From: Krzysztof Jackiewicz <k.jackiewicz@samsung.com>
Date: Thu, 21 Apr 2016 10:51:54 +0000 (+0200)
Subject: Dump openssl errors after each failure
X-Git-Tag: accepted/tizen/common/20160810.161523~197
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=a943253129d8c399bd7f78dc506cebe01468abed;p=platform%2Fcore%2Fsecurity%2Fyaca.git

Dump openssl errors after each failure

Change-Id: Ie665574073d00e29a451fcd799488efa35023bbb
---

diff --git a/src/crypto.c b/src/crypto.c
index 4cc313f..bfcb358 100644
--- a/src/crypto.c
+++ b/src/crypto.c
@@ -84,12 +84,16 @@ API int yaca_rand_bytes(char *data, size_t data_len)
 		return YACA_ERROR_INVALID_ARGUMENT;
 
 	ret = RAND_bytes((unsigned char *)data, data_len);
-	if (ret == -1)
-		return YACA_ERROR_NOT_SUPPORTED;
 	if (ret == 1)
 		return 0;
 
-	return YACA_ERROR_OPENSSL_FAILURE;
+	if (ret == -1)
+		ret = YACA_ERROR_NOT_SUPPORTED;
+	else
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+
+	ERROR_DUMP(ret);
+	return ret;
 }
 
 API int yaca_ctx_set_param(yaca_ctx_h ctx, yaca_ex_param_e param,
diff --git a/src/digest.c b/src/digest.c
index 2a5f01d..e23f7b5 100644
--- a/src/digest.c
+++ b/src/digest.c
@@ -107,8 +107,10 @@ int digest_get_algorithm(yaca_digest_algo_e algo, const EVP_MD **md)
 		break;
 	}
 
-	if (ret == 0 && *md == NULL)
+	if (ret == 0 && *md == NULL) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
+	}
 
 	return ret;
 }
@@ -137,12 +139,14 @@ API int yaca_digest_init(yaca_ctx_h *ctx, yaca_digest_algo_e algo)
 	nc->mdctx = EVP_MD_CTX_create();
 	if (nc->mdctx == NULL) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto free;
 	}
 
 	ret = EVP_DigestInit(nc->mdctx, md);
 	if (ret != 1) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto ctx;
 	}
 
@@ -166,8 +170,11 @@ API int yaca_digest_update(yaca_ctx_h ctx, const char *data, size_t data_len)
 		return YACA_ERROR_INVALID_ARGUMENT;
 
 	ret = EVP_DigestUpdate(c->mdctx, data, data_len);
-	if (ret != 1)
-		return YACA_ERROR_OPENSSL_FAILURE;
+	if (ret != 1) {
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
+		return ret;
+	}
 
 	return 0;
 }
@@ -185,8 +192,11 @@ API int yaca_digest_final(yaca_ctx_h ctx, char *digest, size_t *digest_len)
 		return YACA_ERROR_INVALID_ARGUMENT;
 
 	ret = EVP_DigestFinal_ex(c->mdctx, (unsigned char*)digest, &len);
-	if (ret != 1)
-		return YACA_ERROR_OPENSSL_FAILURE;
+	if (ret != 1) {
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
+		return ret;
+	}
 
 	*digest_len = len;
 
diff --git a/src/encrypt.c b/src/encrypt.c
index 5aeecf7..a18a05c 100644
--- a/src/encrypt.c
+++ b/src/encrypt.c
@@ -77,8 +77,10 @@ static int get_encrypt_output_length(const yaca_ctx_h ctx, size_t input_len)
 		return YACA_ERROR_INVALID_ARGUMENT;
 
 	block_size = EVP_CIPHER_CTX_block_size(nc->cipher_ctx);
-	if (block_size == 0)
-		return YACA_ERROR_OPENSSL_FAILURE; // TODO: extract openssl error here
+	if (block_size == 0) {
+		ERROR_DUMP(YACA_ERROR_OPENSSL_FAILURE);
+		return YACA_ERROR_OPENSSL_FAILURE;
+	}
 
 	if (input_len > 0)
 		return block_size + input_len - 1;
@@ -155,8 +157,11 @@ int get_encrypt_algorithm(yaca_enc_algo_e algo,
 		return YACA_ERROR_INVALID_ARGUMENT;
 
 	lcipher = EVP_get_cipherbyname(cipher_name);
-	if (lcipher == NULL)
-		return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+	if (lcipher == NULL) {
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
+		return ret;
+	}
 
 	*cipher = lcipher;
 	return 0;
@@ -204,8 +209,11 @@ static int encrypt_init(yaca_ctx_h *ctx,
 		goto err_free;
 
 	ret = EVP_CIPHER_iv_length(cipher);
-	if (ret < 0)
+	if (ret < 0) {
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto err_free;
+	}
 
 	iv_bits = ret * 8;
 	if (iv_bits == 0 && iv != NULL) { /* 0 -> cipher doesn't use iv, but it was provided */
@@ -227,7 +235,8 @@ static int encrypt_init(yaca_ctx_h *ctx,
 
 	nc->cipher_ctx = EVP_CIPHER_CTX_new();
 	if (nc->cipher_ctx == NULL) {
-		ret =  YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+		ret =  YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto err_free;
 	}
 
@@ -248,7 +257,8 @@ static int encrypt_init(yaca_ctx_h *ctx,
 	}
 
 	if (ret != 1) {
-		ret = YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto err_ctx;
 	}
 
@@ -292,8 +302,11 @@ static int encrypt_update(yaca_ctx_h ctx,
 		return YACA_ERROR_INVALID_ARGUMENT;
 	}
 
-	if (ret != 1)
-		return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+	if (ret != 1) {
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
+		return ret;
+	}
 
 	*output_len = loutput_len;
 	return 0;
@@ -325,8 +338,11 @@ static int encrypt_final(yaca_ctx_h ctx,
 		return YACA_ERROR_INVALID_ARGUMENT;
 	}
 
-	if (ret != 1)
-		return YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+	if (ret != 1) {
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
+		return ret;
+	}
 
 	*output_len = loutput_len;
 	return 0;
diff --git a/src/key.c b/src/key.c
index 3fbd596..2debe7d 100644
--- a/src/key.c
+++ b/src/key.c
@@ -110,8 +110,11 @@ API int yaca_key_get_length(const yaca_key_h key)
 
 		// TODO: handle ECC keys when they're implemented
 		ret = EVP_PKEY_bits(evp_key->evp);
-		if (ret <= 0)
-			return YACA_ERROR_OPENSSL_FAILURE;
+		if (ret <= 0) {
+			ret = YACA_ERROR_OPENSSL_FAILURE;
+			ERROR_DUMP(ret);
+			return ret;
+		}
 
 		return ret;
 	}
@@ -288,48 +291,56 @@ API int yaca_key_gen_pair(yaca_key_h *prv_key,
 	bne = BN_new();
 	if (bne == NULL) {
 		ret = YACA_ERROR_OUT_OF_MEMORY;
+		ERROR_DUMP(ret);
 		goto free_pub;
 	}
 
 	ret = BN_set_word(bne, RSA_F4);
 	if (ret != 1) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto free_bne;
 	}
 
 	rsa = RSA_new();
 	if (rsa == NULL) {
-		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ret = YACA_ERROR_OUT_OF_MEMORY;
+		ERROR_DUMP(ret);
 		goto free_bne;
 	}
 
 	ret = RSA_generate_key_ex(rsa, key_bits, bne, NULL);
 	if (ret != 1) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto free_rsa;
 	}
 
 	nk_prv->evp = EVP_PKEY_new();
 	if (nk_prv->evp == NULL) {
 		ret = YACA_ERROR_OUT_OF_MEMORY;
+		ERROR_DUMP(ret);
 		goto free_rsa;
 	}
 
 	nk_pub->evp = EVP_PKEY_new();
 	if (nk_prv->evp == NULL) {
 		ret = YACA_ERROR_OUT_OF_MEMORY;
+		ERROR_DUMP(ret);
 		goto free_evp_prv;
 	}
 
 	ret = EVP_PKEY_assign_RSA(nk_prv->evp, RSAPrivateKey_dup(rsa));
 	if (ret != 1) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto free_evp_pub;
 	}
 
 	ret = EVP_PKEY_assign_RSA(nk_pub->evp, RSAPublicKey_dup(rsa));
 	if (ret != 1) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto free_evp_pub;
 	}
 
@@ -428,7 +439,8 @@ API int yaca_key_derive_pbkdf2(const char *password,
 				salt_len, iter, md, key_byte_len,
 				(unsigned char*)nk->d);
 	if (ret != 1) {
-		ret = YACA_ERROR_OPENSSL_FAILURE; // TODO: yaca_get_error_code_from_openssl(ret);
+		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto err;
 	}
 
diff --git a/src/sign.c b/src/sign.c
index aee4c8c..a77b403 100644
--- a/src/sign.c
+++ b/src/sign.c
@@ -64,12 +64,16 @@ static int get_sign_output_length(const yaca_ctx_h ctx, size_t input_len)
 		return YACA_ERROR_INVALID_ARGUMENT;
 
 	EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(c->mdctx->pctx);
-	if (pkey == NULL)
+	if (pkey == NULL) {
+		ERROR_DUMP(YACA_ERROR_INVALID_ARGUMENT);
 		return YACA_ERROR_INVALID_ARGUMENT;
+	}
 
 	size_t len = EVP_PKEY_size(pkey);
-	if (len <= 0)
+	if (len <= 0) {
+		ERROR_DUMP(YACA_ERROR_INVALID_ARGUMENT);
 		return YACA_ERROR_INVALID_ARGUMENT;
+	}
 
 	return len;
 }
@@ -99,8 +103,10 @@ static int create_sign_pkey(const yaca_key_h key, EVP_PKEY **pkey)
 					     NULL,
 					     (unsigned char *)simple_key->d,
 					     simple_key->bits / 8);
-		if (*pkey == NULL)
+		if (*pkey == NULL) {
+			ERROR_DUMP(YACA_ERROR_OPENSSL_FAILURE);
 			return YACA_ERROR_OPENSSL_FAILURE;
+		}
 
 		return 0;
 	}
@@ -169,16 +175,19 @@ API int yaca_sign_init(yaca_ctx_h *ctx,
 	nc->mdctx = EVP_MD_CTX_create();
 	if (nc->mdctx == NULL) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto free_ctx;
 	}
 
 	ret = EVP_DigestSignInit(nc->mdctx, NULL, md, NULL, pkey);
 	if (ret == -2) {
 		ret = YACA_ERROR_NOT_SUPPORTED;
+		ERROR_DUMP(ret);
 		goto ctx;
 	}
 	if (ret != 1) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto ctx;
 	}
 
@@ -210,12 +219,16 @@ API int yaca_sign_update(yaca_ctx_h ctx,
 		return YACA_ERROR_INVALID_ARGUMENT;
 
 	ret = EVP_DigestSignUpdate(c->mdctx, data, data_len);
+	if (ret == 1)
+		return 0;
+
 	if (ret == -2)
-		return YACA_ERROR_NOT_SUPPORTED;
-	if (ret != 1)
-		return YACA_ERROR_OPENSSL_FAILURE;
+		ret = YACA_ERROR_NOT_SUPPORTED;
+	else
+		ret = YACA_ERROR_OPENSSL_FAILURE;
 
-	return 0;
+	ERROR_DUMP(ret);
+	return ret;
 }
 
 API int yaca_sign_final(yaca_ctx_h ctx,
@@ -230,12 +243,16 @@ API int yaca_sign_final(yaca_ctx_h ctx,
 		return YACA_ERROR_INVALID_ARGUMENT;
 
 	ret = EVP_DigestSignFinal(c->mdctx, (unsigned char *)mac, mac_len);
+	if(ret == 1)
+		return 0;
+
 	if (ret == -2)
-		return YACA_ERROR_NOT_SUPPORTED;
-	if (ret != 1)
-		return YACA_ERROR_OPENSSL_FAILURE;
+		ret = YACA_ERROR_NOT_SUPPORTED;
+	else
+		ret = YACA_ERROR_OPENSSL_FAILURE;
 
-	return 0;
+	ERROR_DUMP(ret);
+	return ret;
 }
 
 API int yaca_verify_init(yaca_ctx_h *ctx,
@@ -289,6 +306,7 @@ API int yaca_verify_init(yaca_ctx_h *ctx,
 	nc->mdctx = EVP_MD_CTX_create();
 	if (nc->mdctx == NULL) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto free_ctx;
 	}
 
@@ -307,10 +325,12 @@ API int yaca_verify_init(yaca_ctx_h *ctx,
 
 	if (ret == -2) {
 		ret = YACA_ERROR_NOT_SUPPORTED;
+		ERROR_DUMP(ret);
 		goto ctx;
 	}
 	if (ret != 1) {
 		ret = YACA_ERROR_OPENSSL_FAILURE;
+		ERROR_DUMP(ret);
 		goto ctx;
 	}
 
@@ -352,12 +372,16 @@ API int yaca_verify_update(yaca_ctx_h ctx,
 		return YACA_ERROR_INVALID_ARGUMENT;
 	}
 
+	if (ret == 1)
+		return 0;
+
 	if (ret == -2)
-		return YACA_ERROR_NOT_SUPPORTED;
-	if (ret != 1)
-		return YACA_ERROR_OPENSSL_FAILURE;
+		ret = YACA_ERROR_NOT_SUPPORTED;
+	else
+		ret = YACA_ERROR_OPENSSL_FAILURE;
 
-	return 0;
+	ERROR_DUMP(ret);
+	return ret;
 }
 
 API int yaca_verify_final(yaca_ctx_h ctx,
@@ -378,28 +402,35 @@ API int yaca_verify_final(yaca_ctx_h ctx,
 		ret = EVP_DigestSignFinal(c->mdctx,
 					  (unsigned char *)mac_cmp,
 					  &mac_cmp_len);
-		if (ret == -2)
-			return YACA_ERROR_NOT_SUPPORTED;
-		if (ret != 1)
-			return YACA_ERROR_OPENSSL_FAILURE;
+		if (ret == 1) {
+			if (mac_len != mac_cmp_len || CRYPTO_memcmp(mac, mac_cmp, mac_len) != 0)
+				return YACA_ERROR_SIGNATURE_INVALID;
+			return 0;
+		}
 
-		if (mac_len != mac_cmp_len ||
-		    CRYPTO_memcmp(mac, mac_cmp, mac_len) != 0)
-			return YACA_ERROR_SIGNATURE_INVALID;
+		if (ret == -2)
+			ret = YACA_ERROR_NOT_SUPPORTED;
+		else
+			ret = YACA_ERROR_OPENSSL_FAILURE;
 
-		return 0;
+		ERROR_DUMP(ret);
+		return ret;
 	case OP_VERIFY_ASYMMETRIC:
 		ret = EVP_DigestVerifyFinal(c->mdctx,
 					    (unsigned char *)mac,
 					    mac_len);
+		if (ret == 1)
+			return 0;
+
 		if (ret == 0)
-			return YACA_ERROR_SIGNATURE_INVALID;
-		if (ret == -2)
-			return YACA_ERROR_NOT_SUPPORTED;
-		if (ret != 1)
-			return YACA_ERROR_OPENSSL_FAILURE;
+			ret = YACA_ERROR_SIGNATURE_INVALID;
+		else if (ret == -2)
+			ret = YACA_ERROR_NOT_SUPPORTED;
+		else
+			ret = YACA_ERROR_OPENSSL_FAILURE;
 
-		return 0;
+		ERROR_DUMP(ret);
+		return ret;
 	default:
 		return YACA_ERROR_INVALID_ARGUMENT;
 	}