From 6a5b7c55fc65303245e9e54c65ba409da1215343 Mon Sep 17 00:00:00 2001 From: Andre Noll Date: Tue, 2 May 2023 21:16:29 +0200 Subject: [PATCH] openssl: Introduce openssl_perror(). Openssl has a decent error reporting framework, but we only employ it if get_random_bytes_or_die() fails. This patch abstracts out a new helper which prints the error string of the earliest error code from the thread's error queue. We make the helper return -E_OPENSSL unconditionally as this simplifies callers a bit. Only get_random_bytes_or_die() calls the new helper for now but additional callers will be added in subsequent commits. --- error.h | 1 + openssl.c | 16 +++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/error.h b/error.h index 8805c9c7..899543ab 100644 --- a/error.h +++ b/error.h @@ -155,6 +155,7 @@ PARA_ERROR(OGG_PACKET_IN, "ogg_stream_packetin() failed"), \ PARA_ERROR(OGG_SYNC, "internal ogg storage overflow"), \ PARA_ERROR(OPENSSH_PARSE, "could not parse openssh private key"), \ + PARA_ERROR(OPENSSL, "openssl error"), \ PARA_ERROR(OPUS_COMMENT, "invalid or corrupted opus comment"), \ PARA_ERROR(OPUS_DECODE, "opus decode error"), \ PARA_ERROR(OPUS_HEADER, "invalid opus header"), \ diff --git a/openssl.c b/openssl.c index e3416949..6dba1b27 100644 --- a/openssl.c +++ b/openssl.c @@ -24,15 +24,21 @@ struct asymmetric_key { RSA *rsa; }; +static int openssl_perror(const char *pfx) +{ + unsigned long err = ERR_get_error(); + PARA_ERROR_LOG("%s: \"%s\"\n", pfx, ERR_reason_error_string(err)); + return -E_OPENSSL; +} + void get_random_bytes_or_die(unsigned char *buf, int num) { - unsigned long err; + int ret; - /* RAND_bytes() returns 1 on success, 0 otherwise. */ - if (RAND_bytes(buf, num) == 1) + if (RAND_bytes(buf, num) == 1) /* success */ return; - err = ERR_get_error(); - PARA_EMERG_LOG("%s\n", ERR_reason_error_string(err)); + ret = openssl_perror("RAND_bytes"); + PARA_EMERG_LOG("%s\n", strerror(-ret)); exit(EXIT_FAILURE); } -- 2.39.5