From ffca24bed7a03d95585ad02278667abe75d8b272 Mon Sep 17 00:00:00 2001 From: Alberto Gonzalez Iniesta Date: Tue, 10 May 2016 17:40:25 +0200 Subject: Imported Upstream version 2.3.11 --- src/openvpn/crypto_openssl.c | 51 +++++++++++++++++++++++++++++--------------- 1 file changed, 34 insertions(+), 17 deletions(-) (limited to 'src/openvpn/crypto_openssl.c') diff --git a/src/openvpn/crypto_openssl.c b/src/openvpn/crypto_openssl.c index 4e195ce..c147245 100644 --- a/src/openvpn/crypto_openssl.c +++ b/src/openvpn/crypto_openssl.c @@ -135,13 +135,15 @@ setup_engine (const char *engine) if ((e = ENGINE_by_id (engine)) == NULL && (e = try_load_engine (engine)) == NULL) { - msg (M_FATAL, "OpenSSL error: cannot load engine '%s'", engine); + crypto_msg (M_FATAL, "OpenSSL error: cannot load engine '%s'", + engine); } if (!ENGINE_set_default (e, ENGINE_METHOD_ALL)) { - msg (M_FATAL, "OpenSSL error: ENGINE_set_default failed on engine '%s'", - engine); + crypto_msg (M_FATAL, + "OpenSSL error: ENGINE_set_default failed on engine '%s'", + engine); } msg (M_INFO, "Initializing OpenSSL support for engine '%s'", @@ -230,6 +232,14 @@ crypto_clear_error (void) ERR_clear_error (); } +void +crypto_print_openssl_errors(const unsigned int flags) { + size_t err = 0; + + while ((err = ERR_get_error ())) + msg (flags, "OpenSSL: %s", ERR_error_string (err, NULL)); +} + /* * * OpenSSL memory debugging. If dmalloc debugging is enabled, tell @@ -380,7 +390,7 @@ int rand_bytes(uint8_t *output, int len) { if (unlikely(1 != RAND_bytes (output, len))) { - msg(D_CRYPT_ERRORS, "RAND_bytes() failed"); + crypto_msg(D_CRYPT_ERRORS, "RAND_bytes() failed"); return 0; } return 1; @@ -426,17 +436,20 @@ key_des_check (uint8_t *key, int key_len, int ndc) DES_cblock *dc = (DES_cblock*) buf_read_alloc (&b, sizeof (DES_cblock)); if (!dc) { - msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: insufficient key material"); + crypto_msg (D_CRYPT_ERRORS, + "CRYPTO INFO: check_key_DES: insufficient key material"); goto err; } if (DES_is_weak_key(dc)) { - msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: weak key detected"); + crypto_msg (D_CRYPT_ERRORS, + "CRYPTO INFO: check_key_DES: weak key detected"); goto err; } if (!DES_check_key_parity (dc)) { - msg (D_CRYPT_ERRORS, "CRYPTO INFO: check_key_DES: bad parity detected"); + crypto_msg (D_CRYPT_ERRORS, + "CRYPTO INFO: check_key_DES: bad parity detected"); goto err; } } @@ -485,7 +498,7 @@ cipher_kt_get (const char *ciphername) cipher = EVP_get_cipherbyname (ciphername); if (NULL == cipher) - msg (M_SSLERR, "Cipher algorithm '%s' not found", ciphername); + crypto_msg (M_FATAL, "Cipher algorithm '%s' not found", ciphername); if (EVP_CIPHER_key_length (cipher) > MAX_CIPHER_KEY_LENGTH) msg (M_FATAL, "Cipher algorithm '%s' uses a default key size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum key size (%d bytes)", @@ -569,13 +582,13 @@ cipher_ctx_init (EVP_CIPHER_CTX *ctx, uint8_t *key, int key_len, EVP_CIPHER_CTX_init (ctx); if (!EVP_CipherInit (ctx, kt, NULL, NULL, enc)) - msg (M_SSLERR, "EVP cipher init #1"); + crypto_msg (M_FATAL, "EVP cipher init #1"); #ifdef HAVE_EVP_CIPHER_CTX_SET_KEY_LENGTH if (!EVP_CIPHER_CTX_set_key_length (ctx, key_len)) - msg (M_SSLERR, "EVP set key size"); + crypto_msg (M_FATAL, "EVP set key size"); #endif if (!EVP_CipherInit (ctx, NULL, key, NULL, enc)) - msg (M_SSLERR, "EVP cipher init #2"); + crypto_msg (M_FATAL, "EVP cipher init #2"); /* make sure we used a big enough key */ ASSERT (EVP_CIPHER_CTX_key_length (ctx) <= key_len); @@ -622,7 +635,9 @@ int cipher_ctx_update (EVP_CIPHER_CTX *ctx, uint8_t *dst, int *dst_len, uint8_t *src, int src_len) { - return EVP_CipherUpdate (ctx, dst, dst_len, src, src_len); + if (!EVP_CipherUpdate (ctx, dst, dst_len, src, src_len)) + crypto_msg(M_FATAL, "%s: EVP_CipherUpdate() failed", __func__); + return 1; } int @@ -657,12 +672,14 @@ md_kt_get (const char *digest) ASSERT (digest); md = EVP_get_digestbyname (digest); if (!md) - msg (M_SSLERR, "Message hash algorithm '%s' not found", digest); + crypto_msg (M_FATAL, "Message hash algorithm '%s' not found", digest); if (EVP_MD_size (md) > MAX_HMAC_KEY_LENGTH) - msg (M_FATAL, "Message hash algorithm '%s' uses a default hash size (%d bytes) which is larger than " PACKAGE_NAME "'s current maximum hash size (%d bytes)", - digest, - EVP_MD_size (md), - MAX_HMAC_KEY_LENGTH); + { + crypto_msg (M_FATAL, "Message hash algorithm '%s' uses a default hash " + "size (%d bytes) which is larger than " PACKAGE_NAME "'s current " + "maximum hash size (%d bytes)", + digest, EVP_MD_size (md), MAX_HMAC_KEY_LENGTH); + } return md; } -- cgit v1.2.3