2 * Copyright (c) 2016 Samsung Electronics Co., Ltd All Rights Reserved
4 * Contact: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
6 * Licensed under the Apache License, Version 2.0 (the "License");
7 * you may not use this file except in compliance with the License.
8 * You may obtain a copy of the License at
10 * http://www.apache.org/licenses/LICENSE-2.0
12 * Unless required by applicable law or agreed to in writing, software
13 * distributed under the License is distributed on an "AS IS" BASIS,
14 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15 * See the License for the specific language governing permissions and
16 * limitations under the License
27 #include <openssl/err.h>
28 #include <openssl/pem.h>
29 #include <openssl/pkcs12.h>
30 #include <openssl/dsa.h>
32 #include <yaca_error.h>
37 // TODO any better idea than to use __thread?
38 static __thread yaca_error_cb error_cb = NULL;
39 static bool error_strings_loaded = false;
40 static const int GENERIC_REASON_MAX = 99;
42 API void yaca_debug_set_error_cb(yaca_error_cb fn)
47 #define ERRORDESCRIBE(name) case name: return #name
48 API const char *yaca_debug_translate_error(yaca_error_e err)
51 ERRORDESCRIBE(YACA_ERROR_NONE);
52 ERRORDESCRIBE(YACA_ERROR_INVALID_PARAMETER);
53 ERRORDESCRIBE(YACA_ERROR_OUT_OF_MEMORY);
54 ERRORDESCRIBE(YACA_ERROR_INTERNAL);
55 ERRORDESCRIBE(YACA_ERROR_DATA_MISMATCH);
56 ERRORDESCRIBE(YACA_ERROR_INVALID_PASSWORD);
57 default: return "Error not defined";
62 void error_dump(const char *file, int line, const char *function, int code)
64 if (error_cb == NULL) {
69 static const size_t BUF_SIZE = 512;
70 static const char ELLIPSIS[] = "...\n";
71 static const size_t ELLIPSIS_SIZE = sizeof(ELLIPSIS) / sizeof(ELLIPSIS[0]);
75 const char *err_str = yaca_debug_translate_error(code);
76 const char *sign = "";
83 written = snprintf(buf, BUF_SIZE, "%s:%d %s() API error: %s0x%02X (%s)\n", file,
84 line, function, sign, code, err_str);
86 while ((err = ERR_get_error()) != 0 && written < BUF_SIZE - 1) {
87 if (!error_strings_loaded) {
89 * This function is thread-safe as long as static locks are
90 * installed according to doc so calling it twice won't break
91 * anything and I don't want to use synchronization mechanisms
94 ERR_load_crypto_strings();
95 error_strings_loaded = true;
98 ERR_error_string_n(err, buf + written, BUF_SIZE - written);
99 written = strlen(buf); /* I trust you, openssl */
100 if (written < BUF_SIZE - 1) {
106 if (written >= BUF_SIZE - 1) {
107 strncpy(buf + BUF_SIZE - ELLIPSIS_SIZE, ELLIPSIS, ELLIPSIS_SIZE);
108 written = BUF_SIZE - 1;
116 int error_handle(const char *file, int line, const char *function)
118 int ret = YACA_ERROR_NONE;
119 unsigned long err = ERR_peek_error();
122 return YACA_ERROR_INTERNAL;
126 #if OPENSSL_VERSION_NUMBER > 0x10100000L
127 case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
128 case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
129 #else /* OPENSSL_VERSION_NUMBER > 0x10100000L */
130 case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS):
131 case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
132 case ERR_PACK(ERR_LIB_RSA, RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN):
133 #endif /* OPENSSL_VERSION_NUMBER > 0x10100000L */
134 case ERR_PACK(ERR_LIB_RSA, RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL):
135 case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_COMMAND_NOT_SUPPORTED):
136 case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO, PEM_R_NO_START_LINE):
137 case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_D2I_READ_BIO, ASN1_R_NOT_ENOUGH_DATA):
138 case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_ENCRYPTFINAL_EX, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
139 case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_DATA_NOT_MULTIPLE_OF_BLOCK_LENGTH):
140 case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_WRONG_FINAL_BLOCK_LENGTH):
141 case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_PKEY_DERIVE_SET_PEER, EVP_R_DIFFERENT_PARAMETERS):
142 ret = YACA_ERROR_INVALID_PARAMETER;
144 case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_TOO_LONG):
145 case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_GET_OBJECT, ASN1_R_HEADER_TOO_LONG):
146 case ERR_PACK(ERR_LIB_ASN1, ASN1_F_ASN1_CHECK_TLEN, ASN1_R_WRONG_TAG):
148 bool found_crypto_error = false;
150 while ((err = ERR_get_error()) != 0)
151 if (err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_ITEM_DECRYPT_D2I, PKCS12_R_DECODE_ERROR) ||
152 err == ERR_PACK(ERR_LIB_PKCS12, PKCS12_F_PKCS12_PBE_CRYPT, PKCS12_R_PKCS12_CIPHERFINAL_ERROR) ||
153 err == ERR_PACK(ERR_LIB_DSA, DSA_F_OLD_DSA_PRIV_DECODE, ERR_R_DSA_LIB) ||
154 err == ERR_PACK(ERR_LIB_RSA, RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB)) {
155 found_crypto_error = true;
159 if (found_crypto_error)
160 ret = YACA_ERROR_INVALID_PASSWORD;
162 ret = YACA_ERROR_INVALID_PARAMETER;
166 case ERR_PACK(ERR_LIB_EVP, EVP_F_EVP_DECRYPTFINAL_EX, EVP_R_BAD_DECRYPT):
167 case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_DECRYPT):
168 case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_DO_HEADER, PEM_R_BAD_PASSWORD_READ):
169 case ERR_PACK(ERR_LIB_PEM, PEM_F_PEM_READ_BIO_PRIVATEKEY, PEM_R_BAD_PASSWORD_READ):
170 case ERR_PACK(ERR_LIB_PEM, PEM_F_D2I_PKCS8PRIVATEKEY_BIO, PEM_R_BAD_PASSWORD_READ):
171 ret = YACA_ERROR_INVALID_PASSWORD;
175 /* known rsa padding errors */
176 if (ret == YACA_ERROR_NONE && ERR_GET_LIB(err) == ERR_LIB_RSA) {
177 switch (ERR_GET_FUNC(err)) {
178 case RSA_F_RSA_PADDING_CHECK_NONE:
179 case RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP:
180 case RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1:
181 case RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1:
182 case RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2:
183 case RSA_F_RSA_PADDING_CHECK_SSLV23:
184 case RSA_F_RSA_PADDING_CHECK_X931:
185 case RSA_F_RSA_PADDING_ADD_NONE:
186 case RSA_F_RSA_PADDING_ADD_PKCS1_OAEP:
187 case RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1:
188 case RSA_F_RSA_PADDING_ADD_PKCS1_PSS:
189 case RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1:
190 case RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1:
191 case RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2:
192 case RSA_F_RSA_PADDING_ADD_SSLV23:
193 case RSA_F_RSA_PADDING_ADD_X931:
194 ret = YACA_ERROR_INVALID_PARAMETER;
200 int reason = ERR_GET_REASON(err);
201 if (ret == YACA_ERROR_NONE && reason <= GENERIC_REASON_MAX && (err & ERR_R_FATAL) > 0) {
203 case ERR_R_MALLOC_FAILURE:
204 ret = YACA_ERROR_OUT_OF_MEMORY;
206 case ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED:
207 case ERR_R_PASSED_NULL_PARAMETER:
208 ret = YACA_ERROR_INVALID_PARAMETER;
210 case ERR_R_INTERNAL_ERROR:
212 ret = YACA_ERROR_INTERNAL;
217 /* neither known nor fatal, unknown */
218 if (ret == YACA_ERROR_NONE) {
219 error_dump(file, line, function, YACA_ERROR_INTERNAL);
220 ret = YACA_ERROR_INTERNAL;
223 /* remove all errors from queue */