diff options
| -rw-r--r-- | lib/crypto/CryptoUtils.cpp | 46 | ||||
| -rw-r--r-- | lib/crypto/CryptoUtils.h | 27 | ||||
| -rw-r--r-- | lib/server/SSLLib.cpp | 26 | ||||
| -rw-r--r-- | lib/server/SSLLib.h | 1 | ||||
| -rw-r--r-- | lib/server/SocketStreamTLS.cpp | 19 | ||||
| -rw-r--r-- | lib/server/TLSContext.cpp | 10 |
6 files changed, 92 insertions, 37 deletions
diff --git a/lib/crypto/CryptoUtils.cpp b/lib/crypto/CryptoUtils.cpp new file mode 100644 index 00000000..3e4aa15f --- /dev/null +++ b/lib/crypto/CryptoUtils.cpp @@ -0,0 +1,46 @@ +// -------------------------------------------------------------------------- +// +// File +// Name: CryptoUtils.cpp +// Purpose: Utility functions for dealing with the OpenSSL library +// Created: 2012/04/26 +// +// -------------------------------------------------------------------------- + +#include "Box.h" + +#define TLS_CLASS_IMPLEMENTATION_CPP +#include <openssl/ssl.h> +#include <openssl/err.h> + +#include "CryptoUtils.h" + +#include "MemLeakFindOn.h" + +// -------------------------------------------------------------------------- +// +// Function +// Name: CryptoUtils::LogError(const char *) +// Purpose: Logs an error from the OpenSSL library +// Created: 2012/04/26 +// +// -------------------------------------------------------------------------- +std::string CryptoUtils::LogError(const std::string& rErrorDuringAction) +{ + unsigned long errcode; + char errname[256]; // SSL docs say at least 120 bytes + std::string firstError; + + while((errcode = ERR_get_error()) != 0) + { + ::ERR_error_string_n(errcode, errname, sizeof(errname)); + if(firstError.empty()) + { + firstError = errname; + } + BOX_ERROR("SSL or crypto error: " << rErrorDuringAction << + ": " << errname); + } + return firstError; +} + diff --git a/lib/crypto/CryptoUtils.h b/lib/crypto/CryptoUtils.h new file mode 100644 index 00000000..fe0e51a3 --- /dev/null +++ b/lib/crypto/CryptoUtils.h @@ -0,0 +1,27 @@ +// -------------------------------------------------------------------------- +// +// File +// Name: CryptoUtils.h +// Purpose: Utility functions for dealing with the OpenSSL library +// Created: 2012/04/26 +// +// -------------------------------------------------------------------------- + +#ifndef CRYPTOUTILS__H +#define CRYPTOUTILS__H + +// -------------------------------------------------------------------------- +// +// Namespace +// Name: CryptoUtils +// Purpose: Utility functions for dealing with the OpenSSL library +// Created: 2003/08/06 +// +// -------------------------------------------------------------------------- +namespace CryptoUtils +{ + std::string LogError(const std::string& rErrorDuringAction); +}; + +#endif // CRYPTOUTILS__H + diff --git a/lib/server/SSLLib.cpp b/lib/server/SSLLib.cpp index de7a941b..004d2d98 100644 --- a/lib/server/SSLLib.cpp +++ b/lib/server/SSLLib.cpp @@ -18,6 +18,7 @@ #include <wincrypt.h> #endif +#include "CryptoUtils.h" #include "SSLLib.h" #include "ServerException.h" @@ -39,8 +40,9 @@ void SSLLib::Initialise() { if(!::SSL_library_init()) { - LogError("initialising OpenSSL"); - THROW_EXCEPTION(ServerException, SSLLibraryInitialisationError) + THROW_EXCEPTION_MESSAGE(ServerException, + SSLLibraryInitialisationError, + CryptoUtils::LogError("initialising OpenSSL")); } // More helpful error messages @@ -89,23 +91,3 @@ void SSLLib::Initialise() } -// -------------------------------------------------------------------------- -// -// Function -// Name: SSLLib::LogError(const char *) -// Purpose: Logs an error -// Created: 2003/08/06 -// -// -------------------------------------------------------------------------- -void SSLLib::LogError(const std::string& rErrorDuringAction) -{ - unsigned long errcode; - char errname[256]; // SSL docs say at least 120 bytes - while((errcode = ERR_get_error()) != 0) - { - ::ERR_error_string_n(errcode, errname, sizeof(errname)); - BOX_ERROR("SSL error while " << rErrorDuringAction << ": " << - errname); - } -} - diff --git a/lib/server/SSLLib.h b/lib/server/SSLLib.h index ff4aab19..d11c7804 100644 --- a/lib/server/SSLLib.h +++ b/lib/server/SSLLib.h @@ -29,7 +29,6 @@ namespace SSLLib { void Initialise(); - void LogError(const std::string& rErrorDuringAction); }; #endif // SSLLIB__H diff --git a/lib/server/SocketStreamTLS.cpp b/lib/server/SocketStreamTLS.cpp index 19fdadd4..576b53a2 100644 --- a/lib/server/SocketStreamTLS.cpp +++ b/lib/server/SocketStreamTLS.cpp @@ -19,11 +19,12 @@ #include <poll.h> #endif +#include "BoxTime.h" +#include "CryptoUtils.h" +#include "ServerException.h" #include "SocketStreamTLS.h" #include "SSLLib.h" -#include "ServerException.h" #include "TLSContext.h" -#include "BoxTime.h" #include "MemLeakFindOn.h" @@ -124,7 +125,7 @@ void SocketStreamTLS::Handshake(const TLSContext &rContext, bool IsServer) mpBIO = ::BIO_new(::BIO_s_socket()); if(mpBIO == 0) { - SSLLib::LogError("creating socket bio"); + CryptoUtils::LogError("creating socket bio"); THROW_EXCEPTION(ServerException, TLSAllocationFailed) } @@ -135,7 +136,7 @@ void SocketStreamTLS::Handshake(const TLSContext &rContext, bool IsServer) mpSSL = ::SSL_new(rContext.GetRawContext()); if(mpSSL == 0) { - SSLLib::LogError("creating SSL object"); + CryptoUtils::LogError("creating SSL object"); THROW_EXCEPTION(ServerException, TLSAllocationFailed) } @@ -203,12 +204,12 @@ void SocketStreamTLS::Handshake(const TLSContext &rContext, bool IsServer) // Error occured if(IsServer) { - SSLLib::LogError("accepting connection"); + CryptoUtils::LogError("accepting connection"); THROW_EXCEPTION(ConnectionException, Conn_TLSHandshakeFailed) } else { - SSLLib::LogError("connecting"); + CryptoUtils::LogError("connecting"); THROW_EXCEPTION(ConnectionException, Conn_TLSHandshakeFailed) } } @@ -335,7 +336,7 @@ int SocketStreamTLS::Read(void *pBuffer, int NBytes, int Timeout) break; default: - SSLLib::LogError("reading"); + CryptoUtils::LogError("reading"); THROW_EXCEPTION(ConnectionException, Conn_TLSReadFailed) break; } @@ -400,7 +401,7 @@ void SocketStreamTLS::Write(const void *pBuffer, int NBytes) break; default: - SSLLib::LogError("writing"); + CryptoUtils::LogError("writing"); THROW_EXCEPTION(ConnectionException, Conn_TLSWriteFailed) break; } @@ -442,7 +443,7 @@ void SocketStreamTLS::Shutdown(bool Read, bool Write) if(::SSL_shutdown(mpSSL) < 0) { - SSLLib::LogError("shutting down"); + CryptoUtils::LogError("shutting down"); THROW_EXCEPTION(ConnectionException, Conn_TLSShutdownFailed) } diff --git a/lib/server/TLSContext.cpp b/lib/server/TLSContext.cpp index ebc7384a..341043e9 100644 --- a/lib/server/TLSContext.cpp +++ b/lib/server/TLSContext.cpp @@ -12,7 +12,7 @@ #define TLS_CLASS_IMPLEMENTATION_CPP #include <openssl/ssl.h> -#include "TLSContext.h" +#include "CryptoUtils.h" #include "ServerException.h" #include "SSLLib.h" #include "TLSContext.h" @@ -77,14 +77,14 @@ void TLSContext::Initialise(bool AsServer, const char *CertificatesFile, const c { std::string msg = "loading certificates from "; msg += CertificatesFile; - SSLLib::LogError(msg); + CryptoUtils::LogError(msg); THROW_EXCEPTION(ServerException, TLSLoadCertificatesFailed) } if(::SSL_CTX_use_PrivateKey_file(mpContext, PrivateKeyFile, SSL_FILETYPE_PEM) != 1) { std::string msg = "loading private key from "; msg += PrivateKeyFile; - SSLLib::LogError(msg); + CryptoUtils::LogError(msg); THROW_EXCEPTION(ServerException, TLSLoadPrivateKeyFailed) } @@ -93,7 +93,7 @@ void TLSContext::Initialise(bool AsServer, const char *CertificatesFile, const c { std::string msg = "loading CA cert from "; msg += TrustedCAsFile; - SSLLib::LogError(msg); + CryptoUtils::LogError(msg); THROW_EXCEPTION(ServerException, TLSLoadTrustedCAsFailed) } @@ -105,7 +105,7 @@ void TLSContext::Initialise(bool AsServer, const char *CertificatesFile, const c // Setup allowed ciphers if(::SSL_CTX_set_cipher_list(mpContext, CIPHER_LIST) != 1) { - SSLLib::LogError("setting cipher list to " CIPHER_LIST); + CryptoUtils::LogError("setting cipher list to " CIPHER_LIST); THROW_EXCEPTION(ServerException, TLSSetCiphersFailed) } } |