Clear previous OpenSSL errors (#535)

IB-7453 Signed-off-by: Raul Metsma <[email protected]>
open-eid · May 23, 2023 · d8ab3f7 · d8ab3f7
1 parent a89b2be
commit d8ab3f7
Show file tree

Hide file tree

Showing 6 changed files with 26 additions and 39 deletions.
diff --git a/src/DataFile.cpp b/src/DataFile.cpp
@@ -88,10 +88,10 @@ DataFile::~DataFile() = default;
 
 
 DataFilePrivate::DataFilePrivate(unique_ptr<istream> &&is, string filename, string mediatype, string id)
-    : m_is(move(is))
-    , m_id(move(id))
-    , m_filename(move(filename))
-    , m_mediatype(move(mediatype))
+    : m_is(std::move(is))
+    , m_id(std::move(id))
+    , m_filename(std::move(filename))
+    , m_mediatype(std::move(mediatype))
 {
     m_is->seekg(0, istream::end);
     istream::pos_type pos = m_is->tellg();
@@ -100,22 +100,17 @@ DataFilePrivate::DataFilePrivate(unique_ptr<istream> &&is, string filename, stri
 
 vector<unsigned char> DataFilePrivate::calcDigest(const string &method) const
 {
-    Digest calc(method);
-    calcDigest(&calc);
-    return calc.result();
-}
-
-void DataFilePrivate::calcDigest(Digest *digest) const
-{
+    Digest digest(method);
     array<unsigned char, 10240> buf{};
     m_is->clear();
     m_is->seekg(0);
     while(*m_is)
     {
         m_is->read((char*)buf.data(), streamsize(buf.size()));
         if(m_is->gcount() > 0)
-            digest->update(buf.data(), size_t(m_is->gcount()));
+            digest.update(buf.data(), size_t(m_is->gcount()));
     }
+    return digest.result();
 }
 
 void DataFilePrivate::saveAs(const string& path) const

diff --git a/src/DataFile_p.h b/src/DataFile_p.h
@@ -27,7 +27,6 @@
 namespace digidoc
 {
 
-class Digest;
 class DataFilePrivate final: public DataFile
 {
 public:
@@ -39,7 +38,6 @@ class DataFilePrivate final: public DataFile
 	std::string mediaType() const final { return m_mediatype; }
 
 	std::vector<unsigned char> calcDigest(const std::string &method) const final;
-	void calcDigest(Digest *method) const;
 	void saveAs(std::ostream &os) const final;
 	void saveAs(const std::string& path) const final;
 

diff --git a/src/SignatureTST.cpp b/src/SignatureTST.cpp
@@ -21,7 +21,6 @@
 
 #include "ASiC_S.h"
 #include "DataFile_p.h"
-#include "crypto/Digest.h"
 #include "crypto/TS.h"
 #include "crypto/X509Cert.h"
 #include "util/DateTime.h"
@@ -94,10 +93,8 @@ void SignatureTST::validate() const
     try
     {
         const string digestMethod = timestampToken->digestMethod();
-        Digest digest(digestMethod);
-        auto dataFile = static_cast<const DataFilePrivate*>(asicSDoc->dataFiles().front());
-        dataFile->calcDigest(&digest);
-        timestampToken->verify(digest);
+        const auto *dataFile = static_cast<const DataFilePrivate*>(asicSDoc->dataFiles().front());
+        timestampToken->verify(dataFile->calcDigest(digestMethod));
 
         if(digestMethod == URI_SHA1 &&
             !Exception::hasWarningIgnore(Exception::ReferenceDigestWeak))

diff --git a/src/SignatureXAdES_T.cpp b/src/SignatureXAdES_T.cpp
@@ -237,7 +237,7 @@ TS SignatureXAdES_T::verifyTS(const xades::XAdESTimeStampType &timestamp, digido
     Digest calc(tsa.digestMethod());
     calcDigest(&calc, timestamp.canonicalizationMethod() ?
         string_view(timestamp.canonicalizationMethod()->algorithm()) : string_view());
-    tsa.verify(calc);
+    tsa.verify(calc.result());
 
     if(tsa.digestMethod() == URI_SHA1 &&
         !Exception::hasWarningIgnore(Exception::ReferenceDigestWeak))

diff --git a/src/crypto/TS.cpp b/src/crypto/TS.cpp
@@ -131,6 +131,7 @@ TS::TS(const unsigned char *data, size_t size)
 #ifndef OPENSSL_NO_CMS
     if(d)
         return;
+    OpenSSLException(EXCEPTION_PARAMS("ignore")); //Clear errors
     /**
      * Handle CMS based TimeStamp tokens
      * https://rt.openssl.org/Ticket/Display.html?id=4519
@@ -142,6 +143,8 @@ TS::TS(const unsigned char *data, size_t size)
     cms.reset(d2i_CMS_bio(bio.get(), nullptr), CMS_ContentInfo_free);
     if(!cms || OBJ_obj2nid(CMS_get0_eContentType(cms.get())) != NID_id_smime_ct_TSTInfo)
         cms.reset();
+
+    OpenSSLException(EXCEPTION_PARAMS("ignore")); //Clear errors
 #endif
 }
 
@@ -191,18 +194,16 @@ string TS::digestMethod() const
 
 vector<unsigned char> TS::digestValue() const
 {
-    auto info = tstInfo();
-    if(!info)
-        return {};
-    return i2d(TS_MSG_IMPRINT_get_msg(TS_TST_INFO_get_msg_imprint(info.get())), i2d_ASN1_OCTET_STRING);
+    if(auto info = tstInfo())
+        return i2d(TS_MSG_IMPRINT_get_msg(TS_TST_INFO_get_msg_imprint(info.get())), i2d_ASN1_OCTET_STRING);
+    return {};
 }
 
 vector<unsigned char> TS::messageImprint() const
 {
-    auto info = tstInfo();
-    if(!info)
-        return {};
-    return i2d(TS_TST_INFO_get_msg_imprint(info.get()), i2d_TS_MSG_IMPRINT);
+    if(auto info = tstInfo())
+        return i2d(TS_TST_INFO_get_msg_imprint(info.get()), i2d_TS_MSG_IMPRINT);
+    return {};
 }
 
 string TS::serial() const
@@ -222,18 +223,14 @@ string TS::serial() const
 
 tm TS::time() const
 {
-    auto info = tstInfo();
-    if(!info)
-        return {};
     tm tm {};
-    ASN1_TIME_to_tm(TS_TST_INFO_get_time(info.get()), &tm);
+    if(auto info = tstInfo())
+        ASN1_TIME_to_tm(TS_TST_INFO_get_time(info.get()), &tm);
     return tm;
 }
 
-void TS::verify(const Digest &digest)
+void TS::verify(const vector<unsigned char> &digest)
 {
-    vector<unsigned char> data = digest.result();
-
     tm tm = time();
     time_t t = util::date::mkgmtime(tm);
     auto store = SCOPE_PTR(X509_STORE, X509CertStore::createStore(X509CertStore::TSA, &t));
@@ -249,7 +246,7 @@ void TS::verify(const Digest &digest)
         auto ctx = SCOPE_PTR(TS_VERIFY_CTX, TS_VERIFY_CTX_new());
         TS_VERIFY_CTX_set_flags(ctx.get(), TS_VFY_IMPRINT|TS_VFY_VERSION|TS_VFY_SIGNATURE);
         TS_VERIFY_CTX_set_imprint(ctx.get(),
-            (unsigned char*)OPENSSL_memdup(data.data(), data.size()), long(data.size()));
+            (unsigned char*)OPENSSL_memdup(digest.data(), digest.size()), long(digest.size()));
         TS_VERIFY_CTX_set_store(ctx.get(), store.release());
         if(TS_RESP_verify_token(ctx.get(), d.get()) != 1)
         {
@@ -279,8 +276,8 @@ void TS::verify(const Digest &digest)
 
         auto info = SCOPE_PTR(TS_TST_INFO, d2i_TS_TST_INFO_bio(out.get(), nullptr));
         ASN1_OCTET_STRING *msg = TS_MSG_IMPRINT_get_msg(TS_TST_INFO_get_msg_imprint(info.get()));
-        if(data.size() != size_t(ASN1_STRING_length(msg)) ||
-            memcmp(data.data(), ASN1_STRING_get0_data(msg), data.size()) != 0)
+        if(digest.size() != size_t(ASN1_STRING_length(msg)) ||
+            memcmp(digest.data(), ASN1_STRING_get0_data(msg), digest.size()) != 0)
             THROW_OPENSSLEXCEPTION("Failed to verify TS response.");
     }
 #endif

diff --git a/src/crypto/TS.h b/src/crypto/TS.h
@@ -39,7 +39,7 @@ class TS
     std::vector<unsigned char> messageImprint() const;
     std::string serial() const;
     tm time() const;
-    void verify(const Digest &digest);
+    void verify(const std::vector<unsigned char> &digest);
 
     operator std::vector<unsigned char>() const;