From 302f75887e52bbe0ab7a5806335a0a1264323b07 Mon Sep 17 00:00:00 2001 From: Matt Caswell Date: Wed, 10 Feb 2016 15:16:06 +0000 Subject: [PATCH] Attempt to log an error if init failed If init failed we'd like to set an error code to indicate that. But if init failed then when the error system tries to load its strings its going to fail again. We could get into an infinite loop. Therefore we just set a single error the first time around. After that no error is set. Reviewed-by: Rich Salz --- apps/errstr.c | 5 +++++ crypto/async/async.c | 2 -- crypto/cpt_err.c | 5 ++++- crypto/err/err.c | 1 + crypto/init.c | 15 ++++++++++++++- include/openssl/crypto.h | 1 + include/openssl/err.h | 2 +- include/openssl/ssl.h | 1 + ssl/ssl_err.c | 4 +++- ssl/ssl_init.c | 14 +++++++++++++- 10 files changed, 43 insertions(+), 7 deletions(-) diff --git a/apps/errstr.c b/apps/errstr.c index 960815da65..99bb9e9068 100644 --- a/apps/errstr.c +++ b/apps/errstr.c @@ -114,6 +114,11 @@ int errstr_main(int argc, char **argv) if (!opt_ulong(*argv, &l)) ret++; else { + /* We're not really an SSL application so this won't auto-init, but + * we're still interested in SSL error strings + */ + OPENSSL_init_ssl(OPENSSL_INIT_LOAD_SSL_STRINGS + | OPENSSL_INIT_LOAD_CRYPTO_STRINGS, NULL); ERR_error_string_n(l, buf, sizeof buf); BIO_printf(bio_out, "%s\n", buf); } diff --git a/crypto/async/async.c b/crypto/async/async.c index af9da35f99..ebc5ebbe93 100644 --- a/crypto/async/async.c +++ b/crypto/async/async.c @@ -363,11 +363,9 @@ int ASYNC_init_thread(size_t max_size, size_t init_size) } if (!OPENSSL_init_crypto(OPENSSL_INIT_ASYNC, NULL)) { - ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_NOT_INITED); return 0; } if (!ossl_init_thread_start(OPENSSL_INIT_THREAD_ASYNC)) { - ASYNCerr(ASYNC_F_ASYNC_INIT_THREAD, ERR_R_NOT_INITED); return 0; } diff --git a/crypto/cpt_err.c b/crypto/cpt_err.c index 46bd9c82d6..d1e4b33b5c 100644 --- a/crypto/cpt_err.c +++ b/crypto/cpt_err.c @@ -1,5 +1,5 @@ /* ==================================================================== - * Copyright (c) 1999-2015 The OpenSSL Project. All rights reserved. + * Copyright (c) 1999-2016 The OpenSSL Project. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions @@ -84,6 +84,9 @@ static ERR_STRING_DATA CRYPTO_str_functs[] = { {ERR_FUNC(CRYPTO_F_INT_DUP_EX_DATA), "INT_DUP_EX_DATA"}, {ERR_FUNC(CRYPTO_F_INT_FREE_EX_DATA), "INT_FREE_EX_DATA"}, {ERR_FUNC(CRYPTO_F_INT_NEW_EX_DATA), "INT_NEW_EX_DATA"}, + {ERR_FUNC(CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START), + "OPENSSL_INIT_crypto_library_start"}, + {ERR_FUNC(CRYPTO_F_OPENSSL_MEMDUP), "OPENSSL_MEMDUP"}, {0, NULL} }; diff --git a/crypto/err/err.c b/crypto/err/err.c index 72656339c5..5e1d5c55b4 100644 --- a/crypto/err/err.c +++ b/crypto/err/err.c @@ -223,6 +223,7 @@ static ERR_STRING_DATA ERR_str_reasons[] = { {ERR_R_PASSED_NULL_PARAMETER, "passed a null parameter"}, {ERR_R_INTERNAL_ERROR, "internal error"}, {ERR_R_DISABLED, "called a function that was disabled at compile-time"}, + {ERR_R_INIT_FAIL, "init fail"}, {0, NULL}, }; diff --git a/crypto/init.c b/crypto/init.c index f01bd4d93f..cb9d65a4dd 100644 --- a/crypto/init.c +++ b/crypto/init.c @@ -628,8 +628,21 @@ static const OPENSSL_INIT_SETTINGS *ossl_init_get_setting( */ int OPENSSL_init_crypto(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { - if (stopped) + static int stoperrset = 0; + + if (stopped) { + if (!stoperrset) { + /* + * We only ever set this once to avoid getting into an infinite + * loop where the error system keeps trying to init and fails so + * sets an error etc + */ + stoperrset = 1; + CRYPTOerr(CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START, + ERR_R_INIT_FAIL); + } return 0; + } ossl_init_once_run(&base, ossl_init_base); diff --git a/include/openssl/crypto.h b/include/openssl/crypto.h index d6cedecd60..d761a97f7f 100644 --- a/include/openssl/crypto.h +++ b/include/openssl/crypto.h @@ -627,6 +627,7 @@ void ERR_load_CRYPTO_strings(void); # define CRYPTO_F_INT_DUP_EX_DATA 106 # define CRYPTO_F_INT_FREE_EX_DATA 107 # define CRYPTO_F_INT_NEW_EX_DATA 108 +# define CRYPTO_F_OPENSSL_INIT_CRYPTO_LIBRARY_START 116 # define CRYPTO_F_OPENSSL_MEMDUP 114 /* Reason codes. */ diff --git a/include/openssl/err.h b/include/openssl/err.h index 39f216c21c..bdf83081cb 100644 --- a/include/openssl/err.h +++ b/include/openssl/err.h @@ -309,7 +309,7 @@ typedef struct err_state_st { # define ERR_R_PASSED_NULL_PARAMETER (3|ERR_R_FATAL) # define ERR_R_INTERNAL_ERROR (4|ERR_R_FATAL) # define ERR_R_DISABLED (5|ERR_R_FATAL) -# define ERR_R_NOT_INITED (6|ERR_R_FATAL) +# define ERR_R_INIT_FAIL (6|ERR_R_FATAL) /* * 99 is the maximum possible ERR_R_... code, higher values are reserved for diff --git a/include/openssl/ssl.h b/include/openssl/ssl.h index 888f9a9c95..87ea39cd08 100644 --- a/include/openssl/ssl.h +++ b/include/openssl/ssl.h @@ -1986,6 +1986,7 @@ void ERR_load_SSL_strings(void); # define SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST 385 # define SSL_F_DTLS_GET_REASSEMBLED_MESSAGE 370 # define SSL_F_DTLS_PROCESS_HELLO_VERIFY 386 +# define SSL_F_OPENSSL_INIT_SSL_LIBRARY_START 342 # define SSL_F_READ_STATE_MACHINE 352 # define SSL_F_SSL3_ADD_CERT_TO_BUF 296 # define SSL_F_SSL3_CALLBACK_CTRL 233 diff --git a/ssl/ssl_err.c b/ssl/ssl_err.c index 0d8bcd4f53..4dc8895552 100644 --- a/ssl/ssl_err.c +++ b/ssl/ssl_err.c @@ -95,7 +95,7 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_DTLS1_SEND_HELLO_VERIFY_REQUEST), "DTLS1_SEND_HELLO_VERIFY_REQUEST"}, {ERR_FUNC(SSL_F_DTLS1_WRITE_APP_DATA_BYTES), "dtls1_write_app_data_bytes"}, - {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "dtlsv1_listen"}, + {ERR_FUNC(SSL_F_DTLSV1_LISTEN), "DTLSv1_listen"}, {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_CHANGE_CIPHER_SPEC), "dtls_construct_change_cipher_spec"}, {ERR_FUNC(SSL_F_DTLS_CONSTRUCT_HELLO_VERIFY_REQUEST), @@ -103,6 +103,8 @@ static ERR_STRING_DATA SSL_str_functs[] = { {ERR_FUNC(SSL_F_DTLS_GET_REASSEMBLED_MESSAGE), "dtls_get_reassembled_message"}, {ERR_FUNC(SSL_F_DTLS_PROCESS_HELLO_VERIFY), "dtls_process_hello_verify"}, + {ERR_FUNC(SSL_F_OPENSSL_INIT_SSL_LIBRARY_START), + "OPENSSL_INIT_ssl_library_start"}, {ERR_FUNC(SSL_F_READ_STATE_MACHINE), "read_state_machine"}, {ERR_FUNC(SSL_F_SSL3_ADD_CERT_TO_BUF), "SSL3_ADD_CERT_TO_BUF"}, {ERR_FUNC(SSL_F_SSL3_CALLBACK_CTRL), "ssl3_callback_ctrl"}, diff --git a/ssl/ssl_init.c b/ssl/ssl_init.c index 134aa00d54..e7fc63dd11 100644 --- a/ssl/ssl_init.c +++ b/ssl/ssl_init.c @@ -301,8 +301,20 @@ static void ssl_library_stop(void) */ int OPENSSL_init_ssl(uint64_t opts, const OPENSSL_INIT_SETTINGS *settings) { - if (stopped) + static int stoperrset = 0; + + if (stopped) { + if (!stoperrset) { + /* + * We only ever set this once to avoid getting into an infinite + * loop where the error system keeps trying to init and fails so + * sets an error etc + */ + stoperrset = 1; + SSLerr(SSL_F_OPENSSL_INIT_SSL_LIBRARY_START, ERR_R_INIT_FAIL); + } return 0; + } if (!OPENSSL_init_crypto(opts | OPENSSL_INIT_ADD_ALL_CIPHERS | OPENSSL_INIT_ADD_ALL_DIGESTS, settings)) -- 2.34.1