa_keymgmt.c | 12 +- 22 files changed, 471 insertions(+), 401 deletions(-) diff --git a/ScosslCommon/inc/scossl_helpers.h b/ScosslCommon/inc/scossl_helpers.h index 65762dc..9ec869d 100644 --- a/ScosslCommon/inc/scossl_helpers.h +++ b/ScosslCommon/inc/scossl_helpers.h @@ -91,62 +91,97 @@ void scossl_destroy_logging(); // SCOSSL function codes typedef enum { + // ScosslCommon SCOSSL_ERR_F_ENUM_START= 100, SCOSSL_ERR_F_AES_CCM_CIPHER, - SCOSSL_ERR_F_AES_CCM_CTRL, + SCOSSL_ERR_F_AES_CCM_SET_IV_FIXED, + SCOSSL_ERR_F_AES_CCM_SET_IV_LEN, + SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, SCOSSL_ERR_F_AES_CCM_TLS, - SCOSSL_ERR_F_AES_GCM_CTRL, + SCOSSL_ERR_F_AES_GCM_CIPHER, + SCOSSL_ERR_F_AES_GCM_IV_GEN, + SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, + SCOSSL_ERR_F_AES_GCM_SET_IV_INV, + SCOSSL_ERR_F_AES_GCM_SET_IV_LEN, + SCOSSL_ERR_F_AES_GCM_SET_TLS1_AAD, SCOSSL_ERR_F_AES_GCM_TLS, - SCOSSL_ERR_F_AES_XTS_CIPHER, - SCOSSL_ERR_F_AES_XTS_CTRL, - SCOSSL_ERR_F_DH_COMPUTE_KEY, - SCOSSL_ERR_F_DH_GENERATE_KEY, SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, + SCOSSL_ERR_F_DH_GET_GROUP_BY_NID, SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, - SCOSSL_ERR_F_DIGESTS, - SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, - SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, + SCOSSL_ERR_F_ECC_GROUP_TO_SYMCRYPT_CURVE, + SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, SCOSSL_ERR_F_ECDSA_APPLY_DER, SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, SCOSSL_ERR_F_ECDSA_REMOVE_DER, - SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, - SCOSSL_ERR_F_ECKEY_KEYGEN, - SCOSSL_ERR_F_ECKEY_SIGN, - SCOSSL_ERR_F_ECKEY_SIGN_SETUP, - SCOSSL_ERR_F_ECKEY_SIGN_SIG, - SCOSSL_ERR_F_ECKEY_VERIFY, - SCOSSL_ERR_F_ECKEY_VERIFY_SIG, - SCOSSL_ERR_F_GET_DH_CONTEXT_EX, - SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, + SCOSSL_ERR_F_ECDSA_SIGN, + SCOSSL_ERR_F_ECDSA_VERIFY, SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_F_GET_SYMCRYPT_MAC_ALGORITHM, - SCOSSL_ERR_F_HKDF_CTRL, SCOSSL_ERR_F_HKDF_DERIVE, - SCOSSL_ERR_F_HKDF_INIT, - SCOSSL_ERR_F_INITIALIZE_RSA_KEY, - SCOSSL_ERR_F_PKEY_METHODS, - SCOSSL_ERR_F_PKEY_RSA_SIGN, - SCOSSL_ERR_F_PKEY_RSA_VERIFY, - SCOSSL_ERR_F_RSA_INIT, - SCOSSL_ERR_F_RSA_KEYGEN, - SCOSSL_ERR_F_RSA_PRIV_DEC, - SCOSSL_ERR_F_RSA_PRIV_ENC, - SCOSSL_ERR_F_RSA_PUB_DEC, - SCOSSL_ERR_F_RSA_PUB_ENC, - SCOSSL_ERR_F_RSA_SIGN, - SCOSSL_ERR_F_RSA_VERIFY, + SCOSSL_ERR_F_MAC_SET_HMAC_MD, + SCOSSL_ERR_F_RSA_DECRYPT, + SCOSSL_ERR_F_RSA_ENCRYPT, + SCOSSL_ERR_F_RSA_EXPORT_KEY, + SCOSSL_ERR_F_RSA_NEW_EXPORT_PARAMS, + SCOSSL_ERR_F_RSA_PKCS1_SIGN, + SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_F_RSAPSS_VERIFY, - SCOSSL_ERR_F_TLS1PRF_CTRL, - SCOSSL_ERR_F_TLS1PRF_DERIVE, - SCOSSL_ERR_F_TLS1PRF_INIT, - SCOSSL_ERR_F_HMAC_INIT, - SCOSSL_ERR_F_HMAC_CTRL, - SCOSSL_ERR_F_HMAC_CTRL_STR, - SCOSSL_ERR_F_SSHKDF_NEW, - SCOSSL_ERR_F_SSHKDF_CTRL, - SCOSSL_ERR_F_SSHKDF_CTRL_STR, SCOSSL_ERR_F_SSHKDF_DERIVE, + SCOSSL_ERR_F_TLS1PRF_DERIVE, + + // SymCryptEngine + SCOSSL_ERR_F_ENG_AES_CCM_CTRL, + SCOSSL_ERR_F_ENG_AES_GCM_CTRL, + SCOSSL_ERR_F_ENG_AES_XTS_CIPHER, + SCOSSL_ERR_F_ENG_AES_XTS_CTRL, + SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, + SCOSSL_ERR_F_ENG_DH_GENERATE_KEY, + SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, + SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, + SCOSSL_ERR_F_ENG_DIGESTS, + SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, + SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, + SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, + SCOSSL_ERR_F_ENG_ECKEY_KEYGEN, + SCOSSL_ERR_F_ENG_ECKEY_SIGN, + SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, + SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, + SCOSSL_ERR_F_ENG_ECKEY_VERIFY, + SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, + SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, + SCOSSL_ERR_F_ENG_GET_ECC_CONTEXT_EX, + SCOSSL_ERR_F_ENG_GET_SYMCRYPT_HASH_ALGORITHM, + SCOSSL_ERR_F_ENG_HKDF_CTRL, + SCOSSL_ERR_F_ENG_HKDF_DERIVE, + SCOSSL_ERR_F_ENG_HKDF_INIT, + SCOSSL_ERR_F_ENG_HMAC_COPY, + SCOSSL_ERR_F_ENG_HMAC_CTRL, + SCOSSL_ERR_F_ENG_HMAC_INIT, + SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, + SCOSSL_ERR_F_ENG_PKEY_METHODS, + SCOSSL_ERR_F_ENG_PKEY_RSA_SIGN, + SCOSSL_ERR_F_ENG_PKEY_RSA_VERIFY, + SCOSSL_ERR_F_ENG_PKEY_RSAPSS_VERIFY, + SCOSSL_ERR_F_ENG_RSA_INIT, + SCOSSL_ERR_F_ENG_RSA_KEYGEN, + SCOSSL_ERR_F_ENG_RSA_PRIV_DEC, + SCOSSL_ERR_F_ENG_RSA_PRIV_ENC, + SCOSSL_ERR_F_ENG_RSA_PUB_DEC, + SCOSSL_ERR_F_ENG_RSA_PUB_ENC, + SCOSSL_ERR_F_ENG_RSA_SIGN, + SCOSSL_ERR_F_ENG_RSA_VERIFY, + SCOSSL_ERR_F_ENG_RSAPSS_SIGN, + SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, + SCOSSL_ERR_F_ENG_SSHKDF_CTRL, + SCOSSL_ERR_F_ENG_SSHKDF_CTRL_STR, + SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, + SCOSSL_ERR_F_ENG_SSHKDF_NEW, + SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, + SCOSSL_ERR_F_ENG_TLS1PRF_INIT, + + // SymCryptProvider + SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, SCOSSL_ERR_F_ENUM_END } SCOSSL_ERR_FUNC; diff --git a/ScosslCommon/src/scossl_aes_aead.c b/ScosslCommon/src/scossl_aes_aead.c index d46ea27..e4643b8 100644 --- a/ScosslCommon/src/scossl_aes_aead.c +++ b/ScosslCommon/src/scossl_aes_aead.c @@ -74,25 +74,25 @@ static SCOSSL_STATUS scossl_aes_gcm_tls(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, INT3 if (in != out) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-GCM TLS does not support out-of-place operation"); + "AES-GCM TLS does not support out-of-place operation"); goto cleanup; } if (inl < EVP_GCM_TLS_EXPLICIT_IV_LEN + EVP_GCM_TLS_TAG_LEN) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-GCM TLS buffer too small"); + "AES-GCM TLS buffer too small"); goto cleanup; } if (ctx->operationInProgress) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-GCM TLS operation cannot be multi-stage"); + "AES-GCM TLS operation cannot be multi-stage"); goto cleanup; } if (ctx->taglen != EVP_GCM_TLS_TAG_LEN) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-GCM TLS taglen must be %d", EVP_GCM_TLS_TAG_LEN); + "AES-GCM TLS taglen must be %d", EVP_GCM_TLS_TAG_LEN); goto cleanup; } @@ -106,7 +106,7 @@ static SCOSSL_STATUS scossl_aes_gcm_tls(_Inout_ SCOSSL_CIPHER_GCM_CTX *ctx, INT3 if (scossl_aes_gcm_iv_gen(ctx, out, EVP_GCM_TLS_EXPLICIT_IV_LEN) != SCOSSL_SUCCESS) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_TLS, ERR_R_INTERNAL_ERROR, - "AES-GCM TLS failed to generate IV"); + "AES-GCM TLS failed to generate IV"); goto cleanup; } @@ -156,8 +156,8 @@ SCOSSL_STATUS scossl_aes_gcm_cipher(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encrypt, if (ctx->iv == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "IV must be set before calling cipher"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CIPHER, ERR_R_PASSED_INVALID_ARGUMENT, + "IV must be set before calling cipher"); return SCOSSL_FAILURE; } @@ -258,8 +258,8 @@ SCOSSL_STATUS scossl_aes_gcm_iv_gen(SCOSSL_CIPHER_GCM_CTX *ctx, if (ctx->iv == NULL && (ctx->iv = OPENSSL_zalloc(ctx->ivlen)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, - "Failed to allocate IV"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_IV_GEN, ERR_R_MALLOC_FAILURE, + "Failed to allocate IV"); return SCOSSL_FAILURE; } @@ -282,8 +282,8 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_len(SCOSSL_CIPHER_GCM_CTX *ctx, size_t ivlen { if (ivlen < SCOSSL_GCM_MIN_IV_LENGTH) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "GCM IV length must be at least 1 byte"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_LEN, ERR_R_PASSED_INVALID_ARGUMENT, + "GCM IV length must be at least 1 byte"); return SCOSSL_FAILURE; } @@ -304,16 +304,16 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_fixed(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encr { if (ctx->ivlen != EVP_GCM_TLS_IV_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "set_iv_fixed only works with TLS IV length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, ERR_R_PASSED_INVALID_ARGUMENT, + "set_iv_fixed only works with TLS IV length"); return SCOSSL_FAILURE; } if (ctx->iv == NULL && (ctx->iv = OPENSSL_zalloc(ctx->ivlen)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, - "Failed to allocate IV"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, ERR_R_MALLOC_FAILURE, + "Failed to allocate IV"); return SCOSSL_FAILURE; } @@ -328,8 +328,8 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_fixed(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encr } if (ivlen > 4) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "set_iv_fixed incorrect length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, ERR_R_PASSED_INVALID_ARGUMENT, + "set_iv_fixed incorrect length"); return SCOSSL_FAILURE; } // Set first up to 4B of IV @@ -362,8 +362,8 @@ SCOSSL_STATUS scossl_aes_gcm_set_iv_inv(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encryp if (ctx->iv == NULL && (ctx->iv = OPENSSL_zalloc(ctx->ivlen)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, - "Failed to allocate IV"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_IV_INV, ERR_R_MALLOC_FAILURE, + "Failed to allocate IV"); return SCOSSL_FAILURE; } @@ -385,8 +385,8 @@ UINT16 scossl_aes_gcm_set_tls1_aad(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encrypt, if (aadlen != EVP_AEAD_TLS1_AAD_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "tls1_aad only works with TLS1 AAD length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "tls1_aad only works with TLS1 AAD length"); return SCOSSL_FAILURE; } memcpy(ctx->tlsAad, aad, EVP_AEAD_TLS1_AAD_LEN); @@ -406,8 +406,8 @@ UINT16 scossl_aes_gcm_set_tls1_aad(SCOSSL_CIPHER_GCM_CTX *ctx, INT32 encrypt, tls_buffer_len = SYMCRYPT_LOAD_MSBFIRST16(ctx->tlsAad + EVP_AEAD_TLS1_AAD_LEN - 2); if (tls_buffer_len < min_tls_buffer_len) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "tls_buffer_len too short"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "tls_buffer_len too short"); return SCOSSL_FAILURE; } tls_buffer_len -= min_tls_buffer_len; @@ -478,19 +478,19 @@ static SCOSSL_STATUS scossl_aes_ccm_tls(_Inout_ SCOSSL_CIPHER_CCM_CTX *ctx, INT3 if (in != out) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-CCM TLS does not support out-of-place operation"); + "AES-CCM TLS does not support out-of-place operation"); goto cleanup; } if (inl < (SIZE_T)EVP_CCM_TLS_EXPLICIT_IV_LEN + ctx->taglen) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-CCM TLS buffer too small"); + "AES-CCM TLS buffer too small"); goto cleanup; } if (ctx->ccmStage != SCOSSL_CCM_STAGE_INIT) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_TLS, ERR_R_PASSED_INVALID_ARGUMENT, - "AES-CCM TLS operation cannot be multi-stage"); + "AES-CCM TLS operation cannot be multi-stage"); goto cleanup; } if (ctx->ivlen != EVP_CCM_TLS_IV_LEN) @@ -591,7 +591,7 @@ SCOSSL_STATUS scossl_aes_ccm_cipher(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encrypt, else { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, - "Data provided to CCM after CCM operation is complete"); + "Data provided to CCM after CCM operation is complete"); return SCOSSL_FAILURE; } } @@ -600,7 +600,7 @@ SCOSSL_STATUS scossl_aes_ccm_cipher(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encrypt, if (in != NULL && out == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CIPHER, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED, - "AAD provided to CCM before cbData has been set"); + "AAD provided to CCM before cbData has been set"); return SCOSSL_FAILURE; } @@ -711,9 +711,9 @@ SCOSSL_STATUS scossl_aes_ccm_set_iv_len(SCOSSL_CIPHER_CCM_CTX *ctx, size_t ivlen { if (ivlen < SCOSSL_CCM_MIN_IV_LENGTH || ivlen > SCOSSL_CCM_MAX_IV_LENGTH) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "SCOSSL only supports [%d-%d] byte IVs for AES-CCM", - SCOSSL_CCM_MIN_IV_LENGTH, SCOSSL_CCM_MAX_IV_LENGTH); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_IV_LEN, ERR_R_PASSED_INVALID_ARGUMENT, + "SCOSSL only supports [%d-%d] byte IVs for AES-CCM", + SCOSSL_CCM_MIN_IV_LENGTH, SCOSSL_CCM_MAX_IV_LENGTH); return SCOSSL_FAILURE; } @@ -727,8 +727,8 @@ SCOSSL_STATUS scossl_aes_ccm_set_iv_fixed(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encr { if (ctx->ivlen != EVP_CCM_TLS_IV_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "set_iv_fixed only works with TLS IV length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_IV_LEN, ERR_R_PASSED_INVALID_ARGUMENT, + "set_iv_fixed only works with TLS IV length"); return SCOSSL_FAILURE; } if (ivlen == (size_t)-1) @@ -738,8 +738,8 @@ SCOSSL_STATUS scossl_aes_ccm_set_iv_fixed(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encr } if (ivlen != ctx->ivlen - EVP_CCM_TLS_EXPLICIT_IV_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "set_iv_fixed incorrect length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_IV_FIXED, ERR_R_PASSED_INVALID_ARGUMENT, + "set_iv_fixed incorrect length"); return SCOSSL_FAILURE; } // Set first 4B of IV @@ -763,14 +763,14 @@ UINT16 scossl_aes_ccm_set_tls1_aad(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encrypt, UINT16 min_tls_buffer_len = 0; if (aadlen != EVP_AEAD_TLS1_AAD_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "tls1_aad only works with TLS1 AAD length"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "tls1_aad only works with TLS1 AAD length"); return SCOSSL_FAILURE; } if (ctx->taglen != EVP_CCM_TLS_TAG_LEN && ctx->taglen != EVP_CCM8_TLS_TAG_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "Invalid taglen for TLS"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "Invalid taglen for TLS"); return SCOSSL_FAILURE; } memcpy(ctx->tlsAad, aad, EVP_AEAD_TLS1_AAD_LEN); @@ -790,8 +790,8 @@ UINT16 scossl_aes_ccm_set_tls1_aad(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encrypt, tls_buffer_len = SYMCRYPT_LOAD_MSBFIRST16(ctx->tlsAad + EVP_AEAD_TLS1_AAD_LEN - 2); if (tls_buffer_len < min_tls_buffer_len) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, ERR_R_PASSED_INVALID_ARGUMENT, - "tls_buffer_len too short"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, ERR_R_PASSED_INVALID_ARGUMENT, + "tls_buffer_len too short"); return SCOSSL_FAILURE; } tls_buffer_len -= min_tls_buffer_len; diff --git a/ScosslCommon/src/scossl_dh.c b/ScosslCommon/src/scossl_dh.c index a005074..74c898d 100644 --- a/ScosslCommon/src/scossl_dh.c +++ b/ScosslCommon/src/scossl_dh.c @@ -176,7 +176,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (ctx->dlkey == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeyAllocate returned NULL."); + "SymCryptDlkeyAllocate returned NULL."); goto cleanup; } @@ -205,7 +205,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if ((pbData = OPENSSL_zalloc(cbData)) == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, - "OPENSSL_zalloc returned NULL."); + "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -215,7 +215,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if ((SIZE_T)BN_bn2binpad(privateKey, pbPrivateKey, cbPrivateKey) != cbPrivateKey) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_INTERNAL_ERROR, - "BN_bn2binpad did not write expected number of private key bytes."); + "BN_bn2binpad did not write expected number of private key bytes."); goto cleanup; } } @@ -230,7 +230,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if ((SIZE_T)BN_bn2binpad(publicKey, pbPublicKey, cbPublicKey) != cbPublicKey) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_INTERNAL_ERROR, - "BN_bn2binpad did not write expected number of public key bytes."); + "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } } @@ -244,7 +244,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (skipGroupValidation) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Importing DH key in non-FIPS group."); + "Importing DH key in non-FIPS group."); flags |= SYMCRYPT_FLAG_KEY_NO_FIPS; } @@ -257,7 +257,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (scError != SYMCRYPT_NO_ERROR) { SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeySetValue failed", scError); + "SymCryptDlkeySetValue failed", scError); goto cleanup; } @@ -290,7 +290,7 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (ctx->dlkey == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeyAllocate returned NULL."); + "SymCryptDlkeyAllocate returned NULL."); goto cleanup; } @@ -300,7 +300,7 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (scError != SYMCRYPT_NO_ERROR) { SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeySetPrivateKeyLength failed", scError); + "SymCryptDlkeySetPrivateKeyLength failed", scError); goto cleanup; } } @@ -309,7 +309,7 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, if (scError != SYMCRYPT_NO_ERROR) { SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptDlkeyGenerate failed", scError); + "SymCryptDlkeyGenerate failed", scError); goto cleanup; } @@ -501,7 +501,7 @@ SCOSSL_STATUS scossl_dh_get_group_by_nid(int dlGroupNid, const BIGNUM* p, if (*ppDlGroup == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_DH_CONTEXT_EX, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GET_GROUP_BY_NID, ERR_R_INTERNAL_ERROR, "_hidden_dlgroup_* is NULL."); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_ecc.c b/ScosslCommon/src/scossl_ecc.c index ad86a50..98b7b1a 100644 --- a/ScosslCommon/src/scossl_ecc.c +++ b/ScosslCommon/src/scossl_ecc.c @@ -100,7 +100,7 @@ PCSYMCRYPT_ECURVE scossl_ecc_group_to_symcrypt_curve(const EC_GROUP *group) case NID_secp521r1: return _hidden_curve_P521; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ECC_GROUP_TO_SYMCRYPT_CURVE, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SCOSSL does not yet support this group (nid %d).", groupNid); } @@ -207,14 +207,14 @@ SCOSSL_STATUS scossl_ec_point_to_pubkey(const EC_POINT* ecPoint, const EC_GROUP if (((ecPubX = BN_new()) == NULL) || ((ecPubY = BN_new()) == NULL)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if (!EC_POINT_get_affine_coordinates(ecGroup, ecPoint, ecPubX, ecPubY, bnCtx)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, ERR_R_OPERATION_FAIL, "EC_POINT_get_affine_coordinates failed."); goto cleanup; } @@ -222,7 +222,7 @@ SCOSSL_STATUS scossl_ec_point_to_pubkey(const EC_POINT* ecPoint, const EC_GROUP if (((SIZE_T) BN_bn2binpad(ecPubX, pbPublicKey, cbPublicKey/2) != cbPublicKey/2) || ((SIZE_T) BN_bn2binpad(ecPubY, pbPublicKey + (cbPublicKey/2), cbPublicKey/2) != cbPublicKey/2)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, ERR_R_OPERATION_FAIL, "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } @@ -248,7 +248,7 @@ static SCOSSL_STATUS scossl_ecdsa_der_check_tag_and_get_value_and_length(_In_rea if (pbDerField[0] != expectedTag) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, ERR_R_PASSED_INVALID_ARGUMENT, - "pbDerField[0] != 0x%x", expectedTag); + "pbDerField[0] != 0x%x", expectedTag); goto cleanup; } @@ -268,14 +268,14 @@ static SCOSSL_STATUS scossl_ecdsa_der_check_tag_and_get_value_and_length(_In_rea else { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, ERR_R_PASSED_INVALID_ARGUMENT, - "Der element length field is not minimal"); + "Der element length field is not minimal"); goto cleanup; } } else { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, ERR_R_PASSED_INVALID_ARGUMENT, - "Unexpected length field encoding. pbDerField[1] == 0x%x", cbContent); + "Unexpected length field encoding. pbDerField[1] == 0x%x", cbContent); goto cleanup; } } @@ -283,8 +283,8 @@ static SCOSSL_STATUS scossl_ecdsa_der_check_tag_and_get_value_and_length(_In_rea if (pbContent + cbContent > pbDerField + cbDerField) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, ERR_R_PASSED_INVALID_ARGUMENT, - "Decoded content length does not fit in derField buffer. pbDerField [0x%lx, 0x%lx), pbContent [0x%lx, 0x%lx)", - pbDerField, pbDerField + cbDerField, pbContent, pbContent + cbContent); + "Decoded content length does not fit in derField buffer. pbDerField [0x%lx, 0x%lx), pbContent [0x%lx, 0x%lx)", + pbDerField, pbDerField + cbDerField, pbContent, pbContent + cbContent); goto cleanup; } @@ -319,10 +319,10 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC (cbSymCryptSignature % 2 == 1)) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "Incorrect size: cbDerSignature %d should be in range [%d, %d]\n" - " cbSymCryptSignature %d should be even integer in range [%d, %d]", - cbDerSignature, SCOSSL_ECDSA_MIN_DER_SIGNATURE_LEN, SCOSSL_ECDSA_MAX_DER_SIGNATURE_LEN, - cbSymCryptSignature, SCOSSL_ECDSA_MIN_SYMCRYPT_SIGNATURE_LEN, SCOSSL_ECDSA_MAX_SYMCRYPT_SIGNATURE_LEN); + "Incorrect size: cbDerSignature %d should be in range [%d, %d]\n" + " cbSymCryptSignature %d should be even integer in range [%d, %d]", + cbDerSignature, SCOSSL_ECDSA_MIN_DER_SIGNATURE_LEN, SCOSSL_ECDSA_MAX_DER_SIGNATURE_LEN, + cbSymCryptSignature, SCOSSL_ECDSA_MIN_SYMCRYPT_SIGNATURE_LEN, SCOSSL_ECDSA_MAX_SYMCRYPT_SIGNATURE_LEN); goto cleanup; } @@ -335,9 +335,9 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC if (pbSeq + cbSeq != pbDerSignature + cbDerSignature) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "Sequence length field (0x%x) does not match cbDerSignature (0x%x)", cbSeq, cbDerSignature); + "Sequence length field (0x%x) does not match cbDerSignature (0x%x)", cbSeq, cbDerSignature); SCOSSL_LOG_BYTES_DEBUG(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbDerSignature", pbDerSignature, cbDerSignature); + "pbDerSignature", pbDerSignature, cbDerSignature); goto cleanup; } @@ -350,9 +350,9 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC if (cbR > cbSeq - 3) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "cbR = pbSeq[1] > cbSeq - 3"); + "cbR = pbSeq[1] > cbSeq - 3"); SCOSSL_LOG_BYTES_DEBUG(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbDerSignature", pbDerSignature, cbDerSignature); + "pbDerSignature", pbDerSignature, cbDerSignature); goto cleanup; } @@ -367,9 +367,9 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC ((cbR > 1) && (pbR[0] == 0x00) && ((pbR[1] & 0x80) != 0x80))) // R is non-zero, and has a redundant leading 0 byte { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbR is not strict DER encoded non-negative integer"); + "pbR is not strict DER encoded non-negative integer"); SCOSSL_LOG_BYTES_DEBUG(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbR", pbR, cbR); + "pbR", pbR, cbR); goto cleanup; } // Trim leading 0 from R @@ -383,9 +383,9 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC ((cbS > 1) && (pbS[0] == 0x00) && ((pbS[1] & 0x80) != 0x80))) // S is non-zero, and has a redundant leading 0 byte { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbS is not strict DER encoded non-negative integer"); + "pbS is not strict DER encoded non-negative integer"); SCOSSL_LOG_BYTES_DEBUG(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "pbS", pbS, cbS); + "pbS", pbS, cbS); goto cleanup; } // Trim leading 0 from S @@ -398,7 +398,7 @@ static SCOSSL_STATUS scossl_ecdsa_remove_der(_In_reads_bytes_(cbDerSignature) PC if ((cbSymCryptSignature < 2 * cbR) || (cbSymCryptSignature < 2 * cbS)) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_REMOVE_DER, ERR_R_PASSED_INVALID_ARGUMENT, - "cbR (%d) or cbS (%d) too big for cbSymCryptSignature (%d)", cbR, cbS, cbSymCryptSignature); + "cbR (%d) or cbS (%d) too big for cbSymCryptSignature (%d)", cbR, cbS, cbSymCryptSignature); goto cleanup; } @@ -534,7 +534,7 @@ SCOSSL_STATUS scossl_ecdsa_sign(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, scError = SymCryptEckeyExtendKeyUsage(key, SYMCRYPT_FLAG_ECKEY_ECDSA); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyExtendKeyUsage failed", scError); return SCOSSL_FAILURE; } @@ -549,14 +549,14 @@ SCOSSL_STATUS scossl_ecdsa_sign(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, cbSymCryptSig); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEcDsaSign failed", scError); return SCOSSL_FAILURE; } if (!scossl_ecdsa_apply_der(buf, cbSymCryptSig, pbSignature, pcbSignature)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, ERR_R_OPERATION_FAIL, "scossl_ecdsa_apply_der failed"); return SCOSSL_FAILURE; } @@ -576,14 +576,14 @@ SCOSSL_STATUS scossl_ecdsa_verify(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, scError = SymCryptEckeyExtendKeyUsage(key, SYMCRYPT_FLAG_ECKEY_ECDSA); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyExtendKeyUsage failed", scError); return SCOSSL_FAILURE; } if (!scossl_ecdsa_remove_der(pbSignature, pcbSignature, &buf[0], cbSymCryptSig)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, ERR_R_OPERATION_FAIL, "scossl_ecdsa_remove_der failed"); return SCOSSL_FAILURE; } @@ -600,7 +600,7 @@ SCOSSL_STATUS scossl_ecdsa_verify(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, { if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEcDsaVerify returned unexpected error", scError); } return SCOSSL_FAILURE; diff --git a/ScosslCommon/src/scossl_helpers.c b/ScosslCommon/src/scossl_helpers.c index ac91953..c0eaabb 100644 --- a/ScosslCommon/src/scossl_helpers.c +++ b/ScosslCommon/src/scossl_helpers.c @@ -40,61 +40,94 @@ static ERR_STRING_DATA SCOSSL_ERR_library_string[] = { }; static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { + // ScosslCommon {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_CIPHER, 0), "scossl_aes_ccm_cipher"}, - {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_CTRL, 0), "scossl_aes_ccm_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_SET_IV_FIXED, 0), "scossl_aes_ccm_set_iv_fixed"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_SET_IV_LEN, 0), "scossl_aes_ccm_set_iv_len"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_SET_TLS1_AAD, 0), "scossl_aes_ccm_set_tls1_aad"}, {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_TLS, 0), "scossl_aes_ccm_tls"}, - {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_CTRL, 0), "scossl_aes_gcm_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_CIPHER, 0), "scossl_aes_gcm_cipher"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_IV_GEN, 0), "scossl_aes_gcm_iv_gen"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_SET_IV_FIXED, 0), "scossl_aes_gcm_set_iv_fixed"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_SET_IV_INV, 0), "scossl_aes_gcm_set_iv_inv"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_SET_IV_LEN, 0), "scossl_aes_gcm_set_iv_len"}, + {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_SET_TLS1_AAD, 0), "scossl_aes_gcm_set_tls1_aad"}, {ERR_PACK(0, SCOSSL_ERR_F_AES_GCM_TLS, 0), "scossl_aes_gcm_tls"}, - {ERR_PACK(0, SCOSSL_ERR_F_AES_XTS_CIPHER, 0), "scossl_aes_xts_cipher"}, - {ERR_PACK(0, SCOSSL_ERR_F_AES_XTS_CTRL, 0), "scossl_aes_xts_ctrl"}, - {ERR_PACK(0, SCOSSL_ERR_F_DH_COMPUTE_KEY, 0), "scossl_dh_compute_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_DH_GENERATE_KEY, 0), "scossl_dh_generate_key"}, {ERR_PACK(0, SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, 0), "scossl_dh_generate_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_DH_GET_GROUP_BY_NID, 0), "scossl_dh_get_group_by_nid"}, {ERR_PACK(0, SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, 0), "scossl_dh_import_keypair"}, - {ERR_PACK(0, SCOSSL_ERR_F_DIGESTS, 0), "scossl_digests"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, 0), "scossl_ecc_generate_keypair"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, 0), "scossl_ecc_import_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECC_GROUP_TO_SYMCRYPT_CURVE, 0), "scossl_ecc_group_to_symcrypt_curve"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECC_POINT_TO_PUBKEY, 0), "scossl_ec_point_to_pubkey"}, {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_APPLY_DER, 0), "scossl_ecdsa_apply_der"}, {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, 0), "scossl_ecdsa_der_check_tag_and_get_value_and_length"}, {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_REMOVE_DER, 0), "scossl_ecdsa_remove_der"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, 0), "scossl_eckey_compute_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_KEYGEN, 0), "scossl_eckey_keygen"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_SIGN, 0), "scossl_eckey_sign"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_SIGN_SETUP, 0), "scossl_eckey_sign_setup"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_SIGN_SIG, 0), "scossl_eckey_sign_sig"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_VERIFY, 0), "scossl_eckey_verify"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECKEY_VERIFY_SIG, 0), "scossl_eckey_verify_sig"}, - {ERR_PACK(0, SCOSSL_ERR_F_GET_DH_CONTEXT_EX, 0), "scossl_get_dh_context_ex"}, - {ERR_PACK(0, SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, 0), "scossl_get_ecc_context_ex"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_SIGN, 0), "scossl_ecdsa_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_VERIFY, 0), "SCOSSL_ERR_F_ECDSA_VERIFY"}, {ERR_PACK(0, SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, 0), "scossl_get_symcrypt_hash_algorithm"}, {ERR_PACK(0, SCOSSL_ERR_F_GET_SYMCRYPT_MAC_ALGORITHM, 0), "scossl_get_symcrypt_hmac_algorithm"}, - {ERR_PACK(0, SCOSSL_ERR_F_HKDF_CTRL, 0), "scossl_hkdf_ctrl"}, {ERR_PACK(0, SCOSSL_ERR_F_HKDF_DERIVE, 0), "scossl_hkdf_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_HKDF_INIT, 0), "scossl_hkdf_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_INITIALIZE_RSA_KEY, 0), "scossl_initialize_rsa_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_PKEY_METHODS, 0), "scossl_pkey_methods"}, - {ERR_PACK(0, SCOSSL_ERR_F_PKEY_RSA_SIGN, 0), "scossl_pkey_rsa_sign"}, - {ERR_PACK(0, SCOSSL_ERR_F_PKEY_RSA_VERIFY, 0), "scossl_pkey_rsa_verify"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_INIT, 0), "scossl_rsa_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_KEYGEN, 0), "scossl_rsa_keygen"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_PRIV_DEC, 0), "scossl_rsa_priv_dec"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_PRIV_ENC, 0), "scossl_rsa_priv_enc"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_PUB_DEC, 0), "scossl_rsa_pub_dec"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_PUB_ENC, 0), "scossl_rsa_pub_enc"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_SIGN, 0), "scossl_rsa_sign"}, - {ERR_PACK(0, SCOSSL_ERR_F_RSA_VERIFY, 0), "scossl_rsa_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_MAC_SET_HMAC_MD, 0), "scossl_mac_set_hmac_md"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_DECRYPT, 0), "scossl_rsa_decrypt"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_ENCRYPT, 0), "scossl_rsa_encrypt"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_EXPORT_KEY, 0), "scossl_rsa_export_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_NEW_EXPORT_PARAMS, 0), "scossl_rsa_new_export_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_PKCS1_SIGN, 0), "scossl_rsa_pkcs1_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_RSA_PKCS1_VERIFY, 0), "scossl_rsa_pkcs1_verify"}, {ERR_PACK(0, SCOSSL_ERR_F_RSAPSS_SIGN, 0), "scossl_rsapss_sign"}, {ERR_PACK(0, SCOSSL_ERR_F_RSAPSS_VERIFY, 0), "scossl_rsapss_verify"}, - {ERR_PACK(0, SCOSSL_ERR_F_TLS1PRF_CTRL, 0), "scossl_tls1prf_ctrl"}, - {ERR_PACK(0, SCOSSL_ERR_F_TLS1PRF_DERIVE, 0), "scossl_tls1prf_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_TLS1PRF_INIT, 0), "scossl_tls1prf_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_HMAC_INIT, 0), "scossl_hmac_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_HMAC_CTRL, 0), "scossl_hmac_ctrl"}, - {ERR_PACK(0, SCOSSL_ERR_F_HMAC_CTRL_STR, 0), "scossl_hmac_ctrl_str"}, - {ERR_PACK(0, SCOSSL_ERR_F_SSHKDF_NEW, 0), "scossl_sshkdf_new"}, - {ERR_PACK(0, SCOSSL_ERR_F_SSHKDF_CTRL, 0), "scossl_sshkdf_ctrl"}, - {ERR_PACK(0, SCOSSL_ERR_F_SSHKDF_CTRL_STR, 0), "scossl_sshkdf_ctrl_str"}, {ERR_PACK(0, SCOSSL_ERR_F_SSHKDF_DERIVE, 0), "scossl_sshkdf_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_TLS1PRF_DERIVE, 0), "scossl_tls1prf_derive"}, + // SymCryptEngine + {ERR_PACK(0, SCOSSL_ERR_F_ENG_AES_CCM_CTRL, 0), "e_scossl_aes_ccm_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_AES_GCM_CTRL, 0), "e_scossl_aes_gcm_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_AES_XTS_CIPHER, 0), "e_scossl_aes_xts_cipher"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_AES_XTS_CTRL, 0), "e_scossl_aes_xts_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, 0), "e_scossl_dh_compute_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DH_GENERATE_KEY, 0), "e_scossl_dh_generate_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, 0), "e_scossl_dh_generate_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, 0), "e_scossl_dh_import_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_DIGESTS, 0), "e_scossl_digests"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, 0), "e_scossl_ecc_generate_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, 0), "e_scossl_ecc_import_keypair"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, 0), "e_scossl_eckey_compute_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_KEYGEN, 0), "e_scossl_eckey_keygen"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_SIGN, 0), "e_scossl_eckey_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, 0), "e_scossl_eckey_sign_setup"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, 0), "e_scossl_eckey_sign_sig"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_VERIFY, 0), "e_scossl_eckey_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, 0), "e_scossl_eckey_verify_sig"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, 0), "e_scossl_get_dh_context_ex"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_GET_ECC_CONTEXT_EX, 0), "e_scossl_get_ecc_context_ex"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_GET_SYMCRYPT_HASH_ALGORITHM, 0), "e_scossl_get_symcrypt_hash_algorithm"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HKDF_CTRL, 0), "e_scossl_hkdf_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HKDF_DERIVE, 0), "e_scossl_hkdf_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HKDF_INIT, 0), "e_scossl_hkdf_init"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HMAC_COPY, 0), "e_scossl_hmac_copy"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HMAC_CTRL, 0), "e_scossl_hmac_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_HMAC_INIT, 0), "e_scossl_hmac_init"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, 0), "e_scossl_initialize_rsa_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_PKEY_METHODS, 0), "e_scossl_pkey_methods"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_PKEY_RSA_SIGN, 0), "e_scossl_pkey_rsa_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_PKEY_RSA_VERIFY, 0), "e_scossl_pkey_rsa_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_PKEY_RSAPSS_VERIFY, 0), "e_scossl_pkey_rsapss_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_INIT, 0), "e_scossl_rsa_init"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_KEYGEN, 0), "e_scossl_rsa_keygen"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_PRIV_DEC, 0), "e_scossl_rsa_priv_dec"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_PRIV_ENC, 0), "e_scossl_rsa_priv_enc"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_PUB_DEC, 0), "e_scossl_rsa_pub_dec"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_PUB_ENC, 0), "e_scossl_rsa_pub_enc"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_SIGN, 0), "e_scossl_rsa_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSA_VERIFY, 0), "e_scossl_rsa_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSAPSS_SIGN, 0), "e_scossl_rsapss_sign"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, 0), "e_scossl_rsapss_verify"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_CTRL, 0), "e_scossl_sshkdf_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_CTRL_STR, 0), "e_scossl_sshkdf_ctrl_str"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, 0), "e_scossl_sshkdf_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_NEW, 0), "e_scossl_sshkdf_new"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, 0), "e_scossl_tls1prf_ctrl"}, + {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_INIT, 0), "e_scossl_tls1prf_init"}, + // SymCryptProvider + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, 0), "p_scossl_rsa_keymgmt_import"}, {0, NULL} }; diff --git a/ScosslCommon/src/scossl_hkdf.c b/ScosslCommon/src/scossl_hkdf.c index 5e12998..034c2ac 100644 --- a/ScosslCommon/src/scossl_hkdf.c +++ b/ScosslCommon/src/scossl_hkdf.c @@ -97,14 +97,14 @@ SCOSSL_STATUS scossl_hkdf_derive(SCOSSL_HKDF_CTX *ctx, if (ctx->md == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Digest"); + "Missing Digest"); return SCOSSL_FAILURE; } if (ctx->pbKey == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Key"); + "Missing Key"); return SCOSSL_FAILURE; } @@ -160,7 +160,7 @@ SCOSSL_STATUS scossl_hkdf_derive(SCOSSL_HKDF_CTX *ctx, break; default: SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Invalid Mode: %d", ctx->mode); + "Invalid Mode: %d", ctx->mode); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_mac.c b/ScosslCommon/src/scossl_mac.c index 161502f..70957a4 100644 --- a/ScosslCommon/src/scossl_mac.c +++ b/ScosslCommon/src/scossl_mac.c @@ -190,8 +190,8 @@ SCOSSL_STATUS scossl_mac_set_hmac_md(SCOSSL_MAC_CTX *ctx, int mdNid) ctx->pMacEx = &SymCryptHmacSha3_512Ex; break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "SCOSSL does not support hash algorithm for MAC %d", mdNid); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_MAC_SET_HMAC_MD, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "SCOSSL does not support hash algorithm for MAC %d", mdNid); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_rsa.c b/ScosslCommon/src/scossl_rsa.c index 49bcd78..a6d0c77 100644 --- a/ScosslCommon/src/scossl_rsa.c +++ b/ScosslCommon/src/scossl_rsa.c @@ -111,8 +111,8 @@ SCOSSL_STATUS scossl_rsa_pkcs1_sign(PSYMCRYPT_RSAKEY key, int mdnid, pkcs1Params = scossl_get_rsa_pkcs1_params(mdnid); if (pkcs1Params == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); goto cleanup; } @@ -120,16 +120,16 @@ SCOSSL_STATUS scossl_rsa_pkcs1_sign(PSYMCRYPT_RSAKEY key, int mdnid, switch (mdnid) { case NID_md5_sha1: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); break; case NID_md5: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm MD5 which is not FIPS compliant"); break; case NID_sha1: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm SHA1 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm SHA1 which is not FIPS compliant"); break; } @@ -152,8 +152,8 @@ SCOSSL_STATUS scossl_rsa_pkcs1_sign(PSYMCRYPT_RSAKEY key, int mdnid, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPkcs1Sign failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsaPkcs1Sign failed", scError); goto cleanup; } @@ -174,24 +174,24 @@ SCOSSL_STATUS scossl_rsa_pkcs1_verify(PSYMCRYPT_RSAKEY key, int mdnid, if (pkcs1Params == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); goto cleanup; } switch (mdnid) { case NID_md5_sha1: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); break; case NID_md5: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm MD5 which is not FIPS compliant"); break; case NID_sha1: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm SHA1 which is not FIPS compliant"); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using hash algorithm SHA1 which is not FIPS compliant"); break; } @@ -217,8 +217,8 @@ SCOSSL_STATUS scossl_rsa_pkcs1_verify(PSYMCRYPT_RSAKEY key, int mdnid, } else if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPkcs1verify returned unexpected error", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsaPkcs1verify returned unexpected error", scError); } cleanup: @@ -240,7 +240,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (scosslHashAlgo == NULL || expectedHashLength == (SIZE_T)-1) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %d. Size: %d.", mdnid, cbHashValue); + "Unknown type: %d. Size: %d.", mdnid, cbHashValue); goto cleanup; } @@ -263,7 +263,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (cbSalt < 0 || cbSalt > cbSaltMax) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_PASSED_INVALID_ARGUMENT, - "Invalid cbSalt"); + "Invalid cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -271,7 +271,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (pcbSignature == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_PASSED_NULL_PARAMETER, - "pcbSignature is NULL"); + "pcbSignature is NULL"); goto cleanup; } @@ -292,7 +292,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, else if (mdnid == NID_sha1) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm SHA1 which is not FIPS compliant"); + "Using hash algorithm SHA1 which is not FIPS compliant"); } if (cbHashValue != expectedHashLength) @@ -314,7 +314,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (scError != SYMCRYPT_NO_ERROR) { SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPssSign failed", scError); + "SymCryptRsaPssSign failed", scError); goto cleanup; } @@ -338,8 +338,8 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (scosslHashAlgo == NULL || expectedHashLength == (SIZE_T)-1) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %d. Size: %d.", mdnid, cbHashValue); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %d. Size: %d.", mdnid, cbHashValue); goto cleanup; } @@ -368,7 +368,7 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (cbSalt < 0 || cbSalt > cbSaltMax) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, ERR_R_PASSED_INVALID_ARGUMENT, - "Invalid cbSalt"); + "Invalid cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -381,12 +381,12 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (mdnid == NID_md5) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5 which is not FIPS compliant"); + "Using hash algorithm MD5 which is not FIPS compliant"); } else if (mdnid == NID_sha1) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm SHA1 which is not FIPS compliant"); + "Using hash algorithm SHA1 which is not FIPS compliant"); } scError = SymCryptRsaPssVerify( @@ -407,7 +407,7 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, else if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPssVerify returned unexpected error", scError); + "SymCryptRsaPssVerify returned unexpected error", scError); } cleanup: @@ -456,8 +456,8 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaPkcs1Encrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsaPkcs1Encrypt failed", scError); goto cleanup; } break; @@ -470,8 +470,8 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, PCSYMCRYPT_HASH scosslHashAlgo = scossl_get_symcrypt_hash_algorithm(mdnid); if (!scosslHashAlgo) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %d.", mdnid); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %d.", mdnid); goto cleanup; } @@ -489,8 +489,8 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaOaepEncrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsaOaepEncrypt failed", scError); goto cleanup; } break; @@ -510,14 +510,14 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, cbResult = cbModulus; if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaRawEncrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsaRawEncrypt failed", scError); goto cleanup; } break; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, - "Unsupported Padding: %d.", padding); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_OPENSSL_FALLBACK, + "Unsupported Padding: %d.", padding); break; } @@ -597,8 +597,8 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, scosslHashAlgo = scossl_get_symcrypt_hash_algorithm(mdnid); if (!scosslHashAlgo) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %d.", mdnid); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unknown type: %d.", mdnid); goto cleanup; } @@ -616,8 +616,8 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PRIV_DEC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaOaepDecrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsaOaepDecrypt failed", scError); goto cleanup; } break; @@ -633,14 +633,14 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, cbResult = cbModulus; if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PRIV_DEC, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsaRawDecrypt failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsaRawDecrypt failed", scError); goto cleanup; } break; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, - "Unsupported Padding: %d.", padding); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_R_OPENSSL_FALLBACK, + "Unsupported Padding: %d.", padding); break; } @@ -659,7 +659,7 @@ SCOSSL_RSA_EXPORT_PARAMS *scossl_rsa_new_export_params(BOOL includePrivate) ((rsaParams->n = BN_new()) == NULL) || ((rsaParams->e = BN_new()) == NULL)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_NEW_EXPORT_PARAMS, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); scossl_rsa_free_export_params(rsaParams, TRUE); rsaParams = NULL; @@ -675,7 +675,7 @@ SCOSSL_RSA_EXPORT_PARAMS *scossl_rsa_new_export_params(BOOL includePrivate) ((rsaParams->privateParams->iqmp = BN_secure_new()) == NULL) || ((rsaParams->privateParams->d = BN_secure_new()) == NULL)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_NEW_EXPORT_PARAMS, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); scossl_rsa_free_export_params(rsaParams, TRUE); rsaParams = NULL; @@ -770,7 +770,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR pbData = OPENSSL_zalloc(cbData); if (pbData == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); goto cleanup; } @@ -814,7 +814,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -825,7 +825,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR if (BN_lebin2bn(pbModulus, cbModulus, rsaParams->n) == NULL || BN_lebin2bn(pbPubExp64, 8, rsaParams->e) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } @@ -841,7 +841,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -853,7 +853,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR (BN_lebin2bn(pbCrtCoefficient, cbPrime1, rsaParams->privateParams->iqmp) == NULL) || (BN_lebin2bn(pbPrivateExponent, cbPrivateExponent, rsaParams->privateParams->d) == NULL)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } diff --git a/ScosslCommon/src/scossl_sshkdf.c b/ScosslCommon/src/scossl_sshkdf.c index 7772885..c560944 100644 --- a/ScosslCommon/src/scossl_sshkdf.c +++ b/ScosslCommon/src/scossl_sshkdf.c @@ -65,28 +65,28 @@ SCOSSL_STATUS scossl_sshkdf_derive(SCOSSL_SSHKDF_CTX *ctx, ctx->cbHashValue == 0) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Digest"); + "Missing Digest"); return SCOSSL_FAILURE; } if (!ctx->pbKey) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Key"); + "Missing Key"); return SCOSSL_FAILURE; } if (ctx->cbSessionId == 0) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Session ID"); + "Missing Session ID"); return SCOSSL_FAILURE; } if (ctx->label == 0) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Label"); + "Missing Label"); return SCOSSL_FAILURE; } @@ -100,6 +100,8 @@ SCOSSL_STATUS scossl_sshkdf_derive(SCOSSL_SSHKDF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptSshKdf failed", scError); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_tls1prf.c b/ScosslCommon/src/scossl_tls1prf.c index 85174f7..60465de 100644 --- a/ScosslCommon/src/scossl_tls1prf.c +++ b/ScosslCommon/src/scossl_tls1prf.c @@ -82,7 +82,7 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, if (ctx->pbSecret == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Secret"); + "Missing Secret"); return SCOSSL_FAILURE; } @@ -90,7 +90,7 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, { // Special case to use TlsPrf1_1 to handle md5_sha1 SCOSSL_LOG_INFO(SCOSSL_ERR_F_TLS1PRF_DERIVE, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); + "Using hash algorithm MD5+SHA1 which is not FIPS compliant"); scError = SymCryptTlsPrf1_1( ctx->pbSecret, ctx->cbSecret, @@ -103,7 +103,7 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, if (ctx->pHmac == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Digest"); + "Missing Digest"); return SCOSSL_FAILURE; } @@ -118,7 +118,7 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptTlsPrf1_x failed", scError); + "SymCryptTlsPrf1_x failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_ciphers.c b/SymCryptEngine/src/e_scossl_ciphers.c index e38ee2f..2db52fe 100644 --- a/SymCryptEngine/src/e_scossl_ciphers.c +++ b/SymCryptEngine/src/e_scossl_ciphers.c @@ -640,7 +640,7 @@ SCOSSL_RETURNLENGTH e_scossl_aes_xts_cipher(_Inout_ EVP_CIPHER_CTX *ctx, _Out_ u { if( (inl % SYMCRYPT_AES_BLOCK_SIZE) != 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_XTS_CIPHER, ERR_R_PASSED_INVALID_ARGUMENT, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_XTS_CIPHER, ERR_R_PASSED_INVALID_ARGUMENT, "Data length (%d) is not a multiple of the AES block size. SymCrypt does not support this size", inl); return -1; } @@ -688,7 +688,7 @@ static SCOSSL_STATUS e_scossl_aes_xts_ctrl(_In_ EVP_CIPHER_CTX *ctx, int type, o // set EVP_CIPH_CUSTOM_COPY flag on all our AES ciphers // We must explicitly copy the AES key struct using SymCrypt as the AES key structure contains pointers // to itself, so a plain memcpy will maintain pointers to the source context - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_XTS_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_XTS_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "No copy method currently implemented"); // We need a SymCryptXtsKeyCopy function for this as we don't have explicit control over the AES key // struct here @@ -765,8 +765,8 @@ static int e_scossl_aes_gcm_ctrl(_Inout_ EVP_CIPHER_CTX *ctx, int type, int arg, if (cipherCtx->iv != NULL && (dstCtx->iv = OPENSSL_memdup(cipherCtx->iv, cipherCtx->ivlen)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, - "Failed to copy IV"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_GCM_CTRL, ERR_R_MALLOC_FAILURE, + "Failed to copy IV"); return SCOSSL_FAILURE; } @@ -785,7 +785,7 @@ static int e_scossl_aes_gcm_ctrl(_Inout_ EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: return scossl_aes_gcm_set_tls1_aad(cipherCtx, EVP_CIPHER_CTX_encrypting(ctx), ptr, arg); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_GCM_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_GCM_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt Engine does not support control type (%d)", type); return SCOSSL_FAILURE; } @@ -861,7 +861,7 @@ static int e_scossl_aes_ccm_ctrl(_Inout_ EVP_CIPHER_CTX *ctx, int type, int arg, case EVP_CTRL_AEAD_TLS1_AAD: return scossl_aes_ccm_set_tls1_aad(cipherCtx, EVP_CIPHER_CTX_encrypting(ctx), ptr, arg); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_AES_CCM_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt Engine does not support control type (%d)", type); return SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_dh.c b/SymCryptEngine/src/e_scossl_dh.c index 0097f27..48bdcd2 100644 --- a/SymCryptEngine/src/e_scossl_dh.c +++ b/SymCryptEngine/src/e_scossl_dh.c @@ -52,7 +52,7 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( pbData = OPENSSL_zalloc(cbData); if( pbData == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -68,7 +68,7 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -76,7 +76,7 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( if( ((dh_privkey = BN_secure_new()) == NULL) || ((dh_pubkey = BN_new()) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } @@ -84,14 +84,14 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( if( (BN_bin2bn(pbPrivateKey, cbPrivateKey, dh_privkey) == NULL) || (BN_bin2bn(pbPublicKey, cbPublicKey, dh_pubkey) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } if( DH_set0_key(dh, dh_pubkey, dh_privkey) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "DH_set0_key failed."); goto cleanup; } @@ -143,7 +143,7 @@ SCOSSL_STATUS e_scossl_dh_import_keypair( if( dh_pubkey == NULL && dh_privkey == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_INTERNAL_ERROR, "DH_get0_key returned NULL for public and private key."); goto cleanup; } @@ -160,8 +160,8 @@ SCOSSL_STATUS e_scossl_dh_import_keypair( cbPublicKey = SymCryptDlkeySizeofPublicKey(pKeyCtx->dlkey); if( (pbPublicKey = OPENSSL_zalloc(cbPublicKey)) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, - "OPENSSL_zalloc returned NULL."); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -173,28 +173,28 @@ SCOSSL_STATUS e_scossl_dh_import_keypair( 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } if( (generated_dh_pubkey = BN_new()) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if( BN_bin2bn(pbPublicKey, cbPublicKey, generated_dh_pubkey) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } if( DH_set0_key(dh, generated_dh_pubkey, NULL) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "DH_set0_key failed."); goto cleanup; } @@ -252,7 +252,7 @@ SCOSSL_STATUS e_scossl_get_dh_context_ex(_Inout_ DH* dh, _Out_ SCOSSL_DH_KEY_CTX { if (status == SCOSSL_FALLBACK) { - SCOSSL_LOG_INFO(SCOSSL_ERR_F_GET_DH_CONTEXT_EX, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SymCrypt engine does not support this DH dlgroup - falling back to OpenSSL."); } return status; @@ -265,14 +265,14 @@ SCOSSL_STATUS e_scossl_get_dh_context_ex(_Inout_ DH* dh, _Out_ SCOSSL_DH_KEY_CTX SCOSSL_DH_KEY_CTX* pKeyCtx = scossl_dh_new_key_ctx(); if( !pKeyCtx ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_DH_CONTEXT_EX, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); return SCOSSL_FAILURE; } if( DH_set_ex_data(dh, e_scossl_dh_idx, pKeyCtx) == 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_DH_CONTEXT_EX, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_DH_CONTEXT_EX, ERR_R_OPERATION_FAIL, "DH_set_ex_data failed"); OPENSSL_free(pKeyCtx); return SCOSSL_FAILURE; @@ -316,7 +316,7 @@ SCOSSL_STATUS e_scossl_dh_generate_key(_Inout_ DH* dh) switch( e_scossl_get_dh_context_ex(dh, &pKeyCtx, TRUE) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEY, ERR_R_OPERATION_FAIL, "e_scossl_get_dh_context_ex failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -329,7 +329,7 @@ SCOSSL_STATUS e_scossl_dh_generate_key(_Inout_ DH* dh) case SCOSSL_SUCCESS: return SCOSSL_SUCCESS; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEY, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_dh_context_ex value"); return SCOSSL_FAILURE; } @@ -352,7 +352,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi switch( e_scossl_get_dh_context(dh, &pKeyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "e_scossl_get_dh_context failed."); return res; case SCOSSL_FALLBACK: @@ -365,7 +365,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_dh_context_ex value"); return res; } @@ -375,14 +375,14 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi pkPublic = SymCryptDlkeyAllocate(pKeyCtx->dlkey->pDlgroup); if( pkPublic == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptDlkeyAllocate returned NULL."); goto cleanup; } if( (SIZE_T) BN_bn2binpad(pub_key, buf, cbPublicKey) != cbPublicKey ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } @@ -395,7 +395,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi pkPublic ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptDlkeySetValue failed", scError); goto cleanup; } @@ -409,7 +409,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi cbPublicKey ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptEngine/src/e_scossl_digests.c b/SymCryptEngine/src/e_scossl_digests.c index 2e0821c..27504ef 100644 --- a/SymCryptEngine/src/e_scossl_digests.c +++ b/SymCryptEngine/src/e_scossl_digests.c @@ -215,7 +215,7 @@ static SCOSSL_STATUS e_scossl_digest_md5_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_MD5_STATE state = (PSYMCRYPT_MD5_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -229,7 +229,7 @@ static SCOSSL_STATUS e_scossl_digest_md5_update(_Inout_ EVP_MD_CTX *ctx, _In_rea PSYMCRYPT_MD5_STATE state = (PSYMCRYPT_MD5_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -242,7 +242,7 @@ static SCOSSL_STATUS e_scossl_digest_md5_final(_Inout_ EVP_MD_CTX *ctx, _Out_wri PSYMCRYPT_MD5_STATE state = (PSYMCRYPT_MD5_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -271,7 +271,7 @@ static SCOSSL_STATUS e_scossl_digest_sha1_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_SHA1_STATE state = (PSYMCRYPT_SHA1_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -285,7 +285,7 @@ static SCOSSL_STATUS e_scossl_digest_sha1_update(_Inout_ EVP_MD_CTX *ctx, _In_re PSYMCRYPT_SHA1_STATE state = (PSYMCRYPT_SHA1_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -298,7 +298,7 @@ static SCOSSL_STATUS e_scossl_digest_sha1_final(_Inout_ EVP_MD_CTX *ctx, _Out_wr PSYMCRYPT_SHA1_STATE state = (PSYMCRYPT_SHA1_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -328,7 +328,7 @@ static SCOSSL_STATUS e_scossl_digest_sha256_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_SHA256_STATE state = (PSYMCRYPT_SHA256_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -342,7 +342,7 @@ static SCOSSL_STATUS e_scossl_digest_sha256_update(_Inout_ EVP_MD_CTX *ctx, _In_ PSYMCRYPT_SHA256_STATE state = (PSYMCRYPT_SHA256_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -355,7 +355,7 @@ static SCOSSL_STATUS e_scossl_digest_sha256_final(_Inout_ EVP_MD_CTX *ctx, _Out_ PSYMCRYPT_SHA256_STATE state = (PSYMCRYPT_SHA256_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -384,7 +384,7 @@ static SCOSSL_STATUS e_scossl_digest_sha384_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_SHA384_STATE state = (PSYMCRYPT_SHA384_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -398,7 +398,7 @@ static SCOSSL_STATUS e_scossl_digest_sha384_update(_Inout_ EVP_MD_CTX *ctx, _In_ PSYMCRYPT_SHA384_STATE state = (PSYMCRYPT_SHA384_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -411,7 +411,7 @@ static SCOSSL_STATUS e_scossl_digest_sha384_final(_Inout_ EVP_MD_CTX *ctx, _Out_ PSYMCRYPT_SHA384_STATE state = (PSYMCRYPT_SHA384_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -440,7 +440,7 @@ static SCOSSL_STATUS e_scossl_digest_sha512_init(_Out_ EVP_MD_CTX *ctx) PSYMCRYPT_SHA512_STATE state = (PSYMCRYPT_SHA512_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -454,7 +454,7 @@ static SCOSSL_STATUS e_scossl_digest_sha512_update(_Inout_ EVP_MD_CTX *ctx, _In_ PSYMCRYPT_SHA512_STATE state = (PSYMCRYPT_SHA512_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } @@ -467,7 +467,7 @@ static SCOSSL_STATUS e_scossl_digest_sha512_final(_Inout_ EVP_MD_CTX *ctx, _Out_ PSYMCRYPT_SHA512_STATE state = (PSYMCRYPT_SHA512_STATE) SCOSSL_ALIGN_UP(EVP_MD_CTX_md_data(ctx)); if( state == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_DIGESTS, SCOSSL_ERR_R_MISSING_CTX_DATA, "No MD Data Present"); return SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_ecc.c b/SymCryptEngine/src/e_scossl_ecc.c index 120257d..10b43aa 100644 --- a/SymCryptEngine/src/e_scossl_ecc.c +++ b/SymCryptEngine/src/e_scossl_ecc.c @@ -91,7 +91,7 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey pKeyCtx->key = SymCryptEckeyAllocate(pCurve); if( pKeyCtx->key == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyAllocate returned NULL."); goto cleanup; } @@ -103,7 +103,7 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey pbData = OPENSSL_zalloc(cbData); if( pbData == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -111,7 +111,7 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey scError = SymCryptEckeySetRandom( SYMCRYPT_FLAG_ECKEY_ECDH, pKeyCtx->key ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeySetRandom failed", scError); goto cleanup; } @@ -128,14 +128,14 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyGetValue failed", scError); goto cleanup; } if( (bn_ctx = BN_CTX_new()) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_CTX_new returned NULL."); goto cleanup; } @@ -145,14 +145,14 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey ((ec_pub_x = BN_new()) == NULL) || ((ec_pub_y = BN_new()) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if( (ec_pubkey = EC_POINT_new(ecgroup)) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_MALLOC_FAILURE, "EC_POINT_new returned NULL."); goto cleanup; } @@ -161,28 +161,28 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey (BN_bin2bn(pbPublicKey, cbPublicKey/2, ec_pub_x) == NULL) || (BN_bin2bn(pbPublicKey + (cbPublicKey/2), cbPublicKey/2, ec_pub_y) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); goto cleanup; } if( EC_KEY_set_private_key(eckey, ec_privkey) == 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_KEY_set_private_key failed."); goto cleanup; } if( EC_POINT_set_affine_coordinates(ecgroup, ec_pubkey, ec_pub_x, ec_pub_y, bn_ctx) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_POINT_set_affine_coordinates failed."); goto cleanup; } if( EC_KEY_set_public_key(eckey, ec_pubkey) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_KEY_set_public_key failed."); goto cleanup; } @@ -236,7 +236,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pKeyCtx->key = SymCryptEckeyAllocate(pCurve); if( pKeyCtx->key == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyAllocate returned NULL."); goto cleanup; } @@ -249,7 +249,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E if( ec_pubkey == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_KEY_get0_public_key returned NULL."); goto cleanup; } @@ -261,7 +261,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E if( (bn_ctx = BN_CTX_new()) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_CTX_new returned NULL."); goto cleanup; } @@ -270,14 +270,14 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E if( ((ec_pub_x = BN_new()) == NULL) || ((ec_pub_y = BN_new()) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if( EC_POINT_get_affine_coordinates(ecgroup, ec_pubkey, ec_pub_x, ec_pub_y, bn_ctx) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "EC_POINT_get_affine_coordinates failed."); goto cleanup; } @@ -286,7 +286,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pbData = OPENSSL_zalloc(cbData); if( pbData == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc returned NULL."); goto cleanup; } @@ -296,7 +296,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pbPrivateKey = pbData; if( (SIZE_T) BN_bn2binpad(ec_privkey, pbPrivateKey, cbPrivateKey) != cbPrivateKey ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bn2binpad did not write expected number of private key bytes."); goto cleanup; } @@ -306,7 +306,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E if( ((SIZE_T) BN_bn2binpad(ec_pub_x, pbPublicKey, cbPublicKey/2) != cbPublicKey/2) || ((SIZE_T) BN_bn2binpad(ec_pub_y, pbPublicKey + (cbPublicKey/2), cbPublicKey/2) != cbPublicKey/2) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, ERR_R_OPERATION_FAIL, "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } @@ -320,7 +320,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pKeyCtx->key ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECC_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -374,14 +374,14 @@ SCOSSL_STATUS e_scossl_get_ecc_context_ex(_Inout_ EC_KEY* eckey, _Out_ SCOSSL_EC SCOSSL_ECC_KEY_CONTEXT *keyCtx = OPENSSL_zalloc(sizeof(*keyCtx)); if( !keyCtx ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_ECC_CONTEXT_EX, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); return SCOSSL_FAILURE; } if( EC_KEY_set_ex_data(eckey, e_scossl_eckey_idx, keyCtx) == 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_ECC_CONTEXT_EX, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_ECC_CONTEXT_EX, ERR_R_OPERATION_FAIL, "EC_KEY_set_ex_data failed"); OPENSSL_free(keyCtx); return SCOSSL_FAILURE; @@ -434,7 +434,7 @@ SCOSSL_STATUS e_scossl_eckey_sign(int type, switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -449,7 +449,7 @@ SCOSSL_STATUS e_scossl_eckey_sign(int type, case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return SCOSSL_FAILURE; } @@ -457,7 +457,7 @@ SCOSSL_STATUS e_scossl_eckey_sign(int type, // SymCrypt does not support taking kinv or r parameters. Fallback to OpenSSL. if( kinv != NULL || r != NULL ) { - SCOSSL_LOG_INFO(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_ECKEY_SIGN, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SymCrypt engine does not yet support explicit setting kinv or r parameters. Falling back to OpenSSL"); ossl_eckey_method = EC_KEY_OpenSSL(); PFN_eckey_sign pfn_eckey_sign = NULL; @@ -481,12 +481,12 @@ SCOSSL_STATUS e_scossl_eckey_sign_setup(_In_ EC_KEY* eckey, _In_ BN_CTX* ctx_in, switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SETUP, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: case SCOSSL_SUCCESS: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_ECKEY_SIGN_SETUP, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SymCrypt engine does not yet support explicit getting kinv or r parameters. Falling back to OpenSSL"); EC_KEY_METHOD_get_sign(ossl_eckey_method, NULL, &pfn_eckey_sign_setup, NULL); if( !pfn_eckey_sign_setup ) @@ -495,7 +495,7 @@ SCOSSL_STATUS e_scossl_eckey_sign_setup(_In_ EC_KEY* eckey, _In_ BN_CTX* ctx_in, } return pfn_eckey_sign_setup(eckey, ctx_in, kinvp, rp); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SETUP, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SETUP, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return SCOSSL_FAILURE; } @@ -517,7 +517,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return NULL; case SCOSSL_FALLBACK: @@ -532,7 +532,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return NULL; } @@ -540,7 +540,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char scError = SymCryptEckeyExtendKeyUsage(keyCtx->key, SYMCRYPT_FLAG_ECKEY_ECDSA); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyExtendKeyUsage failed", scError); return NULL; } @@ -556,7 +556,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char cbSymCryptSig); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEcDsaSign failed", scError); return NULL; } @@ -564,7 +564,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char returnSignature = ECDSA_SIG_new(); if( returnSignature == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_MALLOC_FAILURE, "ECDSA_SIG_new returned NULL."); return NULL; } @@ -574,7 +574,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char { BN_free(r); BN_free(s); - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); return NULL; } @@ -582,7 +582,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char if( (BN_bin2bn(buf, cbSymCryptSig/2, r) == NULL) || (BN_bin2bn(buf + cbSymCryptSig/2, cbSymCryptSig/2, s) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_SIGN_SIG, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, ERR_R_OPERATION_FAIL, "BN_bin2bn failed."); BN_free(r); BN_free(s); @@ -615,7 +615,7 @@ SCOSSL_STATUS e_scossl_eckey_verify(int type, _In_reads_bytes_(dgst_len) const u switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -630,7 +630,7 @@ SCOSSL_STATUS e_scossl_eckey_verify(int type, _In_reads_bytes_(dgst_len) const u case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return SCOSSL_FAILURE; } @@ -653,7 +653,7 @@ SCOSSL_STATUS e_scossl_eckey_verify_sig(_In_reads_bytes_(dgst_len) const unsigne switch( e_scossl_get_ecc_context(eckey, &keyCtx) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY_SIG, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -668,7 +668,7 @@ SCOSSL_STATUS e_scossl_eckey_verify_sig(_In_reads_bytes_(dgst_len) const unsigne case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY_SIG, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return SCOSSL_FAILURE; } @@ -691,7 +691,7 @@ SCOSSL_STATUS e_scossl_eckey_verify_sig(_In_reads_bytes_(dgst_len) const unsigne { if( scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_VERIFY_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEcDsaVerify returned unexpected error", scError); } return SCOSSL_FAILURE; @@ -708,7 +708,7 @@ SCOSSL_STATUS e_scossl_eckey_keygen(_Inout_ EC_KEY *key) switch( e_scossl_get_ecc_context_ex(key, &keyCtx, TRUE) ) { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_KEYGEN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_KEYGEN, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context_ex failed."); return SCOSSL_FAILURE; case SCOSSL_FALLBACK: @@ -723,7 +723,7 @@ SCOSSL_STATUS e_scossl_eckey_keygen(_Inout_ EC_KEY *key) case SCOSSL_SUCCESS: return SCOSSL_SUCCESS; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_KEYGEN, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_KEYGEN, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context_ex value"); return SCOSSL_FAILURE; } @@ -751,7 +751,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi switch( e_scossl_get_ecc_context((EC_KEY*)ecdh, &keyCtx) ) // removing const cast as code path in this instance will not alter ecdh. TODO: refactor e_scossl_get_ecc_context { case SCOSSL_FAILURE: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "e_scossl_get_ecc_context failed."); return -1; case SCOSSL_FALLBACK: @@ -766,7 +766,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi case SCOSSL_SUCCESS: break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_INTERNAL_ERROR, "Unexpected e_scossl_get_ecc_context value"); return -1; } @@ -774,7 +774,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi ecgroup = EC_KEY_get0_group(ecdh); if( ecgroup == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "EC_KEY_get0_group returned NULL."); goto cleanup; } @@ -783,14 +783,14 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi pkPublic = SymCryptEckeyAllocate(keyCtx->key->pCurve); if( pkPublic == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeyAllocate returned NULL."); goto cleanup; } if( (bn_ctx = BN_CTX_new()) == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "BN_CTX_new returned NULL."); goto cleanup; } @@ -799,14 +799,14 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi if( ((ec_pub_x = BN_new()) == NULL) || ((ec_pub_y = BN_new()) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_MALLOC_FAILURE, "BN_new returned NULL."); goto cleanup; } if( EC_POINT_get_affine_coordinates(ecgroup, pub_key, ec_pub_x, ec_pub_y, bn_ctx) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "EC_POINT_get_affine_coordinates failed."); goto cleanup; } @@ -814,7 +814,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi if( (BN_bn2binpad(ec_pub_x, buf, cbPublicKey/2) != (int) cbPublicKey/2) || (BN_bn2binpad(ec_pub_y, buf + (cbPublicKey/2), cbPublicKey/2) != (int) cbPublicKey/2) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_OPERATION_FAIL, "BN_bn2binpad did not write expected number of public key bytes."); goto cleanup; } @@ -828,7 +828,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi pkPublic ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -837,7 +837,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi *psec = OPENSSL_zalloc(*pseclen); if( *psec == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); goto cleanup; } @@ -851,7 +851,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi *pseclen ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptEcDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptEngine/src/e_scossl_hkdf.c b/SymCryptEngine/src/e_scossl_hkdf.c index 251738b..5ecaf07 100644 --- a/SymCryptEngine/src/e_scossl_hkdf.c +++ b/SymCryptEngine/src/e_scossl_hkdf.c @@ -16,7 +16,7 @@ SCOSSL_STATUS e_scossl_hkdf_init(EVP_PKEY_CTX *ctx) { SCOSSL_HKDF_CTX *e_scossl_hkdf_context; if ((e_scossl_hkdf_context = scossl_hkdf_newctx()) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_INIT, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HKDF_INIT, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc returned NULL"); return SCOSSL_FAILURE; } @@ -77,7 +77,7 @@ SCOSSL_STATUS e_scossl_hkdf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return SCOSSL_SUCCESS; return scossl_hkdf_append_info(e_scossl_hkdf_context, p2, p1); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HKDF_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt Engine does not support ctrl type (%d)", type); return SCOSSL_UNSUPPORTED; } @@ -198,15 +198,15 @@ SCOSSL_STATUS e_scossl_hkdf_derive(EVP_PKEY_CTX *ctx, if (e_scossl_hkdf_context->md == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Digest"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, + "Missing Digest"); return SCOSSL_FAILURE; } if (e_scossl_hkdf_context->pbKey == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, - "Missing Key"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HKDF_DERIVE, ERR_R_INTERNAL_ERROR, + "Missing Key"); return SCOSSL_FAILURE; } @@ -221,8 +221,8 @@ SCOSSL_STATUS e_scossl_hkdf_derive(EVP_PKEY_CTX *ctx, return scossl_hkdf_derive(e_scossl_hkdf_context, key, *keylen); } - SCOSSL_LOG_INFO(SCOSSL_ERR_F_HKDF_DERIVE, SCOSSL_ERR_R_OPENSSL_FALLBACK, - "SymCrypt engine does not support Hmac algorithm %d - falling back to OpenSSL", EVP_MD_type(e_scossl_hkdf_context->md)); + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_HKDF_DERIVE, SCOSSL_ERR_R_OPENSSL_FALLBACK, + "SymCrypt engine does not support Hmac algorithm %d - falling back to OpenSSL", EVP_MD_type(e_scossl_hkdf_context->md)); switch (e_scossl_hkdf_context->mode) { diff --git a/SymCryptEngine/src/e_scossl_hmac.c b/SymCryptEngine/src/e_scossl_hmac.c index 2e14088..3bbaa76 100644 --- a/SymCryptEngine/src/e_scossl_hmac.c +++ b/SymCryptEngine/src/e_scossl_hmac.c @@ -19,8 +19,8 @@ SCOSSL_STATUS e_scossl_hmac_init(EVP_PKEY_CTX *ctx) if ((e_scossl_hmac_context = OPENSSL_zalloc(sizeof(SCOSSL_MAC_CTX))) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HMAC_INIT, ERR_R_MALLOC_FAILURE, - "OPENSSL_zalloc returned NULL"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HMAC_INIT, ERR_R_MALLOC_FAILURE, + "OPENSSL_zalloc returned NULL"); return SCOSSL_FAILURE; } @@ -52,8 +52,8 @@ SCOSSL_STATUS e_scossl_hmac_copy(EVP_PKEY_CTX *dst, const EVP_PKEY_CTX *src) if ((dst_ctx = scossl_mac_dupctx(src_ctx)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HMAC_INIT, ERR_R_MALLOC_FAILURE, - "scossl_hmac_dupctx returned NULL"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HMAC_COPY, ERR_R_MALLOC_FAILURE, + "scossl_hmac_dupctx returned NULL"); return SCOSSL_FAILURE; } @@ -96,7 +96,7 @@ SCOSSL_STATUS e_scossl_hmac_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) ret = scossl_mac_init(e_scossl_hmac_context, key->data, key->length); break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_HMAC_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_HMAC_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt Engine does not support ctrl type (%d)", type); ret = SCOSSL_UNSUPPORTED; } diff --git a/SymCryptEngine/src/e_scossl_pkey_meths.c b/SymCryptEngine/src/e_scossl_pkey_meths.c index 411fc1b..69943dd 100644 --- a/SymCryptEngine/src/e_scossl_pkey_meths.c +++ b/SymCryptEngine/src/e_scossl_pkey_meths.c @@ -41,7 +41,7 @@ static int e_scossl_pkey_rsa_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_bytes_( if( EVP_PKEY_CTX_get_rsa_padding(ctx, &padding) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PKEY_RSA_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_PKEY_RSA_SIGN, ERR_R_OPERATION_FAIL, "Failed to get padding"); return SCOSSL_UNSUPPORTED; } @@ -62,7 +62,7 @@ static int e_scossl_pkey_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_byte if( EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, &cbSalt) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PKEY_RSA_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_PKEY_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -70,7 +70,7 @@ static int e_scossl_pkey_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_byte { return e_scossl_rsapss_verify(ctx, sig, siglen, tbs, tbslen); } - SCOSSL_LOG_INFO(SCOSSL_ERR_F_PKEY_RSA_VERIFY, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_PKEY_RSAPSS_VERIFY, SCOSSL_ERR_R_OPENSSL_FALLBACK, "SymCrypt Engine does not support RSA_PSS_SALTLEN_AUTO saltlen - falling back to OpenSSL"); return _openssl_pkey_rsa_verify(ctx, sig, siglen, tbs, tbslen); @@ -84,7 +84,7 @@ static int e_scossl_pkey_rsa_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_( if( EVP_PKEY_CTX_get_rsa_padding(ctx, &padding) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PKEY_RSA_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_PKEY_RSA_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get padding"); return SCOSSL_UNSUPPORTED; } @@ -285,7 +285,7 @@ int e_scossl_pkey_methods(_Inout_ ENGINE *e, _Out_opt_ EVP_PKEY_METHOD **pmeth, *pmeth = _e_scossl_pkey_hmac; break; default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PKEY_METHODS, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_PKEY_METHODS, SCOSSL_ERR_R_NOT_IMPLEMENTED, "NID %d not supported"); ok = 0; *pmeth = NULL; diff --git a/SymCryptEngine/src/e_scossl_rsa.c b/SymCryptEngine/src/e_scossl_rsa.c index ca3ceb9..e86c830 100644 --- a/SymCryptEngine/src/e_scossl_rsa.c +++ b/SymCryptEngine/src/e_scossl_rsa.c @@ -35,7 +35,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_pub_enc(int flen, _In_reads_bytes_(flen) const if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_PUB_ENC, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); goto cleanup; } @@ -60,7 +60,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_pub_enc(int flen, _In_reads_bytes_(flen) const scossl_rsa_encrypt(keyCtx->key, padding, NID_sha1, NULL, 0, from, flen, to, &ret, -1); break; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PUB_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_RSA_PUB_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, "Unsupported Padding: %d. Forwarding to OpenSSL. Size: %d.", padding, flen); ossl_rsa_meth = RSA_PKCS1_OpenSSL(); pfn_rsa_meth_pub_enc = RSA_meth_get_pub_enc(ossl_rsa_meth); @@ -85,7 +85,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_priv_dec(int flen, _In_reads_bytes_(flen) const if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PRIV_DEC, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_PRIV_DEC, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); goto cleanup; } @@ -110,7 +110,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_priv_dec(int flen, _In_reads_bytes_(flen) const scossl_rsa_decrypt(keyCtx->key, padding, NID_sha1, NULL, 0, from, flen, to, &ret, -1); break; default: - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PRIV_DEC, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_RSA_PRIV_DEC, SCOSSL_ERR_R_OPENSSL_FALLBACK, "Unsupported Padding: %d. Forwarding to OpenSSL. Size: %d.", padding, flen); ossl_rsa_meth = RSA_PKCS1_OpenSSL(); pfn_rsa_meth_priv_dec = RSA_meth_get_priv_dec(ossl_rsa_meth); @@ -128,7 +128,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_priv_dec(int flen, _In_reads_bytes_(flen) const SCOSSL_RETURNLENGTH e_scossl_rsa_priv_enc(int flen, _In_reads_bytes_(flen) const unsigned char* from, _Out_writes_bytes_(RSA_size(rsa)) unsigned char* to, _In_ RSA* rsa, int padding) { - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PRIV_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_RSA_PRIV_ENC, SCOSSL_ERR_R_OPENSSL_FALLBACK, "RSA private encrypt equivalent not FIPS certifiable. Forwarding to OpenSSL. Size: %d.", flen); const RSA_METHOD *ossl_rsa_meth = RSA_PKCS1_OpenSSL(); // Use default implementation PFN_RSA_meth_priv_enc pfn_rsa_meth_priv_enc = NULL; @@ -145,7 +145,7 @@ SCOSSL_RETURNLENGTH e_scossl_rsa_pub_dec(int flen, _In_reads_bytes_(flen) const _Out_writes_bytes_(RSA_size(rsa)) unsigned char* to, _In_ RSA* rsa, int padding) { - SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_PUB_DEC, SCOSSL_ERR_R_OPENSSL_FALLBACK, + SCOSSL_LOG_INFO(SCOSSL_ERR_F_ENG_RSA_PUB_DEC, SCOSSL_ERR_R_OPENSSL_FALLBACK, "RSA public decrypt equivalent not found in SymCrypt. Forwarding to OpenSSL. Size: %d.", flen); const RSA_METHOD *ossl_rsa_meth = RSA_PKCS1_OpenSSL(); // Use default implementation PFN_RSA_meth_pub_dec pfn_rsa_meth_pub_dec = NULL; @@ -168,7 +168,7 @@ SCOSSL_STATUS e_scossl_rsa_sign(int type, _In_reads_bytes_(m_length) const unsig if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); return SCOSSL_FAILURE; } @@ -194,7 +194,7 @@ SCOSSL_STATUS e_scossl_rsa_verify(int dtype, _In_reads_bytes_(m_length) const un if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); return SCOSSL_FAILURE; } @@ -221,7 +221,7 @@ SCOSSL_STATUS e_scossl_rsa_keygen(_Out_ RSA* rsa, int bits, _In_ BIGNUM* e, if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); goto cleanup; } @@ -237,26 +237,26 @@ SCOSSL_STATUS e_scossl_rsa_keygen(_Out_ RSA* rsa, int bits, _In_ BIGNUM* e, keyCtx->key = SymCryptRsakeyAllocate(&SymcryptRsaParam, 0); if( keyCtx->key == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptRsakeyAllocate failed"); goto cleanup; } if( BN_bn2binpad(e, (PBYTE) &pubExp64, sizeof(pubExp64)) != sizeof(pubExp64) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, ERR_R_OPERATION_FAIL, "BN_bn2binpad failed - Probably Public Exponent larger than maximum supported size (8 bytes)"); goto cleanup; } if( SymCryptLoadMsbFirstUint64((PBYTE) &pubExp64, sizeof(pubExp64), &pubExp64) != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptLoadMsbFirstUint64 failed"); goto cleanup; } scError = SymCryptRsakeyGenerate(keyCtx->key, &pubExp64, 1, SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptRsakeyGenerate failed", scError); goto cleanup; } @@ -320,7 +320,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ if( RSA_get_version((RSA*) rsa) != RSA_ASN1_VERSION_DEFAULT ) { // Currently only support normal two-prime RSA with SymCrypt Engine - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, "Unsupported RSA version"); goto cleanup; } @@ -330,7 +330,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ if( rsa_n == NULL || rsa_e == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, ERR_R_PASSED_NULL_PARAMETER, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, ERR_R_PASSED_NULL_PARAMETER, "Not enough Parameters"); goto cleanup; } @@ -355,7 +355,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ pbData = OPENSSL_zalloc(cbData); if( pbData == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); goto cleanup; } @@ -364,13 +364,13 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ if( BN_bn2binpad(rsa_e, (PBYTE) &pubExp64, sizeof(pubExp64)) != sizeof(pubExp64) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, ERR_R_OPERATION_FAIL, "BN_bn2binpad failed - Probably Public Exponent larger than maximum supported size (8 bytes)"); goto cleanup; } if( SymCryptLoadMsbFirstUint64((PBYTE) &pubExp64, sizeof(pubExp64), &pubExp64) != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptLoadMsbFirstUint64 failed"); goto cleanup; } @@ -395,7 +395,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ if( nPrimes != 0 && nPrimes != 2 ) { // Currently only support normal two-prime RSA with SymCrypt Engine - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, "Unsupported RSA version"); goto cleanup; } @@ -407,7 +407,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ keyCtx->key = SymCryptRsakeyAllocate(&SymcryptRsaParam, 0); if( keyCtx->key == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptRsakeyAllocate failed"); goto cleanup; } @@ -425,7 +425,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ keyCtx->key); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptRsakeySetValue failed", scError); goto cleanup; } @@ -437,7 +437,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ cleanup: if( ret != SCOSSL_SUCCESS ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, ERR_R_OPERATION_FAIL, "e_scossl_initialize_rsa_key failed."); e_scossl_rsa_free_key_context(keyCtx); } @@ -484,14 +484,14 @@ SCOSSL_STATUS e_scossl_rsa_init(_Inout_ RSA *rsa) SCOSSL_RSA_KEY_CONTEXT *keyCtx = OPENSSL_zalloc(sizeof(*keyCtx)); if( !keyCtx ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_INIT, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_INIT, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc failed"); return SCOSSL_FAILURE; } if( RSA_set_ex_data(rsa, e_scossl_rsa_idx, keyCtx) == 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_INIT, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSA_INIT, ERR_R_OPERATION_FAIL, "RSA_set_ex_data failed"); OPENSSL_free(keyCtx); return SCOSSL_FAILURE; diff --git a/SymCryptEngine/src/e_scossl_rsapss.c b/SymCryptEngine/src/e_scossl_rsapss.c index 888383a..9695e4a 100644 --- a/SymCryptEngine/src/e_scossl_rsapss.c +++ b/SymCryptEngine/src/e_scossl_rsapss.c @@ -23,13 +23,13 @@ SCOSSL_STATUS e_scossl_rsapss_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_opt_(* if( EVP_PKEY_CTX_get_signature_md(ctx, &messageDigest) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, "Failed to get messageDigest"); return SCOSSL_UNSUPPORTED; } if( EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, &mgf1Digest) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, "Failed to get mgf1Digest"); return SCOSSL_UNSUPPORTED; } @@ -37,7 +37,7 @@ SCOSSL_STATUS e_scossl_rsapss_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_opt_(* if( type != EVP_MD_type(mgf1Digest) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_IMPLEMENTED, "messageDigest and mgf1Digest do not match"); return SCOSSL_UNSUPPORTED; } @@ -45,14 +45,14 @@ SCOSSL_STATUS e_scossl_rsapss_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_opt_(* if( ((pkey = EVP_PKEY_CTX_get0_pkey(ctx)) == NULL) || ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, "Failed to get RSA key from ctx"); return SCOSSL_UNSUPPORTED; } if( EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, &cbSalt) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, ERR_R_OPERATION_FAIL, "Failed to get cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -60,7 +60,7 @@ SCOSSL_STATUS e_scossl_rsapss_sign(_Inout_ EVP_PKEY_CTX *ctx, _Out_writes_opt_(* keyCtx = RSA_get_ex_data(rsa, e_scossl_rsa_idx); if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_SIGN, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); return SCOSSL_FAILURE; } @@ -88,13 +88,13 @@ SCOSSL_STATUS e_scossl_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_ if( EVP_PKEY_CTX_get_signature_md(ctx, &messageDigest) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get messageDigest"); return SCOSSL_UNSUPPORTED; } if( EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, &mgf1Digest) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get mgf1Digest"); return SCOSSL_UNSUPPORTED; } @@ -102,7 +102,7 @@ SCOSSL_STATUS e_scossl_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_ if( type != EVP_MD_type(mgf1Digest) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, "messageDigest and mgf1Digest do not match"); return SCOSSL_UNSUPPORTED; } @@ -110,14 +110,14 @@ SCOSSL_STATUS e_scossl_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_ if( ((pkey = EVP_PKEY_CTX_get0_pkey(ctx)) == NULL) || ((rsa = EVP_PKEY_get0_RSA(pkey)) == NULL) ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, "Failed to get RSA key from ctx"); return SCOSSL_UNSUPPORTED; } if( EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, &cbSalt) <= 0 ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, ERR_R_OPERATION_FAIL, "Failed to get cbSalt"); return SCOSSL_UNSUPPORTED; } @@ -125,7 +125,7 @@ SCOSSL_STATUS e_scossl_rsapss_verify(_Inout_ EVP_PKEY_CTX *ctx, _In_reads_bytes_ keyCtx = RSA_get_ex_data(rsa, e_scossl_rsa_idx); if( keyCtx == NULL ) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_RSAPSS_VERIFY, SCOSSL_ERR_R_MISSING_CTX_DATA, "SymCrypt Context Not Found."); return SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_sshkdf.c b/SymCryptEngine/src/e_scossl_sshkdf.c index 9f9b021..55683cb 100644 --- a/SymCryptEngine/src/e_scossl_sshkdf.c +++ b/SymCryptEngine/src/e_scossl_sshkdf.c @@ -36,7 +36,7 @@ EVP_KDF_IMPL* e_scossl_sshkdf_new() EVP_KDF_IMPL *impl = OPENSSL_zalloc(sizeof(*impl)); if (!impl) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_NEW, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_NEW, ERR_R_MALLOC_FAILURE, "OPENSSL_zalloc return NULL"); } @@ -68,7 +68,7 @@ static PCSYMCRYPT_HASH e_scossl_get_symcrypt_hash_algorithm(const EVP_MD *md) if (type == NID_sha512) return SymCryptSha512Algorithm; - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_R_NOT_IMPLEMENTED, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt engine does not support hash algorithm %d", type); return NULL; @@ -108,7 +108,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) impl->pbKey = OPENSSL_memdup(buffer, length); if(!impl->pbKey) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL, ERR_R_MALLOC_FAILURE, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL, ERR_R_MALLOC_FAILURE, "OPENSSL_memdup return NULL"); ret = SCOSSL_FAILURE; } @@ -122,7 +122,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) length = va_arg(args, size_t); if(length > sizeof(impl->pbHashValue)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, "Hash value length too large"); ret = SCOSSL_FAILURE; } @@ -136,7 +136,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) length = va_arg(args, size_t); if(length > sizeof(impl->pbSessionId)) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, "Session ID length too large"); ret = SCOSSL_FAILURE; } @@ -152,7 +152,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl(EVP_KDF_IMPL *impl, int cmd, va_list args) impl->label = value; } else { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL, ERR_R_INTERNAL_ERROR, "Label out of range"); ret = SCOSSL_FAILURE; } @@ -224,7 +224,7 @@ SCOSSL_STATUS e_scossl_sshkdf_ctrl_str(EVP_KDF_IMPL *impl, const char *type, con ret = e_scossl_sshkdf_call_ctrl(impl, EVP_KDF_CTRL_SET_SSHKDF_SESSION_ID, value, strlen(value)); } else { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_CTRL_STR, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_CTRL_STR, ERR_R_INTERNAL_ERROR, "Unknown command %s", type); } @@ -242,14 +242,14 @@ SCOSSL_STATUS e_scossl_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *out, siz SYMCRYPT_ERROR scError; if(!impl->pHash) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, "Missing Digest"); ret = SCOSSL_FAILURE; goto end; } if(!impl->pbKey) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, ERR_R_INTERNAL_ERROR, "Missing Key"); ret = SCOSSL_FAILURE; goto end; @@ -263,7 +263,7 @@ SCOSSL_STATUS e_scossl_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *out, siz out, out_len); if(scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, "SymCryptSshKdf failed", scError); ret = SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_tls1prf.c b/SymCryptEngine/src/e_scossl_tls1prf.c index 0395f75..ff86dee 100644 --- a/SymCryptEngine/src/e_scossl_tls1prf.c +++ b/SymCryptEngine/src/e_scossl_tls1prf.c @@ -17,8 +17,8 @@ SCOSSL_STATUS e_scossl_tls1prf_init(EVP_PKEY_CTX *ctx) SCOSSL_TLS1_PRF_CTX *key_context = NULL; if ((key_context = scossl_tls1prf_newctx()) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_TLS1PRF_INIT, ERR_R_MALLOC_FAILURE, - "OPENSSL_zalloc return NULL"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_TLS1PRF_INIT, ERR_R_MALLOC_FAILURE, + "OPENSSL_zalloc return NULL"); return SCOSSL_FAILURE; } EVP_PKEY_CTX_set_data(ctx, key_context); @@ -74,8 +74,8 @@ SCOSSL_STATUS e_scossl_tls1prf_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p return SCOSSL_SUCCESS; return scossl_tls1prf_append_seed(key_context, p2, p1); default: - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_TLS1PRF_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "SymCrypt Engine does not support ctrl type (%d)", type); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "SymCrypt Engine does not support ctrl type (%d)", type); return SCOSSL_UNSUPPORTED; } } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c index 1533d92..05b186e 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c @@ -1165,8 +1165,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX if (nPrimes != 0 && nPrimes != 2) { // Only supporting 2 primes - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unsupported RSA version"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, SCOSSL_ERR_R_NOT_IMPLEMENTED, + "Unsupported RSA version"); goto cleanup; } @@ -1187,8 +1187,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX keyCtx->key = SymCryptRsakeyAllocate(&symcryptRsaParam, 0); if (keyCtx->key == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsakeyAllocate failed"); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyAllocate failed"); goto cleanup; } @@ -1201,8 +1201,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsakeySetValue failed", scError); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeySetValue failed", scError); goto cleanup; } } From f7f9b96242551ee743b1f29691f40a9d9885cc78 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Fri, 13 Sep 2024 17:37:56 +0000 Subject: [PATCH 03/10] Surface SymCrypt errors from provider --- ScosslCommon/inc/scossl_helpers.h | 33 +++++- ScosslCommon/src/scossl_helpers.c | 31 ++++++ ScosslCommon/src/scossl_mac.c | 14 ++- SymCryptProvider/src/ciphers/p_scossl_aes.c | 8 +- .../src/ciphers/p_scossl_aes_xts.c | 7 +- SymCryptProvider/src/kdf/p_scossl_kbkdf.c | 6 +- SymCryptProvider/src/keyexch/p_scossl_dh.c | 7 +- SymCryptProvider/src/keyexch/p_scossl_ecdh.c | 3 +- .../src/keymgmt/p_scossl_dh_keymgmt.c | 87 +++++++++------ .../src/keymgmt/p_scossl_ecc_keymgmt.c | 67 +++++++---- .../src/keymgmt/p_scossl_rsa_keymgmt.c | 104 +++++++++++------- SymCryptProvider/src/mac/p_scossl_kmac.c | 34 ++++-- SymCryptProvider/src/p_scossl_ecc.c | 3 +- SymCryptProvider/src/p_scossl_rsa.c | 1 - 14 files changed, 284 insertions(+), 121 deletions(-) diff --git a/ScosslCommon/inc/scossl_helpers.h b/ScosslCommon/inc/scossl_helpers.h index 9ec869d..64d0b7e 100644 --- a/ScosslCommon/inc/scossl_helpers.h +++ b/ScosslCommon/inc/scossl_helpers.h @@ -118,6 +118,7 @@ typedef enum { SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_F_GET_SYMCRYPT_MAC_ALGORITHM, SCOSSL_ERR_F_HKDF_DERIVE, + SCOSSL_ERR_F_MAC_INIT, SCOSSL_ERR_F_MAC_SET_HMAC_MD, SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_F_RSA_ENCRYPT, @@ -129,7 +130,6 @@ typedef enum { SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_F_SSHKDF_DERIVE, SCOSSL_ERR_F_TLS1PRF_DERIVE, - // SymCryptEngine SCOSSL_ERR_F_ENG_AES_CCM_CTRL, SCOSSL_ERR_F_ENG_AES_GCM_CTRL, @@ -179,9 +179,38 @@ typedef enum { SCOSSL_ERR_F_ENG_SSHKDF_NEW, SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, SCOSSL_ERR_F_ENG_TLS1PRF_INIT, - // SymCryptProvider + SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, + SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, + SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, + SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, + SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, + SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, + SCOSSL_ERR_F_PROV_DH_KEYMGMT_SET_PARAMS, + SCOSSL_ERR_F_PROV_DH_PARAMS_TO_GROUP, + SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, + SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, + SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, + SCOSSL_ERR_F_PROV_ECC_KEYGEN, + SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, + SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, + SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PUBKEY_POINT, + SCOSSL_ERR_F_PROV_ECC_KEYMGMT_IMPORT, + SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, + SCOSSL_ERR_F_PROV_ECC_KEYMGMT_SET_PARAMS, + SCOSSL_ERR_F_PROV_ECDH_DERIVE, + SCOSSL_ERR_F_PROV_KBKDF_DERIVE, + SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, + SCOSSL_ERR_F_PROV_KMAC_INIT, + SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, + SCOSSL_ERR_F_PROV_RSA_KEYGEN, + SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, + SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, + SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, + SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, + SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, + SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, SCOSSL_ERR_F_ENUM_END } SCOSSL_ERR_FUNC; diff --git a/ScosslCommon/src/scossl_helpers.c b/ScosslCommon/src/scossl_helpers.c index c0eaabb..1162610 100644 --- a/ScosslCommon/src/scossl_helpers.c +++ b/ScosslCommon/src/scossl_helpers.c @@ -66,6 +66,7 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, 0), "scossl_get_symcrypt_hash_algorithm"}, {ERR_PACK(0, SCOSSL_ERR_F_GET_SYMCRYPT_MAC_ALGORITHM, 0), "scossl_get_symcrypt_hmac_algorithm"}, {ERR_PACK(0, SCOSSL_ERR_F_HKDF_DERIVE, 0), "scossl_hkdf_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_MAC_INIT, 0), "scossl_mac_init"}, {ERR_PACK(0, SCOSSL_ERR_F_MAC_SET_HMAC_MD, 0), "scossl_mac_set_hmac_md"}, {ERR_PACK(0, SCOSSL_ERR_F_RSA_DECRYPT, 0), "scossl_rsa_decrypt"}, {ERR_PACK(0, SCOSSL_ERR_F_RSA_ENCRYPT, 0), "scossl_rsa_encrypt"}, @@ -127,7 +128,37 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, 0), "e_scossl_tls1prf_ctrl"}, {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_INIT, 0), "e_scossl_tls1prf_init"}, // SymCryptProvider + {ERR_PACK(0, SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, 0), "p_scossl_aes_generic_init_internal"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, 0), "p_scossl_aes_xts_init_internal"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, 0), "p_scossl_dh_keymgmt_export"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, 0), "p_scossl_dh_keymgmt_get_ffc_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, 0), "p_scossl_dh_keymgmt_get_key_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, 0), "p_scossl_dh_keymgmt_match"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_SET_PARAMS, 0), "p_scossl_dh_keymgmt_set_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_PARAMS_TO_GROUP, 0), "p_scossl_dh_params_to_group"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, 0), "p_scossl_dh_plain_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, 0), "p_scossl_dh_x9_42_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, 0), "p_scossl_ecc_get_encoded_public_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYGEN, 0), "p_scossl_ecc_keygen"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, 0), "p_scossl_ecc_keymgmt_dup_ctx"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, 0), "p_scossl_ecc_keymgmt_get_private_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PUBKEY_POINT, 0), "p_scossl_ecc_keymgmt_get_pubkey_point"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_IMPORT, 0), "p_scossl_ecc_keymgmt_import"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, 0), "p_scossl_ecc_keymgmt_match"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_SET_PARAMS, 0), "p_scossl_ecc_keymgmt_set_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECDH_DERIVE, 0), "p_scossl_ecdh_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_KBKDF_DERIVE, 0), "p_scossl_kbkdf_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, 0), "p_scossl_kbkdf_kmac_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_INIT, 0), "p_scossl_kmac_init"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, 0), "p_scossl_kmac_set_ctx_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYGEN, 0), "p_scossl_rsa_keygen"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, 0), "p_scossl_rsa_keymgmt_dup_keydata"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, 0), "p_scossl_rsa_keymgmt_get_crt_keydata"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, 0), "p_scossl_rsa_keymgmt_get_keydata"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, 0), "p_scossl_rsa_keymgmt_import"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, 0), "p_scossl_rsa_keymgmt_match"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, 0), "p_scossl_x25519_keymgmt_export"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, 0), "p_scossl_x25519_keymgmt_import"}, {0, NULL} }; diff --git a/ScosslCommon/src/scossl_mac.c b/ScosslCommon/src/scossl_mac.c index 70957a4..2d92776 100644 --- a/ScosslCommon/src/scossl_mac.c +++ b/ScosslCommon/src/scossl_mac.c @@ -264,17 +264,27 @@ _Use_decl_annotations_ SCOSSL_STATUS scossl_mac_init(SCOSSL_MAC_CTX *ctx, PCBYTE pbKey, SIZE_T cbKey) { + SYMCRYPT_ERROR scError; + if (pbKey != NULL) { if (ctx->expandedKey == NULL) { SCOSSL_COMMON_ALIGNED_ALLOC_EX(expandedKey, OPENSSL_malloc, SCOSSL_MAC_EXPANDED_KEY, ctx->pMac->expandedKeySize); + if (expandedKey == NULL) + { + return SCOSSL_FAILURE; + } + ctx->expandedKey = expandedKey; } - if (ctx->expandedKey == NULL || - ctx->pMac->expandKeyFunc(ctx->expandedKey, pbKey, cbKey) != SYMCRYPT_NO_ERROR) + scError = ctx->pMac->expandKeyFunc(ctx->expandedKey, pbKey, cbKey); + + if (scError != SYMCRYPT_NO_ERROR) { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_MAC_INIT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptMacExpandKey failed", scError); return SCOSSL_FAILURE; } } diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes.c b/SymCryptProvider/src/ciphers/p_scossl_aes.c index 4c5004d..bcd1016 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes.c @@ -96,6 +96,8 @@ static SCOSSL_STATUS p_scossl_aes_generic_init_internal(_Inout_ SCOSSL_AES_CTX * _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; + ctx->encrypt = encrypt; ctx->cbBuf = 0; @@ -106,10 +108,12 @@ static SCOSSL_STATUS p_scossl_aes_generic_init_internal(_Inout_ SCOSSL_AES_CTX * ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return SCOSSL_FAILURE; } - SYMCRYPT_ERROR scError = SymCryptAesExpandKey(&ctx->key, key, keylen); + + scError = SymCryptAesExpandKey(&ctx->key, key, keylen); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptAesExpandKey failed", scError); return SCOSSL_FAILURE; } } diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c index eef80fd..2e224b5 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c @@ -71,6 +71,7 @@ static SCOSSL_STATUS p_scossl_aes_xts_init_internal(_Inout_ SCOSSL_AES_XTS_CTX * _In_reads_bytes_opt_(ivlen) const unsigned char *iv, size_t ivlen, _In_ const OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; ctx->encrypt = encrypt; if (key != NULL) @@ -80,10 +81,12 @@ static SCOSSL_STATUS p_scossl_aes_xts_init_internal(_Inout_ SCOSSL_AES_XTS_CTX * ERR_raise(ERR_LIB_PROV, PROV_R_INVALID_KEY_LENGTH); return SCOSSL_FAILURE; } - SYMCRYPT_ERROR scError = SymCryptXtsAesExpandKeyEx(&ctx->key, key, keylen, 0); + + scError = SymCryptXtsAesExpandKeyEx(&ctx->key, key, keylen, 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptXtsAesExpandKeyEx failed", scError); return SCOSSL_FAILURE; } } diff --git a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c index 227584f..53f0dea 100644 --- a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c @@ -145,7 +145,8 @@ static SCOSSL_STATUS p_scossl_kbkdf_kmac_derive(_In_ SCOSSL_PROV_KBKDF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptKmacXXXExpandKey failed", scError); goto cleanup; } @@ -204,7 +205,8 @@ static SCOSSL_STATUS p_scossl_kbkdf_derive(_In_ SCOSSL_PROV_KBKDF_CTX *ctx, key, keylen); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptSp800_108 failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/keyexch/p_scossl_dh.c b/SymCryptProvider/src/keyexch/p_scossl_dh.c index cda2434..3d9e6e4 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_dh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_dh.c @@ -196,7 +196,9 @@ static SCOSSL_STATUS p_scossl_dh_X9_42_derive(_In_ SCOSSL_DH_CTX *ctx, cbAgreedSecret); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDhSecretAgreement failed", scError); + goto cleanup; } @@ -267,7 +269,8 @@ static SCOSSL_STATUS p_scossl_dh_plain_derive(_In_ SCOSSL_DH_CTX *ctx, cbAgreedSecret); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDhSecretAgreement failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c index e616369..ad3acde 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c @@ -142,7 +142,8 @@ static SCOSSL_STATUS p_scossl_ecdh_derive(_In_ SCOSSL_ECDH_CTX *ctx, cbSecretBuf); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECDH_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEcDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index 3593da1..c37c91d 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -379,7 +379,8 @@ static SCOSSL_STATUS p_scossl_dh_params_to_group(_In_ OSSL_LIB_CTX *libCtx, _In_ pDlGroupTmp); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_PARAMS_TO_GROUP, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDlgroupSetValue failed", scError); goto cleanup; } @@ -633,7 +634,9 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_set_params(_In_ SCOSSL_PROV_DH_KEY_CTX { SymCryptDlkeyFree(ctx->keyCtx->dlkey); ctx->keyCtx->dlkey = NULL; - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_SET_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDlkeySetValue failed", scError); return SCOSSL_FAILURE; } @@ -650,6 +653,7 @@ static const OSSL_PARAM *p_scossl_dh_keymgmt_gettable_params(ossl_unused void *p static SCOSSL_STATUS p_scossl_dh_keymgmt_get_ffc_params(_In_ SYMCRYPT_DLGROUP *pDlGroup, _Inout_ OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; SCOSSL_STATUS ret = SCOSSL_FAILURE; PBYTE pbPrimeP = NULL; PBYTE pbPrimeQ = NULL; @@ -712,17 +716,20 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_ffc_params(_In_ SYMCRYPT_DLGROUP *p pbCur += cbGenG; pbSeed = cbSeed == 0 ? NULL : pbCur; - if (SymCryptDlgroupGetValue( - pDlGroup, - pbPrimeP, cbPrimeP, - pbPrimeQ, cbPrimeQ, - pbGenG, cbGenG, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - NULL, - pbSeed, cbSeed, - NULL) != SYMCRYPT_NO_ERROR) + scError = SymCryptDlgroupGetValue( + pDlGroup, + pbPrimeP, cbPrimeP, + pbPrimeQ, cbPrimeQ, + pbGenG, cbGenG, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + NULL, + pbSeed, cbSeed, + NULL); + + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDlgroupGetValue failed", scError); goto cleanup; } } @@ -804,6 +811,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_key_params(_In_ SCOSSL_DH_KEY_CTX * SIZE_T cbData = 0; BIGNUM *bnPrivKey = NULL; BIGNUM *bnPubKey = NULL; + SYMCRYPT_ERROR scError; SCOSSL_STATUS ret = SCOSSL_FAILURE; OSSL_PARAM *paramEncodedKey = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY); OSSL_PARAM *paramPrivKey = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_PRIV_KEY); @@ -847,14 +855,16 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_key_params(_In_ SCOSSL_DH_KEY_CTX * pbPrivateKey = cbPrivateKey == 0 ? NULL : pbData; pbPublicKey = cbPublicKey == 0 ? NULL : pbData + cbPrivateKey; - if (SymCryptDlkeyGetValue( - keyCtx->dlkey, - pbPrivateKey, cbPrivateKey, - pbPublicKey, cbPublicKey, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptDlkeyGetValue( + keyCtx->dlkey, + pbPrivateKey, cbPrivateKey, + pbPublicKey, cbPublicKey, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -1008,6 +1018,7 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC PBYTE pbPublicKey1 = NULL; PBYTE pbPublicKey2 = NULL; SIZE_T cbPublicKey = 0; + SYMCRYPT_ERROR scError; if ((selection & OSSL_KEYMGMT_SELECT_KEYPAIR) != 0) { @@ -1057,20 +1068,29 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC pbPublicKey2 = cbPublicKey == 0 ? NULL : pbData + cbPublicKey + cbPrivateKey; pbPrivateKey2 = cbPrivateKey == 0 ? NULL : pbData + cbPublicKey + cbPrivateKey; - if (SymCryptDlkeyGetValue( + scError = SymCryptDlkeyGetValue( ctx1->keyCtx->dlkey, pbPrivateKey1, cbPrivateKey, pbPublicKey1, cbPublicKey, SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR || - SymCryptDlkeyGetValue( + 0); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDlkeyGetValue failed", scError); + goto cleanup; + } + + scError = SymCryptDlkeyGetValue( ctx2->keyCtx->dlkey, pbPrivateKey2, cbPrivateKey, pbPublicKey2, cbPublicKey, SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -1333,7 +1353,8 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx &genCounter); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDlgroupGetValue failed", scError); goto cleanup; } @@ -1406,14 +1427,16 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx pbPrivateKey = includePrivate ? pbData : NULL; pbPublicKey = includePublic ? pbData + cbPrivateKey : NULL; - if (SymCryptDlkeyGetValue( - ctx->keyCtx->dlkey, - pbPrivateKey, cbPrivateKey, - pbPublicKey, cbPublicKey, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptDlkeyGetValue( + ctx->keyCtx->dlkey, + pbPrivateKey, cbPrivateKey, + pbPublicKey, cbPublicKey, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptDlkeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c index 3a1d0de..54e9aa0 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c @@ -219,7 +219,8 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keymgmt_dup_ctx(_In_ const SCOSSL_ECC_KE 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -239,7 +240,8 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keymgmt_dup_ctx(_In_ const SCOSSL_ECC_KE copyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -447,7 +449,8 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keygen(_In_ SCOSSL_ECC_KEYGEN_CTX *genCt scError = SymCryptEckeySetRandom(SYMCRYPT_FLAG_ECKEY_ECDH, keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeySetRandom failed", scError); goto cleanup; } @@ -498,7 +501,8 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_pubkey_point(_In_ SCOSSL_ECC_KEY_C 0 ); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PUBKEY_POINT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -789,7 +793,8 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_set_params(_Inout_ SCOSSL_ECC_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_SET_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -900,6 +905,7 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC PBYTE pbPublicKey2 = NULL; SIZE_T cbPrivateKey = 0; SIZE_T cbPublicKey = 0; + SYMCRYPT_ERROR scError; SYMCRYPT_ECPOINT_FORMAT pointFormat = keyCtx1->isX25519 ? SYMCRYPT_ECPOINT_FORMAT_X : SYMCRYPT_ECPOINT_FORMAT_XY; if (keyCtx1->initialized != keyCtx2->initialized || @@ -961,22 +967,31 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC goto cleanup; } - if (SymCryptEckeyGetValue( - keyCtx1->key, - pbPrivateKey1, cbPrivateKey, - pbPublicKey1, cbPublicKey, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - pointFormat, - 0) != SYMCRYPT_NO_ERROR || - SymCryptEckeyGetValue( - keyCtx2->key, - pbPrivateKey2, cbPrivateKey, - pbPublicKey2, cbPublicKey, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - pointFormat, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptEckeyGetValue( + keyCtx1->key, + pbPrivateKey1, cbPrivateKey, + pbPublicKey1, cbPublicKey, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + pointFormat, + 0); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeyGetValue failed", scError); + goto cleanup; + } + + scError = SymCryptEckeyGetValue( + keyCtx2->key, + pbPrivateKey2, cbPrivateKey, + pbPublicKey2, cbPublicKey, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + pointFormat, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -1182,7 +1197,8 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_import(_Inout_ SCOSSL_ECC_KEY_CTX *key keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_IMPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -1370,7 +1386,8 @@ static SCOSSL_STATUS p_scossl_x25519_keymgmt_import(_Inout_ SCOSSL_ECC_KEY_CTX * keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -1434,7 +1451,8 @@ static SCOSSL_STATUS p_scossl_x25519_keymgmt_export(_In_ SCOSSL_ECC_KEY_CTX *key if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -1571,7 +1589,8 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_private_key(SCOSSL_ECC_KEY_CTX *ke if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c index 05b186e..02a9430 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c @@ -188,7 +188,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_dup_keydata(_In_ PCSYMCRYPT_RSAKEY fro 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -214,7 +215,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_dup_keydata(_In_ PCSYMCRYPT_RSAKEY fro *toKey); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeySetValue failed", scError); goto cleanup; } @@ -432,7 +434,8 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keygen(_In_ SCOSSL_RSA_KEYGEN_CTX * scError = SymCryptRsakeyGenerate(keyCtx->key, pPubExp64, genCtx->nPubExp, SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GENERATE_KEY); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyGenerate failed", scError); goto cleanup; } @@ -677,7 +680,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_keydata(_In_ SCOSSL_PROV_RSA_KEY_C 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -698,7 +702,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_keydata(_In_ SCOSSL_PROV_RSA_KEY_C if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptStoreLsbFirstUint64 failed", scError); goto cleanup; } @@ -836,7 +841,8 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_crt_keydata(_In_ SCOSSL_PROV_RSA_K 0); if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -968,6 +974,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I PBYTE pbModulus2 = NULL; PBYTE pbPrivateExponent1 = NULL; PBYTE pbPrivateExponent2 = NULL; + SYMCRYPT_ERROR scError; UINT32 cbModulus = SymCryptRsakeySizeofModulus(keyCtx1->key); @@ -983,22 +990,31 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I goto cleanup; } - if (SymCryptRsakeyGetValue( - keyCtx1->key, - pbModulus1, cbModulus, - &pubExp1, 1, - NULL, NULL, 0, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR || - SymCryptRsakeyGetValue( - keyCtx2->key, - pbModulus2, cbModulus, - &pubExp2, 1, - NULL, NULL, 0, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptRsakeyGetValue( + keyCtx1->key, + pbModulus1, cbModulus, + &pubExp1, 1, + NULL, NULL, 0, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyGetValue failed", scError); + goto cleanup; + } + + scError = SymCryptRsakeyGetValue( + keyCtx2->key, + pbModulus2, cbModulus, + &pubExp2, 1, + NULL, NULL, 0, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -1023,22 +1039,31 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I goto cleanup; } - if (SymCryptRsakeyGetCrtValue( - keyCtx1->key, - NULL, NULL, 0, - NULL, 0, - pbPrivateExponent1, cbModulus, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR || - SymCryptRsakeyGetCrtValue( - keyCtx2->key, - NULL, NULL, 0, - NULL, 0, - pbPrivateExponent2, cbModulus, - SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, - 0) != SYMCRYPT_NO_ERROR) + scError = SymCryptRsakeyGetCrtValue( + keyCtx1->key, + NULL, NULL, 0, + NULL, 0, + pbPrivateExponent1, cbModulus, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyGetCrtValue failed", scError); + goto cleanup; + } + + scError = SymCryptRsakeyGetCrtValue( + keyCtx2->key, + NULL, NULL, 0, + NULL, 0, + pbPrivateExponent2, cbModulus, + SYMCRYPT_NUMBER_FORMAT_MSB_FIRST, + 0); + if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -1164,9 +1189,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX if (nPrimes != 0 && nPrimes != 2) { - // Only supporting 2 primes - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unsupported RSA version"); + ERR_raise(ERR_LIB_PROV, PROV_R_NOT_SUPPORTED); goto cleanup; } @@ -1187,8 +1210,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX keyCtx->key = SymCryptRsakeyAllocate(&symcryptRsaParam, 0); if (keyCtx->key == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, - "SymCryptRsakeyAllocate failed"); + ERR_raise(ERR_LIB_PROV, ERR_R_MALLOC_FAILURE); goto cleanup; } diff --git a/SymCryptProvider/src/mac/p_scossl_kmac.c b/SymCryptProvider/src/mac/p_scossl_kmac.c index fcd3b13..3e7818e 100644 --- a/SymCryptProvider/src/mac/p_scossl_kmac.c +++ b/SymCryptProvider/src/mac/p_scossl_kmac.c @@ -121,18 +121,25 @@ static SCOSSL_STATUS p_scossl_kmac_init(_Inout_ SCOSSL_KMAC_CTX *ctx, _In_reads_bytes_opt_(keylen) unsigned char *key, size_t keylen, _In_ const OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; + if (!p_scossl_kmac_set_ctx_params(ctx, params)) { return SCOSSL_FAILURE; } - if (key != NULL && - ctx->pMacEx->expandKeyExFunc( + if (key != NULL) + { + scError = ctx->pMacEx->expandKeyExFunc( &ctx->expandedKey, key, keylen, - ctx->customizationString, ctx->cbCustomizationString) != SYMCRYPT_NO_ERROR) - { - return SCOSSL_FAILURE; + ctx->customizationString, ctx->cbCustomizationString); + + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KMAC_INIT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptKmacXXXExpandKeyEx failed", scError); + } } ctx->pMac->initFunc(&ctx->macState, &ctx->expandedKey); @@ -206,6 +213,7 @@ static SCOSSL_STATUS p_scossl_kmac_get_ctx_params(_In_ SCOSSL_KMAC_CTX *ctx, _In static SCOSSL_STATUS p_scossl_kmac_set_ctx_params(_Inout_ SCOSSL_KMAC_CTX *ctx, _In_ const OSSL_PARAM params[]) { + SYMCRYPT_ERROR scError; const OSSL_PARAM *p; if ((p = OSSL_PARAM_locate_const(params, OSSL_MAC_PARAM_XOF)) != NULL && @@ -259,15 +267,23 @@ static SCOSSL_STATUS p_scossl_kmac_set_ctx_params(_Inout_ SCOSSL_KMAC_CTX *ctx, { PCBYTE pbMacKey; SIZE_T cbMacKey; - if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&pbMacKey, &cbMacKey) || - ctx->pMacEx->expandKeyExFunc(&ctx->expandedKey, - pbMacKey, cbMacKey, - ctx->customizationString, ctx->cbCustomizationString) != SYMCRYPT_NO_ERROR) + if (!OSSL_PARAM_get_octet_string_ptr(p, (const void **)&pbMacKey, &cbMacKey)) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_GET_PARAMETER); return SCOSSL_FAILURE; } + scError = ctx->pMacEx->expandKeyExFunc( + &ctx->expandedKey, + pbMacKey, cbMacKey, + ctx->customizationString, ctx->cbCustomizationString); + if (scError != SYMCRYPT_NO_ERROR) + { + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptKmacXXXExpandKeyEx failed", scError); + return SCOSSL_FAILURE; + } + ctx->pMac->initFunc(&ctx->macState, &ctx->expandedKey); } diff --git a/SymCryptProvider/src/p_scossl_ecc.c b/SymCryptProvider/src/p_scossl_ecc.c index 26970e3..0dd6e41 100644 --- a/SymCryptProvider/src/p_scossl_ecc.c +++ b/SymCryptProvider/src/p_scossl_ecc.c @@ -69,7 +69,8 @@ SCOSSL_STATUS p_scossl_ecc_get_encoded_public_key(const SCOSSL_ECC_KEY_CTX *keyC if (scError != SYMCRYPT_NO_ERROR) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + "SymCryptEckeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/p_scossl_rsa.c b/SymCryptProvider/src/p_scossl_rsa.c index 6a129cd..26043a8 100644 --- a/SymCryptProvider/src/p_scossl_rsa.c +++ b/SymCryptProvider/src/p_scossl_rsa.c @@ -209,7 +209,6 @@ SCOSSL_STATUS p_scossl_rsa_get_encoded_public_key(PCSYMCRYPT_RSAKEY key, if ((cbEncodedKey = i2d_SymcryptRsaPublicKey(rsaParams, &pbEncodedKey)) < 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); goto cleanup; } From 606e6d3b5e09865464a4ad02c0b883a2fe139950 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Mon, 16 Sep 2024 22:07:16 +0000 Subject: [PATCH 04/10] Allow logging configuration --- ScosslCommon/src/scossl_helpers.c | 2 +- SymCryptProvider/src/p_scossl_base.c | 62 +++++++++++++++++++++++++++- 2 files changed, 62 insertions(+), 2 deletions(-) diff --git a/ScosslCommon/src/scossl_helpers.c b/ScosslCommon/src/scossl_helpers.c index 1162610..6a2a391 100644 --- a/ScosslCommon/src/scossl_helpers.c +++ b/ScosslCommon/src/scossl_helpers.c @@ -62,7 +62,7 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_DER_CHECK_TAG_AND_GET_VALUE_AND_LENGTH, 0), "scossl_ecdsa_der_check_tag_and_get_value_and_length"}, {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_REMOVE_DER, 0), "scossl_ecdsa_remove_der"}, {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_SIGN, 0), "scossl_ecdsa_sign"}, - {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_VERIFY, 0), "SCOSSL_ERR_F_ECDSA_VERIFY"}, + {ERR_PACK(0, SCOSSL_ERR_F_ECDSA_VERIFY, 0), "scossl_ecdsa_verify"}, {ERR_PACK(0, SCOSSL_ERR_F_GET_SYMCRYPT_HASH_ALGORITHM, 0), "scossl_get_symcrypt_hash_algorithm"}, {ERR_PACK(0, SCOSSL_ERR_F_GET_SYMCRYPT_MAC_ALGORITHM, 0), "scossl_get_symcrypt_hmac_algorithm"}, {ERR_PACK(0, SCOSSL_ERR_F_HKDF_DERIVE, 0), "scossl_hkdf_derive"}, diff --git a/SymCryptProvider/src/p_scossl_base.c b/SymCryptProvider/src/p_scossl_base.c index a55a64f..9b56e82 100644 --- a/SymCryptProvider/src/p_scossl_base.c +++ b/SymCryptProvider/src/p_scossl_base.c @@ -15,6 +15,11 @@ extern "C" { #endif +// SCOSSL provider debug logging +#define CONF_LOGGING_FILE "logging_file" +#define CONF_LOGGING_LEVEL "logging_level" +#define CONF_ERROR_LEVEL "error_level" + #ifdef KEYSINUSE_ENABLED #define CONF_KEYSINUSE_ENABLED "keysinuse.enabled" #define CONF_KEYSINUSE_MAX_FILE_SIZE "keysinuse.max_file_size" @@ -466,6 +471,61 @@ static void p_scossl_start_keysinuse(_In_ const OSSL_CORE_HANDLE *handle) } #endif +static int p_scossl_level_string_to_id(_In_ const char *level) +{ + if (level == NULL) + { + return SCOSSL_LOG_LEVEL_NO_CHANGE; + } + + if (OPENSSL_strcasecmp(level, "off") == 0) + { + return SCOSSL_LOG_LEVEL_OFF; + } + else if (OPENSSL_strcasecmp(level, "error") == 0) + { + return SCOSSL_LOG_LEVEL_ERROR; + } + else if (OPENSSL_strcasecmp(level, "info") == 0) + { + return SCOSSL_LOG_LEVEL_INFO; + } + else if (OPENSSL_strcasecmp(level, "debug") == 0) + { + return SCOSSL_LOG_LEVEL_DEBUG; + } + + return SCOSSL_LOG_LEVEL_NO_CHANGE; +} + +static void p_scossl_setup_logging(_In_ const OSSL_CORE_HANDLE *handle) +{ + const char *confErrorLevel = NULL; + const char *confLoggingLevel = NULL; + const char *confLoggingFile = NULL; + + OSSL_PARAM confParams[] = { + OSSL_PARAM_utf8_ptr(CONF_LOGGING_FILE, &confLoggingFile, 0), + OSSL_PARAM_utf8_ptr(CONF_LOGGING_LEVEL, &confLoggingLevel, 0), + OSSL_PARAM_utf8_ptr(CONF_ERROR_LEVEL, &confLoggingLevel, 0), + OSSL_PARAM_END}; + + scossl_setup_logging(); + + if (core_get_params != NULL && + core_get_params(handle, confParams)) + { + if (confLoggingFile != NULL) + { + SCOSSL_set_trace_log_filename(confLoggingFile); + } + + SCOSSL_set_trace_level( + p_scossl_level_string_to_id(confLoggingLevel), + p_scossl_level_string_to_id(confErrorLevel)); + } +} + static const OSSL_DISPATCH p_scossl_base_dispatch[] = { {OSSL_FUNC_PROVIDER_TEARDOWN, (void (*)(void))p_scossl_teardown}, {OSSL_FUNC_PROVIDER_GETTABLE_PARAMS, (void (*)(void))p_scossl_gettable_params}, @@ -495,7 +555,7 @@ SCOSSL_STATUS OSSL_provider_init(_In_ const OSSL_CORE_HANDLE *handle, } } - scossl_setup_logging(); + p_scossl_setup_logging(handle); if (!scossl_prov_initialized) { From 3580ced05591c6c353df50ed4c6475639705f37f Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Wed, 18 Sep 2024 17:47:16 +0000 Subject: [PATCH 05/10] Add debug logging to keysinuse init --- ScosslCommon/inc/scossl_helpers.h | 2 ++ ScosslCommon/src/scossl_helpers.c | 2 ++ ScosslCommon/src/scossl_rsa.c | 2 +- SymCryptProvider/src/p_scossl_keysinuse.c | 6 ++++++ 4 files changed, 11 insertions(+), 1 deletion(-) diff --git a/ScosslCommon/inc/scossl_helpers.h b/ScosslCommon/inc/scossl_helpers.h index 64d0b7e..0b6be95 100644 --- a/ScosslCommon/inc/scossl_helpers.h +++ b/ScosslCommon/inc/scossl_helpers.h @@ -201,6 +201,7 @@ typedef enum { SCOSSL_ERR_F_PROV_ECDH_DERIVE, SCOSSL_ERR_F_PROV_KBKDF_DERIVE, SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, + SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_F_PROV_KMAC_INIT, SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, SCOSSL_ERR_F_PROV_RSA_KEYGEN, @@ -222,6 +223,7 @@ typedef enum { SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, SCOSSL_ERR_R_OPENSSL_FALLBACK, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_ERR_R_KEYSINUSE_FAILURE, SCOSSL_ERR_R_ENUM_END } SCOSSL_ERR_REASON; diff --git a/ScosslCommon/src/scossl_helpers.c b/ScosslCommon/src/scossl_helpers.c index 6a2a391..0e19bc8 100644 --- a/ScosslCommon/src/scossl_helpers.c +++ b/ScosslCommon/src/scossl_helpers.c @@ -149,6 +149,7 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECDH_DERIVE, 0), "p_scossl_ecdh_derive"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_KBKDF_DERIVE, 0), "p_scossl_kbkdf_derive"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, 0), "p_scossl_kbkdf_kmac_derive"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, 0), "p_scossl_keysinuse_init_once"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_INIT, 0), "p_scossl_kmac_init"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, 0), "p_scossl_kmac_set_ctx_params"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYGEN, 0), "p_scossl_rsa_keygen"}, @@ -171,6 +172,7 @@ static ERR_STRING_DATA SCOSSL_ERR_reason_strings[] = { {ERR_PACK(0, 0, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM), "Algorithm not FIPS certifiable"}, {ERR_PACK(0, 0, SCOSSL_ERR_R_OPENSSL_FALLBACK), "SCOSSL falling back to OpenSSL"}, {ERR_PACK(0, 0, SCOSSL_ERR_R_SYMCRYPT_FAILURE), "SCOSSL triggered SymCrypt failure"}, + {ERR_PACK(0, 0, SCOSSL_ERR_R_KEYSINUSE_FAILURE), "KeysInUse failure"}, {0, NULL} }; diff --git a/ScosslCommon/src/scossl_rsa.c b/ScosslCommon/src/scossl_rsa.c index a6d0c77..6327a2f 100644 --- a/ScosslCommon/src/scossl_rsa.c +++ b/ScosslCommon/src/scossl_rsa.c @@ -287,7 +287,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, if (mdnid == NID_md5) { SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, - "Using hash algorithm MD5 which is not FIPS compliant"); + "Using hash algorithm MD5 which is not FIPS compliant"); } else if (mdnid == NID_sha1) { diff --git a/SymCryptProvider/src/p_scossl_keysinuse.c b/SymCryptProvider/src/p_scossl_keysinuse.c index e9905b2..ed649dc 100644 --- a/SymCryptProvider/src/p_scossl_keysinuse.c +++ b/SymCryptProvider/src/p_scossl_keysinuse.c @@ -124,6 +124,9 @@ static void p_scossl_keysinuse_init_once() if ((procPath = OPENSSL_malloc(cbProcPath)) != NULL && (cbProcPathUsed = readlink(symlinkPath, procPath, cbProcPath)) == -1) { + SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "Failed to get process path from /proc/%d/exe", pid, errno); + OPENSSL_free(procPath); procPath = NULL; cbProcPathUsed = 0; @@ -136,6 +139,9 @@ static void p_scossl_keysinuse_init_once() if ((prefix = OPENSSL_malloc(prefix_size + 1)) == NULL || snprintf(prefix, prefix_size + 1, "%ld,%.*s", initTime, cbProcPathUsed, procPath) < 0) { + SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "Failed to generate logging prefix", pid, errno); + OPENSSL_free(prefix); prefix = (char*)default_prefix; } From f0f1b9b5691802ec1949d79c20bf514c6aeffb4f Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Wed, 18 Sep 2024 18:12:33 +0000 Subject: [PATCH 06/10] Add RSA and ECC keysinuse debug logs --- ScosslCommon/inc/scossl_helpers.h | 2 ++ ScosslCommon/src/scossl_helpers.c | 2 ++ SymCryptProvider/src/p_scossl_ecc.c | 10 ++++++++++ SymCryptProvider/src/p_scossl_keysinuse.c | 6 ++---- SymCryptProvider/src/p_scossl_rsa.c | 9 +++++++++ 5 files changed, 25 insertions(+), 4 deletions(-) diff --git a/ScosslCommon/inc/scossl_helpers.h b/ScosslCommon/inc/scossl_helpers.h index 0b6be95..fc9dd66 100644 --- a/ScosslCommon/inc/scossl_helpers.h +++ b/ScosslCommon/inc/scossl_helpers.h @@ -191,6 +191,7 @@ typedef enum { SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, + SCOSSL_ERR_F_PROV_ECC_INIT_KEYSINUSE, SCOSSL_ERR_F_PROV_ECC_KEYGEN, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, @@ -204,6 +205,7 @@ typedef enum { SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_F_PROV_KMAC_INIT, SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, + SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, SCOSSL_ERR_F_PROV_RSA_KEYGEN, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, diff --git a/ScosslCommon/src/scossl_helpers.c b/ScosslCommon/src/scossl_helpers.c index 0e19bc8..410adb8 100644 --- a/ScosslCommon/src/scossl_helpers.c +++ b/ScosslCommon/src/scossl_helpers.c @@ -139,6 +139,7 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, 0), "p_scossl_dh_plain_derive"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, 0), "p_scossl_dh_x9_42_derive"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, 0), "p_scossl_ecc_get_encoded_public_key"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_INIT_KEYSINUSE, 0), "p_scossl_ecc_init_keysinuse"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYGEN, 0), "p_scossl_ecc_keygen"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, 0), "p_scossl_ecc_keymgmt_dup_ctx"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, 0), "p_scossl_ecc_keymgmt_get_private_key"}, @@ -152,6 +153,7 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, 0), "p_scossl_keysinuse_init_once"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_INIT, 0), "p_scossl_kmac_init"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, 0), "p_scossl_kmac_set_ctx_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, 0), "p_scossl_rsa_get_encoded_public_key"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYGEN, 0), "p_scossl_rsa_keygen"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, 0), "p_scossl_rsa_keymgmt_dup_keydata"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, 0), "p_scossl_rsa_keymgmt_get_crt_keydata"}, diff --git a/SymCryptProvider/src/p_scossl_ecc.c b/SymCryptProvider/src/p_scossl_ecc.c index 0dd6e41..c1b233c 100644 --- a/SymCryptProvider/src/p_scossl_ecc.c +++ b/SymCryptProvider/src/p_scossl_ecc.c @@ -135,10 +135,20 @@ void p_scossl_ecc_init_keysinuse(SCOSSL_ECC_KEY_CTX *keyCtx) PBYTE pbPublicKey; SIZE_T cbPublicKey; + // KeysInUse related errors shouldn't surface to caller + ERR_set_mark(); + if (p_scossl_ecc_get_encoded_public_key(keyCtx, &pbPublicKey, &cbPublicKey)) { keyCtx->keysinuseInfo = p_scossl_keysinuse_info_new(pbPublicKey, cbPublicKey); } + else + { + SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_ECC_INIT_KEYSINUSE, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "p_scossl_ecc_get_encoded_public_key failed: %s", ERR_error_string(ERR_get_error(), NULL)); + } + + ERR_pop_to_mark(); OPENSSL_free(pbPublicKey); } diff --git a/SymCryptProvider/src/p_scossl_keysinuse.c b/SymCryptProvider/src/p_scossl_keysinuse.c index ed649dc..c4b660e 100644 --- a/SymCryptProvider/src/p_scossl_keysinuse.c +++ b/SymCryptProvider/src/p_scossl_keysinuse.c @@ -125,8 +125,7 @@ static void p_scossl_keysinuse_init_once() (cbProcPathUsed = readlink(symlinkPath, procPath, cbProcPath)) == -1) { SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_R_KEYSINUSE_FAILURE, - "Failed to get process path from /proc/%d/exe", pid, errno); - + "Failed to get process path from /proc/%d/exe with error %d", pid, errno); OPENSSL_free(procPath); procPath = NULL; cbProcPathUsed = 0; @@ -140,8 +139,7 @@ static void p_scossl_keysinuse_init_once() snprintf(prefix, prefix_size + 1, "%ld,%.*s", initTime, cbProcPathUsed, procPath) < 0) { SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_R_KEYSINUSE_FAILURE, - "Failed to generate logging prefix", pid, errno); - + "Failed to generate logging prefix with error %d", errno); OPENSSL_free(prefix); prefix = (char*)default_prefix; } diff --git a/SymCryptProvider/src/p_scossl_rsa.c b/SymCryptProvider/src/p_scossl_rsa.c index 26043a8..f52a4bf 100644 --- a/SymCryptProvider/src/p_scossl_rsa.c +++ b/SymCryptProvider/src/p_scossl_rsa.c @@ -200,15 +200,22 @@ SCOSSL_STATUS p_scossl_rsa_get_encoded_public_key(PCSYMCRYPT_RSAKEY key, int cbEncodedKey; SCOSSL_STATUS ret = SCOSSL_FAILURE; + // KeysInUse related errors shouldn't surface to caller + ERR_set_mark(); + rsaParams = scossl_rsa_new_export_params(FALSE); if (rsaParams == NULL || !scossl_rsa_export_key(key, rsaParams)) { + SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "scossl_rsa_export_key failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto cleanup; } if ((cbEncodedKey = i2d_SymcryptRsaPublicKey(rsaParams, &pbEncodedKey)) < 0) { + SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + "i2d_SymcryptRsaPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto cleanup; } @@ -219,6 +226,8 @@ SCOSSL_STATUS p_scossl_rsa_get_encoded_public_key(PCSYMCRYPT_RSAKEY key, cleanup: scossl_rsa_free_export_params(rsaParams, TRUE); + ERR_pop_to_mark(); + return ret; } From e4e48181dd1dc6856c267cf19bbe183150d171fc Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Wed, 18 Sep 2024 21:02:17 +0000 Subject: [PATCH 07/10] PR comments --- ScosslCommon/src/scossl_aes_aead.c | 2 +- ScosslCommon/src/scossl_rsa.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/ScosslCommon/src/scossl_aes_aead.c b/ScosslCommon/src/scossl_aes_aead.c index e4643b8..0744182 100644 --- a/ScosslCommon/src/scossl_aes_aead.c +++ b/ScosslCommon/src/scossl_aes_aead.c @@ -727,7 +727,7 @@ SCOSSL_STATUS scossl_aes_ccm_set_iv_fixed(SCOSSL_CIPHER_CCM_CTX *ctx, INT32 encr { if (ctx->ivlen != EVP_CCM_TLS_IV_LEN) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_IV_LEN, ERR_R_PASSED_INVALID_ARGUMENT, + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_AES_CCM_SET_IV_FIXED, ERR_R_PASSED_INVALID_ARGUMENT, "set_iv_fixed only works with TLS IV length"); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_rsa.c b/ScosslCommon/src/scossl_rsa.c index 6327a2f..cdc8b8a 100644 --- a/ScosslCommon/src/scossl_rsa.c +++ b/ScosslCommon/src/scossl_rsa.c @@ -175,7 +175,7 @@ SCOSSL_STATUS scossl_rsa_pkcs1_verify(PSYMCRYPT_RSAKEY key, int mdnid, if (pkcs1Params == NULL) { SCOSSL_LOG_ERROR(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_NOT_IMPLEMENTED, - "Unknown type: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); + "Unsupported hash algorithm: %s. Size: %d.", OBJ_nid2sn(mdnid), cbHashValue); goto cleanup; } From b22e7922e60eff952d88e2d0a2d6361b7013c27b Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Wed, 18 Sep 2024 21:58:29 +0000 Subject: [PATCH 08/10] Add FIPS compliance logging to unpadded RSA encrypt/decrypt --- ScosslCommon/src/scossl_rsa.c | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/ScosslCommon/src/scossl_rsa.c b/ScosslCommon/src/scossl_rsa.c index cdc8b8a..dfc4fba 100644 --- a/ScosslCommon/src/scossl_rsa.c +++ b/ScosslCommon/src/scossl_rsa.c @@ -495,6 +495,9 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, } break; case RSA_NO_PADDING: + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using no padding for RSA encryption which is not FIPS compliant"); + if (cbSrc != cbModulus) { goto cleanup; @@ -622,6 +625,9 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, } break; case RSA_NO_PADDING: + SCOSSL_LOG_INFO(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_NOT_FIPS_ALGORITHM, + "Using no padding for RSA decryption which is not FIPS compliant"); + scError = SymCryptRsaRawDecrypt( key, pbSrc, From 8c0650c1cfe93943569bf6d7a31c074a678b9b3b Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Thu, 19 Sep 2024 23:44:13 +0000 Subject: [PATCH 09/10] PR comments --- ScosslCommon/inc/scossl_helpers.h | 42 ++++-------- ScosslCommon/src/scossl_dh.c | 8 +-- ScosslCommon/src/scossl_ecc.c | 8 +-- ScosslCommon/src/scossl_helpers.c | 65 ++++++------------- ScosslCommon/src/scossl_mac.c | 4 +- ScosslCommon/src/scossl_rsa.c | 22 +++---- ScosslCommon/src/scossl_sshkdf.c | 2 +- ScosslCommon/src/scossl_tls1prf.c | 2 +- SymCryptEngine/src/e_scossl_dh.c | 8 +-- SymCryptEngine/src/e_scossl_ecc.c | 16 ++--- SymCryptEngine/src/e_scossl_rsa.c | 4 +- SymCryptEngine/src/e_scossl_sshkdf.c | 4 +- .../src/asymcipher/p_scossl_rsa_cipher.c | 6 +- SymCryptProvider/src/ciphers/p_scossl_aes.c | 5 +- .../src/ciphers/p_scossl_aes_xts.c | 6 +- SymCryptProvider/src/kdf/p_scossl_kbkdf.c | 4 +- SymCryptProvider/src/keyexch/p_scossl_dh.c | 8 +-- SymCryptProvider/src/keyexch/p_scossl_ecdh.c | 2 +- .../src/keymgmt/p_scossl_dh_keymgmt.c | 24 +++---- .../src/keymgmt/p_scossl_ecc_keymgmt.c | 26 ++++---- .../src/keymgmt/p_scossl_rsa_keymgmt.c | 27 ++++---- SymCryptProvider/src/mac/p_scossl_hmac.c | 1 - SymCryptProvider/src/mac/p_scossl_kmac.c | 5 +- SymCryptProvider/src/p_scossl_ecc.c | 2 +- .../src/signature/p_scossl_rsa_signature.c | 3 +- 25 files changed, 135 insertions(+), 169 deletions(-) diff --git a/ScosslCommon/inc/scossl_helpers.h b/ScosslCommon/inc/scossl_helpers.h index fc9dd66..1ab900a 100644 --- a/ScosslCommon/inc/scossl_helpers.h +++ b/ScosslCommon/inc/scossl_helpers.h @@ -180,9 +180,11 @@ typedef enum { SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, SCOSSL_ERR_F_ENG_TLS1PRF_INIT, // SymCryptProvider + SCOSSL_ERR_F_PROV_AES_CFB_CIPHER, SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, + SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_PARAMS, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, @@ -205,6 +207,8 @@ typedef enum { SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_F_PROV_KMAC_INIT, SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, + SCOSSL_ERR_F_PROV_RSA_CIPHER_ENCRYPT, + SCOSSL_ERR_F_PROV_RSA_CIPHER_DECRYPT, SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, SCOSSL_ERR_F_PROV_RSA_KEYGEN, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, @@ -212,6 +216,7 @@ typedef enum { SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, + SCOSSL_ERR_F_PROV_RSA_PSS_PARAMS_TO_ASN1_SEQUENCE, SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, SCOSSL_ERR_F_ENUM_END @@ -247,19 +252,9 @@ void _scossl_log_bytes( int len, const char *format, ...); -void _scossl_log_bignum( - int trace_level, - SCOSSL_ERR_FUNC func_code, - SCOSSL_ERR_REASON reason_code, - const char *file, - int line, - char *description, - BIGNUM *bn); - void _scossl_log_SYMCRYPT_ERROR( int trace_level, SCOSSL_ERR_FUNC func_code, - SCOSSL_ERR_REASON reason_code, const char *file, int line, char *description, @@ -279,26 +274,18 @@ void _scossl_log_SYMCRYPT_ERROR( #define SCOSSL_LOG_BYTES_INFO(func_code, reason_code, description, s, len) \ _scossl_log_bytes(SCOSSL_LOG_LEVEL_INFO, func_code, reason_code, __FILE__, __LINE__, (const char*) s, len, description) - #define SCOSSL_LOG_BIGNUM_DEBUG(func_code, reason_code, description, bn) \ - _scossl_log_bignum(SCOSSL_LOG_LEVEL_DEBUG, func_code, reason_code, __FILE__, __LINE__, description, bn) - - #define SCOSSL_LOG_BIGNUM_INFO(func_code, reason_code, description, s, len) \ - _scossl_log_bignum(SCOSSL_LOG_LEVEL_INFO, func_code, reason_code, __FILE__, __LINE__, description, bn) + #define SCOSSL_LOG_SYMCRYPT_DEBUG(func_code, description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_DEBUG, func_code, __FILE__, __LINE__, description, scError) - #define SCOSSL_LOG_SYMCRYPT_DEBUG(func_code, reason_code, description, scError) \ - _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_DEBUG, func_code, reason_code, __FILE__, __LINE__, description, scError) - - #define SCOSSL_LOG_SYMCRYPT_INFO(func_code, reason_code, description, scError) \ - _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_INFO, func_code, reason_code, __FILE__, __LINE__, description, scError) + #define SCOSSL_LOG_SYMCRYPT_INFO(func_code, description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_INFO, func_code, __FILE__, __LINE__, description, scError) #else #define SCOSSL_LOG_DEBUG(func_code, reason_code, ...) #define SCOSSL_LOG_INFO(func_code, reason_code, ...) #define SCOSSL_LOG_BYTES_DEBUG(func_code, reason_code, description, s, len) #define SCOSSL_LOG_BYTES_INFO(func_code, reason_code, description, s, len) - #define SCOSSL_LOG_BIGNUM_DEBUG(func_code, reason_code, description, bn) - #define SCOSSL_LOG_BIGNUM_INFO(func_code, reason_code, description, s, len) - #define SCOSSL_LOG_SYMCRYPT_DEBUG(func_code, reason_code, description, scError) - #define SCOSSL_LOG_SYMCRYPT_INFO(func_code, reason_code, description, scError) + #define SCOSSL_LOG_SYMCRYPT_DEBUG(func_code, description, scError) + #define SCOSSL_LOG_SYMCRYPT_INFO(func_code, description, scError) #endif #define SCOSSL_LOG_ERROR(func_code, reason_code, ...) \ @@ -307,11 +294,8 @@ void _scossl_log_SYMCRYPT_ERROR( #define SCOSSL_LOG_BYTES_ERROR(func_code, reason_code, description, s, len) \ _scossl_log_bytes(SCOSSL_LOG_LEVEL_ERROR, func_code, reason_code, __FILE__, __LINE__, (const char*) s, len, description) -#define SCOSSL_LOG_BIGNUM_ERROR(func_code, reason_code, description, s, len) \ - _scossl_log_bignum(SCOSSL_LOG_LEVEL_ERROR, func_code, reason_code, __FILE__, __LINE__, description, bn) - -#define SCOSSL_LOG_SYMCRYPT_ERROR(func_code, reason_code, description, scError) \ - _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_ERROR, func_code, reason_code, __FILE__, __LINE__, description, scError) +#define SCOSSL_LOG_SYMCRYPT_ERROR(func_code, description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_ERROR, func_code, __FILE__, __LINE__, description, scError) // // Common helper functions diff --git a/ScosslCommon/src/scossl_dh.c b/ScosslCommon/src/scossl_dh.c index 74c898d..3ec47e9 100644 --- a/ScosslCommon/src/scossl_dh.c +++ b/ScosslCommon/src/scossl_dh.c @@ -185,7 +185,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, scError = SymCryptDlkeySetPrivateKeyLength(ctx->dlkey, nBitsPriv, 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, "SymCryptDlkeySetPrivateKeyLength failed", scError); goto cleanup; } @@ -256,7 +256,7 @@ SCOSSL_STATUS scossl_dh_import_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, ctx->dlkey); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_IMPORT_KEYPAIR, "SymCryptDlkeySetValue failed", scError); goto cleanup; } @@ -299,7 +299,7 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, scError = SymCryptDlkeySetPrivateKeyLength(ctx->dlkey, nBitsPriv, 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, "SymCryptDlkeySetPrivateKeyLength failed", scError); goto cleanup; } @@ -308,7 +308,7 @@ SCOSSL_STATUS scossl_dh_generate_keypair(SCOSSL_DH_KEY_CTX *ctx, int nBitsPriv, scError = SymCryptDlkeyGenerate(SYMCRYPT_FLAG_DLKEY_DH, ctx->dlkey); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_DH_GENERATE_KEYPAIR, "SymCryptDlkeyGenerate failed", scError); goto cleanup; } diff --git a/ScosslCommon/src/scossl_ecc.c b/ScosslCommon/src/scossl_ecc.c index 98b7b1a..063ea1d 100644 --- a/ScosslCommon/src/scossl_ecc.c +++ b/ScosslCommon/src/scossl_ecc.c @@ -534,7 +534,7 @@ SCOSSL_STATUS scossl_ecdsa_sign(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, scError = SymCryptEckeyExtendKeyUsage(key, SYMCRYPT_FLAG_ECKEY_ECDSA); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, "SymCryptEckeyExtendKeyUsage failed", scError); return SCOSSL_FAILURE; } @@ -549,7 +549,7 @@ SCOSSL_STATUS scossl_ecdsa_sign(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, cbSymCryptSig); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_SIGN, "SymCryptEcDsaSign failed", scError); return SCOSSL_FAILURE; } @@ -576,7 +576,7 @@ SCOSSL_STATUS scossl_ecdsa_verify(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, scError = SymCryptEckeyExtendKeyUsage(key, SYMCRYPT_FLAG_ECKEY_ECDSA); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, "SymCryptEckeyExtendKeyUsage failed", scError); return SCOSSL_FAILURE; } @@ -600,7 +600,7 @@ SCOSSL_STATUS scossl_ecdsa_verify(PSYMCRYPT_ECKEY key, PCSYMCRYPT_ECURVE curve, { if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ECDSA_VERIFY, "SymCryptEcDsaVerify returned unexpected error", scError); } return SCOSSL_FAILURE; diff --git a/ScosslCommon/src/scossl_helpers.c b/ScosslCommon/src/scossl_helpers.c index 410adb8..2d0ff2e 100644 --- a/ScosslCommon/src/scossl_helpers.c +++ b/ScosslCommon/src/scossl_helpers.c @@ -17,6 +17,18 @@ extern "C" { #define SCOSSL_LOG_LEVEL_PREFIX_INFO "INFO" #define SCOSSL_LOG_LEVEL_PREFIX_DEBUG "DEBUG" +// ERR_put_error is deprecated in 3.0+. We replace the functionality with the equivalent +// function calls in OpenSSL 3.0+. +#if OPENSSL_API_LEVEL >= 30000 + #define SCOSSL_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug((file), (line), (func)), \ + ERR_set_error((lib), (reason), NULL)) +#else + #define SCOSSL_put_error(lib, func, reason, file, line) \ + ERR_put_error((lib), (func), (reason), (file), (line)) +#endif + // Level of tracing that is output to stderr / log file static int _traceLogLevel = SCOSSL_LOG_LEVEL_OFF; static char *_traceLogFilename = NULL; @@ -128,9 +140,11 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, 0), "e_scossl_tls1prf_ctrl"}, {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_INIT, 0), "e_scossl_tls1prf_init"}, // SymCryptProvider + {ERR_PACK(0, SCOSSL_ERR_F_PROV_AES_CFB_CIPHER, 0), "p_scossl_aes_cfb_cipher"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, 0), "p_scossl_aes_generic_init_internal"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, 0), "p_scossl_aes_xts_init_internal"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, 0), "p_scossl_dh_keymgmt_export"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_PARAMS, 0), "p_scossl_dh_keymgmt_get_params"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, 0), "p_scossl_dh_keymgmt_get_ffc_params"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, 0), "p_scossl_dh_keymgmt_get_key_params"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, 0), "p_scossl_dh_keymgmt_match"}, @@ -153,6 +167,8 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, 0), "p_scossl_keysinuse_init_once"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_INIT, 0), "p_scossl_kmac_init"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, 0), "p_scossl_kmac_set_ctx_params"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_CIPHER_ENCRYPT, 0), "p_scossl_rsa_cipher_encrypt"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_CIPHER_DECRYPT, 0), "p_scossl_rsa_cipher_decrypt"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, 0), "p_scossl_rsa_get_encoded_public_key"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYGEN, 0), "p_scossl_rsa_keygen"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, 0), "p_scossl_rsa_keymgmt_dup_keydata"}, @@ -160,6 +176,7 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, 0), "p_scossl_rsa_keymgmt_get_keydata"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, 0), "p_scossl_rsa_keymgmt_import"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, 0), "p_scossl_rsa_keymgmt_match"}, + {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_PSS_PARAMS_TO_ASN1_SEQUENCE, 0), "p_scossl_rsa_pss_params_to_asn1_sequence"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, 0), "p_scossl_x25519_keymgmt_export"}, {ERR_PACK(0, SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, 0), "p_scossl_x25519_keymgmt_import"}, {0, NULL} @@ -293,7 +310,7 @@ static void _scossl_log_bytes_valist( if( _osslERRLogLevel >= trace_level ) { // Log an OpenSSL error, so calling applications can handle the log appropriately - ERR_put_error(_scossl_err_library_code, func_code, reason_code, file, line); + SCOSSL_put_error(_scossl_err_library_code, func_code, reason_code, file, line); // Add error string indicating the error details as error data ERR_add_error_data(1, paraBuf); } @@ -343,53 +360,9 @@ void _scossl_log( va_end(args); } -void _scossl_log_bignum( - int trace_level, - SCOSSL_ERR_FUNC func_code, - SCOSSL_ERR_REASON reason_code, - const char *file, - int line, - char *description, - BIGNUM *bn) -{ - unsigned char *string = NULL; - int length = 0; - - if( SYMCRYPT_MAX(_traceLogLevel, _osslERRLogLevel) < trace_level ) - { - return; - } - - if( bn == NULL ) - { - return; - } - - length = BN_num_bytes(bn); - if( length < 0 ) - { - return; - } - - string = (unsigned char *)OPENSSL_zalloc(length); - if( string == NULL ) - { - return; - } - - if( BN_bn2bin(bn, string) < 0 ) - { - return; - } - - _scossl_log_bytes(trace_level, func_code, reason_code, file, line, (const char*) string, length, description); - OPENSSL_free(string); -} - void _scossl_log_SYMCRYPT_ERROR( int trace_level, SCOSSL_ERR_FUNC func_code, - SCOSSL_ERR_REASON reason_code, const char *file, int line, char *description, @@ -460,7 +433,7 @@ void _scossl_log_SYMCRYPT_ERROR( scErrorString = "UNKNOWN SYMCRYPT_ERROR"; break; } - _scossl_log(trace_level, func_code, reason_code, file, line, "%s - %s (0x%x)", description, scErrorString, scError); + _scossl_log(trace_level, func_code, SCOSSL_ERR_R_SYMCRYPT_FAILURE, file, line, "%s - %s (0x%x)", description, scErrorString, scError); } BOOL scossl_is_md_supported(int mdnid) diff --git a/ScosslCommon/src/scossl_mac.c b/ScosslCommon/src/scossl_mac.c index 2d92776..f0d3aa6 100644 --- a/ScosslCommon/src/scossl_mac.c +++ b/ScosslCommon/src/scossl_mac.c @@ -273,6 +273,8 @@ SCOSSL_STATUS scossl_mac_init(SCOSSL_MAC_CTX *ctx, SCOSSL_COMMON_ALIGNED_ALLOC_EX(expandedKey, OPENSSL_malloc, SCOSSL_MAC_EXPANDED_KEY, ctx->pMac->expandedKeySize); if (expandedKey == NULL) { + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_MAC_INIT, ERR_R_INTERNAL_ERROR, + "Failed to aligned allocated expanded key"); return SCOSSL_FAILURE; } @@ -283,7 +285,7 @@ SCOSSL_STATUS scossl_mac_init(SCOSSL_MAC_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_MAC_INIT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_MAC_INIT, "SymCryptMacExpandKey failed", scError); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_rsa.c b/ScosslCommon/src/scossl_rsa.c index dfc4fba..f46537c 100644 --- a/ScosslCommon/src/scossl_rsa.c +++ b/ScosslCommon/src/scossl_rsa.c @@ -152,7 +152,7 @@ SCOSSL_STATUS scossl_rsa_pkcs1_sign(PSYMCRYPT_RSAKEY key, int mdnid, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PKCS1_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PKCS1_SIGN, "SymCryptRsaPkcs1Sign failed", scError); goto cleanup; } @@ -217,7 +217,7 @@ SCOSSL_STATUS scossl_rsa_pkcs1_verify(PSYMCRYPT_RSAKEY key, int mdnid, } else if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_PKCS1_VERIFY, "SymCryptRsaPkcs1verify returned unexpected error", scError); } @@ -313,7 +313,7 @@ SCOSSL_STATUS scossl_rsapss_sign(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_SIGN, "SymCryptRsaPssSign failed", scError); goto cleanup; } @@ -406,7 +406,7 @@ SCOSSL_STATUS scossl_rsapss_verify(PSYMCRYPT_RSAKEY key, int mdnid, int cbSalt, } else if (scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSAPSS_VERIFY, "SymCryptRsaPssVerify returned unexpected error", scError); } @@ -456,7 +456,7 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, "SymCryptRsaPkcs1Encrypt failed", scError); goto cleanup; } @@ -489,7 +489,7 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, "SymCryptRsaOaepEncrypt failed", scError); goto cleanup; } @@ -513,7 +513,7 @@ SCOSSL_STATUS scossl_rsa_encrypt(PSYMCRYPT_RSAKEY key, UINT padding, cbResult = cbModulus; if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_ENCRYPT, "SymCryptRsaRawEncrypt failed", scError); goto cleanup; } @@ -619,7 +619,7 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, &cbResult); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, "SymCryptRsaOaepDecrypt failed", scError); goto cleanup; } @@ -639,7 +639,7 @@ SCOSSL_STATUS scossl_rsa_decrypt(PSYMCRYPT_RSAKEY key, UINT padding, cbResult = cbModulus; if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_DECRYPT, "SymCryptRsaRawDecrypt failed", scError); goto cleanup; } @@ -820,7 +820,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -847,7 +847,7 @@ SCOSSL_STATUS scossl_rsa_export_key(PCSYMCRYPT_RSAKEY key, SCOSSL_RSA_EXPORT_PAR 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_RSA_EXPORT_KEY, "SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } diff --git a/ScosslCommon/src/scossl_sshkdf.c b/ScosslCommon/src/scossl_sshkdf.c index c560944..79c60ba 100644 --- a/ScosslCommon/src/scossl_sshkdf.c +++ b/ScosslCommon/src/scossl_sshkdf.c @@ -100,7 +100,7 @@ SCOSSL_STATUS scossl_sshkdf_derive(SCOSSL_SSHKDF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_SSHKDF_DERIVE, "SymCryptSshKdf failed", scError); return SCOSSL_FAILURE; } diff --git a/ScosslCommon/src/scossl_tls1prf.c b/ScosslCommon/src/scossl_tls1prf.c index 60465de..15678a5 100644 --- a/ScosslCommon/src/scossl_tls1prf.c +++ b/ScosslCommon/src/scossl_tls1prf.c @@ -117,7 +117,7 @@ SCOSSL_STATUS scossl_tls1prf_derive(SCOSSL_TLS1_PRF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_TLS1PRF_DERIVE, "SymCryptTlsPrf1_x failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptEngine/src/e_scossl_dh.c b/SymCryptEngine/src/e_scossl_dh.c index 48bdcd2..234d474 100644 --- a/SymCryptEngine/src/e_scossl_dh.c +++ b/SymCryptEngine/src/e_scossl_dh.c @@ -68,7 +68,7 @@ SCOSSL_STATUS e_scossl_dh_generate_keypair( 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_GENERATE_KEYPAIR, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -173,7 +173,7 @@ SCOSSL_STATUS e_scossl_dh_import_keypair( 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_IMPORT_KEYPAIR, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -395,7 +395,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi pkPublic ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, "SymCryptDlkeySetValue failed", scError); goto cleanup; } @@ -409,7 +409,7 @@ SCOSSL_RETURNLENGTH e_scossl_dh_compute_key(_Out_writes_bytes_(DH_size(dh)) unsi cbPublicKey ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_DH_COMPUTE_KEY, "SymCryptDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptEngine/src/e_scossl_ecc.c b/SymCryptEngine/src/e_scossl_ecc.c index 10b43aa..57e92cb 100644 --- a/SymCryptEngine/src/e_scossl_ecc.c +++ b/SymCryptEngine/src/e_scossl_ecc.c @@ -111,7 +111,7 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey scError = SymCryptEckeySetRandom( SYMCRYPT_FLAG_ECKEY_ECDH, pKeyCtx->key ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, "SymCryptEckeySetRandom failed", scError); goto cleanup; } @@ -128,7 +128,7 @@ SCOSSL_STATUS e_scossl_ecc_generate_keypair(_Inout_ SCOSSL_ECC_KEY_CONTEXT* pKey 0 ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_GENERATE_KEYPAIR, "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -320,7 +320,7 @@ SCOSSL_STATUS e_scossl_ecc_import_keypair(_In_ const EC_KEY* eckey, _In_ const E pKeyCtx->key ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECC_IMPORT_KEYPAIR, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -540,7 +540,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char scError = SymCryptEckeyExtendKeyUsage(keyCtx->key, SYMCRYPT_FLAG_ECKEY_ECDSA); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, "SymCryptEckeyExtendKeyUsage failed", scError); return NULL; } @@ -556,7 +556,7 @@ ECDSA_SIG* e_scossl_eckey_sign_sig(_In_reads_bytes_(dgstlen) const unsigned char cbSymCryptSig); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_SIGN_SIG, "SymCryptEcDsaSign failed", scError); return NULL; } @@ -691,7 +691,7 @@ SCOSSL_STATUS e_scossl_eckey_verify_sig(_In_reads_bytes_(dgst_len) const unsigne { if( scError != SYMCRYPT_SIGNATURE_VERIFICATION_FAILURE ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_VERIFY_SIG, "SymCryptEcDsaVerify returned unexpected error", scError); } return SCOSSL_FAILURE; @@ -828,7 +828,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi pkPublic ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -851,7 +851,7 @@ SCOSSL_RETURNLENGTH e_scossl_eckey_compute_key(_Out_writes_bytes_(*pseclen) unsi *pseclen ); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_ECKEY_COMPUTE_KEY, "SymCryptEcDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptEngine/src/e_scossl_rsa.c b/SymCryptEngine/src/e_scossl_rsa.c index e86c830..25fb598 100644 --- a/SymCryptEngine/src/e_scossl_rsa.c +++ b/SymCryptEngine/src/e_scossl_rsa.c @@ -256,7 +256,7 @@ SCOSSL_STATUS e_scossl_rsa_keygen(_Out_ RSA* rsa, int bits, _In_ BIGNUM* e, scError = SymCryptRsakeyGenerate(keyCtx->key, &pubExp64, 1, SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_RSA_KEYGEN, "SymCryptRsakeyGenerate failed", scError); goto cleanup; } @@ -425,7 +425,7 @@ SCOSSL_STATUS e_scossl_initialize_rsa_key(_In_ const RSA* rsa, _Out_ SCOSSL_RSA_ keyCtx->key); if( scError != SYMCRYPT_NO_ERROR ) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_INITIALIZE_RSA_KEY, "SymCryptRsakeySetValue failed", scError); goto cleanup; } diff --git a/SymCryptEngine/src/e_scossl_sshkdf.c b/SymCryptEngine/src/e_scossl_sshkdf.c index 55683cb..b59c197 100644 --- a/SymCryptEngine/src/e_scossl_sshkdf.c +++ b/SymCryptEngine/src/e_scossl_sshkdf.c @@ -67,7 +67,7 @@ static PCSYMCRYPT_HASH e_scossl_get_symcrypt_hash_algorithm(const EVP_MD *md) return SymCryptSha384Algorithm; if (type == NID_sha512) return SymCryptSha512Algorithm; - + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_ENG_GET_SYMCRYPT_HASH_ALGORITHM, SCOSSL_ERR_R_NOT_IMPLEMENTED, "SymCrypt engine does not support hash algorithm %d", type); @@ -263,7 +263,7 @@ SCOSSL_STATUS e_scossl_sshkdf_derive(EVP_KDF_IMPL *impl, unsigned char *out, siz out, out_len); if(scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_ENG_SSHKDF_DERIVE, "SymCryptSshKdf failed", scError); ret = SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c index cd6d140..daeac61 100644 --- a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c +++ b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c @@ -170,7 +170,8 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_encrypt(_In_ SCOSSL_RSA_CIPHER_CTX *ctx if (ctx->oaepMdInfo == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_CIPHER_ENCRYPT, ERR_R_INTERNAL_ERROR, + "p_scossl_rsa_get_supported_md returned NULL for default digest"); return SCOSSL_FAILURE; } } @@ -216,7 +217,8 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_decrypt(_In_ SCOSSL_RSA_CIPHER_CTX *ctx if (ctx->oaepMdInfo == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_CIPHER_DECRYPT, ERR_R_INTERNAL_ERROR, + "p_scossl_rsa_get_supported_md returned NULL for default digest"); return SCOSSL_FAILURE; } } diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes.c b/SymCryptProvider/src/ciphers/p_scossl_aes.c index bcd1016..d84baee 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes.c @@ -112,7 +112,7 @@ static SCOSSL_STATUS p_scossl_aes_generic_init_internal(_Inout_ SCOSSL_AES_CTX * scError = SymCryptAesExpandKey(&ctx->key, key, keylen); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, "SymCryptAesExpandKey failed", scError); return SCOSSL_FAILURE; } @@ -918,7 +918,8 @@ static SCOSSL_STATUS scossl_aes_cfb_cipher(_Inout_ SCOSSL_AES_CTX *ctx, { if (ctx->cbBuf != 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_AES_CFB_CIPHER, ERR_R_INTERNAL_ERROR, + "Unexpected partial block in buffer"); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c index 2e224b5..ff0d5da 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c @@ -41,7 +41,7 @@ static SCOSSL_STATUS p_scossl_aes_xts_set_ctx_params(_Inout_ SCOSSL_AES_XTS_CTX static SCOSSL_AES_XTS_CTX *p_scossl_aes_xts_newctx_internal(size_t keylen) { SCOSSL_COMMON_ALIGNED_ALLOC(ctx, OPENSSL_malloc, SCOSSL_AES_XTS_CTX); - if (ctx != NULL) + if (ctx != NULL) { ctx->keylen = keylen; } @@ -85,7 +85,7 @@ static SCOSSL_STATUS p_scossl_aes_xts_init_internal(_Inout_ SCOSSL_AES_XTS_CTX * scError = SymCryptXtsAesExpandKeyEx(&ctx->key, key, keylen, 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, "SymCryptXtsAesExpandKeyEx failed", scError); return SCOSSL_FAILURE; } @@ -163,7 +163,7 @@ static SCOSSL_STATUS p_scossl_aes_xts_cipher(SCOSSL_AES_XTS_CTX *ctx, } *outl = inl; - + return SCOSSL_SUCCESS; } diff --git a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c index 53f0dea..987642b 100644 --- a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c @@ -145,7 +145,7 @@ static SCOSSL_STATUS p_scossl_kbkdf_kmac_derive(_In_ SCOSSL_PROV_KBKDF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, "SymCryptKmacXXXExpandKey failed", scError); goto cleanup; } @@ -205,7 +205,7 @@ static SCOSSL_STATUS p_scossl_kbkdf_derive(_In_ SCOSSL_PROV_KBKDF_CTX *ctx, key, keylen); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KBKDF_DERIVE, "SymCryptSp800_108 failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/keyexch/p_scossl_dh.c b/SymCryptProvider/src/keyexch/p_scossl_dh.c index 3d9e6e4..6fde7f0 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_dh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_dh.c @@ -196,16 +196,16 @@ static SCOSSL_STATUS p_scossl_dh_X9_42_derive(_In_ SCOSSL_DH_CTX *ctx, cbAgreedSecret); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, "SymCryptDhSecretAgreement failed", scError); - goto cleanup; } if ((kdf = EVP_KDF_fetch(ctx->libCtx, OSSL_KDF_NAME_X942KDF_ASN1, NULL)) == NULL || (kdfCtx = EVP_KDF_CTX_new(kdf)) == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, ERR_R_INTERNAL_ERROR, + "Failed to create X9.42 KDF context"); goto cleanup; } @@ -269,7 +269,7 @@ static SCOSSL_STATUS p_scossl_dh_plain_derive(_In_ SCOSSL_DH_CTX *ctx, cbAgreedSecret); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, "SymCryptDhSecretAgreement failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c index ad3acde..f396e46 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c @@ -142,7 +142,7 @@ static SCOSSL_STATUS p_scossl_ecdh_derive(_In_ SCOSSL_ECDH_CTX *ctx, cbSecretBuf); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECDH_DERIVE, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECDH_DERIVE, "SymCryptEcDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index c37c91d..7426e3a 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -379,7 +379,7 @@ static SCOSSL_STATUS p_scossl_dh_params_to_group(_In_ OSSL_LIB_CTX *libCtx, _In_ pDlGroupTmp); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_PARAMS_TO_GROUP, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_PARAMS_TO_GROUP, "SymCryptDlgroupSetValue failed", scError); goto cleanup; } @@ -521,7 +521,7 @@ static SCOSSL_STATUS p_scossl_dh_keygen_set_template(_Inout_ SCOSSL_DH_KEYGEN_CT { if (genCtx == NULL || tmplCtx == NULL || - tmplCtx->groupSetByParams) + tmplCtx->groupSetByParams) { return SCOSSL_FAILURE; } @@ -635,7 +635,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_set_params(_In_ SCOSSL_PROV_DH_KEY_CTX SymCryptDlkeyFree(ctx->keyCtx->dlkey); ctx->keyCtx->dlkey = NULL; - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_SET_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_SET_PARAMS, "SymCryptDlkeySetValue failed", scError); return SCOSSL_FAILURE; } @@ -728,7 +728,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_ffc_params(_In_ SYMCRYPT_DLGROUP *p if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, "SymCryptDlgroupGetValue failed", scError); goto cleanup; } @@ -863,7 +863,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_key_params(_In_ SCOSSL_DH_KEY_CTX * 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -965,7 +965,8 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX int dlGroupNid = scossl_dh_get_group_nid(SymCryptDlkeyGetGroup(ctx->keyCtx->dlkey)); if (dlGroupNid == 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_PARAMS, ERR_R_INTERNAL_ERROR, + "Failed to get NID for previously set group in DH key context"); return SCOSSL_FAILURE; } @@ -1076,7 +1077,7 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -1089,7 +1090,7 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -1311,7 +1312,8 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx if (cbPrimeP == 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, ERR_R_INTERNAL_ERROR, + "SymCryptDlgroupGetSizes returned 0 for prime P size"); goto cleanup; } @@ -1353,7 +1355,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx &genCounter); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, "SymCryptDlgroupGetValue failed", scError); goto cleanup; } @@ -1435,7 +1437,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, "SymCryptDlkeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c index 54e9aa0..76e6d8d 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c @@ -219,7 +219,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keymgmt_dup_ctx(_In_ const SCOSSL_ECC_KE 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -240,7 +240,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keymgmt_dup_ctx(_In_ const SCOSSL_ECC_KE copyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -449,7 +449,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keygen(_In_ SCOSSL_ECC_KEYGEN_CTX *genCt scError = SymCryptEckeySetRandom(SYMCRYPT_FLAG_ECKEY_ECDH, keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYGEN, "SymCryptEckeySetRandom failed", scError); goto cleanup; } @@ -501,7 +501,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_pubkey_point(_In_ SCOSSL_ECC_KEY_C 0 ); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PUBKEY_POINT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PUBKEY_POINT, "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -576,7 +576,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_params(_In_ SCOSSL_ECC_KEY_CTX *ke } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_BITS)) != NULL && - (keyCtx->curve == NULL || + (keyCtx->curve == NULL || !OSSL_PARAM_set_int(p, SymCryptEcurveBitsizeofGroupOrder(keyCtx->curve)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); @@ -584,7 +584,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_params(_In_ SCOSSL_ECC_KEY_CTX *ke } if ((p = OSSL_PARAM_locate(params, OSSL_PKEY_PARAM_SECURITY_BITS)) != NULL && - (keyCtx->curve == NULL || + (keyCtx->curve == NULL || !OSSL_PARAM_set_int(p, scossl_ecc_get_curve_security_bits(keyCtx->curve)))) { ERR_raise(ERR_LIB_PROV, PROV_R_FAILED_TO_SET_PARAMETER); @@ -793,7 +793,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_set_params(_Inout_ SCOSSL_ECC_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_SET_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_SET_PARAMS, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -976,7 +976,7 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -990,7 +990,7 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -1197,7 +1197,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_import(_Inout_ SCOSSL_ECC_KEY_CTX *key keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_IMPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_IMPORT, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -1386,7 +1386,7 @@ static SCOSSL_STATUS p_scossl_x25519_keymgmt_import(_Inout_ SCOSSL_ECC_KEY_CTX * keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, "SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -1451,7 +1451,7 @@ static SCOSSL_STATUS p_scossl_x25519_keymgmt_export(_In_ SCOSSL_ECC_KEY_CTX *key if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, "SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -1589,7 +1589,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_private_key(SCOSSL_ECC_KEY_CTX *ke if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, "SymCryptEckeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c index 02a9430..15b1a44 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c @@ -89,7 +89,7 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keymgmt_new_ctx(ossl_unused void *p keyCtx->keyType = EVP_PKEY_RSA; #ifdef KEYSINUSE_ENABLED keyCtx->keysinuseLock = CRYPTO_THREAD_lock_new(); -#endif +#endif } return keyCtx; } @@ -188,7 +188,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_dup_keydata(_In_ PCSYMCRYPT_RSAKEY fro 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -215,7 +215,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_dup_keydata(_In_ PCSYMCRYPT_RSAKEY fro *toKey); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, "SymCryptRsakeySetValue failed", scError); goto cleanup; } @@ -426,7 +426,8 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keygen(_In_ SCOSSL_RSA_KEYGEN_CTX * keyCtx->key = SymCryptRsakeyAllocate(&symcryptRsaParam, 0); if (keyCtx->key == NULL) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYGEN, ERR_R_INTERNAL_ERROR, + "SymCryptRsakeyAllocate failed"); goto cleanup; } @@ -434,7 +435,7 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keygen(_In_ SCOSSL_RSA_KEYGEN_CTX * scError = SymCryptRsakeyGenerate(keyCtx->key, pPubExp64, genCtx->nPubExp, SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYGEN, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYGEN, "SymCryptRsakeyGenerate failed", scError); goto cleanup; } @@ -680,7 +681,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_keydata(_In_ SCOSSL_PROV_RSA_KEY_C 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -702,7 +703,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_keydata(_In_ SCOSSL_PROV_RSA_KEY_C if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, "SymCryptStoreLsbFirstUint64 failed", scError); goto cleanup; } @@ -841,7 +842,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_crt_keydata(_In_ SCOSSL_PROV_RSA_K 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, "SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -999,7 +1000,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -1013,7 +1014,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, "SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -1048,7 +1049,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, "SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -1062,7 +1063,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, "SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -1223,7 +1224,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, "SymCryptRsakeySetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/mac/p_scossl_hmac.c b/SymCryptProvider/src/mac/p_scossl_hmac.c index f591379..c30493c 100644 --- a/SymCryptProvider/src/mac/p_scossl_hmac.c +++ b/SymCryptProvider/src/mac/p_scossl_hmac.c @@ -179,7 +179,6 @@ static SCOSSL_STATUS p_scossl_hmac_set_ctx_params(_Inout_ SCOSSL_MAC_CTX *ctx, _ if (!scossl_mac_init(ctx, pbMacKey, cbMacKey)) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); goto cleanup; } } diff --git a/SymCryptProvider/src/mac/p_scossl_kmac.c b/SymCryptProvider/src/mac/p_scossl_kmac.c index 3e7818e..2540e8c 100644 --- a/SymCryptProvider/src/mac/p_scossl_kmac.c +++ b/SymCryptProvider/src/mac/p_scossl_kmac.c @@ -137,8 +137,9 @@ static SCOSSL_STATUS p_scossl_kmac_init(_Inout_ SCOSSL_KMAC_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KMAC_INIT, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KMAC_INIT, "SymCryptKmacXXXExpandKeyEx failed", scError); + return SCOSSL_FAILURE; } } @@ -279,7 +280,7 @@ static SCOSSL_STATUS p_scossl_kmac_set_ctx_params(_Inout_ SCOSSL_KMAC_CTX *ctx, ctx->customizationString, ctx->cbCustomizationString); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, "SymCryptKmacXXXExpandKeyEx failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/p_scossl_ecc.c b/SymCryptProvider/src/p_scossl_ecc.c index c1b233c..d3bbba5 100644 --- a/SymCryptProvider/src/p_scossl_ecc.c +++ b/SymCryptProvider/src/p_scossl_ecc.c @@ -69,7 +69,7 @@ SCOSSL_STATUS p_scossl_ecc_get_encoded_public_key(const SCOSSL_ECC_KEY_CTX *keyC if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, SCOSSL_ERR_R_SYMCRYPT_FAILURE, + SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, "SymCryptEckeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c index f864f1b..2db78aa 100644 --- a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c @@ -765,7 +765,8 @@ static ASN1_STRING *p_scossl_rsa_pss_params_to_asn1_sequence(_In_ SCOSSL_RSA_SIG if (cbSalt < 0) { - ERR_raise(ERR_LIB_PROV, ERR_R_INTERNAL_ERROR); + SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_PSS_PARAMS_TO_ASN1_SEQUENCE, ERR_R_INTERNAL_ERROR, + "Invalid salt length in key context"); goto cleanup; } } From 8578c5954d0f15b11d4f88a30d2658fb9958ec88 Mon Sep 17 00:00:00 2001 From: Maxwell Moyer-McKee Date: Fri, 20 Sep 2024 17:11:55 +0000 Subject: [PATCH 10/10] Create separate provider loggin calls without func code --- ScosslCommon/inc/scossl_helpers.h | 82 +++++++++---------- ScosslCommon/src/scossl_helpers.c | 70 ++++------------ SymCryptEngine/src/e_scossl_pkey_meths.c | 2 +- .../src/asymcipher/p_scossl_rsa_cipher.c | 6 +- SymCryptProvider/src/ciphers/p_scossl_aes.c | 6 +- .../src/ciphers/p_scossl_aes_xts.c | 3 +- SymCryptProvider/src/kdf/p_scossl_kbkdf.c | 6 +- SymCryptProvider/src/keyexch/p_scossl_dh.c | 9 +- SymCryptProvider/src/keyexch/p_scossl_ecdh.c | 3 +- .../src/keymgmt/p_scossl_dh_keymgmt.c | 30 +++---- .../src/keymgmt/p_scossl_ecc_keymgmt.c | 33 +++----- .../src/keymgmt/p_scossl_rsa_keymgmt.c | 36 +++----- SymCryptProvider/src/mac/p_scossl_kmac.c | 6 +- SymCryptProvider/src/p_scossl_ecc.c | 5 +- SymCryptProvider/src/p_scossl_keysinuse.c | 4 +- SymCryptProvider/src/p_scossl_rsa.c | 8 +- .../src/signature/p_scossl_rsa_signature.c | 3 +- 17 files changed, 113 insertions(+), 199 deletions(-) diff --git a/ScosslCommon/inc/scossl_helpers.h b/ScosslCommon/inc/scossl_helpers.h index 1ab900a..06f1f85 100644 --- a/ScosslCommon/inc/scossl_helpers.h +++ b/ScosslCommon/inc/scossl_helpers.h @@ -43,7 +43,7 @@ typedef _Return_type_success_(return >= 0) int SCOSSL_RETURNLENGTH; // For funct // pointer before using it with SymCrypt. // // In the SCOSSL provider, it is our responsibility to perform the allocation and free ourselves. -// Here we allocate SYMCRYPT_ALIGN_VALUE extra bytes, and store the offset into our allocation in the byte before the aligned +// Here we allocate SYMCRYPT_ALIGN_VALUE extra bytes, and store the offset into our allocation in the byte before the aligned // pointer we use in SymCrypt. On free, we look at the byte before the aligned pointer we have been using, to determine the start // of the allocation and free it correctly. // @@ -179,46 +179,6 @@ typedef enum { SCOSSL_ERR_F_ENG_SSHKDF_NEW, SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, SCOSSL_ERR_F_ENG_TLS1PRF_INIT, - // SymCryptProvider - SCOSSL_ERR_F_PROV_AES_CFB_CIPHER, - SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, - SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, - SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, - SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_PARAMS, - SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, - SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, - SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, - SCOSSL_ERR_F_PROV_DH_KEYMGMT_SET_PARAMS, - SCOSSL_ERR_F_PROV_DH_PARAMS_TO_GROUP, - SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, - SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, - SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, - SCOSSL_ERR_F_PROV_ECC_INIT_KEYSINUSE, - SCOSSL_ERR_F_PROV_ECC_KEYGEN, - SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, - SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, - SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PUBKEY_POINT, - SCOSSL_ERR_F_PROV_ECC_KEYMGMT_IMPORT, - SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, - SCOSSL_ERR_F_PROV_ECC_KEYMGMT_SET_PARAMS, - SCOSSL_ERR_F_PROV_ECDH_DERIVE, - SCOSSL_ERR_F_PROV_KBKDF_DERIVE, - SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, - SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, - SCOSSL_ERR_F_PROV_KMAC_INIT, - SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, - SCOSSL_ERR_F_PROV_RSA_CIPHER_ENCRYPT, - SCOSSL_ERR_F_PROV_RSA_CIPHER_DECRYPT, - SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, - SCOSSL_ERR_F_PROV_RSA_KEYGEN, - SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, - SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, - SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, - SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, - SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, - SCOSSL_ERR_F_PROV_RSA_PSS_PARAMS_TO_ASN1_SEQUENCE, - SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, - SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, SCOSSL_ERR_F_ENUM_END } SCOSSL_ERR_FUNC; @@ -297,6 +257,46 @@ void _scossl_log_SYMCRYPT_ERROR( #define SCOSSL_LOG_SYMCRYPT_ERROR(func_code, description, scError) \ _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_ERROR, func_code, __FILE__, __LINE__, description, scError) +#if OPENSSL_API_LEVEL >= 30000 + // Enable debug and info messages in debug builds, but compile them out in release builds + #if DBG + #define SCOSSL_PROV_LOG_DEBUG(reason_code, ...) \ + _scossl_log(SCOSSL_LOG_LEVEL_DEBUG, 0, reason_code, __FILE__, __LINE__, __VA_ARGS__) + + #define SCOSSL_PROV_LOG_INFO(reason_code, ...) \ + _scossl_log(SCOSSL_LOG_LEVEL_INFO, 0, reason_code, __FILE__, __LINE__, __VA_ARGS__) + + #define SCOSSL_PROV_LOG_BYTES_DEBUG(reason_code, description, s, len) \ + _scossl_log_bytes(SCOSSL_LOG_LEVEL_DEBUG, 0, reason_code, __FILE__, __LINE__, (const char*) s, len, description) + + #define SCOSSL_PROV_LOG_BYTES_INFO(reason_code, description, s, len) \ + _scossl_log_bytes(SCOSSL_LOG_LEVEL_INFO, 0, reason_code, __FILE__, __LINE__, (const char*) s, len, description) + + #define SCOSSL_PROV_LOG_SYMCRYPT_DEBUG(description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_DEBUG, 0, __FILE__, __LINE__, description, scError) + + #define SCOSSL_PROV_LOG_SYMCRYPT_INFO(description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_INFO, 0, __FILE__, __LINE__, description, scError) + #else + #define SCOSSL_PROV_LOG_DEBUG(reason_code, ...) + #define SCOSSL_PROV_LOG_INFO(reason_code, ...) + #define SCOSSL_PROV_LOG_BYTES_DEBUG(reason_code, description, s, len) + #define SCOSSL_PROV_LOG_BYTES_INFO(reason_code, description, s, len) + #define SCOSSL_PROV_LOG_SYMCRYPT_DEBUG(description, scError) + #define SCOSSL_PROV_LOG_SYMCRYPT_INFO(description, scError) + #endif + + #define SCOSSL_PROV_LOG_ERROR(reason_code, ...) \ + _scossl_log(SCOSSL_LOG_LEVEL_ERROR, 0, reason_code, __FILE__, __LINE__, __VA_ARGS__) + + #define SCOSSL_PROV_LOG_BYTES_ERROR(reason_code, description, s, len) \ + _scossl_log_bytes(SCOSSL_LOG_LEVEL_ERROR, 0, reason_code, __FILE__, __LINE__, (const char*) s, len, description) + + #define SCOSSL_PROV_LOG_SYMCRYPT_ERROR(description, scError) \ + _scossl_log_SYMCRYPT_ERROR(SCOSSL_LOG_LEVEL_ERROR, 0, __FILE__, __LINE__, description, scError) + +#endif + // // Common helper functions // diff --git a/ScosslCommon/src/scossl_helpers.c b/ScosslCommon/src/scossl_helpers.c index 2d0ff2e..d933807 100644 --- a/ScosslCommon/src/scossl_helpers.c +++ b/ScosslCommon/src/scossl_helpers.c @@ -17,18 +17,6 @@ extern "C" { #define SCOSSL_LOG_LEVEL_PREFIX_INFO "INFO" #define SCOSSL_LOG_LEVEL_PREFIX_DEBUG "DEBUG" -// ERR_put_error is deprecated in 3.0+. We replace the functionality with the equivalent -// function calls in OpenSSL 3.0+. -#if OPENSSL_API_LEVEL >= 30000 - #define SCOSSL_put_error(lib, func, reason, file, line) \ - (ERR_new(), \ - ERR_set_debug((file), (line), (func)), \ - ERR_set_error((lib), (reason), NULL)) -#else - #define SCOSSL_put_error(lib, func, reason, file, line) \ - ERR_put_error((lib), (func), (reason), (file), (line)) -#endif - // Level of tracing that is output to stderr / log file static int _traceLogLevel = SCOSSL_LOG_LEVEL_OFF; static char *_traceLogFilename = NULL; @@ -51,6 +39,18 @@ static ERR_STRING_DATA SCOSSL_ERR_library_string[] = { {0, NULL} }; +// ERR_put_error is deprecated in 3.0+. We replace the functionality with the equivalent +// function calls in OpenSSL 3.0+. This macro currently exists as ERR_put_error in +// the openssl/err.h but may be removed in the future. +#if OPENSSL_API_LEVEL >= 30000 +#define SCOSSL_put_error(lib, func, reason, file, line) \ + (ERR_new(), \ + ERR_set_debug(file, line, 0), \ + ERR_set_error(lib, reason, NULL)) +#else +#define SCOSSL_put_error(lib, func, reason, file, line) \ + ERR_put_error(lib, func, reason, file, line) + static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { // ScosslCommon {ERR_PACK(0, SCOSSL_ERR_F_AES_CCM_CIPHER, 0), "scossl_aes_ccm_cipher"}, @@ -139,51 +139,11 @@ static ERR_STRING_DATA SCOSSL_ERR_function_strings[] = { {ERR_PACK(0, SCOSSL_ERR_F_ENG_SSHKDF_NEW, 0), "e_scossl_sshkdf_new"}, {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_CTRL, 0), "e_scossl_tls1prf_ctrl"}, {ERR_PACK(0, SCOSSL_ERR_F_ENG_TLS1PRF_INIT, 0), "e_scossl_tls1prf_init"}, - // SymCryptProvider - {ERR_PACK(0, SCOSSL_ERR_F_PROV_AES_CFB_CIPHER, 0), "p_scossl_aes_cfb_cipher"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, 0), "p_scossl_aes_generic_init_internal"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, 0), "p_scossl_aes_xts_init_internal"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, 0), "p_scossl_dh_keymgmt_export"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_PARAMS, 0), "p_scossl_dh_keymgmt_get_params"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, 0), "p_scossl_dh_keymgmt_get_ffc_params"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, 0), "p_scossl_dh_keymgmt_get_key_params"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, 0), "p_scossl_dh_keymgmt_match"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_KEYMGMT_SET_PARAMS, 0), "p_scossl_dh_keymgmt_set_params"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_PARAMS_TO_GROUP, 0), "p_scossl_dh_params_to_group"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, 0), "p_scossl_dh_plain_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, 0), "p_scossl_dh_x9_42_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, 0), "p_scossl_ecc_get_encoded_public_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_INIT_KEYSINUSE, 0), "p_scossl_ecc_init_keysinuse"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYGEN, 0), "p_scossl_ecc_keygen"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, 0), "p_scossl_ecc_keymgmt_dup_ctx"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, 0), "p_scossl_ecc_keymgmt_get_private_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PUBKEY_POINT, 0), "p_scossl_ecc_keymgmt_get_pubkey_point"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_IMPORT, 0), "p_scossl_ecc_keymgmt_import"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, 0), "p_scossl_ecc_keymgmt_match"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECC_KEYMGMT_SET_PARAMS, 0), "p_scossl_ecc_keymgmt_set_params"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_ECDH_DERIVE, 0), "p_scossl_ecdh_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_KBKDF_DERIVE, 0), "p_scossl_kbkdf_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, 0), "p_scossl_kbkdf_kmac_derive"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, 0), "p_scossl_keysinuse_init_once"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_INIT, 0), "p_scossl_kmac_init"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, 0), "p_scossl_kmac_set_ctx_params"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_CIPHER_ENCRYPT, 0), "p_scossl_rsa_cipher_encrypt"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_CIPHER_DECRYPT, 0), "p_scossl_rsa_cipher_decrypt"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, 0), "p_scossl_rsa_get_encoded_public_key"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYGEN, 0), "p_scossl_rsa_keygen"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, 0), "p_scossl_rsa_keymgmt_dup_keydata"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, 0), "p_scossl_rsa_keymgmt_get_crt_keydata"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, 0), "p_scossl_rsa_keymgmt_get_keydata"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, 0), "p_scossl_rsa_keymgmt_import"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, 0), "p_scossl_rsa_keymgmt_match"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_RSA_PSS_PARAMS_TO_ASN1_SEQUENCE, 0), "p_scossl_rsa_pss_params_to_asn1_sequence"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, 0), "p_scossl_x25519_keymgmt_export"}, - {ERR_PACK(0, SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, 0), "p_scossl_x25519_keymgmt_import"}, {0, NULL} }; C_ASSERT( (sizeof(SCOSSL_ERR_function_strings) / sizeof(ERR_STRING_DATA)) == SCOSSL_ERR_F_ENUM_END-SCOSSL_ERR_F_ENUM_START ); - +#endif static ERR_STRING_DATA SCOSSL_ERR_reason_strings[] = { {ERR_PACK(0, 0, SCOSSL_ERR_R_MISSING_CTX_DATA), "Missing data in context"}, @@ -206,9 +166,11 @@ void scossl_setup_logging() // Bind the library name "SCOSSL" to the library code SCOSSL_ERR_library_string[0].error = ERR_PACK(_scossl_err_library_code, 0, 0); ERR_load_strings(_scossl_err_library_code, SCOSSL_ERR_library_string); - ERR_load_strings(_scossl_err_library_code, SCOSSL_ERR_function_strings); ERR_load_strings(_scossl_err_library_code, SCOSSL_ERR_reason_strings); +#if OPENSSL_API_LEVEL < 30000 + ERR_load_strings(_scossl_err_library_code, SCOSSL_ERR_function_strings); +#endif _loggingLock = CRYPTO_THREAD_lock_new(); SCOSSL_set_trace_log_filename(NULL); } diff --git a/SymCryptEngine/src/e_scossl_pkey_meths.c b/SymCryptEngine/src/e_scossl_pkey_meths.c index 69943dd..bdc0b5c 100644 --- a/SymCryptEngine/src/e_scossl_pkey_meths.c +++ b/SymCryptEngine/src/e_scossl_pkey_meths.c @@ -236,7 +236,7 @@ SCOSSL_STATUS e_scossl_pkey_methods_init_static() (e_scossl_pkey_rsa_pss() == NULL) || (e_scossl_pkey_tls1_prf() == NULL) || (e_scossl_pkey_hkdf() == NULL) || - (e_scossl_pkey_hmac() == NULL) + (e_scossl_pkey_hmac() == NULL) ) { return SCOSSL_FAILURE; diff --git a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c index daeac61..f0323a4 100644 --- a/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c +++ b/SymCryptProvider/src/asymcipher/p_scossl_rsa_cipher.c @@ -170,8 +170,7 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_encrypt(_In_ SCOSSL_RSA_CIPHER_CTX *ctx if (ctx->oaepMdInfo == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_CIPHER_ENCRYPT, ERR_R_INTERNAL_ERROR, - "p_scossl_rsa_get_supported_md returned NULL for default digest"); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "p_scossl_rsa_get_supported_md returned NULL for default digest"); return SCOSSL_FAILURE; } } @@ -217,8 +216,7 @@ static SCOSSL_STATUS p_scossl_rsa_cipher_decrypt(_In_ SCOSSL_RSA_CIPHER_CTX *ctx if (ctx->oaepMdInfo == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_CIPHER_DECRYPT, ERR_R_INTERNAL_ERROR, - "p_scossl_rsa_get_supported_md returned NULL for default digest"); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "p_scossl_rsa_get_supported_md returned NULL for default digest"); return SCOSSL_FAILURE; } } diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes.c b/SymCryptProvider/src/ciphers/p_scossl_aes.c index d84baee..bfcf606 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes.c @@ -112,8 +112,7 @@ static SCOSSL_STATUS p_scossl_aes_generic_init_internal(_Inout_ SCOSSL_AES_CTX * scError = SymCryptAesExpandKey(&ctx->key, key, keylen); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_AES_GENERIC_INIT_INTERNAL, - "SymCryptAesExpandKey failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptAesExpandKey failed", scError); return SCOSSL_FAILURE; } } @@ -918,8 +917,7 @@ static SCOSSL_STATUS scossl_aes_cfb_cipher(_Inout_ SCOSSL_AES_CTX *ctx, { if (ctx->cbBuf != 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_AES_CFB_CIPHER, ERR_R_INTERNAL_ERROR, - "Unexpected partial block in buffer"); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "Unexpected partial block in buffer"); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c index ff0d5da..a1b6961 100644 --- a/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c +++ b/SymCryptProvider/src/ciphers/p_scossl_aes_xts.c @@ -85,8 +85,7 @@ static SCOSSL_STATUS p_scossl_aes_xts_init_internal(_Inout_ SCOSSL_AES_XTS_CTX * scError = SymCryptXtsAesExpandKeyEx(&ctx->key, key, keylen, 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_AES_XTS_INIT_INTERNAL, - "SymCryptXtsAesExpandKeyEx failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptXtsAesExpandKeyEx failed", scError); return SCOSSL_FAILURE; } } diff --git a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c index 987642b..137af01 100644 --- a/SymCryptProvider/src/kdf/p_scossl_kbkdf.c +++ b/SymCryptProvider/src/kdf/p_scossl_kbkdf.c @@ -145,8 +145,7 @@ static SCOSSL_STATUS p_scossl_kbkdf_kmac_derive(_In_ SCOSSL_PROV_KBKDF_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KBKDF_KMAC_DERIVE, - "SymCryptKmacXXXExpandKey failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptKmacXXXExpandKey failed", scError); goto cleanup; } @@ -205,8 +204,7 @@ static SCOSSL_STATUS p_scossl_kbkdf_derive(_In_ SCOSSL_PROV_KBKDF_CTX *ctx, key, keylen); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KBKDF_DERIVE, - "SymCryptSp800_108 failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptSp800_108 failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/keyexch/p_scossl_dh.c b/SymCryptProvider/src/keyexch/p_scossl_dh.c index 6fde7f0..1aaf7cd 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_dh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_dh.c @@ -196,16 +196,14 @@ static SCOSSL_STATUS p_scossl_dh_X9_42_derive(_In_ SCOSSL_DH_CTX *ctx, cbAgreedSecret); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, - "SymCryptDhSecretAgreement failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDhSecretAgreement failed", scError); goto cleanup; } if ((kdf = EVP_KDF_fetch(ctx->libCtx, OSSL_KDF_NAME_X942KDF_ASN1, NULL)) == NULL || (kdfCtx = EVP_KDF_CTX_new(kdf)) == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_DH_X9_42_DERIVE, ERR_R_INTERNAL_ERROR, - "Failed to create X9.42 KDF context"); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "Failed to create X9.42 KDF context"); goto cleanup; } @@ -269,8 +267,7 @@ static SCOSSL_STATUS p_scossl_dh_plain_derive(_In_ SCOSSL_DH_CTX *ctx, cbAgreedSecret); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_PLAIN_DERIVE, - "SymCryptDhSecretAgreement failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDhSecretAgreement failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c index f396e46..14015cf 100644 --- a/SymCryptProvider/src/keyexch/p_scossl_ecdh.c +++ b/SymCryptProvider/src/keyexch/p_scossl_ecdh.c @@ -142,8 +142,7 @@ static SCOSSL_STATUS p_scossl_ecdh_derive(_In_ SCOSSL_ECDH_CTX *ctx, cbSecretBuf); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECDH_DERIVE, - "SymCryptEcDhSecretAgreement failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEcDhSecretAgreement failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c index 7426e3a..061e074 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_dh_keymgmt.c @@ -379,8 +379,7 @@ static SCOSSL_STATUS p_scossl_dh_params_to_group(_In_ OSSL_LIB_CTX *libCtx, _In_ pDlGroupTmp); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_PARAMS_TO_GROUP, - "SymCryptDlgroupSetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlgroupSetValue failed", scError); goto cleanup; } @@ -635,8 +634,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_set_params(_In_ SCOSSL_PROV_DH_KEY_CTX SymCryptDlkeyFree(ctx->keyCtx->dlkey); ctx->keyCtx->dlkey = NULL; - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_SET_PARAMS, - "SymCryptDlkeySetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeySetValue failed", scError); return SCOSSL_FAILURE; } @@ -728,8 +726,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_ffc_params(_In_ SYMCRYPT_DLGROUP *p if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_FFC_PARAMS, - "SymCryptDlgroupGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlgroupGetValue failed", scError); goto cleanup; } } @@ -863,8 +860,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_key_params(_In_ SCOSSL_DH_KEY_CTX * 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_KEY_PARAMS, - "SymCryptDlkeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -965,8 +961,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_get_params(_In_ SCOSSL_PROV_DH_KEY_CTX int dlGroupNid = scossl_dh_get_group_nid(SymCryptDlkeyGetGroup(ctx->keyCtx->dlkey)); if (dlGroupNid == 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_GET_PARAMS, ERR_R_INTERNAL_ERROR, - "Failed to get NID for previously set group in DH key context"); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "Failed to get NID for previously set group in DH key context"); return SCOSSL_FAILURE; } @@ -1077,8 +1072,7 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, - "SymCryptDlkeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -1090,8 +1084,7 @@ static BOOL p_scossl_dh_keymgmt_match(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx1, _In_ SC 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_MATCH, - "SymCryptDlkeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeyGetValue failed", scError); goto cleanup; } @@ -1312,8 +1305,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx if (cbPrimeP == 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, ERR_R_INTERNAL_ERROR, - "SymCryptDlgroupGetSizes returned 0 for prime P size"); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "SymCryptDlgroupGetSizes returned 0 for prime P size"); goto cleanup; } @@ -1355,8 +1347,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx &genCounter); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, - "SymCryptDlgroupGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlgroupGetValue failed", scError); goto cleanup; } @@ -1437,8 +1428,7 @@ static SCOSSL_STATUS p_scossl_dh_keymgmt_export(_In_ SCOSSL_PROV_DH_KEY_CTX *ctx 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_DH_KEYMGMT_EXPORT, - "SymCryptDlkeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptDlkeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c index 76e6d8d..938a197 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_ecc_keymgmt.c @@ -219,8 +219,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keymgmt_dup_ctx(_In_ const SCOSSL_ECC_KE 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, - "SymCryptEckeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -240,8 +239,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keymgmt_dup_ctx(_In_ const SCOSSL_ECC_KE copyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_DUP_CTX, - "SymCryptEckeySetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -449,8 +447,7 @@ static SCOSSL_ECC_KEY_CTX *p_scossl_ecc_keygen(_In_ SCOSSL_ECC_KEYGEN_CTX *genCt scError = SymCryptEckeySetRandom(SYMCRYPT_FLAG_ECKEY_ECDH, keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYGEN, - "SymCryptEckeySetRandom failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetRandom failed", scError); goto cleanup; } @@ -501,8 +498,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_pubkey_point(_In_ SCOSSL_ECC_KEY_C 0 ); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PUBKEY_POINT, - "SymCryptEckeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -793,8 +789,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_set_params(_Inout_ SCOSSL_ECC_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_SET_PARAMS, - "SymCryptEckeySetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -976,8 +971,7 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, - "SymCryptEckeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -990,8 +984,7 @@ static BOOL p_scossl_ecc_keymgmt_match(_In_ SCOSSL_ECC_KEY_CTX *keyCtx1, _In_ SC 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_MATCH, - "SymCryptEckeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -1197,8 +1190,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_import(_Inout_ SCOSSL_ECC_KEY_CTX *key keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_IMPORT, - "SymCryptEckeySetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -1386,8 +1378,7 @@ static SCOSSL_STATUS p_scossl_x25519_keymgmt_import(_Inout_ SCOSSL_ECC_KEY_CTX * keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_X25519_KEYMGMT_IMPORT, - "SymCryptEckeySetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeySetValue failed", scError); goto cleanup; } @@ -1451,8 +1442,7 @@ static SCOSSL_STATUS p_scossl_x25519_keymgmt_export(_In_ SCOSSL_ECC_KEY_CTX *key if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_X25519_KEYMGMT_EXPORT, - "SymCryptEckeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -1589,8 +1579,7 @@ static SCOSSL_STATUS p_scossl_ecc_keymgmt_get_private_key(SCOSSL_ECC_KEY_CTX *ke if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_KEYMGMT_GET_PRIVATE_KEY, - "SymCryptEckeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } diff --git a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c index 15b1a44..bd6a999 100644 --- a/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c +++ b/SymCryptProvider/src/keymgmt/p_scossl_rsa_keymgmt.c @@ -188,8 +188,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_dup_keydata(_In_ PCSYMCRYPT_RSAKEY fro 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, - "SymCryptRsakeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -215,8 +214,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_dup_keydata(_In_ PCSYMCRYPT_RSAKEY fro *toKey); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_DUP_KEYDATA, - "SymCryptRsakeySetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeySetValue failed", scError); goto cleanup; } @@ -426,8 +424,7 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keygen(_In_ SCOSSL_RSA_KEYGEN_CTX * keyCtx->key = SymCryptRsakeyAllocate(&symcryptRsaParam, 0); if (keyCtx->key == NULL) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYGEN, ERR_R_INTERNAL_ERROR, - "SymCryptRsakeyAllocate failed"); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "SymCryptRsakeyAllocate failed"); goto cleanup; } @@ -435,8 +432,7 @@ static SCOSSL_PROV_RSA_KEY_CTX *p_scossl_rsa_keygen(_In_ SCOSSL_RSA_KEYGEN_CTX * scError = SymCryptRsakeyGenerate(keyCtx->key, pPubExp64, genCtx->nPubExp, SYMCRYPT_FLAG_RSAKEY_SIGN | SYMCRYPT_FLAG_RSAKEY_ENCRYPT); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYGEN, - "SymCryptRsakeyGenerate failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGenerate failed", scError); goto cleanup; } @@ -681,8 +677,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_keydata(_In_ SCOSSL_PROV_RSA_KEY_C 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, - "SymCryptRsakeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -703,8 +698,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_keydata(_In_ SCOSSL_PROV_RSA_KEY_C if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_KEYDATA, - "SymCryptStoreLsbFirstUint64 failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptStoreLsbFirstUint64 failed", scError); goto cleanup; } @@ -842,8 +836,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_get_crt_keydata(_In_ SCOSSL_PROV_RSA_K 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_GET_CRT_KEYDATA, - "SymCryptRsakeyGetCrtValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -1000,8 +993,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, - "SymCryptRsakeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -1014,8 +1006,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, - "SymCryptRsakeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetValue failed", scError); goto cleanup; } @@ -1049,8 +1040,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, - "SymCryptRsakeyGetCrtValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -1063,8 +1053,7 @@ static BOOL p_scossl_rsa_keymgmt_match(_In_ SCOSSL_PROV_RSA_KEY_CTX *keyCtx1, _I 0); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_MATCH, - "SymCryptRsakeyGetCrtValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeyGetCrtValue failed", scError); goto cleanup; } @@ -1224,8 +1213,7 @@ static SCOSSL_STATUS p_scossl_rsa_keymgmt_import(_Inout_ SCOSSL_PROV_RSA_KEY_CTX keyCtx->key); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_RSA_KEYMGMT_IMPORT, - "SymCryptRsakeySetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptRsakeySetValue failed", scError); goto cleanup; } } diff --git a/SymCryptProvider/src/mac/p_scossl_kmac.c b/SymCryptProvider/src/mac/p_scossl_kmac.c index 2540e8c..7083f82 100644 --- a/SymCryptProvider/src/mac/p_scossl_kmac.c +++ b/SymCryptProvider/src/mac/p_scossl_kmac.c @@ -137,8 +137,7 @@ static SCOSSL_STATUS p_scossl_kmac_init(_Inout_ SCOSSL_KMAC_CTX *ctx, if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KMAC_INIT, - "SymCryptKmacXXXExpandKeyEx failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptKmacXXXExpandKeyEx failed", scError); return SCOSSL_FAILURE; } } @@ -280,8 +279,7 @@ static SCOSSL_STATUS p_scossl_kmac_set_ctx_params(_Inout_ SCOSSL_KMAC_CTX *ctx, ctx->customizationString, ctx->cbCustomizationString); if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_KMAC_SET_CTX_PARAMS, - "SymCryptKmacXXXExpandKeyEx failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptKmacXXXExpandKeyEx failed", scError); return SCOSSL_FAILURE; } diff --git a/SymCryptProvider/src/p_scossl_ecc.c b/SymCryptProvider/src/p_scossl_ecc.c index d3bbba5..7351c1f 100644 --- a/SymCryptProvider/src/p_scossl_ecc.c +++ b/SymCryptProvider/src/p_scossl_ecc.c @@ -69,8 +69,7 @@ SCOSSL_STATUS p_scossl_ecc_get_encoded_public_key(const SCOSSL_ECC_KEY_CTX *keyC if (scError != SYMCRYPT_NO_ERROR) { - SCOSSL_LOG_SYMCRYPT_ERROR(SCOSSL_ERR_F_PROV_ECC_GET_ENCODED_PUBLIC_KEY, - "SymCryptEckeyGetValue failed", scError); + SCOSSL_PROV_LOG_SYMCRYPT_ERROR("SymCryptEckeyGetValue failed", scError); goto cleanup; } @@ -144,7 +143,7 @@ void p_scossl_ecc_init_keysinuse(SCOSSL_ECC_KEY_CTX *keyCtx) } else { - SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_ECC_INIT_KEYSINUSE, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, "p_scossl_ecc_get_encoded_public_key failed: %s", ERR_error_string(ERR_get_error(), NULL)); } diff --git a/SymCryptProvider/src/p_scossl_keysinuse.c b/SymCryptProvider/src/p_scossl_keysinuse.c index c4b660e..775a093 100644 --- a/SymCryptProvider/src/p_scossl_keysinuse.c +++ b/SymCryptProvider/src/p_scossl_keysinuse.c @@ -124,7 +124,7 @@ static void p_scossl_keysinuse_init_once() if ((procPath = OPENSSL_malloc(cbProcPath)) != NULL && (cbProcPathUsed = readlink(symlinkPath, procPath, cbProcPath)) == -1) { - SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, "Failed to get process path from /proc/%d/exe with error %d", pid, errno); OPENSSL_free(procPath); procPath = NULL; @@ -138,7 +138,7 @@ static void p_scossl_keysinuse_init_once() if ((prefix = OPENSSL_malloc(prefix_size + 1)) == NULL || snprintf(prefix, prefix_size + 1, "%ld,%.*s", initTime, cbProcPathUsed, procPath) < 0) { - SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_KEYSINUSE_INIT_ONCE, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, "Failed to generate logging prefix with error %d", errno); OPENSSL_free(prefix); prefix = (char*)default_prefix; diff --git a/SymCryptProvider/src/p_scossl_rsa.c b/SymCryptProvider/src/p_scossl_rsa.c index f52a4bf..2c4cb9f 100644 --- a/SymCryptProvider/src/p_scossl_rsa.c +++ b/SymCryptProvider/src/p_scossl_rsa.c @@ -178,8 +178,8 @@ void p_scossl_rsa_pss_restrictions_get_defaults(SCOSSL_RSA_PSS_RESTRICTIONS* pss pssRestrictions->mgf1MdInfo = &p_scossl_rsa_supported_mds[SCOSSL_PROV_RSA_PSS_DEFAULT_MD]; pssRestrictions->cbSaltMin = SCOSSL_PROV_RSA_PSS_DEFAULT_SALTLEN_MIN; } -} - +} + #ifdef KEYSINUSE_ENABLED // KeyInUse requires the public key encoded in the same format as subjectPublicKey in a certificate. // This was done with i2d_RSAPublicKey for OpenSSL 1.1.1, but now must be done by the provider. @@ -207,14 +207,14 @@ SCOSSL_STATUS p_scossl_rsa_get_encoded_public_key(PCSYMCRYPT_RSAKEY key, if (rsaParams == NULL || !scossl_rsa_export_key(key, rsaParams)) { - SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, "scossl_rsa_export_key failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto cleanup; } if ((cbEncodedKey = i2d_SymcryptRsaPublicKey(rsaParams, &pbEncodedKey)) < 0) { - SCOSSL_LOG_DEBUG(SCOSSL_ERR_F_PROV_RSA_GET_ENCODED_PUBLIC_KEY, SCOSSL_ERR_R_KEYSINUSE_FAILURE, + SCOSSL_PROV_LOG_DEBUG(SCOSSL_ERR_R_KEYSINUSE_FAILURE, "i2d_SymcryptRsaPublicKey failed: %s", ERR_error_string(ERR_get_error(), NULL)); goto cleanup; } diff --git a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c index 2db78aa..b908e93 100644 --- a/SymCryptProvider/src/signature/p_scossl_rsa_signature.c +++ b/SymCryptProvider/src/signature/p_scossl_rsa_signature.c @@ -765,8 +765,7 @@ static ASN1_STRING *p_scossl_rsa_pss_params_to_asn1_sequence(_In_ SCOSSL_RSA_SIG if (cbSalt < 0) { - SCOSSL_LOG_ERROR(SCOSSL_ERR_F_PROV_RSA_PSS_PARAMS_TO_ASN1_SEQUENCE, ERR_R_INTERNAL_ERROR, - "Invalid salt length in key context"); + SCOSSL_PROV_LOG_ERROR(ERR_R_INTERNAL_ERROR, "Invalid salt length in key context"); goto cleanup; } }