openssl: Introduce openssl_perror().

Openssl has a decent error reporting framework, but we only employ
it if get_random_bytes_or_die() fails. This patch abstracts out a
new helper which prints the error string of the earliest error code
from the thread's error queue. We make the helper return -E_OPENSSL
unconditionally as this simplifies callers a bit.

Only get_random_bytes_or_die() calls the new helper for now but
additional callers will be added in subsequent commits.

diff --git a/error.h b/error.h
index 8805c9c7a4c0de6fe958e1523df883ad47effaad..899543ab22d764e9d23e63633b9f06aba4caf5e4 100644 (file)
--- a/error.h
+++ b/error.h
@@ -155,6 +155,7 @@
        PARA_ERROR(OGG_PACKET_IN, "ogg_stream_packetin() failed"), \
        PARA_ERROR(OGG_SYNC, "internal ogg storage overflow"), \
        PARA_ERROR(OPENSSH_PARSE, "could not parse openssh private key"), \
+       PARA_ERROR(OPENSSL, "openssl error"), \
        PARA_ERROR(OPUS_COMMENT, "invalid or corrupted opus comment"), \
        PARA_ERROR(OPUS_DECODE, "opus decode error"), \
        PARA_ERROR(OPUS_HEADER, "invalid opus header"), \

diff --git a/openssl.c b/openssl.c
index e34169499dcc9bfa14560b41d08cf5516465eec1..6dba1b270f5e77fbf285614902ec4e71f95a380e 100644 (file)
--- a/openssl.c
+++ b/openssl.c
@@ -24,15 +24,21 @@ struct asymmetric_key {
        RSA *rsa;
 };
 
+static int openssl_perror(const char *pfx)
+{
+       unsigned long err = ERR_get_error();
+       PARA_ERROR_LOG("%s: \"%s\"\n", pfx, ERR_reason_error_string(err));
+       return -E_OPENSSL;
+}
+
 void get_random_bytes_or_die(unsigned char *buf, int num)
 {
-       unsigned long err;
+       int ret;
 
-       /* RAND_bytes() returns 1 on success, 0 otherwise. */
-       if (RAND_bytes(buf, num) == 1)
+       if (RAND_bytes(buf, num) == 1) /* success */
                return;
-       err = ERR_get_error();
-       PARA_EMERG_LOG("%s\n", ERR_reason_error_string(err));
+       ret = openssl_perror("RAND_bytes");
+       PARA_EMERG_LOG("%s\n", strerror(-ret));
        exit(EXIT_FAILURE);
 }