From 2e527ae303874bd6aa12384ae5d2f382b92bdd45 Mon Sep 17 00:00:00 2001 From: Kun Lai Date: Thu, 23 Mar 2023 12:30:24 +0000 Subject: [PATCH] tls_wrappers/openssl: more detailed error logs Signed-off-by: Kun Lai --- src/core/rtls_core_generate_certificate.c | 9 +++++++++ src/crypto_wrappers/openssl/gen_cert.c | 9 +++++++++ src/tls_wrappers/openssl/negotiate.c | 12 +++++++----- src/tls_wrappers/openssl/openssl.h | 2 +- src/tls_wrappers/openssl/receive.c | 7 ++++++- src/tls_wrappers/openssl/transmit.c | 7 ++++++- src/tls_wrappers/openssl/use_privkey.c | 3 ++- 7 files changed, 40 insertions(+), 9 deletions(-) diff --git a/src/core/rtls_core_generate_certificate.c b/src/core/rtls_core_generate_certificate.c index a68a5d7..af98da7 100644 --- a/src/core/rtls_core_generate_certificate.c +++ b/src/core/rtls_core_generate_certificate.c @@ -164,6 +164,15 @@ rats_tls_err_t rtls_core_generate_certificate(rtls_core_context_t *ctx) if (privkey_len) { tls_wrapper_err_t t_err; +#if 0 + #ifndef SGX + /* Dump private key of this certificate */ + FILE *fp = fopen("/tmp/privkey.der", "wb"); + fwrite(privkey_buf, privkey_len, 1, fp); + fclose(fp); + #endif +#endif + t_err = ctx->tls_wrapper->opts->use_privkey(ctx->tls_wrapper, ctx->config.cert_algo, privkey_buf, privkey_len); if (t_err != TLS_WRAPPER_ERR_NONE) { diff --git a/src/crypto_wrappers/openssl/gen_cert.c b/src/crypto_wrappers/openssl/gen_cert.c index ee15ce8..037799a 100644 --- a/src/crypto_wrappers/openssl/gen_cert.c +++ b/src/crypto_wrappers/openssl/gen_cert.c @@ -222,6 +222,15 @@ crypto_wrapper_err_t openssl_gen_cert(crypto_wrapper_ctx_t *ctx, rats_tls_cert_a RTLS_DEBUG("self-signing certificate generated. cert_buf: %p, cert_len: %u\n", cert_info->cert_buf, cert_info->cert_len); +#if 0 + #ifndef SGX + /* Dump certificate */ + FILE *fp = fopen("/tmp/cert_generated.der", "wb"); + fwrite(cert_info->cert_buf, cert_info->cert_len, 1, fp); + fclose(fp); + #endif +#endif + ret = CRYPTO_WRAPPER_ERR_NONE; err: diff --git a/src/tls_wrappers/openssl/negotiate.c b/src/tls_wrappers/openssl/negotiate.c index 9a58346..8657924 100644 --- a/src/tls_wrappers/openssl/negotiate.c +++ b/src/tls_wrappers/openssl/negotiate.c @@ -51,6 +51,7 @@ tls_wrapper_err_t openssl_internal_negotiate(tls_wrapper_ctx_t *ctx, unsigned lo return -TLS_WRAPPER_ERR_INVALID; } + ERR_clear_error(); int err; if (conf_flags & RATS_TLS_CONF_FLAGS_SERVER) err = SSL_accept(ssl); @@ -59,11 +60,13 @@ tls_wrapper_err_t openssl_internal_negotiate(tls_wrapper_ctx_t *ctx, unsigned lo if (err != 1) { if (conf_flags & RATS_TLS_CONF_FLAGS_SERVER) - RTLS_DEBUG("failed to negotiate %#x\n", err); + RTLS_ERR("failed to negotiate %d, SSL_get_error(): %d\n", err, + SSL_get_error(ssl, err)); else - RTLS_DEBUG("failed to connect %#x\n", err); - - print_openssl_err(ssl, err); + RTLS_ERR("failed to connect %d, SSL_get_error(): %d\n", err, + SSL_get_error(ssl, err)); + // TODO: handle result of SSL_get_error() + print_openssl_err_all(ssl, err); return OPENSSL_ERR_CODE(err); } @@ -78,7 +81,6 @@ tls_wrapper_err_t openssl_internal_negotiate(tls_wrapper_ctx_t *ctx, unsigned lo return TLS_WRAPPER_ERR_NONE; } - tls_wrapper_err_t openssl_tls_negotiate(tls_wrapper_ctx_t *ctx, int fd) { RTLS_DEBUG("ctx %p, fd %d\n", ctx, fd); diff --git a/src/tls_wrappers/openssl/openssl.h b/src/tls_wrappers/openssl/openssl.h index 42b7ef7..c18dd5d 100644 --- a/src/tls_wrappers/openssl/openssl.h +++ b/src/tls_wrappers/openssl/openssl.h @@ -33,7 +33,7 @@ typedef struct { SSL *ssl; } openssl_ctx_t; -static inline void print_openssl_err(SSL *ssl, int ret) +static inline void print_openssl_err_all() { unsigned long l; diff --git a/src/tls_wrappers/openssl/receive.c b/src/tls_wrappers/openssl/receive.c index bc58d63..891c0fa 100644 --- a/src/tls_wrappers/openssl/receive.c +++ b/src/tls_wrappers/openssl/receive.c @@ -19,9 +19,14 @@ tls_wrapper_err_t openssl_tls_receive(tls_wrapper_ctx_t *ctx, void *buf, size_t if (ssl_ctx == NULL || ssl_ctx->ssl == NULL) return -TLS_WRAPPER_ERR_RECEIVE; + ERR_clear_error(); + int rc = SSL_read(ssl_ctx->ssl, buf, (int)*buf_size); if (rc <= 0) { - RTLS_ERR("ERROR: openssl_receive()\n"); + // TODO: handle result of SSL_get_error() + RTLS_ERR("SSL_read() failed: %d, SSL_get_error(): %d\n", rc, + SSL_get_error(ssl_ctx->ssl, rc)); + print_openssl_err_all(); return -TLS_WRAPPER_ERR_RECEIVE; } *buf_size = (size_t)rc; diff --git a/src/tls_wrappers/openssl/transmit.c b/src/tls_wrappers/openssl/transmit.c index ee0cddd..ccca263 100644 --- a/src/tls_wrappers/openssl/transmit.c +++ b/src/tls_wrappers/openssl/transmit.c @@ -19,9 +19,14 @@ tls_wrapper_err_t openssl_tls_transmit(tls_wrapper_ctx_t *ctx, void *buf, size_t if (ssl_ctx == NULL || ssl_ctx->ssl == NULL) return -TLS_WRAPPER_ERR_TRANSMIT; + ERR_clear_error(); + int rc = SSL_write(ssl_ctx->ssl, buf, (int)*buf_size); if (rc <= 0) { - RTLS_DEBUG("ERROR: tls_wrapper_openssl transmit()\n"); + // TODO: handle result of SSL_get_error() + RTLS_ERR("SSL_write() failed: %d, SSL_get_error(): %d\n", rc, + SSL_get_error(ssl_ctx->ssl, rc)); + print_openssl_err_all(); return -TLS_WRAPPER_ERR_TRANSMIT; } *buf_size = (size_t)rc; diff --git a/src/tls_wrappers/openssl/use_privkey.c b/src/tls_wrappers/openssl/use_privkey.c index 4e42f48..447f253 100644 --- a/src/tls_wrappers/openssl/use_privkey.c +++ b/src/tls_wrappers/openssl/use_privkey.c @@ -31,7 +31,8 @@ tls_wrapper_err_t openssl_tls_use_privkey(tls_wrapper_ctx_t *ctx, rats_tls_cert_ int ret = SSL_CTX_use_PrivateKey_ASN1(EPKEY, ssl_ctx->sctx, privkey_buf, (long)privkey_len); if (ret != SSL_SUCCESS) { - RTLS_ERR("failed to use private key %d\n", ret); + RTLS_ERR("failed to use private key.\n"); + print_openssl_err_all(); return OPENSSL_ERR_CODE(ret); }