1*3f982cf4SFabien Sanglard // Copyright 2019 The Chromium Authors. All rights reserved.
2*3f982cf4SFabien Sanglard // Use of this source code is governed by a BSD-style license that can be
3*3f982cf4SFabien Sanglard // found in the LICENSE file.
4*3f982cf4SFabien Sanglard
5*3f982cf4SFabien Sanglard #include "util/crypto/openssl_util.h"
6*3f982cf4SFabien Sanglard
7*3f982cf4SFabien Sanglard #include <openssl/crypto.h>
8*3f982cf4SFabien Sanglard #include <openssl/err.h>
9*3f982cf4SFabien Sanglard #include <openssl/ssl.h>
10*3f982cf4SFabien Sanglard #include <stddef.h>
11*3f982cf4SFabien Sanglard #include <stdint.h>
12*3f982cf4SFabien Sanglard
13*3f982cf4SFabien Sanglard #include <sstream>
14*3f982cf4SFabien Sanglard #include <string>
15*3f982cf4SFabien Sanglard #include <utility>
16*3f982cf4SFabien Sanglard
17*3f982cf4SFabien Sanglard #include "absl/strings/string_view.h"
18*3f982cf4SFabien Sanglard #include "util/osp_logging.h"
19*3f982cf4SFabien Sanglard
20*3f982cf4SFabien Sanglard namespace openscreen {
21*3f982cf4SFabien Sanglard
22*3f982cf4SFabien Sanglard namespace {
23*3f982cf4SFabien Sanglard
24*3f982cf4SFabien Sanglard // Callback routine for OpenSSL to print error messages. |str| is a
25*3f982cf4SFabien Sanglard // nullptr-terminated string of length |len| containing diagnostic information
26*3f982cf4SFabien Sanglard // such as the library, function and reason for the error, the file and line
27*3f982cf4SFabien Sanglard // where the error originated, plus potentially any context-specific
28*3f982cf4SFabien Sanglard // information about the error. |context| contains a pointer to user-supplied
29*3f982cf4SFabien Sanglard // data, which is currently unused.
30*3f982cf4SFabien Sanglard // If this callback returns a value <= 0, OpenSSL will stop processing the
31*3f982cf4SFabien Sanglard // error queue and return, otherwise it will continue calling this function
32*3f982cf4SFabien Sanglard // until all errors have been removed from the queue.
OpenSSLErrorCallback(const char * str,size_t len,void * context)33*3f982cf4SFabien Sanglard int OpenSSLErrorCallback(const char* str, size_t len, void* context) {
34*3f982cf4SFabien Sanglard OSP_DVLOG << "\t" << absl::string_view(str, len);
35*3f982cf4SFabien Sanglard return 1;
36*3f982cf4SFabien Sanglard }
37*3f982cf4SFabien Sanglard
38*3f982cf4SFabien Sanglard } // namespace
39*3f982cf4SFabien Sanglard
EnsureOpenSSLInit()40*3f982cf4SFabien Sanglard void EnsureOpenSSLInit() {
41*3f982cf4SFabien Sanglard // If SSL fails to initialize, we can't run crypto.
42*3f982cf4SFabien Sanglard OSP_CHECK(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS, nullptr) == 1);
43*3f982cf4SFabien Sanglard }
44*3f982cf4SFabien Sanglard
EnsureOpenSSLCleanup()45*3f982cf4SFabien Sanglard void EnsureOpenSSLCleanup() {
46*3f982cf4SFabien Sanglard EVP_cleanup();
47*3f982cf4SFabien Sanglard }
48*3f982cf4SFabien Sanglard
ClearOpenSSLERRStack(const Location & location)49*3f982cf4SFabien Sanglard void ClearOpenSSLERRStack(const Location& location) {
50*3f982cf4SFabien Sanglard if (OSP_DCHECK_IS_ON()) {
51*3f982cf4SFabien Sanglard uint32_t error_num = ERR_peek_error();
52*3f982cf4SFabien Sanglard if (error_num == 0) {
53*3f982cf4SFabien Sanglard return;
54*3f982cf4SFabien Sanglard }
55*3f982cf4SFabien Sanglard
56*3f982cf4SFabien Sanglard OSP_DVLOG << "OpenSSL ERR_get_error stack from " << location.ToString();
57*3f982cf4SFabien Sanglard ERR_print_errors_cb(&OpenSSLErrorCallback, nullptr);
58*3f982cf4SFabien Sanglard } else {
59*3f982cf4SFabien Sanglard ERR_clear_error();
60*3f982cf4SFabien Sanglard }
61*3f982cf4SFabien Sanglard }
62*3f982cf4SFabien Sanglard
63*3f982cf4SFabien Sanglard // General note about SSL errors. Error messages are pushed to the general
64*3f982cf4SFabien Sanglard // OpenSSL error queue. Call ClearOpenSSLERRStack before calling any
65*3f982cf4SFabien Sanglard // SSL methods.
GetSSLError(const SSL * ssl,int return_code)66*3f982cf4SFabien Sanglard Error GetSSLError(const SSL* ssl, int return_code) {
67*3f982cf4SFabien Sanglard const int error_code = SSL_get_error(ssl, return_code);
68*3f982cf4SFabien Sanglard if (error_code == SSL_ERROR_NONE) {
69*3f982cf4SFabien Sanglard return Error::None();
70*3f982cf4SFabien Sanglard }
71*3f982cf4SFabien Sanglard
72*3f982cf4SFabien Sanglard // Create error message w/ unwind of error stack + original SSL error string.
73*3f982cf4SFabien Sanglard std::stringstream msg;
74*3f982cf4SFabien Sanglard msg << "boringssl error (" << error_code
75*3f982cf4SFabien Sanglard << "): " << SSL_error_description(error_code);
76*3f982cf4SFabien Sanglard while (uint32_t packed_error = ERR_get_error()) {
77*3f982cf4SFabien Sanglard msg << "\nerr stack: " << ERR_reason_error_string(packed_error);
78*3f982cf4SFabien Sanglard }
79*3f982cf4SFabien Sanglard std::string message = msg.str();
80*3f982cf4SFabien Sanglard switch (error_code) {
81*3f982cf4SFabien Sanglard case SSL_ERROR_ZERO_RETURN:
82*3f982cf4SFabien Sanglard return Error(Error::Code::kSocketClosedFailure, std::move(message));
83*3f982cf4SFabien Sanglard
84*3f982cf4SFabien Sanglard case SSL_ERROR_WANT_READ: // fallthrough
85*3f982cf4SFabien Sanglard case SSL_ERROR_WANT_WRITE: // fallthrough
86*3f982cf4SFabien Sanglard case SSL_ERROR_WANT_CONNECT: // fallthrough
87*3f982cf4SFabien Sanglard case SSL_ERROR_WANT_ACCEPT: // fallthrough
88*3f982cf4SFabien Sanglard case SSL_ERROR_WANT_X509_LOOKUP:
89*3f982cf4SFabien Sanglard return Error(Error::Code::kAgain, std::move(message));
90*3f982cf4SFabien Sanglard
91*3f982cf4SFabien Sanglard case SSL_ERROR_SYSCALL: // fallthrough
92*3f982cf4SFabien Sanglard case SSL_ERROR_SSL:
93*3f982cf4SFabien Sanglard return Error(Error::Code::kFatalSSLError, std::move(message));
94*3f982cf4SFabien Sanglard }
95*3f982cf4SFabien Sanglard OSP_NOTREACHED();
96*3f982cf4SFabien Sanglard }
97*3f982cf4SFabien Sanglard } // namespace openscreen
98