Implement newOpenSSLError (#28)

* implement newOpenSSLError

* Apply suggestions from code review

Co-authored-by: Davis Goodin <[email protected]>

* use newOpenSSLError in sha operations

Co-authored-by: Davis Goodin <[email protected]>

Author: qmuntal

openssl/openssl.go

@@ -10,6 +10,7 @@ import "C"
 import (
 	"errors"
 	"strconv"
+	"strings"
 	"sync"
 	"unsafe"
 )
@@ -114,7 +115,7 @@ func SetFIPS(enabled bool) error {
 			mode = C.int(0)
 		}
 		if C.go_openssl_FIPS_mode_set(mode) != 1 {
-			return fail("FIPS_mode_set")
+			return newOpenSSLError("FIPS_mode_set")
 		}
 		return nil
 	case 3:
@@ -130,15 +131,15 @@ func SetFIPS(enabled bool) error {
 		if !providerAvailable(props) {
 			// If not, fallback to provName provider.
 			if C.go_openssl_OSSL_PROVIDER_load(nil, provName) == nil {
-				return fail("OSSL_PROVIDER_try_load")
+				return newOpenSSLError("OSSL_PROVIDER_try_load")
 			}
 			// Make sure we now have a provider available.
 			if !providerAvailable(props) {
 				return fail("SetFIPS(" + strconv.FormatBool(enabled) + ") not supported")
 			}
 		}
 		if C.go_openssl_EVP_set_default_properties(nil, props) != 1 {
-			return fail("EVP_set_default_properties")
+			return newOpenSSLError("EVP_set_default_properties")
 		}
 		return nil
 	default:
@@ -180,3 +181,32 @@ func base(b []byte) *C.uchar {
 	}
 	return (*C.uchar)(unsafe.Pointer(&b[0]))
 }
+
+func newOpenSSLError(msg string) error {
+	var b strings.Builder
+	b.WriteString(msg)
+	b.WriteString("\nopenssl error(s):")
+	for {
+		var (
+			e    C.ulong
+			file *C.char
+			line C.int
+		)
+		switch vMajor {
+		case 1:
+			e = C.go_openssl_ERR_get_error_line(&file, &line)
+		case 3:
+			e = C.go_openssl_ERR_get_error_all(&file, &line, nil, nil, nil)
+		default:
+			panic(errUnsupportedVersion())
+		}
+		if e == 0 {
+			break
+		}
+		b.WriteByte('\n')
+		var buf [256]byte
+		C.go_openssl_ERR_error_string_n(e, (*C.char)(unsafe.Pointer(&buf[0])), C.size_t(len(buf)))
+		b.WriteString(string(buf[:]) + "\n\t" + C.GoString(file) + ":" + strconv.Itoa(int(line)))
+	}
+	return errors.New(b.String())
+}

openssl/rand.go

@@ -13,8 +13,7 @@ func (randReader) Read(b []byte) (int, error) {
 	// Note: RAND_bytes should never fail; the return value exists only for historical reasons.
 	// We check it even so.
 	if len(b) > 0 && C.go_openssl_RAND_bytes((*C.uchar)(unsafe.Pointer(&b[0])), C.int(len(b))) == 0 {
-		// TODO: use NewOpenSSLError once implemented.
-		return 0, fail("RAND_bytes")
+		return 0, newOpenSSLError("RAND_bytes")
 	}
 	return len(b), nil
 }

openssl/sha.go

@@ -104,14 +104,14 @@ func (h *evpHash) Reset() {
 	// There is no need to reset h.ctx2 because it is always reset after
 	// use in evpHash.sum.
 	if C.go_openssl_EVP_DigestInit(h.ctx, h.md) != 1 {
-		panic("openssl: EVP_DigestInit failed")
+		panic(newOpenSSLError("EVP_DigestInit"))
 	}
 	runtime.KeepAlive(h)
 }
 
 func (h *evpHash) Write(p []byte) (int, error) {
 	if len(p) > 0 && C.go_openssl_EVP_DigestUpdate(h.ctx, unsafe.Pointer(&*addr(p)), C.size_t(len(p))) != 1 {
-		panic("openssl: EVP_DigestUpdate failed")
+		panic(newOpenSSLError("EVP_DigestUpdate"))
 	}
 	runtime.KeepAlive(h)
 	return len(p), nil
@@ -131,10 +131,10 @@ func (h *evpHash) sum(out []byte) {
 	// In particular it is OK to Sum, then Write more, then Sum again,
 	// and the second Sum acts as if the first didn't happen.
 	if C.go_openssl_EVP_MD_CTX_copy(h.ctx2, h.ctx) != 1 {
-		panic("openssl: EVP_MD_CTX_copy failed")
+		panic(newOpenSSLError("EVP_MD_CTX_copy"))
 	}
 	if C.go_openssl_EVP_DigestFinal(h.ctx2, (*C.uchar)(noescape(unsafe.Pointer(base(out)))), nil) != 1 {
-		panic("openssl: EVP_DigestFinal failed")
+		panic(newOpenSSLError("EVP_DigestFinal"))
 	}
 	runtime.KeepAlive(h)
 }

openssl/shims.h

@@ -70,6 +70,9 @@ typedef void* GO_HMAC_CTX_PTR;
 #define FOR_ALL_OPENSSL_FUNCTIONS \
 DEFINEFUNC(int, ERR_set_mark, (void), ()) \
 DEFINEFUNC(int, ERR_pop_to_mark, (void), ()) \
+DEFINEFUNC(void, ERR_error_string_n, (unsigned long e, char *buf, size_t len), (e, buf, len)) \
+DEFINEFUNC_LEGACY_1(unsigned long, ERR_get_error_line, (const char **file, int *line), (file, line)) \
+DEFINEFUNC_3_0(unsigned long, ERR_get_error_all, (const char **file, int *line, const char **func, const char **data, int *flags), (file, line, func, data, flags)) \
 DEFINEFUNC_RENAMED_1_1(const char *, OpenSSL_version, SSLeay_version, (int type), (type)) \
 DEFINEFUNC(void, OPENSSL_init, (void), ()) \
 DEFINEFUNC_LEGACY_1_0(void, ERR_load_crypto_strings, (void), ()) \