static int
out_element(struct soap *soap, const struct soap_dom_element *node, const char *prefix, const char *name)
{ if (node->head && soap_send(soap, node->head))
return soap->error;
if (node->type && node->node)
{ if (prefix && *prefix)
{ char *s = (char*)SOAP_MALLOC(soap, strlen(prefix) + strlen(name) + 2);
if (!s)
return soap->error = SOAP_EOM;
sprintf(s, "%s:%s", prefix, name);
soap_putelement(soap, node->node, s, 0, node->type);
SOAP_FREE(soap, s);
}
else
return soap_putelement(soap, node->node, name, 0, node->type);
}
else if (prefix && *prefix)
{ char *s;
if (strlen(prefix) + strlen(name) < sizeof(soap->msgbuf))
s = soap->msgbuf;
else
{ s = (char*)SOAP_MALLOC(soap, strlen(prefix) + strlen(name) + 2);
if (!s)
return soap->error = SOAP_EOM;
}
sprintf(s, "%s:%s", prefix, name);
if (soap_element(soap, s, 0, NULL)) /* element() */
return soap->error;
if (s != soap->msgbuf)
SOAP_FREE(soap, s);
}
else if (*name != '-')
return soap_element(soap, name, 0, NULL); /* element() */
return soap->error;
}
/**
@fn int soap_smd_init(struct soap *soap, struct soap_smd_data *data, int alg, const void *key, int keylen)
@brief Initiates a (signed) digest computation.
@param soap context
@param[in,out] data smdevp engine context
@param[in] alg is algorithm to use
@param[in] key is key to use or NULL for digests
@param[in] keylen is length of HMAC key (when provided)
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_smd_init(struct soap *soap, struct soap_smd_data *data, int alg, const void *key, int keylen)
{ static int done = 0;
int err = 1;
#ifdef WITH_OPENSSL
/* OpenSSL: make sure we have the digest algorithms, need to call just once */
if (!done)
{ done = 1;
OpenSSL_add_all_digests();
OpenSSL_add_all_algorithms();
}
#endif
/* the algorithm to use */
data->alg = alg;
/* the key to use */
data->key = key;
/* allocate and init the OpenSSL HMAC or EVP_MD context */
if ((alg & (SOAP_SMD_PASSTHRU-1)) == SOAP_SMD_HMAC_SHA1)
{ data->ctx = (void*)SOAP_MALLOC(soap, sizeof(HMAC_CTX));
HMAC_CTX_init((HMAC_CTX*)data->ctx);
}
else
{ data->ctx = (void*)SOAP_MALLOC(soap, sizeof(EVP_MD_CTX));
EVP_MD_CTX_init((EVP_MD_CTX*)data->ctx);
}
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Init alg=%d (%p) --\n", alg, data->ctx));
/* init the digest or signature computations */
switch (alg & (SOAP_SMD_PASSTHRU-1))
{ case SOAP_SMD_DGST_MD5:
EVP_DigestInit((EVP_MD_CTX*)data->ctx, EVP_md5());
break;
case SOAP_SMD_DGST_SHA1:
EVP_DigestInit((EVP_MD_CTX*)data->ctx, EVP_sha1());
break;
case SOAP_SMD_DGST_SHA256:
EVP_DigestInit((EVP_MD_CTX*)data->ctx, EVP_sha256());
break;
case SOAP_SMD_HMAC_SHA1:
HMAC_Init((HMAC_CTX*)data->ctx, key, keylen, EVP_sha1());
break;
case SOAP_SMD_SIGN_DSA_SHA1:
err = EVP_SignInit((EVP_MD_CTX*)data->ctx, EVP_dss1());
break;
case SOAP_SMD_SIGN_RSA_SHA1:
err = EVP_SignInit((EVP_MD_CTX*)data->ctx, EVP_sha1());
break;
case SOAP_SMD_SIGN_RSA_SHA256:
err = EVP_SignInit((EVP_MD_CTX*)data->ctx, EVP_sha256());
break;
case SOAP_SMD_VRFY_DSA_SHA1:
err = EVP_VerifyInit((EVP_MD_CTX*)data->ctx, EVP_dss1());
break;
case SOAP_SMD_VRFY_RSA_SHA1:
err = EVP_VerifyInit((EVP_MD_CTX*)data->ctx, EVP_sha1());
break;
}
/* check and return */
return soap_smd_check(soap, data, err, "soap_smd_init() failed");
}
/**
@fn int soap_smd_begin(struct soap *soap, int alg, const void *key, int keylen)
@brief Initiates a digest or signature computation.
@param soap context
@param[in] alg is the digest or signature (sign/verification) algorithm used
@param[in] key is a HMAC key or pointer to EVP_PKEY object or NULL for digests
@param[in] keylen is the length of the HMAC key or 0
@return SOAP_OK, SOAP_EOM, or SOAP_SSL_ERROR
*/
int
soap_smd_begin(struct soap *soap, int alg, const void *key, int keylen)
{ struct soap_smd_data *data;
data = (struct soap_smd_data*)SOAP_MALLOC(soap, sizeof(struct soap_smd_data));
if (!data)
return soap->error = SOAP_EOM;
/* save and set the engine's 'data' field to pass data to the callbacks */
soap->data[0] = (void*)data;
/* save and override the send and recv callbacks */
data->fsend = soap->fsend;
data->frecv = soap->frecv;
soap->fsend = soap_smd_send;
soap->frecv = soap_smd_recv;
/* save the mode flag */
data->mode = soap->mode;
/* clear the IO flags and DOM flag */
soap->mode &= ~(SOAP_IO | SOAP_IO_LENGTH | SOAP_ENC_ZLIB | SOAP_XML_DOM);
/* clear the XML attribute store */
soap_clr_attr(soap);
/* load the local XML namespaces store */
soap_set_local_namespaces(soap);
if (soap->mode & SOAP_XML_CANONICAL)
soap->ns = 0; /* for in c14n, we must have all xmlns bindings available */
else if (!(alg & SOAP_SMD_PASSTHRU))
soap->ns = 2; /* we don't want leading whitespace in serialized XML */
/* init the soap_smd engine */
return soap_smd_init(soap, data, alg, key, keylen);
}
static int http_md5_copy(struct soap *soap, struct soap_plugin *dst, struct soap_plugin *src)
{ *dst = *src;
dst->data = (void*)SOAP_MALLOC(soap, sizeof(struct http_md5_data));
memcpy(dst->data, src->data, sizeof(struct http_md5_data));
((struct http_md5_data*)dst->data)->context = NULL;
return SOAP_OK;
}
static int
out_element(struct soap *soap, const struct soap_dom_element *node, const char *prefix, const char *name)
{ if (node->head && soap_send(soap, node->head))
return soap->error;
if (node->type && node->node)
{ if (prefix && *prefix)
{ size_t l = strlen(prefix) + strlen(name);
char *s = (char*)SOAP_MALLOC(soap, l + 2);
if (!s)
return soap->error = SOAP_EOM;
(SOAP_SNPRINTF(s, l + 2, l + 1), "%s:%s", prefix, name);
soap_putelement(soap, node->node, s, 0, node->type);
SOAP_FREE(soap, s);
}
else
return soap_putelement(soap, node->node, name, 0, node->type);
}
else if (prefix && *prefix)
{ size_t l = strlen(prefix) + strlen(name);
char *s;
if (l + 1 < sizeof(soap->msgbuf))
s = soap->msgbuf;
else
{ s = (char*)SOAP_MALLOC(soap, l + 2);
if (!s)
return soap->error = SOAP_EOM;
}
(SOAP_SNPRINTF(s, l + 2, l + 1), "%s:%s", prefix, name);
soap_element(soap, s, 0, NULL); /* element() */
if (s != soap->msgbuf)
SOAP_FREE(soap, s);
}
else if (*name != '-')
{ soap_mode m = soap->mode;
if ((soap->mode & SOAP_DOM_ASIS))
soap->mode &= ~SOAP_XML_INDENT;
soap_element(soap, name, 0, NULL); /* element() */
soap->mode = m;
}
return soap->error;
}
int http_md5(struct soap *soap, struct soap_plugin *p, void *arg)
{ p->id = http_md5_id;
p->data = (void*)SOAP_MALLOC(soap, sizeof(struct http_md5_data));
p->fcopy = http_md5_copy;
p->fdelete = http_md5_delete;
if (p->data)
if (http_md5_init(soap, (struct http_md5_data*)p->data))
{ SOAP_FREE(soap, p->data); /* error: could not init */
return SOAP_EOM; /* return error */
}
return SOAP_OK;
}
int http_da(struct soap *soap, struct soap_plugin *p, void *arg)
{
p->id = http_da_id;
p->data = (void*)SOAP_MALLOC(soap, sizeof(struct http_da_data));
p->fcopy = http_da_copy;
p->fdelete = http_da_delete;
if (p->data)
{
if (http_da_init(soap, (struct http_da_data*)p->data))
{
SOAP_FREE(soap, p->data);
return SOAP_EOM;
}
}
return SOAP_OK;
}
static int http_da_copy(struct soap *soap, struct soap_plugin *dst, struct soap_plugin *src)
{
dst->data = (void*)SOAP_MALLOC(soap, sizeof(struct http_da_data));
memcpy(dst->data, src->data, sizeof(struct http_da_data));
((struct http_da_data*)dst->data)->context = NULL;
memset(((struct http_da_data*)dst->data)->digest, 0, sizeof(((struct http_da_data*)dst->data)->digest));
((struct http_da_data*)dst->data)->nonce = NULL;
((struct http_da_data*)dst->data)->opaque = NULL;
((struct http_da_data*)dst->data)->qop = NULL;
((struct http_da_data*)dst->data)->alg = NULL;
((struct http_da_data*)dst->data)->nc = 0;
((struct http_da_data*)dst->data)->ncount = NULL;
((struct http_da_data*)dst->data)->cnonce = NULL;
((struct http_da_data*)dst->data)->response = NULL;
return SOAP_OK;
}
int md5_handler(struct soap *soap, void **context, enum md5_action action, char *buf, size_t len)
{
EVP_MD_CTX *ctx;
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned int size;
switch (action)
{
case MD5_INIT:
#ifdef WITH_OPENSSL
OpenSSL_add_all_digests();
#endif
if (!*context)
{
*context = (void*)SOAP_MALLOC(soap, sizeof(EVP_MD_CTX));
EVP_MD_CTX_init((EVP_MD_CTX*)*context);
}
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Init %p\n", ctx));
EVP_DigestInit(ctx, EVP_md5());
break;
case MD5_UPDATE:
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Update %p --\n", ctx));
DBGMSG(TEST, buf, len);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
EVP_DigestUpdate(ctx, (const void*)buf, (unsigned int)len);
break;
case MD5_FINAL:
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Final %p --\n", ctx));
EVP_DigestFinal(ctx, (unsigned char*)hash, &size);
memcpy(buf, hash, 16);
break;
case MD5_DELETE:
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Delete %p --\n", ctx));
if (ctx)
{
EVP_MD_CTX_cleanup(ctx);
SOAP_FREE(soap, ctx);
}
*context = NULL;
}
return SOAP_OK;
}
/* plugin registry function, invoked by soap_register_plugin */
int logging(struct soap *soap, struct soap_plugin *p, void *arg)
{
p->id = logging_id;
/* create local plugin data */
p->data = (void*)SOAP_MALLOC(soap, sizeof(struct logging_data));
/* register the destructor */
p->fdelete = logging_delete;
/* if OK then initialize */
if (p->data)
{
if (logging_init(soap, (struct logging_data*)p->data))
{
SOAP_FREE(soap, p->data); /* error: could not init */
return SOAP_EOM; /* return error */
}
}
return SOAP_OK;
}
int md5_handler(struct soap *soap, void **context, enum md5_action action, char *buf, size_t len)
{ EVP_MD_CTX *ctx;
unsigned char hash[EVP_MAX_MD_SIZE];
unsigned int size;
switch (action)
{ case MD5_INIT:
soap_ssl_init();
if (!*context)
{ *context = (void*)SOAP_MALLOC(soap, sizeof(EVP_MD_CTX));
EVP_MD_CTX_init((EVP_MD_CTX*)*context);
}
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Init %p\n", ctx));
EVP_DigestInit_ex(ctx, EVP_md5(), NULL);
break;
case MD5_UPDATE:
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Update %p (%lu) --\n", ctx, (unsigned long)len));
DBGMSG(TEST, buf, len);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
EVP_DigestUpdate(ctx, (const void*)buf, (unsigned int)len);
break;
case MD5_FINAL:
ctx = (EVP_MD_CTX*)*context;
EVP_DigestFinal_ex(ctx, (unsigned char*)hash, &size);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Final %p --\n", ctx));
DBGHEX(TEST, hash, size);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--"));
soap_memcpy((void*)buf, 16, (const void*)hash, 16);
break;
case MD5_DELETE:
ctx = (EVP_MD_CTX*)*context;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- MD5 Delete %p --\n", ctx));
if (ctx)
{ EVP_MD_CTX_cleanup(ctx);
SOAP_FREE(soap, ctx);
}
*context = NULL;
}
return SOAP_OK;
}
static int
out_attribute(struct soap *soap, const char *prefix, const char *name, const char *data, const wchar_t *wide, int flag)
{ char *s;
const char *t;
size_t l;
int err;
if (wide)
data = soap_wchar2s(soap, wide);
if (!prefix || !*prefix)
{ if (wide)
return soap_set_attr(soap, name, data, 2);
if (flag)
return soap_set_attr(soap, name, data, 1);
return soap_attribute(soap, name, data);
}
t = strchr(name, ':');
if (t)
t++;
else
t = name;
l = strlen(prefix) + strlen(t);
if (l + 1 < sizeof(soap->msgbuf))
s = soap->msgbuf;
else
{ s = (char*)SOAP_MALLOC(soap, l + 2);
if (!s)
return soap->error = SOAP_EOM;
}
(SOAP_SNPRINTF(s, l + 2, l + 1), "%s:%s", prefix, t);
if (wide)
err = soap_set_attr(soap, s, data, 2);
else if (flag)
err = soap_set_attr(soap, s, data, 1);
else
err = soap_attribute(soap, s, data);
if (s != soap->msgbuf)
SOAP_FREE(soap, s);
return err;
}
SOAP_FMAC1
int
SOAP_FMAC2
soap_out_xsd__anyType(struct soap *soap, const char *tag, int id, const struct soap_dom_element *node, const char *type)
{ if (node)
{ const char *prefix; /* namespace prefix, if namespace is present */
size_t colon;
if (!(soap->mode & SOAP_DOM_ASIS))
{ const struct soap_dom_attribute *att;
for (att = node->atts; att; att = att->next)
{ if (att->name && att->data && !strncmp(att->name, "xmlns:", 6))
{ if (soap_push_namespace(soap, att->name + 6, att->data) == NULL)
return soap->error;
}
else if (att->name && att->data && !strcmp(att->name, "xmlns"))
{ if (soap_push_namespace(soap, "", att->data) == NULL)
return soap->error;
}
}
}
if (node->name)
tag = node->name;
else if (!tag)
tag = "-";
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "DOM node '%s' output at level %u\n", tag, soap->level));
if ((prefix = strchr(tag, ':')))
{ colon = prefix - tag + 1;
if (colon > sizeof(soap->tag))
colon = sizeof(soap->tag);
}
else
colon = 0;
prefix = NULL;
if (node->nstr && *node->nstr && !(soap->mode & SOAP_DOM_ASIS))
{ if (colon)
{ strncpy(soap->tag, tag, colon - 1);
soap->tag[colon - 1] = '\0';
if ((prefix = soap_push_ns_prefix(soap, soap->tag, node->nstr, 1)) == NULL
|| out_element(soap, node, prefix, tag + colon))
return soap->error;
}
else
{ if ((prefix = soap_lookup_ns_prefix(soap, node->nstr)))
{ if (out_element(soap, node, prefix, tag + colon))
return soap->error;
}
else
{ if ((prefix = soap_push_ns_prefix(soap, NULL, node->nstr, 1)) == NULL
|| out_element(soap, node, prefix, tag + colon))
return soap->error;
}
}
}
else
{ colon = 0;
if (out_element(soap, node, NULL, tag))
return soap->error;
}
if (!node->type || !node->node)
{ struct soap_dom_attribute *att;
struct soap_dom_element *elt;
for (att = node->atts; att; att = att->next)
{ if (att->name)
{ if (att->nstr && !(soap->mode & SOAP_DOM_ASIS))
{ const char *p;
if ((att->nstr == node->nstr || (node->nstr && !strcmp(att->nstr, node->nstr))) && prefix)
{ if (out_attribute(soap, prefix, att->name, att->data, att->wide, 0))
return soap->error;
}
else if ((p = soap_lookup_ns_prefix(soap, att->nstr)))
{ if (out_attribute(soap, p, att->name, att->data, att->wide, 0))
return soap->error;
}
else if (!strncmp(att->name, "xml", 3))
{ if (out_attribute(soap, NULL, att->name, att->data, att->wide, 0))
return soap->error;
}
else if ((p = soap_push_ns_prefix(soap, NULL, att->nstr, 0)) == NULL
|| out_attribute(soap, p, att->name, att->data, att->wide, 0))
return soap->error;
}
else if (soap_attribute(soap, att->name, att->wide ? soap_wchar2s(soap, att->wide) : att->data))
return soap->error;
}
}
if ((soap->mode & SOAP_DOM_ASIS) && !node->data && !node->wide && !node->elts && !node->tail)
{ if (*tag != '-' && soap_element_start_end_out(soap, tag))
return soap->error;
}
else
{ if (*tag != '-' && soap_element_start_end_out(soap, NULL))
return soap->error;
if (node->data)
{ if (soap_string_out(soap, node->data, 0))
return soap->error;
}
else if (node->wide)
{ if (soap_wstring_out(soap, node->wide, 0))
return soap->error;
}
for (elt = node->elts; elt; elt = elt->next)
{ if (soap_out_xsd__anyType(soap, tag, 0, elt, NULL))
return soap->error;
}
if (node->tail && soap_send(soap, node->tail))
return soap->error;
if (!prefix || !*prefix)
{ DBGLOG(TEST, SOAP_MESSAGE(fdebug, "End of DOM node '%s'\n", tag + colon));
if (soap_element_end_out(soap, tag + colon))
return soap->error;
}
else
{ char *s;
if (strlen(prefix) + strlen(tag + colon) < sizeof(soap->msgbuf))
s = soap->msgbuf;
else
{ s = (char*)SOAP_MALLOC(soap, strlen(prefix) + strlen(tag + colon) + 2);
if (!s)
return soap->error = SOAP_EOM;
}
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "End of DOM node '%s'\n", tag));
sprintf(s, "%s:%s", prefix, tag + colon);
soap_pop_namespace(soap);
if (soap_element_end_out(soap, s))
return soap->error;
if (s != soap->msgbuf)
SOAP_FREE(soap, s);
}
}
}
}
return SOAP_OK;
}
/**
@fn int soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key)
@brief Start encryption or decryption of current message. If key is non-NULL,
use the symmetric triple DES key. Use soap_mec_start only after soap_mec_begin.
The soap_mec_start should be followed by a soap_mec_stop call.
@param soap context
@param[in] alg algorithm
@param[in] key secret triple DES key or NULL
@return SOAP_OK or error code
*/
int
soap_mec_start_alg(struct soap *soap, int alg, const unsigned char *key)
{ struct soap_mec_data *data;
int ok = 1;
data = (struct soap_mec_data*)soap->data[1];
if (!data)
return soap->error = SOAP_USER_ERROR;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "MEC Start alg=%x\n", data->alg));
if (key)
data->key = key;
if (alg != SOAP_MEC_NONE)
data->alg = alg;
if (data->alg & SOAP_MEC_ENC)
{ unsigned char iv[EVP_MAX_IV_LENGTH];
int ivlen;
/* save and override the callbacks */
data->ffiltersend = soap->ffiltersend;
soap->ffiltersend = soap_mec_filtersend;
data->bufidx = 0;
data->i = 0;
data->m = 0;
ivlen = EVP_CIPHER_iv_length(data->type);
if (ivlen)
{ RAND_pseudo_bytes(iv, ivlen);
soap_mec_put_base64(soap, data, (unsigned char*)iv, ivlen);
}
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "IV = "));
DBGHEX(TEST, iv, ivlen);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "\n--\n"));
ok = EVP_EncryptInit_ex(data->ctx, NULL, NULL, data->key, iv);
}
else
{ size_t len;
/* algorithm */
if (data->alg & SOAP_MEC_DES_CBC)
data->type = EVP_des_ede3_cbc(); /* triple DES CBC */
else if (data->alg & SOAP_MEC_AES128_CBC)
data->type = EVP_get_cipherbyname("AES128");
else if (data->alg & SOAP_MEC_AES192_CBC)
data->type = EVP_get_cipherbyname("AES192");
else if (data->alg & SOAP_MEC_AES256_CBC)
data->type = EVP_get_cipherbyname("AES256");
else if (data->alg & SOAP_MEC_AES512_CBC)
data->type = EVP_get_cipherbyname("AES512");
else
data->type = EVP_enc_null();
len = 2 * sizeof(soap->buf) + EVP_CIPHER_block_size(data->type);
if (!data->buf || data->buflen < len)
{ if (data->buf)
SOAP_FREE(soap, data->buf);
data->buflen = len;
data->buf = (char*)SOAP_MALLOC(soap, data->buflen);
}
data->bufidx = soap->buflen - soap->bufidx;
/* copy buf[bufidx..buflen-1] to data buf */
memcpy(data->buf, soap->buf + soap->bufidx, data->bufidx);
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "Alloc buf=%lu, copy %lu message bytes\n", (unsigned long)data->buflen, (unsigned long)data->bufidx));
/* trigger ffilterrecv() */
soap->bufidx = soap->buflen;
/* INIT state */
data->i = 0;
data->m = 0;
data->state = SOAP_MEC_STATE_INIT;
}
return soap_mec_check(soap, data, ok, "soap_mec_start() failed");
}
/**
@fn int soap_mec_init(struct soap *soap, struct soap_mec_data *data, int alg, SOAP_MEC_KEY_TYPE *pkey, unsigned char *key, int *keylen)
@brief Initialize mecevp engine state and create context for
encryption/decryption algorithm using a private/public key or symmetric secret
key.
@param soap context
@param[in,out] data mecevp engine context
@param[in] alg encryption/decryption algorithm
@param[in] pkey public/private key or NULL
@param[in,out] key secret key or encrypted ephemeral secret key set with envelope encryption, or NULL
@param[in,out] keylen secret key length
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_mec_init(struct soap *soap, struct soap_mec_data *data, int alg, SOAP_MEC_KEY_TYPE *pkey, unsigned char *key, int *keylen)
{ int ok = 1;
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "soap_mec_init()\n"));
soap_ssl_init();
data->ctx = (EVP_CIPHER_CTX*)SOAP_MALLOC(soap, sizeof(EVP_CIPHER_CTX));
if (!data->ctx)
return soap->error = SOAP_EOM;
EVP_CIPHER_CTX_init(data->ctx);
data->alg = alg;
data->state = SOAP_MEC_STATE_NONE;
if (alg & SOAP_MEC_DES_CBC)
data->type = EVP_des_ede3_cbc(); /* triple DES CBC */
else if (alg & SOAP_MEC_AES128_CBC)
data->type = EVP_get_cipherbyname("AES128");
else if (alg & SOAP_MEC_AES192_CBC)
data->type = EVP_get_cipherbyname("AES192");
else if (alg & SOAP_MEC_AES256_CBC)
data->type = EVP_get_cipherbyname("AES256");
else if (alg & SOAP_MEC_AES512_CBC)
data->type = EVP_get_cipherbyname("AES512");
else
data->type = EVP_enc_null();
data->buf = NULL;
data->rest = NULL;
data->restlen = 0;
if (alg & SOAP_MEC_ENC)
{ if (!data->type)
return soap_mec_check(soap, data, 0, "soap_mec_init() failed: cannot load cipher");
EVP_EncryptInit_ex(data->ctx, data->type, NULL, NULL, NULL);
}
if (alg & SOAP_MEC_OAEP)
EVP_CIPHER_CTX_set_padding(data->ctx, RSA_PKCS1_OAEP_PADDING);
else
EVP_CIPHER_CTX_set_padding(data->ctx, RSA_PKCS1_PADDING);
switch (alg & SOAP_MEC_MASK)
{ case SOAP_MEC_ENV_ENC_AES128_CBC:
case SOAP_MEC_ENV_ENC_AES192_CBC:
case SOAP_MEC_ENV_ENC_AES256_CBC:
case SOAP_MEC_ENV_ENC_AES512_CBC:
case SOAP_MEC_ENV_ENC_DES_CBC:
ok = EVP_CIPHER_CTX_rand_key(data->ctx, data->ekey);
/* generate ephemeral secret key */
#if (OPENSSL_VERSION_NUMBER >= 0x01000000L)
*keylen = EVP_PKEY_encrypt_old(key, data->ekey, EVP_CIPHER_CTX_key_length(data->ctx), pkey);
#else
*keylen = EVP_PKEY_encrypt(key, data->ekey, EVP_CIPHER_CTX_key_length(data->ctx), pkey);
#endif
key = data->ekey;
/* fall through to next arm */
case SOAP_MEC_ENC_DES_CBC:
case SOAP_MEC_ENC_AES128_CBC:
case SOAP_MEC_ENC_AES192_CBC:
case SOAP_MEC_ENC_AES256_CBC:
case SOAP_MEC_ENC_AES512_CBC:
data->bufidx = 0;
data->buflen = 1024; /* > iv in base64 must fit */
data->buf = (char*)SOAP_MALLOC(soap, data->buflen);
data->key = key;
break;
case SOAP_MEC_ENV_DEC_AES128_CBC:
case SOAP_MEC_ENV_DEC_AES192_CBC:
case SOAP_MEC_ENV_DEC_AES256_CBC:
case SOAP_MEC_ENV_DEC_AES512_CBC:
case SOAP_MEC_ENV_DEC_DES_CBC:
case SOAP_MEC_DEC_DES_CBC:
case SOAP_MEC_DEC_AES128_CBC:
case SOAP_MEC_DEC_AES192_CBC:
case SOAP_MEC_DEC_AES256_CBC:
case SOAP_MEC_DEC_AES512_CBC:
data->pkey = pkey;
data->key = key;
data->keylen = *keylen;
break;
default:
return soap_set_receiver_error(soap, "Unsupported encryption algorithm", NULL, SOAP_SSL_ERROR);
}
return soap_mec_check(soap, data, ok, "soap_mec_init() failed");
}
/**
@fn int soap_smd_init(struct soap *soap, struct soap_smd_data *data, int alg, const void *key, int keylen)
@brief Initiates a (signed) digest computation.
@param soap context
@param[in,out] data smdevp engine context
@param[in] alg is algorithm to use
@param[in] key is key to use or NULL for digests
@param[in] keylen is length of HMAC key (when provided)
@return SOAP_OK or SOAP_SSL_ERROR
*/
int
soap_smd_init(struct soap *soap, struct soap_smd_data *data, int alg, const void *key, int keylen)
{ int ok = 1;
const EVP_MD *type;
soap_ssl_init();
/* the algorithm to use */
data->alg = alg;
/* the key to use */
data->key = key;
/* allocate and init the OpenSSL HMAC or EVP_MD context */
if ((alg & SOAP_SMD_ALGO) == SOAP_SMD_HMAC)
{ data->ctx = (void*)SOAP_MALLOC(soap, sizeof(HMAC_CTX));
if (!data->ctx)
return soap_set_receiver_error(soap, "soap_smd_init() failed", "No context", SOAP_SSL_ERROR);
HMAC_CTX_init((HMAC_CTX*)data->ctx);
}
else
{ data->ctx = (void*)SOAP_MALLOC(soap, sizeof(EVP_MD_CTX));
if (!data->ctx)
return soap_set_receiver_error(soap, "soap_smd_init() failed", "No context", SOAP_SSL_ERROR);
EVP_MD_CTX_init((EVP_MD_CTX*)data->ctx);
}
DBGLOG(TEST, SOAP_MESSAGE(fdebug, "-- SMD Init alg=%x (%p) --\n", alg, data->ctx));
/* init the digest or signature computations */
switch (alg & SOAP_SMD_HASH)
{ case SOAP_SMD_MD5:
type = EVP_md5();
break;
case SOAP_SMD_SHA1:
type = EVP_sha1();
break;
#if (OPENSSL_VERSION_NUMBER >= 0x0090800fL)
case SOAP_SMD_SHA224:
type = EVP_sha224();
break;
case SOAP_SMD_SHA256:
type = EVP_sha256();
break;
case SOAP_SMD_SHA384:
type = EVP_sha384();
break;
case SOAP_SMD_SHA512:
type = EVP_sha512();
break;
#endif
default:
return soap_smd_check(soap, data, 0, "soap_smd_init() failed: cannot load digest");
}
switch (alg & SOAP_SMD_ALGO)
{ case SOAP_SMD_HMAC:
HMAC_Init((HMAC_CTX*)data->ctx, key, keylen, type);
break;
case SOAP_SMD_DGST:
EVP_DigestInit((EVP_MD_CTX*)data->ctx, type);
break;
case SOAP_SMD_SIGN:
ok = EVP_SignInit((EVP_MD_CTX*)data->ctx, type);
break;
case SOAP_SMD_VRFY:
ok = EVP_VerifyInit((EVP_MD_CTX*)data->ctx, type);
break;
default:
return soap_set_receiver_error(soap, "Unsupported digest algorithm", NULL, SOAP_SSL_ERROR);
}
/* check and return */
return soap_smd_check(soap, data, ok, "soap_smd_init() failed");
}
