1 // Copyright 2019 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "util/crypto/openssl_util.h"
6
7 #include <openssl/crypto.h>
8 #include <openssl/err.h>
9 #include <openssl/ssl.h>
10 #include <stddef.h>
11 #include <stdint.h>
12
13 #include <sstream>
14 #include <string>
15 #include <utility>
16
17 #include "absl/strings/string_view.h"
18 #include "util/osp_logging.h"
19
20 namespace openscreen {
21
22 namespace {
23
24 // Callback routine for OpenSSL to print error messages. |str| is a
25 // nullptr-terminated string of length |len| containing diagnostic information
26 // such as the library, function and reason for the error, the file and line
27 // where the error originated, plus potentially any context-specific
28 // information about the error. |context| contains a pointer to user-supplied
29 // data, which is currently unused.
30 // If this callback returns a value <= 0, OpenSSL will stop processing the
31 // error queue and return, otherwise it will continue calling this function
32 // until all errors have been removed from the queue.
OpenSSLErrorCallback(const char * str,size_t len,void * context)33 int OpenSSLErrorCallback(const char* str, size_t len, void* context) {
34 OSP_DVLOG << "\t" << absl::string_view(str, len);
35 return 1;
36 }
37
38 } // namespace
39
EnsureOpenSSLInit()40 void EnsureOpenSSLInit() {
41 // If SSL fails to initialize, we can't run crypto.
42 OSP_CHECK(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, nullptr) == 1);
43 }
44
EnsureOpenSSLCleanup()45 void EnsureOpenSSLCleanup() {
46 EVP_cleanup();
47 }
48
ClearOpenSSLERRStack(const Location & location)49 void ClearOpenSSLERRStack(const Location& location) {
50 if (OSP_DCHECK_IS_ON()) {
51 uint32_t error_num = ERR_peek_error();
52 if (error_num == 0) {
53 return;
54 }
55
56 OSP_DVLOG << "OpenSSL ERR_get_error stack from " << location.ToString();
57 ERR_print_errors_cb(&OpenSSLErrorCallback, nullptr);
58 } else {
59 ERR_clear_error();
60 }
61 }
62
63 // General note about SSL errors. Error messages are pushed to the general
64 // OpenSSL error queue. Call ClearOpenSSLERRStack before calling any
65 // SSL methods.
GetSSLError(const SSL * ssl,int return_code)66 Error GetSSLError(const SSL* ssl, int return_code) {
67 const int error_code = SSL_get_error(ssl, return_code);
68 if (error_code == SSL_ERROR_NONE) {
69 return Error::None();
70 }
71
72 // Create error message w/ unwind of error stack + original SSL error string.
73 std::stringstream msg;
74 msg << "boringssl error (" << error_code
75 << "): " << SSL_error_description(error_code);
76 while (uint32_t packed_error = ERR_get_error()) {
77 msg << "\nerr stack: " << ERR_reason_error_string(packed_error);
78 }
79 std::string message = msg.str();
80 switch (error_code) {
81 case SSL_ERROR_ZERO_RETURN:
82 return Error(Error::Code::kSocketClosedFailure, std::move(message));
83
84 case SSL_ERROR_WANT_READ: // fallthrough
85 case SSL_ERROR_WANT_WRITE: // fallthrough
86 case SSL_ERROR_WANT_CONNECT: // fallthrough
87 case SSL_ERROR_WANT_ACCEPT: // fallthrough
88 case SSL_ERROR_WANT_X509_LOOKUP:
89 return Error(Error::Code::kAgain, std::move(message));
90
91 case SSL_ERROR_SYSCALL: // fallthrough
92 case SSL_ERROR_SSL:
93 return Error(Error::Code::kFatalSSLError, std::move(message));
94 }
95
96 OSP_NOTREACHED() << "Unknown SSL error occurred. All error cases should "
97 "be covered in the above switch statement. Error code: "
98 << error_code << ", message: " << message;
99 return Error(Error::Code::kUnknownError, std::move(message));
100 }
101 } // namespace openscreen
102