Example #1
0
File: ssl.c Project: N0NB/aprx
int ssl_readable(struct worker_t *self, struct client_t *c)
{
	int r;
	int sslerr, err;
	
	//hlog(LOG_DEBUG, "ssl_readable fd %d", c->fd);
	
	ssl_clear_error();
	
	r = SSL_read(c->ssl_con->connection, c->ibuf + c->ibuf_end, c->ibuf_size - c->ibuf_end - 1);
	
	if (r > 0) {
		/* we got some data... process */
		//hlog(LOG_DEBUG, "SSL_read fd %d returned %d bytes of data", c->fd, r);
		
		/* TODO: whatever the client_readable does */
		return client_postread(self, c, r);
	}
	
	sslerr = SSL_get_error(c->ssl_con->connection, r);
	err = (sslerr == SSL_ERROR_SYSCALL) ? errno : 0;
	
	if (sslerr == SSL_ERROR_WANT_READ) {
		hlog(LOG_DEBUG, "ssl_readable fd %d: SSL_read wants to read again, doing it later", c->fd);
		
		if (c->obuf_end - c->obuf_start > 0) {
			/* tell the poller that we have outgoing data */
			xpoll_outgoing(&self->xp, c->xfd, 1);
		}
		
		return 0;
	}
	
	if (sslerr == SSL_ERROR_WANT_WRITE) {
		hlog(LOG_INFO, "ssl_readable fd %d: SSL_read wants to write (peer starts SSL renegotiation?), calling ssl_write", c->fd);
		return ssl_write(self, c);
	}
	
	c->ssl_con->no_wait_shutdown = 1;
	c->ssl_con->no_send_shutdown = 1;
	
	if (sslerr == SSL_ERROR_ZERO_RETURN || ERR_peek_error() == 0) {
		hlog(LOG_DEBUG, "ssl_readable fd %d: peer shutdown SSL cleanly", c->fd);
		client_close(self, c, CLIERR_EOF);
		return -1;
	}
	
	if (err) {
		hlog(LOG_DEBUG, "ssl_readable fd %d: I/O syscall error: %s", c->fd, strerror(err));
	} else {
		char ebuf[255];
		
		ERR_error_string_n(sslerr, ebuf, sizeof(ebuf));
		hlog(LOG_INFO, "ssl_readable fd %d failed with ret %d sslerr %d errno %d: %s (%s)",
			c->fd, r, sslerr, err, ebuf, ERR_reason_error_string(sslerr));
	}
	
	client_close(self, c, err);
	return -1;
}
Example #2
0
static void disable_ssl(int do_errors)
{
    if(do_errors)
    {
	char buf[256];
	unsigned long e;
	while((e = ERR_get_error()))
	{
	    ERR_error_string_n(e, buf, sizeof(buf) - 1);
	    Debug((DEBUG_DEBUG, "%s", buf));
	    if (serverbooting) {
		(void)fprintf(stderr, "%s\n", buf);
	    }
	}
    }
   if (sslable) {
	if ((bootopt & BOOT_TTY) && (bootopt & BOOT_DEBUG))
	    (void)fprintf(stderr, "disable_ssl(): EVP_cleanup()\n");
	EVP_cleanup();
    }

    if(ctx) {
	if ((bootopt & BOOT_TTY) && (bootopt & BOOT_DEBUG))
	    (void)fprintf(stderr, "disable_ssl(): SSL_CTX_free()\n");    
	SSL_CTX_free(ctx);
    }
    Debug((DEBUG_DEBUG, "SSL support is disabled."));
    sslable = 0;
    return;
}
Example #3
0
isc_result_t
dst__openssl_toresult3(isc_logcategory_t *category,
		       const char *funcname, isc_result_t fallback) {
	isc_result_t result;
	unsigned long err;
	const char *file, *data;
	int line, flags;
	char buf[256];

	result = toresult(fallback);

	isc_log_write(dns_lctx, category,
		      DNS_LOGMODULE_CRYPTO, ISC_LOG_WARNING,
		      "%s failed (%s)", funcname,
		      isc_result_totext(result));

	if (result == ISC_R_NOMEMORY)
		goto done;

	for (;;) {
		err = ERR_get_error_line_data(&file, &line, &data, &flags);
		if (err == 0U)
			goto done;
		ERR_error_string_n(err, buf, sizeof(buf));
		isc_log_write(dns_lctx, category,
			      DNS_LOGMODULE_CRYPTO, ISC_LOG_INFO,
			      "%s:%s:%d:%s", buf, file, line,
			      (flags & ERR_TXT_STRING) ? data : "");
	}

    done:
	ERR_clear_error();
	return (result);
}
Example #4
0
Boolean SSLSocket::incompleteSecureReadOccurred(Sint32 retCode)
{
    Sint32 err = SSL_get_error(static_cast<SSL*>(_SSLConnection), retCode);

    Boolean isIncompleteRead = 
        ((err == SSL_ERROR_SYSCALL) &&
        (_sslReadErrno == EAGAIN || _sslReadErrno == EINTR)) ||
        (err == SSL_ERROR_WANT_READ) ||
        (err == SSL_ERROR_WANT_WRITE);

    if (Tracer::isTraceOn())
    {
        unsigned long rc = ERR_get_error ();
        char buff[256];
        ERR_error_string_n (rc, buff, sizeof (buff)); // added in OpenSSL 0.9.6

        PEG_TRACE((TRC_SSL, Tracer::LEVEL4,
            "In SSLSocket::incompleteSecureReadOccurred : err = %d %s",
            err, buff));

        if (!isIncompleteRead && retCode < 0)
        {
            PEG_TRACE((TRC_DISCARDED_DATA, Tracer::LEVEL4,
                "In SSLSocket::incompleteSecureReadOccurred : err = %d %s",
                err, buff));
        }
    }

    return isIncompleteRead;
}
Example #5
0
MsnSsl *
msn_ssl_new (void)
{
    MsnSsl *ssl;
    ssl = g_new0 (MsnSsl, 1);

    ssl->ctx = SSL_CTX_new (SSLv23_client_method ());
    if (ssl->ctx == NULL)
    {
        char errmsg[128] = {0};
        ERR_error_string_n (ERR_get_error (), errmsg, 128);
        g_print ("error: %s\n", errmsg);
        msn_ssl_free (ssl);
        return NULL;
    }

    /* turn on all SSL implementation bug workarounds. */
    SSL_CTX_set_options (ssl->ctx, SSL_OP_ALL);

    /* don't do the verification. */
    SSL_CTX_set_verify (ssl->ctx, SSL_VERIFY_NONE, NULL);

    ssl->ssl = SSL_new (ssl->ctx);

    return ssl;
}
/**
 * Serves the entire OpenSSL error queue and logs each error.
 * The last error is not logged but returned in 'errstr'.
 *
 * If 'rkb' is non-NULL broker-specific logging will be used,
 * else it will fall back on global 'rk' debugging.
 */
static char *rd_kafka_ssl_error (rd_kafka_t *rk, rd_kafka_broker_t *rkb,
				 char *errstr, size_t errstr_size) {
    unsigned long l;
    const char *file, *data;
    int line, flags;
    int cnt = 0;

    while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
	char buf[256];

	if (cnt++ > 0) {
		/* Log last message */
		if (rkb)
			rd_rkb_log(rkb, LOG_ERR, "SSL", "%s", errstr);
		else
			rd_kafka_log(rk, LOG_ERR, "SSL", "%s", errstr);
	}
	
	ERR_error_string_n(l, buf, sizeof(buf));

	rd_snprintf(errstr, errstr_size, "%s:%d: %s: %s",
		    file, line, buf, (flags & ERR_TXT_STRING) ? data : "");

    }

    if (cnt == 0)
    	    rd_snprintf(errstr, errstr_size, "No error");
    
    return errstr;
}
Example #7
0
void reportError(SSL* ssl, int result)
{
	if (result <= 0)
	{
		int error = SSL_get_error(ssl, result);

		switch (error)
		{
		case SSL_ERROR_ZERO_RETURN:
			cout << "SSL_ERROR_ZERO_RETURN" << endl;
			break;
		case SSL_ERROR_NONE:
			cout << "SSL_ERROR_NONE" << endl;
			break;
		case SSL_ERROR_WANT_READ:
			cout << "SSL_ERROR_WANT_READ" << endl;
			break;
		default:
			char buffer[256];
			while (error != 0)
			{
				ERR_error_string_n(error, buffer, sizeof(buffer));
				cout << "Error: " << error << " - " << buffer << endl;
				error = ERR_get_error();
			}
			break;
		}
	}
}
Example #8
0
static Pfd*
opensslconnect(char *host)
{
	Pfd *pfd;
	BIO *sbio;
	SSL_CTX *ctx;
	SSL *ssl;
	static int didinit;
	char buf[1024];

	if(!didinit){
		httpsinit();
		didinit = 1;
	}

	ctx = SSL_CTX_new(SSLv23_client_method());
	sbio = BIO_new_ssl_connect(ctx);
	BIO_get_ssl(sbio, &ssl);
	SSL_set_mode(ssl, SSL_MODE_AUTO_RETRY);
	
	snprint(buf, sizeof buf, "%s:https", host);
	BIO_set_conn_hostname(sbio, buf);
	
	if(BIO_do_connect(sbio) <= 0 || BIO_do_handshake(sbio) <= 0){
		ERR_error_string_n(ERR_get_error(), buf, sizeof buf);
		BIO_free_all(sbio);
		werrstr("openssl: %s", buf);
		return nil;
	}

	pfd = emalloc(sizeof *pfd);
	pfd->sbio = sbio;
	return pfd;
}
Example #9
0
int openssl_error(neo4j_logger_t *logger, uint_fast8_t level,
        const char *file, unsigned int line)
{
    unsigned long code = ERR_get_error();
    if (code == 0)
    {
        neo4j_log_error(logger, "OpenSSL error not available (%s:%d)",
                file, line);
        return NEO4J_UNEXPECTED_ERROR;
    }

    if (ERR_get_error() != 0)
    {
        neo4j_log_error(logger, "OpenSSL error stack too deep (%s:%d)",
                file, line);
        return NEO4J_UNEXPECTED_ERROR;
    }

    char ebuf[256];
    ERR_error_string_n(code, ebuf, sizeof(ebuf));
    neo4j_log(logger, level, "OpenSSL error: %lu:%s:%s:%s", code,
            ERR_lib_error_string(code),
            ERR_func_error_string(code),
            ERR_reason_error_string(code));

    return NEO4J_UNEXPECTED_ERROR;
}
Example #10
0
void ERR_print_errors_cb(int (*cb) (const char *str, size_t len, void *u),
                         void *u)
{
    unsigned long l;
    char buf[256];
    char buf2[4096];
    const char *file, *data;
    int line, flags;
    /*
     * We don't know what kind of thing CRYPTO_THREAD_ID is. Here is our best
     * attempt to convert it into something we can print.
     */
    union {
        CRYPTO_THREAD_ID tid;
        unsigned long ltid;
    } tid;

    tid.ltid = 0;
    tid.tid = CRYPTO_THREAD_get_current_id();

    while ((l = ERR_get_error_line_data(&file, &line, &data, &flags)) != 0) {
        ERR_error_string_n(l, buf, sizeof(buf));
        BIO_snprintf(buf2, sizeof(buf2), "%lu:%s:%s:%d:%s\n", tid.ltid, buf,
                     file, line, (flags & ERR_TXT_STRING) ? data : "");
        if (cb(buf2, strlen(buf2), u) <= 0)
            break;              /* abort outputting the error report */
    }
}
Example #11
0
DLLEXPORT const char *
tqsl_getErrorString_v(int err) {
	static char buf[256];
	unsigned long openssl_err;
	int adjusted_err;

	if (err == 0)
		return "NO ERROR";
	if (err == TQSL_CUSTOM_ERROR) {
		if (tQSL_CustomError[0] == 0)
			return "Unknown custom error";
		else {
			strncpy(buf, tQSL_CustomError, sizeof buf);
			return buf;
		}
	}
	if (err == TQSL_SYSTEM_ERROR) {
		strcpy(buf, "System error: ");
		if (strlen(tQSL_ErrorFile) > 0) {
			strncat(buf, tQSL_ErrorFile, sizeof buf - strlen(buf));
			strncat(buf, ": ", sizeof buf - strlen(buf));
		}
		strncat(buf, strerror(errno), sizeof buf - strlen(buf));
		return buf;
	}
	if (err == TQSL_OPENSSL_ERROR) {
		openssl_err = ERR_get_error();
		strcpy(buf, "OpenSSL error: ");
		if (openssl_err)
			ERR_error_string_n(openssl_err, buf + strlen(buf), sizeof buf - strlen(buf));
		else
			strncat(buf, "[error code not available]", sizeof buf - strlen(buf));
		return buf;
	}
	if (err == TQSL_ADIF_ERROR) {
		buf[0] = 0;
		if (strlen(tQSL_ErrorFile) > 0) {
			strncpy(buf, tQSL_ErrorFile, sizeof buf);
			strncat(buf, ": ", sizeof buf - strlen(buf));
		}
		strncat(buf, tqsl_adifGetError(tQSL_ADIF_Error), sizeof buf - strlen(buf));
		return buf;
	}
	if (err == TQSL_CABRILLO_ERROR) {
		buf[0] = 0;
		if (strlen(tQSL_ErrorFile) > 0) {
			strncpy(buf, tQSL_ErrorFile, sizeof buf);
			strncat(buf, ": ", sizeof buf - strlen(buf));
		}
		strncat(buf, tqsl_cabrilloGetError(tQSL_Cabrillo_Error), sizeof buf - strlen(buf));
		return buf;
	}
	if (err == TQSL_OPENSSL_VERSION_ERROR) {
		sprintf(buf, "Incompatible OpenSSL Library version %d.%d.%d; expected %d.%d.%d",
			int(SSLeay() >> 28) & 0xff, int(SSLeay() >> 20) & 0xff, int(SSLeay() >> 12) & 0xff,
			int(OPENSSL_VERSION_NUMBER >> 28) & 0xff, int(OPENSSL_VERSION_NUMBER >> 20) & 0xff,
			int(OPENSSL_VERSION_NUMBER >> 12) & 0xff);
		return buf;
	}
Example #12
0
char*
openssl_errormsg(char *buf, size_t len) {
	ERR_error_string_n(ERR_get_error(), buf, len);

	/* clear rest of errors in OpenSSL "error buffer" */
	ERR_clear_error();
	return(buf);
}
Example #13
0
static const char *
ssl_error(void)
{
    /* Minimum requirement is 120 characters */
    static char ssl_errbuf[256];
    ERR_error_string_n(ERR_get_error(), ssl_errbuf, sizeof(ssl_errbuf));
    return ssl_errbuf;
}
Example #14
0
static const char *
get_ssl_error(unsigned long err)
{
	static char buf[512];

	ERR_error_string_n(err, buf, sizeof buf);
	return buf;
}
Example #15
0
// This dumps the SSL error stack to the log.
static void LogSSLErrors(const std::string& prefix) {
  char error_buf[200];
  unsigned long err;
  while ((err = ERR_get_error())) {
    ERR_error_string_n(err, error_buf, sizeof(error_buf));
    LOG(LS_ERROR) << prefix << ": " << error_buf << "\n";
  }
}
Example #16
0
    std::string SSLManager::getSSLErrorMessage(int code) {
        // 120 from the SSL documentation for ERR_error_string
        static const size_t msglen = 120;

        char msg[msglen];
        ERR_error_string_n(code, msg, msglen);
        return msg;
    }
Example #17
0
NOEXPORT void sslerror_log(unsigned long err, char *txt) {
    char *error_string;

    error_string=str_alloc(256);
    ERR_error_string_n(err, error_string, 256);
    s_log(LOG_ERR, "%s: %lX: %s", txt, err, error_string);
    str_free(error_string);
}
Example #18
0
/* Logs the SSL error stack. */
static void log_ssl_error_stack(void) {
  unsigned long err;
  while ((err = ERR_get_error()) != 0) {
    char details[256];
    ERR_error_string_n(err, details, sizeof(details));
    gpr_log(GPR_ERROR, "%s", details);
  }
}
Example #19
0
void
log_crypto_err(const char* str)
{
#ifdef HAVE_SSL
	/* error:[error code]:[library name]:[function name]:[reason string] */
	char buf[128];
	unsigned long e;
	ERR_error_string_n(ERR_get_error(), buf, sizeof(buf));
	log_err("%s crypto %s", str, buf);
	while( (e=ERR_get_error()) ) {
		ERR_error_string_n(e, buf, sizeof(buf));
		log_err("and additionally crypto %s", buf);
	}
#else
	(void)str;
#endif /* HAVE_SSL */
}
Example #20
0
int
as_tls_read_once(as_socket* sock, void* buf, size_t len)
{
	int rv = SSL_read(sock->ssl, buf, (int)len);
	if (rv > 0) {
		return rv;
	}
	else {
		int sslerr = SSL_get_error(sock->ssl, rv);
		unsigned long errcode;
		char errbuf[1024];
		switch (sslerr) {
		case SSL_ERROR_WANT_READ:
			return -1;
		case SSL_ERROR_WANT_WRITE:
			return -2;
		case SSL_ERROR_SSL:
			log_verify_details(sock);
			errcode = ERR_get_error();
			ERR_error_string_n(errcode, errbuf, sizeof(errbuf));
			as_log_warn("SSL_read_once failed: %s", errbuf);
			return -3;
		case SSL_ERROR_SYSCALL:
			errcode = ERR_get_error();
			if (errcode != 0) {
				ERR_error_string_n(errcode, errbuf, sizeof(errbuf));
				as_log_warn("SSL_read_once I/O error: %s", errbuf);
			}
			else {
				if (rv == 0) {
					as_log_warn("SSL_read_once I/O error: unexpected EOF");
				}
				else {
					as_log_warn("SSL_read_once I/O error: %d", as_last_error());
				}
			}
			return -4;
		case SSL_ERROR_ZERO_RETURN:
			as_log_debug("SSL_read_once: server closed connection");
			return -5;
		default:
			as_log_warn("SSL_read_once: unexpected ssl error: %d", sslerr);
			return -6;
		}
	}
}
Example #21
0
SSLException::SSLException()
    : Exception(ERR_peek_error()) {
    SSL_load_error_strings();

    char error_message[256];
    ERR_error_string_n(ERR_peek_error(), error_message, 256);
    set_error_message(error_message);
}
Example #22
0
void print_errors(){
  unsigned long err, line;
  char *file;
  while((err = ERR_get_error_line((const char**)&file, (int*)&line))){
    ERR_error_string_n(err, err_str_buf, 128);
    fprintf(stderr, "%s in %s at line %ld", err_str_buf, file, line);
  }
}
Example #23
0
char* ossSSLGetErrorMessage(INT32 error)
{
#define _MSG_LEN 256
   static OSS_THREAD_LOCAL char buf[_MSG_LEN];
   char* errorMsg;
   INT32 err = ERR_get_error();

   switch(error)
   {
   case SSL_ERROR_WANT_READ:
   case SSL_ERROR_WANT_WRITE:
      errorMsg = "possibly timed out during connect";
      break;
   case SSL_ERROR_ZERO_RETURN:
      errorMsg = "SSL network connection closed";
      break;
   case SSL_ERROR_SYSCALL:
      if (0 != err)
      {
         ERR_error_string_n(err, buf, _MSG_LEN);
         errorMsg = buf;
      }
      else
      {
         INT32 lastError;
#ifdef _WINDOWS
         lastError = WSAGetLastError();
#else
         lastError = errno;
#endif
         ossSnprintf(buf, _MSG_LEN, "the SSL BIO reported an I/O error, "
            "system errno: %d", lastError);
         errorMsg = buf;
      }
      break;
   case SSL_ERROR_SSL:
      ERR_error_string_n(err, buf, _MSG_LEN);
      errorMsg = buf;
      break;
   default:
      errorMsg = "unrecognized SSL error";
   }

   return errorMsg;
}
Example #24
0
/* ERR_error_string_n should be used instead for ret != NULL
 * as ERR_error_string cannot know how large the buffer is */
char *ERR_error_string(unsigned long e, char *ret)
	{
	static char buf[256];

	if (ret == NULL) ret=buf;
	ERR_error_string_n(e, ret, 256);

	return(ret);
	}
Example #25
0
int
errstr_main(int argc, char **argv)
{
	unsigned long ulval;
	char *ularg, *ep;
	int argsused, i;
	char buf[256];
	int ret = 0;

	if (single_execution) {
		if (pledge("stdio rpath", NULL) == -1) {
			perror("pledge");
			exit(1);
		}
	}

	memset(&errstr_config, 0, sizeof(errstr_config));

	if (options_parse(argc, argv, errstr_options, NULL, &argsused) != 0) {
		errstr_usage();
		return (1);
	}

	if (errstr_config.stats) {
		BIO *out;

		if ((out = BIO_new_fp(stdout, BIO_NOCLOSE)) == NULL) {
			fprintf(stderr, "Out of memory");
			return (1);
		}

		lh_ERR_STRING_DATA_node_stats_bio(ERR_get_string_table(), out);
		lh_ERR_STRING_DATA_stats_bio(ERR_get_string_table(), out);
		lh_ERR_STRING_DATA_node_usage_stats_bio(
			    ERR_get_string_table(), out);

		BIO_free_all(out);
	}

	for (i = argsused; i < argc; i++) {
		errno = 0;
		ularg = argv[i];
		ulval = strtoul(ularg, &ep, 16);
		if (strchr(ularg, '-') != NULL ||
		    (ularg[0] == '\0' || *ep != '\0') ||
		    (errno == ERANGE && ulval == ULONG_MAX)) {
			printf("%s: bad error code\n", ularg);
			ret++;
			continue;
		}

		ERR_error_string_n(ulval, buf, sizeof(buf));
		printf("%s\n", buf);
	}

	return (ret);
}
Example #26
0
/*
 * ERR_error_string_n should be used instead for ret != NULL as
 * ERR_error_string cannot know how large the buffer is
 */
char *ERR_error_string(unsigned long e, char *ret)
{
    static char buf[256];

    if (ret == NULL)
        ret = buf;
    ERR_error_string_n(e, ret, (int)sizeof(buf));
    return ret;
}
Example #27
0
char* ossSSLERRGetErrorMessage(INT32 error)
{
#define _MSG_LEN 256
   static OSS_THREAD_LOCAL char buf[_MSG_LEN];

   ERR_error_string_n(error, buf, _MSG_LEN);

   return buf;
}
Example #28
0
int
as_tls_connect_once(as_socket* sock)
{
	int rv = SSL_connect(sock->ssl);
	if (rv == 1) {
		log_session_info(sock);
		return 1;
	}

	int sslerr = SSL_get_error(sock->ssl, rv);
	unsigned long errcode;
	char errbuf[1024];
	switch (sslerr) {
	case SSL_ERROR_WANT_READ:
		return -1;
	case SSL_ERROR_WANT_WRITE:
		return -2;
	case SSL_ERROR_SSL:
		log_verify_details(sock);
		errcode = ERR_get_error();
		ERR_error_string_n(errcode, errbuf, sizeof(errbuf));
		as_log_warn("SSL_connect_once failed: %s", errbuf);
		return -3;
	case SSL_ERROR_SYSCALL:
		errcode = ERR_get_error();
		if (errcode != 0) {
			ERR_error_string_n(errcode, errbuf, sizeof(errbuf));
			as_log_warn("SSL_connect_once I/O error: %s", errbuf);
		}
		else {
			if (rv == 0) {
				as_log_warn("SSL_connect_once I/O error: unexpected EOF");
			}
			else {
				as_log_warn("SSL_connect_once I/O error: %d", as_last_error());
			}
		}
		return -4;
	default:
		as_log_warn("SSL_connect_once: unexpected ssl error: %d", sslerr);
		return -5;
		break;
	}
}
Example #29
0
std::string Utility::convertSSLError(SSL* pSSL, int errCode)
{
	
	std::string errMsg;
	if (errCode > 0) return "no error";

	int connectErr = SSL_get_error(pSSL, errCode);
	long lErr = 0;
	char buf[512];
	
	switch (connectErr)
	{
	case SSL_ERROR_ZERO_RETURN:
		// connection closed
		errMsg = "connection closed by server";
		break;
	case SSL_ERROR_WANT_READ:
		errMsg = "want read";
		break;
	case SSL_ERROR_WANT_WRITE:
		errMsg = "want write";
		break;
	case SSL_ERROR_WANT_CONNECT: 
		errMsg = "want connect";
		break;
	case SSL_ERROR_WANT_ACCEPT:
		errMsg = "want accept";
		break;
	case SSL_ERROR_WANT_X509_LOOKUP:
		errMsg = "want lookup";
		break;
	case SSL_ERROR_SYSCALL:
		errMsg = "syscall";
		break;
	case SSL_ERROR_SSL:
		lErr = ERR_get_error();
		if (errCode == 0)
		{
			errMsg = "EOF was observed";
		}
		else if (errCode == -1)
		{
			errMsg = "The underlying BIO reported an I/O error";
		}
		else
		{
			ERR_error_string_n(lErr, buf, 512);
			errMsg = buf;
		}
		break;
	default:
		errMsg = "none";
	}

	return errMsg;
}
Example #30
0
static char *	cipher_evp (const unsigned char *key, int keylen, const unsigned char *plaintext, int plaintextlen, const EVP_CIPHER *type, int *retsize, int ivsize)
{
        unsigned char *outbuf;
        int     outlen = 0;
	int	extralen = 0;
	unsigned char	*iv = NULL;
	unsigned long errcode;
	u_32int_t	randomval;
	int		iv_count;
        EVP_CIPHER_CTX a;
        EVP_CIPHER_CTX_init(&a);
	EVP_CIPHER_CTX_set_padding(&a, 0);

	if (ivsize < 0)
		ivsize = 0;		/* Shenanigans! */

	if (ivsize > 0)
	{
	    if (ivsize % sizeof(u_32int_t) != 0)
		panic(1, "The IV size for a crypto type you're using is %d "
			"which is not a multiple of %d", 
			ivsize, sizeof(u_32int_t));

	    iv = new_malloc(ivsize);
	    for (iv_count = 0; iv_count < ivsize; iv_count += sizeof(u_32int_t))
	    {
		randomval = arc4random();  
		memmove(iv + iv_count, &randomval, sizeof(u_32int_t));
	    }
	}

	outbuf = new_malloc(plaintextlen + 100);
	if (iv)
		memcpy(outbuf, iv, ivsize);

        EVP_EncryptInit_ex(&a, type, NULL, NULL, iv);
	EVP_CIPHER_CTX_set_key_length(&a, keylen);
        EVP_EncryptInit_ex(&a, NULL, NULL, key, NULL);
        EVP_EncryptUpdate(&a, outbuf + ivsize, &outlen, plaintext, plaintextlen);
	EVP_EncryptFinal_ex(&a, outbuf + ivsize + outlen, &extralen);
        EVP_CIPHER_CTX_cleanup(&a);
	outlen += extralen;

	ERR_load_crypto_strings();
	while ((errcode = ERR_get_error()))
	{
	    char r[256];
	    ERR_error_string_n(errcode, r, 256);
	    yell("ERROR: %s", r);
	}

	*retsize = outlen + ivsize;
	if (iv)
		new_free(&iv);		/* XXX Is this correct? */
	return outbuf;
}