/* init_ssl() * * inputs - nothing * output - nothing * side effects - setups SSL context. */ static void ssl_init(void) { #ifdef HAVE_LIBCRYPTO SSL_load_error_strings(); SSLeay_add_ssl_algorithms(); if (!(ConfigServerInfo.server_ctx = SSL_CTX_new(SSLv23_server_method()))) { const char *s = ERR_lib_error_string(ERR_get_error()); fprintf(stderr, "ERROR: Could not initialize the SSL Server context -- %s\n", s); ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the SSL Server context -- %s", s); exit(EXIT_FAILURE); return; /* Not reached */ } SSL_CTX_set_options(ConfigServerInfo.server_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET); SSL_CTX_set_options(ConfigServerInfo.server_ctx, SSL_OP_SINGLE_DH_USE|SSL_OP_CIPHER_SERVER_PREFERENCE); SSL_CTX_set_verify(ConfigServerInfo.server_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, always_accept_verify_cb); SSL_CTX_set_session_cache_mode(ConfigServerInfo.server_ctx, SSL_SESS_CACHE_OFF); SSL_CTX_set_cipher_list(ConfigServerInfo.server_ctx, "EECDH+HIGH:EDH+HIGH:HIGH:!aNULL"); #if OPENSSL_VERSION_NUMBER >= 0x009080FFL && !defined(OPENSSL_NO_ECDH) { EC_KEY *key = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); if (key) { SSL_CTX_set_tmp_ecdh(ConfigServerInfo.server_ctx, key); EC_KEY_free(key); } } SSL_CTX_set_options(ConfigServerInfo.server_ctx, SSL_OP_SINGLE_ECDH_USE); #endif if (!(ConfigServerInfo.client_ctx = SSL_CTX_new(SSLv23_client_method()))) { const char *s = ERR_lib_error_string(ERR_get_error()); fprintf(stderr, "ERROR: Could not initialize the SSL Client context -- %s\n", s); ilog(LOG_TYPE_IRCD, "ERROR: Could not initialize the SSL Client context -- %s", s); exit(EXIT_FAILURE); return; /* Not reached */ } SSL_CTX_set_options(ConfigServerInfo.client_ctx, SSL_OP_NO_SSLv2|SSL_OP_NO_SSLv3|SSL_OP_NO_TICKET); SSL_CTX_set_options(ConfigServerInfo.client_ctx, SSL_OP_SINGLE_DH_USE); SSL_CTX_set_verify(ConfigServerInfo.client_ctx, SSL_VERIFY_PEER|SSL_VERIFY_CLIENT_ONCE, always_accept_verify_cb); SSL_CTX_set_session_cache_mode(ConfigServerInfo.client_ctx, SSL_SESS_CACHE_OFF); #endif /* HAVE_LIBCRYPTO */ }
u2fs_rc decode_user_key(const unsigned char *data, u2fs_EC_KEY_t ** key) { if (key == NULL) return U2FS_MEMORY_ERROR; EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); *key = (u2fs_EC_KEY_t *) EC_KEY_new_by_curve_name(NID_X9_62_prime256v1); EC_POINT *point = EC_POINT_new(ecg); point_conversion_form_t pcf = POINT_CONVERSION_UNCOMPRESSED; EC_GROUP_set_point_conversion_form(ecg, pcf); if (EC_POINT_oct2point(ecg, point, data, U2FS_PUBLIC_KEY_LEN, NULL) == 0) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } *key = NULL; EC_GROUP_free(ecg); ecg = NULL; EC_POINT_free(point); point = NULL; return U2FS_CRYPTO_ERROR; } EC_GROUP_free(ecg); ecg = NULL; if (EC_KEY_set_public_key((EC_KEY *) * key, point) == 0) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } *key = NULL; EC_POINT_free(point); point = NULL; return U2FS_CRYPTO_ERROR; } EC_POINT_free(point); point = NULL; return U2FS_OK; }
int openssl_error(neo4j_logger_t *logger, uint_fast8_t level, const char *file, unsigned int line) { unsigned long code = ERR_get_error(); if (code == 0) { neo4j_log_error(logger, "OpenSSL error not available (%s:%d)", file, line); return NEO4J_UNEXPECTED_ERROR; } if (ERR_get_error() != 0) { neo4j_log_error(logger, "OpenSSL error stack too deep (%s:%d)", file, line); return NEO4J_UNEXPECTED_ERROR; } char ebuf[256]; ERR_error_string_n(code, ebuf, sizeof(ebuf)); neo4j_log(logger, level, "OpenSSL error: %lu:%s:%s:%s", code, ERR_lib_error_string(code), ERR_func_error_string(code), ERR_reason_error_string(code)); return NEO4J_UNEXPECTED_ERROR; }
u2fs_rc verify_ECDSA(const unsigned char *dgst, int dgst_len, const u2fs_ECDSA_t * sig, u2fs_EC_KEY_t * eckey) { if (dgst == NULL || dgst_len == 0 || sig == NULL || eckey == NULL) return U2FS_MEMORY_ERROR; int rc = ECDSA_do_verify(dgst, dgst_len, (ECDSA_SIG *) sig, (EC_KEY *) eckey); if (rc != 1) { if (rc == -1) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } return U2FS_CRYPTO_ERROR; } else { return U2FS_SIGNATURE_ERROR; } } return U2FS_OK; }
void _mine_set_ssl_error(MINE *self) { self->err = 0; self->errstr = ERR_lib_error_string( ERR_get_error() ); if (self->errstr == NULL) { self->errstr = "All ok"; } }
u2fs_rc decode_ECDSA(const unsigned char *data, size_t len, u2fs_ECDSA_t ** sig) { const unsigned char *p; if (data == NULL || len == 0 || sig == NULL) return U2FS_MEMORY_ERROR; p = data; *sig = (u2fs_ECDSA_t *) d2i_ECDSA_SIG(NULL, &p, len); if (*sig == NULL) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } return U2FS_CRYPTO_ERROR; } return U2FS_OK; }
/** * Fetch OpenSSL error code and generate a string interpretation of it. * * @param[out] buf buffer to put string into * @param[in] buflen size of buffer * * @returns buf **/ gchar * z_ssl_get_error_str(gchar *buf, int buflen) { const char *ls, *fs, *rs; unsigned long e, l, f, r; unsigned long new_error = 0; gint count = -1; do { e = new_error; new_error= ERR_get_error(); ++count; } while (new_error); l = ERR_GET_LIB(e); f = ERR_GET_FUNC(e); r = ERR_GET_REASON(e); ls = ERR_lib_error_string(e); fs = ERR_func_error_string(e); rs = ERR_reason_error_string(e); if (count) g_snprintf(buf, buflen, "error:%08lX:%s:lib(%lu):%s:func(%lu):%s:reason(%lu), supressed %d messages", e, ls ? ls : "(null)", l, fs ? fs : "(null)", f, rs ? rs : "(null)", r, count); else g_snprintf(buf, buflen, "error:%08lX:%s:lib(%lu):%s:func(%lu):%s:reason(%lu)", e, ls ? ls : "(null)", l, fs ? fs : "(null)", f, rs ? rs : "(null)", r); return buf; }
u2fs_rc decode_X509(const unsigned char *data, size_t len, u2fs_X509_t ** cert) { const unsigned char *p; if (data == NULL || len == 0 || cert == NULL) return U2FS_MEMORY_ERROR; p = data; //Always set 1st param to NULL as per http://www.tedunangst.com/flak/post/analysis-of-d2i-X509-reuse *cert = (u2fs_X509_t *) d2i_X509(NULL, &p, len); if (*cert == NULL) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } return U2FS_CRYPTO_ERROR; } return U2FS_OK; }
/* LCOV_EXCL_START */ static PyObject * _setException(PyObject *exc) { unsigned long errcode; const char *lib, *func, *reason; errcode = ERR_peek_last_error(); if (!errcode) { PyErr_SetString(exc, "unknown reasons"); return NULL; } ERR_clear_error(); lib = ERR_lib_error_string(errcode); func = ERR_func_error_string(errcode); reason = ERR_reason_error_string(errcode); if (lib && func) { PyErr_Format(exc, "[%s: %s] %s", lib, func, reason); } else if (lib) { PyErr_Format(exc, "[%s] %s", lib, reason); } else { PyErr_SetString(exc, reason); } return NULL; }
SSLGeneric::SSLGeneric(){ #ifdef USE_EMBEDDED_CLASSNAMES setClassName((char *)__xvr2_Net_SSLGeneric); #endif //description = (char *)_desc_SSLGeneric; description = (char *)ERR_lib_error_string(ERR_get_error()); }
SSLContextCreation::SSLContextCreation(){ #ifdef USE_EMBEDDED_CLASSNAMES setClassName((char *)__xvr2_Net_SSLContextCreation); #endif //description = _desc_SSLContextCreation; description = (char *)ERR_lib_error_string(ERR_get_error()); }
static LUA_FUNCTION(openssl_error_string) { unsigned long val; int clear, ret = 0; if (lua_isnumber(L, 1)) { val = (unsigned long)lua_tonumber(L, 1); clear = lua_toboolean(L, 2); } else { val = ERR_get_error(); clear = lua_toboolean(L, 1); } if (val) { lua_pushinteger(L, val); lua_pushstring (L, ERR_reason_error_string(val)); lua_pushstring (L, ERR_lib_error_string (val)); lua_pushstring (L, ERR_func_error_string (val)); #ifdef ERR_FATAL_ERROR lua_pushboolean(L, ERR_FATAL_ERROR (val)); ret = 5; #else ret = 4; #endif } if (clear) ERR_clear_error(); return ret; }
u2fs_rc extract_EC_KEY_from_X509(const u2fs_X509_t * cert, u2fs_EC_KEY_t ** key) { if (cert == NULL || key == NULL) return U2FS_MEMORY_ERROR; EVP_PKEY *pkey = X509_get_pubkey((X509 *) cert); if (pkey == NULL) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } return U2FS_CRYPTO_ERROR; } *key = (u2fs_EC_KEY_t *) EVP_PKEY_get1_EC_KEY(pkey); EVP_PKEY_free(pkey); pkey = NULL; if (*key == NULL) { if (debug) { unsigned long err = 0; err = ERR_get_error(); fprintf(stderr, "Error: %s, %s, %s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); } return U2FS_CRYPTO_ERROR; } EC_GROUP *ecg = EC_GROUP_new_by_curve_name(NID_X9_62_prime256v1); EC_KEY_set_asn1_flag((EC_KEY *) * key, OPENSSL_EC_NAMED_CURVE); EC_KEY_set_group((EC_KEY *) * key, ecg); EC_GROUP_free(ecg); ecg = NULL; return U2FS_OK; }
static void ssl_print_error_queue(const char *msg) { unsigned long sslcode = ERR_get_error(); do { yell("--- %s: SSL error: %s:%s:%s", msg, ERR_lib_error_string(sslcode), ERR_func_error_string(sslcode), ERR_reason_error_string(sslcode)); Debug(DB_SSL, "%s: SSL error: %s:%s:%s", msg, ERR_lib_error_string(sslcode), ERR_func_error_string(sslcode), ERR_reason_error_string(sslcode)); } while ((sslcode = ERR_get_error())); }
static void print_err(int val) { int err; while ((err = ERR_get_error())) { const char *msg = (const char*)ERR_reason_error_string(err); const char *lib = (const char*)ERR_lib_error_string(err); const char *func = (const char*)ERR_func_error_string(err); } }
static DskIOResult dsk_ssl_sink_write (DskOctetSink *sink, unsigned max_len, const void *data_out, unsigned *n_written_out, DskError **error) { DskSslStream *stream = DSK_SSL_STREAM (sink->stream); if (stream->handshaking) return DSK_IO_RESULT_AGAIN; int rv = SSL_write (stream->ssl, data_out, max_len); if (rv > 0) { *n_written_out = rv; return DSK_IO_RESULT_SUCCESS; } if (rv == 0) { //dsk_set_error (error, "connection closed"); return DSK_IO_RESULT_EOF; } stream->read_needed_to_write = 0; switch (rv) { switch (SSL_get_error (stream->ssl, rv)) { case SSL_ERROR_WANT_READ: stream->read_needed_to_write = 1; dsk_ssl_stream_update_traps (stream); return DSK_IO_RESULT_AGAIN; case SSL_ERROR_WANT_WRITE: dsk_ssl_stream_update_traps (stream); return DSK_IO_RESULT_AGAIN; case SSL_ERROR_SYSCALL: dsk_set_error (error, "Gsk-BIO interface had problems writing"); break; case SSL_ERROR_NONE: dsk_set_error (error, "error writing to ssl stream, but error code set to none"); break; default: { unsigned long l; l = ERR_peek_error(); dsk_set_error (error, "error writing to ssl stream [in the '%s' library]: %s: %s [is-client=%d]", ERR_lib_error_string(l), ERR_func_error_string(l), ERR_reason_error_string(l), stream->is_client); break; } } } return DSK_IO_RESULT_ERROR; }
static gssize log_transport_tls_read_method(LogTransport *s, gpointer buf, gsize buflen, LogTransportAuxData *aux) { LogTransportTLS *self = (LogTransportTLS *) s; gint ssl_error; gint rc; /* assume that we need to poll our input for reading unless * SSL_ERROR_WANT_WRITE is specified by libssl */ self->super.cond = G_IO_IN; do { rc = SSL_read(self->tls_session->ssl, buf, buflen); if (rc < 0) { ssl_error = SSL_get_error(self->tls_session->ssl, rc); switch (ssl_error) { case SSL_ERROR_WANT_READ: errno = EAGAIN; break; case SSL_ERROR_WANT_WRITE: /* although we are writing this fd, libssl wants to write. This * happens during renegotiation for example */ self->super.cond = G_IO_OUT; errno = EAGAIN; break; case SSL_ERROR_SYSCALL: /* errno is set accordingly */ break; default: goto tls_error; } } } while (rc == -1 && errno == EINTR); return rc; tls_error: ssl_error = ERR_get_error(); msg_error("SSL error while reading stream", evt_tag_printf("tls_error", "%s:%s:%s", ERR_lib_error_string(ssl_error), ERR_func_error_string(ssl_error), ERR_reason_error_string(ssl_error)), NULL); ERR_clear_error(); errno = ECONNRESET; return -1; }
void ERR_error_string_n(unsigned long e, char *buf, size_t len) { char lsbuf[64], fsbuf[64], rsbuf[64]; const char *ls, *fs, *rs; unsigned long l, f, r; if (len == 0) return; l = ERR_GET_LIB(e); f = ERR_GET_FUNC(e); r = ERR_GET_REASON(e); ls = ERR_lib_error_string(e); fs = ERR_func_error_string(e); rs = ERR_reason_error_string(e); if (ls == NULL) BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); if (fs == NULL) BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); if (rs == NULL) BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls ? ls : lsbuf, fs ? fs : fsbuf, rs ? rs : rsbuf); if (strlen(buf) == len - 1) { /* * output may be truncated; make sure we always have 5 * colon-separated fields, i.e. 4 colons ... */ #define NUM_COLONS 4 if (len > NUM_COLONS) { /* ... if possible */ int i; char *s = buf; for (i = 0; i < NUM_COLONS; i++) { char *colon = strchr(s, ':'); if (colon == NULL || colon > &buf[len - 1] - NUM_COLONS + i) { /* * set colon no. i at last possible position (buf[len-1] * is the terminating 0) */ colon = &buf[len - 1] - NUM_COLONS + i; *colon = ':'; } s = colon + 1; } } } }
static void print_err(int val) { int err; printf("Error was %d\n", val); while ((err = ERR_get_error())) { const char *msg = (const char*)ERR_reason_error_string(err); const char *lib = (const char*)ERR_lib_error_string(err); const char *func = (const char*)ERR_func_error_string(err); printf("%s in %s %s\n", msg, lib, func); } }
static void event_error_handler(struct bufferevent *bev, short what, void *ctx) { struct bufferevent *partner = NULL; ssh_session_t *session = ctx; if(session == NULL || session->owner_ptr == NULL) { trace_err("ERROR: ....................."); } else { partner= session->owner_ptr; } if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) { if (what & BEV_EVENT_ERROR) { unsigned long err; while ((err = (bufferevent_get_openssl_error(bev)))) { const char *msg = (const char*)ERR_reason_error_string(err); const char *lib = (const char*)ERR_lib_error_string(err); const char *func = (const char*)ERR_func_error_string(err); fprintf(stderr, "%s in %s %s\n", msg, lib, func); } if (errno) { trace_err("connection error"); } } if (partner) { /* Flush all pending data */ data_read_handler(bev, ctx); if (evbuffer_get_length(bufferevent_get_output(partner))) { /* We still have to flush data from the other * side, but when that's done, close the other * side. */ bufferevent_setcb(partner, NULL, close_on_finished_writecb, event_error_handler, NULL); bufferevent_disable(partner, EV_READ); } else { /* We have nothing left to say to the other * side; close it. */ bufferevent_free(partner); ssh_log(session, "\"%s:closed\"", SESSION_TYPE(session)); } } bufferevent_free(bev); } }
bool parcSelfSignedCertificate_CreateRSACertificate(const char *subjectname, unsigned keylength, unsigned validityDays, X509 *cert, RSA *rsa, EVP_PKEY *private_key) { int res; bool return_value = false; BIGNUM *pub_exp; pub_exp = BN_new(); BN_set_word(pub_exp, RSA_F4); res = 1; if (RSA_generate_key_ex(rsa, keylength, pub_exp, NULL)) { if (EVP_PKEY_set1_RSA(private_key, rsa)) { if (X509_set_version(cert, 2)) { // 2 => X509v3 return_value = true; } } } if (return_value) { // add serial number if (_addRandomSerial(cert) == true) { if (_addValidityPeriod(cert, validityDays) == true) { if (X509_set_pubkey(cert, private_key) == 1) { if (_addSubjectName(cert, subjectname) == true) { if (_addExtensions(cert) == true) { if (_addKeyIdentifier(cert) == true) { // The certificate is complete, sign it. if (X509_sign(cert, private_key, EVP_sha256())) { return_value = true; } else { printf("error: (%d) %s\n", res, ERR_lib_error_string(res)); } } } } } } } } ERR_print_errors_fp(stdout); BN_free(pub_exp); return return_value; }
static void eventcb(struct bufferevent *bev, short what, void *ctx) { struct bufferevent *partner = ctx; if (what & (BEV_EVENT_EOF|BEV_EVENT_ERROR)) { if (what & BEV_EVENT_ERROR) { unsigned long err; while ((err = (bufferevent_get_openssl_error(bev)))) { const char *msg = (const char*) ERR_reason_error_string(err); const char *lib = (const char*) ERR_lib_error_string(err); const char *func = (const char*) ERR_func_error_string(err); fprintf(stderr, "%s in %s %s\n", msg, lib, func); } if (errno) perror("connection error"); } if (partner) { /* Flush all pending data */ readcb(bev, ctx); if (evbuffer_get_length( bufferevent_get_output(partner))) { /* We still have to flush data from the other * side, but when that's done, close the other * side. */ bufferevent_setcb(partner, NULL, close_on_finished_writecb, eventcb, NULL); bufferevent_disable(partner, EV_READ); } else { /* We have nothing left to say to the other * side; close it. */ bufferevent_free(partner); } } bufferevent_free(bev); } }
/* XXXX copied from crypto.c */ static void crypto_log_errors(int severity, const char *doing) { unsigned long err; const char *msg, *lib, *func; while ((err = ERR_get_error()) != 0) { msg = (const char*)ERR_reason_error_string(err); lib = (const char*)ERR_lib_error_string(err); func = (const char*)ERR_func_error_string(err); if (!msg) msg = "(null)"; if (!lib) lib = "(null)"; if (!func) func = "(null)"; if (doing) { log(severity, LD_CRYPTO, "crypto error while %s: %s (in %s:%s)", doing, msg, lib, func); } else { log(severity, LD_CRYPTO, "crypto error: %s (in %s:%s)", msg, lib, func); } } }
/* Load certificate and private key */ static void tls_certkey(SSL *_tls) { int ret, ret2; if(!_tls) { TLSERROR("Certificate cannot be loaded."); return; } if((!_key) || (!_cert) || (!_callback)) { printf("WARNING: certificates are disabled!\n"); return; } SSL_CTX_set_default_passwd_cb(_tlsctx, _callback); /*ret = SSL_CTX_load_verify_locations(_tlsctx, "/usr/lib/ssl/cacert.pem", NULL); if(ret != 1) { TLSERROR("Couldn't load root CA file!"); ret2 = ERR_get_error(); printf("EXT: %s\n%s\n%s\n%s\n%s\n", tls_exterror(_tls, ret), ERR_error_string(ret2, NULL), ERR_lib_error_string(ret2), ERR_func_error_string(ret2), ERR_reason_error_string(ret2)); }*/ ret = SSL_use_RSAPrivateKey_file(_tls, _key, SSL_FILETYPE_PEM); if(ret != 1) { TLSERROR("Error loading TLS PEM private key."); ret2 = ERR_get_error(); printf("EXT: %s\n%s\n%s\n%s\n%s\n", tls_exterror(_tls, ret), ERR_error_string(ret2, NULL), ERR_lib_error_string(ret2), ERR_func_error_string(ret2), ERR_reason_error_string(ret2)); } ret = SSL_use_certificate_file(_tls, _cert, SSL_FILETYPE_PEM); if(ret != 1) TLSERROR("Error loading TLS PEM certificate."); ret = SSL_check_private_key(_tls); if(!ret) TLSERROR("Private key doesn't match certificate public key."); printf("*** certificate loaded ***\n"); }
/* BAD for multi-threaded, uses a local buffer if ret == NULL */ char *ERR_error_string(unsigned long e, char *ret) { #ifdef NO_ERR if(ret != NULL) { strcpy(ret, "No Error String Info."); } return "No Error String info."; #else static char buf[256]; const char *ls,*fs,*rs; unsigned long l,f,r; int i; l=ERR_GET_LIB(e); f=ERR_GET_FUNC(e); r=ERR_GET_REASON(e); ls=ERR_lib_error_string(e); fs=ERR_func_error_string(e); rs=ERR_reason_error_string(e); if (ret == NULL) ret=buf; sprintf(&(ret[0]),"error:%08lX:",e); i=strlen(ret); if (ls == NULL) sprintf(&(ret[i]),":lib(%lu) ",l); else sprintf(&(ret[i]),"%s",ls); i=strlen(ret); if (fs == NULL) sprintf(&(ret[i]),":func(%lu) ",f); else sprintf(&(ret[i]),":%s",fs); i=strlen(ret); if (rs == NULL) sprintf(&(ret[i]),":reason(%lu)",r); else sprintf(&(ret[i]),":%s",rs); return(ret); #endif }
/** Log TLS error(s). * * Log the TLS error specified by the error code @a e and all the errors in * the queue. The error code @a e implies no error, and it is not logged. */ static void tls_log_errors(unsigned level, char const *s, unsigned long e) { if (e == 0) e = ERR_get_error(); if (!tport_log->log_init) su_log_init(tport_log); if (s == NULL) s = "tls"; for (; e != 0; e = ERR_get_error()) { if (level <= tport_log->log_level) { const char *error = ERR_lib_error_string(e); const char *func = ERR_func_error_string(e); const char *reason = ERR_reason_error_string(e); su_llog(tport_log, level, "%s: %08lx:%s:%s:%s\n", s, e, error, func, reason); } } }
/** Log all pending tls errors at level <b>severity</b>. Use * <b>doing</b> to describe our current activities. */ static void tls_log_errors(tor_tls_t *tls, int severity, const char *doing) { unsigned long err; const char *msg, *lib, *func, *addr; addr = tls ? tls->address : NULL; while ((err = ERR_get_error()) != 0) { msg = (const char*)ERR_reason_error_string(err); lib = (const char*)ERR_lib_error_string(err); func = (const char*)ERR_func_error_string(err); if (!msg) msg = "(null)"; if (doing) { log(severity, LD_NET, "TLS error while %s%s%s: %s (in %s:%s)", doing, addr?" with ":"", addr?addr:"", msg, lib, func); } else { log(severity, LD_NET, "TLS error%s%s: %s (in %s:%s)", addr?" with ":"", addr?addr:"", msg, lib, func); } } }
UtlBoolean OsEncryption::openSslError(void) { #if defined(OSENCRYPTION) unsigned long err = ERR_get_error(); if (err != 0) { ERR_load_crypto_strings(); ERR_load_ERR_strings(); char errbuff[256]; errbuff[0] = 0; ERR_error_string_n(err, errbuff, sizeof(errbuff)); osPrintf("OpenSLL ERROR:\n\tlib:%s\n\tfunction:%s\n\treason:%s\n", ERR_lib_error_string(err), ERR_func_error_string(err), ERR_reason_error_string(err)); ERR_free_strings(); return TRUE; } #endif return FALSE; }
void ERR_error_string_n(unsigned long e, char *buf, size_t len) { char lsbuf[64], fsbuf[64], rsbuf[64]; const char *ls, *fs, *rs; unsigned long l, f, r; if (len == 0) return; l = ERR_GET_LIB(e); ls = ERR_lib_error_string(e); if (ls == NULL) { BIO_snprintf(lsbuf, sizeof(lsbuf), "lib(%lu)", l); ls = lsbuf; } fs = ERR_func_error_string(e); f = ERR_GET_FUNC(e); if (fs == NULL) { BIO_snprintf(fsbuf, sizeof(fsbuf), "func(%lu)", f); fs = fsbuf; } rs = ERR_reason_error_string(e); r = ERR_GET_REASON(e); if (rs == NULL) { BIO_snprintf(rsbuf, sizeof(rsbuf), "reason(%lu)", r); rs = rsbuf; } BIO_snprintf(buf, len, "error:%08lX:%s:%s:%s", e, ls, fs, rs); if (strlen(buf) == len - 1) { /* Didn't fit; use a minimal format. */ BIO_snprintf(buf, len, "err:%lx:%lx:%lx:%lx", e, l, f, r); } }
/*============================================================================ * OpcUa_P_OpenSSL_RSA_Private_Decrypt *===========================================================================*/ OpcUa_StatusCode OpcUa_P_OpenSSL_RSA_Private_Decrypt( OpcUa_CryptoProvider* a_pProvider, OpcUa_Byte* a_pCipherText, OpcUa_UInt32 a_cipherTextLen, OpcUa_Key* a_privateKey, OpcUa_Int16 a_padding, OpcUa_Byte* a_pPlainText, OpcUa_UInt32* a_pPlainTextLen) { EVP_PKEY* pPrivateKey = OpcUa_Null; OpcUa_UInt32 keySize = 0; OpcUa_Int32 decryptedBytes = 0; OpcUa_UInt32 iCipherText = 0; /* OpcUa_UInt32 iPlainTextLen = 0; */ OpcUa_UInt32 decDataSize = 0; const char* sError = OpcUa_Null; const unsigned char *pData; OpcUa_InitializeStatus(OpcUa_Module_P_OpenSSL, "RSA_Private_Decrypt"); OpcUa_ReferenceParameter(a_pProvider); OpcUa_ReturnErrorIfArgumentNull(a_pCipherText); OpcUa_ReturnErrorIfArgumentNull(a_privateKey); OpcUa_ReturnErrorIfArgumentNull(a_privateKey->Key.Data); OpcUa_ReturnErrorIfArgumentNull(a_pPlainTextLen); *a_pPlainTextLen = 0; if(a_privateKey->Type != OpcUa_Crypto_KeyType_Rsa_Private) { OpcUa_GotoErrorWithStatus(OpcUa_BadInvalidArgument); } pData = a_privateKey->Key.Data; pPrivateKey = d2i_PrivateKey(EVP_PKEY_RSA,OpcUa_Null, &pData, a_privateKey->Key.Length); if (pPrivateKey == OpcUa_Null) { long lErr = ERR_get_error(); char *szErr = ERR_error_string(lErr, 0); OpcUa_ReferenceParameter(szErr); return OpcUa_BadInvalidArgument; } keySize = RSA_size(pPrivateKey->pkey.rsa); if((a_cipherTextLen%keySize) != 0) { uStatus = OpcUa_BadInvalidArgument; OpcUa_GotoError; } /* check padding type */ switch(a_padding) { case RSA_PKCS1_PADDING: { decDataSize = keySize - 11; break; } case RSA_PKCS1_OAEP_PADDING: { decDataSize = keySize - 42; break; } case RSA_NO_PADDING: { decDataSize = keySize; break; } default: { OpcUa_GotoErrorWithStatus(OpcUa_BadNotSupported); } } while(iCipherText < a_cipherTextLen) { if(a_pPlainText != OpcUa_Null) { decryptedBytes = RSA_private_decrypt( keySize, /* how much to decrypt */ a_pCipherText + iCipherText, /* what to decrypt */ a_pPlainText + (*a_pPlainTextLen), /* where to decrypt */ pPrivateKey->pkey.rsa, /* private key */ a_padding); /* padding mode */ /* goto error block, if decryption fails */ if(decryptedBytes == -1) { /* const char* serror = NULL; */ unsigned long error = ERR_get_error(); ERR_load_crypto_strings(); sError = ERR_reason_error_string(error); sError = ERR_func_error_string(error); sError = ERR_lib_error_string(error); uStatus = OpcUa_Bad; OpcUa_GotoError; } } else { decryptedBytes = decDataSize; } *a_pPlainTextLen = *a_pPlainTextLen + decryptedBytes; iCipherText = iCipherText + keySize; } EVP_PKEY_free(pPrivateKey); OpcUa_ReturnStatusCode; OpcUa_BeginErrorHandling; if(pPrivateKey != OpcUa_Null) { EVP_PKEY_free(pPrivateKey); } *a_pPlainTextLen = (OpcUa_UInt32)-1; OpcUa_FinishErrorHandling; }