.\" $OpenBSD: ERR.3,v 1.4 2016/11/17 21:06:16 jmc Exp $ .\" .Dd $Mdocdate: November 17 2016 $ .Dt ERR 3 .Os .Sh NAME .Nm ERR .Nd OpenSSL error codes .Sh SYNOPSIS .In openssl/err.h .Sh DESCRIPTION When a call to the OpenSSL library fails, this is usually signalled by the return value, and an error code is stored in an error queue associated with the current thread. The .Nm library provides functions to obtain these error codes and textual error messages. The .Xr ERR_get_error 3 manpage describes how to access error codes. .Pp Error codes contain information about where the error occurred, and what went wrong. .Xr ERR_GET_LIB 3 describes how to extract this information. A method to obtain human-readable error messages is described in .Xr ERR_error_string 3 . .Pp .Xr ERR_clear_error 3 can be used to clear the error queue. .Pp Note that .Xr ERR_remove_state 3 should be used to avoid memory leaks when threads are terminated. .Sh ADDING NEW ERROR CODES TO OPENSSL See .Xr ERR_put_error 3 if you want to record error codes in the OpenSSL error system from within your application. .Pp The remainder of this section is of interest only if you want to add new error codes to OpenSSL or add error codes from external libraries. .Ss Reporting errors Each sub-library has a specific macro .Fn XXXerr f r that is used to report errors. Its first argument is a function code .Dv XXX_F_* ; the second argument is a reason code .Dv XXX_R_* . Function codes are derived from the function names whereas reason codes consist of textual error descriptions. For example, the function .Fn ssl23_read reports a "handshake failure" as follows: .Pp .Dl SSLerr(SSL_F_SSL23_READ, SSL_R_SSL_HANDSHAKE_FAILURE); .Pp Function and reason codes should consist of upper case characters, numbers and underscores only. The error file generation script translates function codes into function names by looking in the header files for an appropriate function name. If none is found it just uses the capitalized form such as "SSL23_READ" in the above example. .Pp The trailing section of a reason code (after the "_R_") is translated into lower case and underscores changed to spaces. .Pp When you are using new function or reason codes, run .Sy make errors . The necessary .Sy #define Ns s will then automatically be added to the sub-library's header file. .Pp Although a library will normally report errors using its own specific .Fn XXXerr macro, another library's macro can be used. This is normally only done when a library wants to include ASN.1 code which must use the .Fn ASN1err macro. .Ss Adding new libraries When adding a new sub-library to OpenSSL, assign it a library number .Dv ERR_LIB_XXX , define a macro .Fn XXXerr (both in .In openssl/err.h ) , add its name to .Va ERR_str_libraries[] (in .Pa /usr/src/lib/libcrypto/err/err.c ) , and add .Fn ERR_load_XXX_strings to the .Fn ERR_load_crypto_strings function (in .Sy /usr/src/lib/libcrypto/err/err_all.c ) . Finally, add an entry .Pp .Dl L XXX xxx.h xxx_err.c .Pp to .Sy /usr/src/lib/libcrypto/err/openssl.ec , and add .Pa xxx_err.c to the .Pa Makefile . Running .Sy make errors will then generate a file .Pa xxx_err.c , and add all error codes used in the library to .Pa xxx.h . .Pp Additionally the library include file must have a certain form. Typically it will initially look like this: .Bd -literal -offset indent #ifndef HEADER_XXX_H #define HEADER_XXX_H #ifdef __cplusplus extern "C" { #endif /* Include files */ #include #include /* Macros, structures and function prototypes */ /* BEGIN ERROR CODES */ .Ed .Pp The .Sy BEGIN ERROR CODES sequence is used by the error code generation script as the point to place new error codes. Any text after this point will be overwritten when .Sy make errors is run. The closing #endif etc. will be automatically added by the script. .Pp The generated C error code file .Pa xxx_err.c will load the header files .In stdio.h , .In openssl/err.h and .In openssl/xxx.h so the header file must load any additional header files containing any definitions it uses. .Sh USING ERROR CODES IN EXTERNAL LIBRARIES It is also possible to use OpenSSL's error code scheme in external libraries. The library needs to load its own codes and call the OpenSSL error code insertion script .Pa mkerr.pl explicitly to add codes to the header file and generate the C error code file. This will normally be done if the external library needs to generate new ASN.1 structures but it can also be used to add more general purpose error code handling. .Sh INTERNALS The error queues are stored in a hash table with one .Vt ERR_STATE entry for each PID. .Fn ERR_get_state returns the current thread's .Vt ERR_STATE . An .Vt ERR_STATE can hold up to .Dv ERR_NUM_ERRORS error codes. When more error codes are added, the old ones are overwritten, on the assumption that the most recent errors are most important. .Pp Error strings are also stored in a hash table. The hash tables can be obtained by calling .Fn ERR_get_err_state_table and .Fn ERR_get_string_table . .Sh SEE ALSO .Xr CRYPTO_set_locking_callback 3 , .Xr ERR_clear_error 3 , .Xr ERR_error_string 3 , .Xr ERR_get_error 3 , .Xr ERR_GET_LIB 3 , .Xr ERR_load_crypto_strings 3 , .Xr ERR_load_strings 3 , .Xr ERR_print_errors 3 , .Xr ERR_put_error 3 , .Xr ERR_remove_state 3 , .Xr ERR_set_mark 3 , .Xr SSL_get_error 3