if available, append it to the corresponding ssh error message and
optionall print the libcrypto full error stack (at debug1). with &
ok tb@ djm@ millert@ schwarze@
Note that the quality of errors obtainable from libcrypto is somewhat
variable, so these may be any of: useful, misleading, incomplete
or missing entirely. As a result we reserve the right to change
what is returned or even stop returning it if it does more harm than
good.
OpenBSD-Commit-ID:
1ad599ac3eeddbe254fec6b9c1cf658fa70d572e
kexgexc.o kexgexs.o \
kexsntrup761x25519.o kexmlkem768x25519.o sntrup761.o kexgen.o \
sftp-realpath.o platform-pledge.o platform-tracing.o platform-misc.o \
- sshbuf-io.o misc-agent.o
+ sshbuf-io.o misc-agent.o ssherr-libcrypto.o
P11OBJS= ssh-pkcs11-client.o
sftp-server.o sftp-common.o \
uidswap.o $(P11OBJS) $(SKOBJS)
-SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o
+SFTP_CLIENT_OBJS=sftp-common.o sftp-client.o sftp-glob.o ssherr-nolibcrypto.o
SCP_OBJS= scp.o progressmeter.o $(SFTP_CLIENT_OBJS)
P11HELPER_OBJS= ssh-pkcs11-helper.o ssh-pkcs11.o $(SKOBJS)
-SKHELPER_OBJS= ssh-sk-helper.o ssh-sk.o sk-usbhid.o
+SKHELPER_OBJS= ssh-sk-helper.o ssh-sk.o sk-usbhid.o ssherr-nolibcrypto.o
SSHKEYSCAN_OBJS=ssh-keyscan.o $(P11OBJS) $(SKOBJS)
-SFTPSERVER_OBJS=sftp-common.o sftp-server.o sftp-server-main.o
+SFTPSERVER_OBJS=sftp-common.o sftp-server.o sftp-server-main.o ssherr-nolibcrypto.o
SFTP_OBJS= sftp.o sftp-usergroup.o progressmeter.o $(SFTP_CLIENT_OBJS)
--- /dev/null
+/* $OpenBSD: ssherr-libcrypto.c,v 1.1 2026/02/06 23:31:29 dtucker Exp $ */
+/*
+ * Copyright (c) 2026 Darren Tucker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include "includes.h"
+
+#include <sys/types.h>
+
+#include <errno.h>
+#include <string.h>
+
+#include "log.h"
+
+#ifdef WITH_OPENSSL
+#include <openssl/err.h>
+
+const char *
+ssherr_libcrypto(void)
+{
+ unsigned long e;
+ static char buf[512];
+ char msg[4096];
+ const char *reason = NULL, *file, *data;
+ int ln, fl;
+
+ ERR_load_crypto_strings();
+ while ((e = ERR_get_error_line_data(&file, &ln, &data, &fl)) != 0) {
+ ERR_error_string_n(e, buf, sizeof(buf));
+ snprintf(msg, sizeof(msg), "%s:%s:%d:%s", buf, file, ln,
+ (fl & ERR_TXT_STRING) ? data : "");
+ debug("libcrypto: '%s'", msg);
+ if ((reason = ERR_reason_error_string(e)) != NULL)
+ snprintf(buf, sizeof(buf), "error in libcrypto: %s",
+ reason);
+ }
+ if (reason == NULL)
+ return NULL;
+ return buf;
+}
+#else
+const char *
+ssherr_libcrypto(void)
+{
+ return NULL;
+}
+#endif
--- /dev/null
+/* $OpenBSD: ssherr-nolibcrypto.c,v 1.1 2026/02/06 23:31:29 dtucker Exp $ */
+/*
+ * Copyright (c) 2026 Darren Tucker
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+#include <stddef.h>
+
+#include "ssherr.h"
+
+const char *
+ssherr_libcrypto(void)
+{
+ return NULL;
+}
-/* $OpenBSD: ssherr.c,v 1.10 2020/01/25 23:13:09 djm Exp $ */
+/* $OpenBSD: ssherr.c,v 1.11 2026/02/06 23:31:29 dtucker Exp $ */
/*
* Copyright (c) 2011 Damien Miller
*
const char *
ssh_err(int n)
{
+ const char *msg = NULL;
+
switch (n) {
case SSH_ERR_SUCCESS:
return "success";
case SSH_ERR_SIGNATURE_INVALID:
return "incorrect signature";
case SSH_ERR_LIBCRYPTO_ERROR:
- return "error in libcrypto"; /* XXX fetch and return */
+ msg = ssherr_libcrypto();
+ return msg != NULL ? msg : "error in libcrypto";
case SSH_ERR_UNEXPECTED_TRAILING_DATA:
return "unexpected bytes remain after decoding";
case SSH_ERR_SYSTEM_ERROR:
-/* $OpenBSD: ssherr.h,v 1.8 2020/01/25 23:13:09 djm Exp $ */
+/* $OpenBSD: ssherr.h,v 1.9 2026/02/06 23:31:29 dtucker Exp $ */
/*
* Copyright (c) 2011 Damien Miller
*
/* Translate a numeric error code to a human-readable error string */
const char *ssh_err(int n);
+/* Return most recent error from libcrypto. */
+const char *ssherr_libcrypto(void);
#endif /* _SSHERR_H */
projects / thirdparty / openssh-portable.git / commitdiff
