Don't mix and match libraries and errors. The same library code applies for both the error and the function, so modules cannot easily report errors from each other. Switch evp/algorithm.c's error codes to the EVP library. Remove the original error codes so it's obvious some changes are needed. - X509_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED -> EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED -> EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED (Actually, the X509 version of this error code doesn't exist in OpenSSL. It should have been ASN1.) - ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM -> EVP_R_UNKNOWN_SIGNATURE_ALGORITHM - ASN1_R_WRONG_PUBLIC_KEY_TYPE -> EVP_R_WRONG_PUBLIC_KEY_TYPE - ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM -> EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM Change-Id: I05b1a05b465d800c85f7d63ca74588edf40847b9 Reviewed-on: https://boringssl-review.googlesource.com/1940 Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/asn1/asn1_error.c b/crypto/asn1/asn1_error.c index 81b9aff..8253322 100644 --- a/crypto/asn1/asn1_error.c +++ b/crypto/asn1/asn1_error.c
@@ -98,7 +98,6 @@ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODE_ERROR), "DECODE_ERROR"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DECODING_ERROR), "DECODING_ERROR"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DEPTH_EXCEEDED), "DEPTH_EXCEEDED"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), "DIGEST_AND_KEY_TYPE_NOT_SUPPORTED"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ENCODE_ERROR), "ENCODE_ERROR"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_GETTING_TIME), "ERROR_GETTING_TIME"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_ERROR_LOADING_SECTION), "ERROR_LOADING_SECTION"}, @@ -188,17 +187,14 @@ {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNEXPECTED_EOC), "UNEXPECTED_EOC"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNIVERSALSTRING_IS_WRONG_LENGTH), "UNIVERSALSTRING_IS_WRONG_LENGTH"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_FORMAT), "UNKNOWN_FORMAT"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), "UNKNOWN_MESSAGE_DIGEST_ALGORITHM"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_OBJECT_TYPE), "UNKNOWN_OBJECT_TYPE"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_PUBLIC_KEY_TYPE), "UNKNOWN_PUBLIC_KEY_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM), "UNKNOWN_SIGNATURE_ALGORITHM"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNKNOWN_TAG), "UNKNOWN_TAG"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE), "UNSUPPORTED_ANY_DEFINED_BY_TYPE"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_CIPHER), "UNSUPPORTED_CIPHER"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM), "UNSUPPORTED_ENCRYPTION_ALGORITHM"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "UNSUPPORTED_PUBLIC_KEY_TYPE"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_UNSUPPORTED_TYPE), "UNSUPPORTED_TYPE"}, - {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_PUBLIC_KEY_TYPE), "WRONG_PUBLIC_KEY_TYPE"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TAG), "WRONG_TAG"}, {ERR_PACK(ERR_LIB_ASN1, 0, ASN1_R_WRONG_TYPE), "WRONG_TYPE"}, {0, NULL},
diff --git a/crypto/evp/algorithm.c b/crypto/evp/algorithm.c index 4ec111b..ea28dfa 100644 --- a/crypto/evp/algorithm.c +++ b/crypto/evp/algorithm.c
@@ -66,9 +66,6 @@ #include "internal.h" -/* These functions use error codes under the ASN1 and X509 namespaces for - * compatibility with OpenSSL. */ - int EVP_DigestSignAlgorithm(EVP_MD_CTX *ctx, X509_ALGOR *algor) { const EVP_MD *digest; EVP_PKEY *pkey; @@ -101,7 +98,7 @@ if (!OBJ_find_sigid_by_algs(&sign_nid, EVP_MD_type(digest), pkey->ameth->pkey_id)) { OPENSSL_PUT_ERROR(EVP, EVP_DigestSignAlgorithm, - X509_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); + EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED); return 0; } @@ -126,7 +123,7 @@ if (!OBJ_find_sigid_algs(OBJ_obj2nid(algor->algorithm), &digest_nid, &pkey_nid)) { OPENSSL_PUT_ERROR(EVP, EVP_DigestVerifyInitFromAlgorithm, - ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + EVP_R_UNKNOWN_SIGNATURE_ALGORITHM); return 0; } @@ -134,7 +131,7 @@ ameth = EVP_PKEY_asn1_find(NULL, pkey_nid); if (ameth == NULL || ameth->pkey_id != pkey->ameth->pkey_id) { OPENSSL_PUT_ERROR(EVP, EVP_DigestVerifyInitFromAlgorithm, - ASN1_R_WRONG_PUBLIC_KEY_TYPE); + EVP_R_WRONG_PUBLIC_KEY_TYPE); return 0; } @@ -142,7 +139,7 @@ if (digest_nid == NID_undef) { if (!pkey->ameth || !pkey->ameth->digest_verify_init_from_algorithm) { OPENSSL_PUT_ERROR(EVP, EVP_DigestVerifyInitFromAlgorithm, - ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM); + EVP_R_UNKNOWN_SIGNATURE_ALGORITHM); return 0; } @@ -153,7 +150,7 @@ digest = EVP_get_digestbynid(digest_nid); if (digest == NULL) { OPENSSL_PUT_ERROR(EVP, EVP_DigestVerifyInitFromAlgorithm, - ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); + EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM); return 0; }
diff --git a/crypto/evp/evp_error.c b/crypto/evp/evp_error.c index fae1aa7..d2d8aba 100644 --- a/crypto/evp/evp_error.c +++ b/crypto/evp/evp_error.c
@@ -68,6 +68,7 @@ {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_rsa_encrypt, 0), "pkey_rsa_encrypt"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_pkey_rsa_sign, 0), "pkey_rsa_sign"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_algor_to_md, 0), "rsa_algor_to_md"}, + {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_digest_verify_init_from_algorithm, 0), "rsa_digest_verify_init_from_algorithm"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_item_verify, 0), "rsa_item_verify"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_mgf1_to_md, 0), "rsa_mgf1_to_md"}, {ERR_PACK(ERR_LIB_EVP, EVP_F_rsa_priv_decode, 0), "rsa_priv_decode"}, @@ -80,6 +81,7 @@ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DECODE_ERROR), "DECODE_ERROR"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_KEY_TYPES), "DIFFERENT_KEY_TYPES"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIFFERENT_PARAMETERS), "DIFFERENT_PARAMETERS"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), "DIGEST_AND_KEY_TYPE_NOT_SUPPORTED"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_DIGEST_DOES_NOT_MATCH), "DIGEST_DOES_NOT_MATCH"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_DSA_KEY), "EXPECTING_AN_DSA_KEY"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_EXPECTING_AN_EC_KEY_KEY), "EXPECTING_AN_EC_KEY_KEY"}, @@ -114,12 +116,15 @@ {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_SHARED_INFO_ERROR), "SHARED_INFO_ERROR"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_DIGEST), "UNKNOWN_DIGEST"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_MASK_DIGEST), "UNKNOWN_MASK_DIGEST"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM), "UNKNOWN_MESSAGE_DIGEST_ALGORITHM"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_PUBLIC_KEY_TYPE), "UNKNOWN_PUBLIC_KEY_TYPE"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNKNOWN_SIGNATURE_ALGORITHM), "UNKNOWN_SIGNATURE_ALGORITHM"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_ALGORITHM), "UNSUPPORTED_ALGORITHM"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_MASK_ALGORITHM), "UNSUPPORTED_MASK_ALGORITHM"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_MASK_PARAMETER), "UNSUPPORTED_MASK_PARAMETER"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE), "UNSUPPORTED_PUBLIC_KEY_TYPE"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_UNSUPPORTED_SIGNATURE_TYPE), "UNSUPPORTED_SIGNATURE_TYPE"}, + {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_WRONG_PUBLIC_KEY_TYPE), "WRONG_PUBLIC_KEY_TYPE"}, {ERR_PACK(ERR_LIB_EVP, 0, EVP_R_X931_UNSUPPORTED), "X931_UNSUPPORTED"}, {0, NULL}, };
diff --git a/crypto/evp/p_rsa_asn1.c b/crypto/evp/p_rsa_asn1.c index ab83a8e..40012b3 100644 --- a/crypto/evp/p_rsa_asn1.c +++ b/crypto/evp/p_rsa_asn1.c
@@ -656,7 +656,8 @@ EVP_PKEY *pkey) { /* Sanity check: make sure it is PSS */ if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { - OPENSSL_PUT_ERROR(EVP, rsa_item_verify, EVP_R_UNSUPPORTED_SIGNATURE_TYPE); + OPENSSL_PUT_ERROR(EVP, rsa_digest_verify_init_from_algorithm, + EVP_R_UNSUPPORTED_SIGNATURE_TYPE); return 0; } return rsa_pss_to_ctx(ctx, sigalg, pkey);
diff --git a/crypto/x509/x509_error.c b/crypto/x509/x509_error.c index f8f6847..d521281 100644 --- a/crypto/x509/x509_error.c +++ b/crypto/x509/x509_error.c
@@ -92,7 +92,6 @@ {ERR_PACK(ERR_LIB_X509, 0, X509_R_CONTEXT_NOT_INITIALISED), "CONTEXT_NOT_INITIALISED"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_ALREADY_DELTA), "CRL_ALREADY_DELTA"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_CRL_VERIFY_FAILURE), "CRL_VERIFY_FAILURE"}, - {ERR_PACK(ERR_LIB_X509, 0, X509_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED), "DIGEST_AND_KEY_TYPE_NOT_SUPPORTED"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_ERR_ASN1_LIB), "ERR_ASN1_LIB"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_IDP_MISMATCH), "IDP_MISMATCH"}, {ERR_PACK(ERR_LIB_X509, 0, X509_R_INVALID_DIRECTORY), "INVALID_DIRECTORY"},
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h index a64572c..752100e 100644 --- a/include/openssl/asn1.h +++ b/include/openssl/asn1.h
@@ -1161,7 +1161,6 @@ #define ASN1_R_NOT_ENOUGH_DATA 111 #define ASN1_R_MSTRING_NOT_UNIVERSAL 112 #define ASN1_R_UNKNOWN_FORMAT 113 -#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 114 #define ASN1_R_BAD_PASSWORD_READ 115 #define ASN1_R_BAD_OBJECT_HEADER 116 #define ASN1_R_ILLEGAL_CHARACTERS 117 @@ -1227,7 +1226,6 @@ #define ASN1_R_UNSUPPORTED_PUBLIC_KEY_TYPE 177 #define ASN1_R_BUFFER_TOO_SMALL 178 #define ASN1_R_INVALID_UNIVERSALSTRING_LENGTH 179 -#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 180 #define ASN1_R_UNSUPPORTED_ENCRYPTION_ALGORITHM 181 #define ASN1_R_MIME_PARSE_ERROR 182 #define ASN1_R_INVALID_OBJECT_ENCODING 183 @@ -1248,7 +1246,6 @@ #define ASN1_R_NON_HEX_CHARACTERS 198 #define ASN1_R_UNSUPPORTED_ANY_DEFINED_BY_TYPE 199 #define ASN1_R_EXPECTING_AN_ASN1_SEQUENCE 201 -#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 202 #define ASN1_R_STRING_TOO_SHORT 203 #define ASN1_R_ILLEGAL_OPTIONAL_ANY 204 #define ASN1_R_BMPSTRING_IS_WRONG_LENGTH 205 @@ -1269,6 +1266,5 @@ #define ASN1_R_ERROR_PARSING_SET_ELEMENT 220 #define ASN1_R_WRONG_TAG 221 #define ASN1_R_BOOLEAN_IS_WRONG_LENGTH 222 -#define ASN1_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 223 #endif
diff --git a/include/openssl/evp.h b/include/openssl/evp.h index fcbb085..e3922a3 100644 --- a/include/openssl/evp.h +++ b/include/openssl/evp.h
@@ -836,6 +836,7 @@ #define EVP_F_hmac_signctx 154 #define EVP_F_EVP_DigestVerifyInitFromAlgorithm 155 #define EVP_F_EVP_DigestSignAlgorithm 156 +#define EVP_F_rsa_digest_verify_init_from_algorithm 157 #define EVP_R_UNSUPPORTED_PUBLIC_KEY_TYPE 100 #define EVP_R_UNSUPPORTED_SIGNATURE_TYPE 101 #define EVP_R_INVALID_DIGEST_TYPE 102 @@ -883,5 +884,9 @@ #define EVP_R_INVALID_PSS_SALTLEN 144 #define EVP_R_UNKNOWN_PUBLIC_KEY_TYPE 145 #define EVP_R_CONTEXT_NOT_INITIALISED 146 +#define EVP_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 147 +#define EVP_R_WRONG_PUBLIC_KEY_TYPE 148 +#define EVP_R_UNKNOWN_SIGNATURE_ALGORITHM 149 +#define EVP_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 150 #endif /* OPENSSL_HEADER_EVP_H */
diff --git a/include/openssl/x509.h b/include/openssl/x509.h index 1d67ed3..398bec7 100644 --- a/include/openssl/x509.h +++ b/include/openssl/x509.h
@@ -1294,7 +1294,6 @@ #define X509_R_UNKNOWN_PURPOSE_ID 116 #define X509_R_NEWER_CRL_NOT_NEWER 117 #define X509_R_UNKNOWN_TRUST_ID 118 -#define X509_R_DIGEST_AND_KEY_TYPE_NOT_SUPPORTED 119 #define X509_R_KEY_TYPE_MISMATCH 120 #define X509_R_UNKNOWN_KEY_TYPE 121 #define X509_R_BAD_X509_FILETYPE 122