summaryrefslogtreecommitdiff
path: root/src/openvpn/crypto_openssl.c
diff options
context:
space:
mode:
authorAlberto Gonzalez Iniesta <agi@inittab.org>2016-05-10 17:40:25 +0200
committerAlberto Gonzalez Iniesta <agi@inittab.org>2016-05-10 17:40:25 +0200
commitfd1989a44e8b5f8a1204268c0b831e1215d345c5 (patch)
treeb7953a8e1b3bd31ab9b25ed4a87b66f43cba2007 /src/openvpn/crypto_openssl.c
parent5ed34d2384cae48c45501f30c9e69512fe54b3ec (diff)
parentffca24bed7a03d95585ad02278667abe75d8b272 (diff)
Merge tag 'upstream/2.3.11'
Upstream version 2.3.11
Diffstat (limited to 'src/openvpn/crypto_openssl.c')
-rw-r--r--src/openvpn/crypto_openssl.c51
1 files changed, 34 insertions, 17 deletions
diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c
index 4e195ce..c147245 100644
--- a/src/openvpn/crypto_openssl.c
+++ b/src/openvpn/crypto_openssl.c
@@ -135,13 +135,15 @@ setup_engine (const char *engine)
if ((e = ENGINE_by_id (engine)) == NULL
&& (e = try_load_engine (engine)) == NULL)
{
- msg (M_FATAL, "OpenSSL error: cannot load engine '%s'", engine);
+ crypto_msg (M_FATAL, "OpenSSL error: cannot load engine '%s'",
+ engine);
}
if (!ENGINE_set_default (e, ENGINE_METHOD_ALL))
{
- msg (M_FATAL, "OpenSSL error: ENGINE_set_default failed on engine '%s'",
- engine);
+ crypto_msg (M_FATAL,
+ "OpenSSL error: ENGINE_set_default failed on engine '%s'",
+ engine);
}
msg (M_INFO, "Initializing OpenSSL support for engine '%s'",
@@ -230,6 +232,14 @@ crypto_clear_error (void)
ERR_clear_error ();
}
+void
+crypto_print_openssl_errors(const unsigned int flags) {
+ size_t err = 0;
+
+ while ((err = ERR_get_error ()))
+ msg (flags, "OpenSSL: %s", ERR_error_string (err, NULL));
+}
+
/*
*
* OpenSSL memory debugging. If dmalloc debugging is enabled, tell
@@ -380,7 +390,7 @@ int rand_bytes(uint8_t *output, int len)
{
if (unlikely(1 != RAND_bytes (output, len)))
{
- msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
+ crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed");
return 0;
}
return 1;
@@ -426,17 +436,20 @@ key_des_check (uint8_t *key, int key_len, int ndc)
DES_cblock *dc = (DES_cblock*) buf_read_alloc (&b, sizeof (DES_cblock));
if (!dc)
{
- msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key material");
+ crypto_msg (D_CRYPT_ERRORS,
+ "CRYPTO INFO: check_key_DES: insufficient key material");
goto err;
}
if (DES_is_weak_key(dc))
{
- msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected");
+ crypto_msg (D_CRYPT_ERRORS,
+ "CRYPTO INFO: check_key_DES: weak key detected");
goto err;
}
if (!DES_check_key_parity (dc))
{
- msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: bad parity detected");
+ crypto_msg (D_CRYPT_ERRORS,
+ "CRYPTO INFO: check_key_DES: bad parity detected");
goto err;
}
}
@@ -485,7 +498,7 @@ cipher_kt_get (const char *ciphername)
cipher = EVP_get_cipherbyname (ciphername);
if (NULL == cipher)
- msg (M_SSLERR, "Cipher algorithm '%s' not found", ciphername);
+ crypto_msg (M_FATAL, "Cipher algorithm '%s' not found", ciphername);
if (EVP_CIPHER_key_length (cipher) > MAX_CIPHER_KEY_LENGTH)
msg (M_FATAL, "Cipher algorithm '%s' uses a default key size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum key size (%d bytes)",
@@ -569,13 +582,13 @@ cipher_ctx_init (EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len,
EVP_CIPHER_CTX_init (ctx);
if (!EVP_CipherInit (ctx, kt, NULL, NULL, enc))
- msg (M_SSLERR, "EVP cipher init #1");
+ crypto_msg (M_FATAL, "EVP cipher init #1");
#ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH
if (!EVP_CIPHER_CTX_set_key_length (ctx, key_len))
- msg (M_SSLERR, "EVP set key size");
+ crypto_msg (M_FATAL, "EVP set key size");
#endif
if (!EVP_CipherInit (ctx, NULL, key, NULL, enc))
- msg (M_SSLERR, "EVP cipher init #2");
+ crypto_msg (M_FATAL, "EVP cipher init #2");
/* make sure we used a big enough key */
ASSERT (EVP_CIPHER_CTX_key_length (ctx) <= key_len);
@@ -622,7 +635,9 @@ int
cipher_ctx_update (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len,
uint8_t *src, int src_len)
{
- return EVP_CipherUpdate (ctx, dst, dst_len, src, src_len);
+ if (!EVP_CipherUpdate (ctx, dst, dst_len, src, src_len))
+ crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__);
+ return 1;
}
int
@@ -657,12 +672,14 @@ md_kt_get (const char *digest)
ASSERT (digest);
md = EVP_get_digestbyname (digest);
if (!md)
- msg (M_SSLERR, "Message hash algorithm '%s' not found", digest);
+ crypto_msg (M_FATAL, "Message hash algorithm '%s' not found", digest);
if (EVP_MD_size (md) > MAX_HMAC_KEY_LENGTH)
- msg (M_FATAL, "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum hash size (%d bytes)",
- digest,
- EVP_MD_size (md),
- MAX_HMAC_KEY_LENGTH);
+ {
+ crypto_msg (M_FATAL, "Message hash algorithm '%s' uses a default hash "
+ "size (%d bytes) which is larger than " PACKAGE_NAME "'s current "
+ "maximum hash size (%d bytes)",
+ digest, EVP_MD_size (md), MAX_HMAC_KEY_LENGTH);
+ }
return md;
}