diff options
author | Timo Teräs <timo.teras@iki.fi> | 2024-04-09 10:52:03 +0300 |
---|---|---|
committer | Timo Teräs <timo.teras@iki.fi> | 2024-04-09 10:53:31 +0300 |
commit | 6f246599b393f40773b6ceb2a68d81d49112be9d (patch) | |
tree | a6425706d1119f9423189405ee409ea1c537defd | |
parent | f9eaeb6429325eeb5a17ed771fd477be9227fe15 (diff) |
crypto: improve error handling and message
-rw-r--r-- | src/apk_defines.h | 2 | ||||
-rw-r--r-- | src/crypto_openssl.c | 14 | ||||
-rw-r--r-- | src/print.c | 2 |
3 files changed, 10 insertions, 8 deletions
diff --git a/src/apk_defines.h b/src/apk_defines.h index 78d37e1..96e3add 100644 --- a/src/apk_defines.h +++ b/src/apk_defines.h @@ -42,7 +42,7 @@ enum { APKE_CRYPTO_ERROR, APKE_CRYPTO_NOT_SUPPORTED, APKE_CRYPTO_KEY_FORMAT, - APKE_SIGNATURE_FAIL, + APKE_SIGNATURE_GEN_FAILURE, APKE_SIGNATURE_UNTRUSTED, APKE_SIGNATURE_INVALID, APKE_FORMAT_INVALID, diff --git a/src/crypto_openssl.c b/src/crypto_openssl.c index 9f94f7d..59320e5 100644 --- a/src/crypto_openssl.c +++ b/src/crypto_openssl.c @@ -101,15 +101,17 @@ static int apk_pkey_init(struct apk_pkey *pkey, EVP_PKEY *key) { unsigned char dig[EVP_MAX_MD_SIZE], *pub = NULL; unsigned int dlen = sizeof dig; - int len; + int len, r = -APKE_CRYPTO_ERROR; if ((len = i2d_PublicKey(key, &pub)) < 0) return -APKE_CRYPTO_ERROR; - EVP_Digest(pub, len, dig, &dlen, EVP_sha512(), NULL); - memcpy(pkey->id, dig, sizeof pkey->id); + if (EVP_Digest(pub, len, dig, &dlen, EVP_sha512(), NULL) == 1) { + memcpy(pkey->id, dig, sizeof pkey->id); + r = 0; + } OPENSSL_free(pub); - pkey->key = key; - return 0; + + return r; } void apk_pkey_free(struct apk_pkey *pkey) @@ -154,7 +156,7 @@ int apk_sign_start(struct apk_digest_ctx *dctx, uint8_t alg, struct apk_pkey *pk int apk_sign(struct apk_digest_ctx *dctx, void *sig, size_t *len) { if (EVP_DigestSignFinal(dctx->mdctx, sig, len) != 1) - return -APKE_SIGNATURE_FAIL; + return -APKE_SIGNATURE_GEN_FAILURE; return 0; } diff --git a/src/print.c b/src/print.c index 0910676..808d74f 100644 --- a/src/print.c +++ b/src/print.c @@ -35,7 +35,7 @@ const char *apk_error_str(int error) case APKE_CRYPTO_ERROR: return "crypto error"; case APKE_CRYPTO_NOT_SUPPORTED: return "cryptographic algorithm not supported"; case APKE_CRYPTO_KEY_FORMAT: return "cryptographic key format not recognized"; - case APKE_SIGNATURE_FAIL: return "signing failure"; + case APKE_SIGNATURE_GEN_FAILURE: return "signing failure"; case APKE_SIGNATURE_UNTRUSTED: return "UNTRUSTED signature"; case APKE_SIGNATURE_INVALID: return "BAD signature"; case APKE_FORMAT_INVALID: return "file format is invalid or inconsistent"; |