1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
|
.\" $OpenBSD: ERR.3,v 1.8 2019/06/10 09:49:48 schwarze Exp $
.\" OpenSSL 186bb907 Apr 13 11:05:13 2015 -0700
.\"
.\" This file was written by Ulf Moeller <ulf@openssl.org> and
.\" Dr. Stephen Henson <steve@openssl.org>.
.\" Copyright (c) 2000, 2015 The OpenSSL Project. All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\"
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\"
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in
.\" the documentation and/or other materials provided with the
.\" distribution.
.\"
.\" 3. All advertising materials mentioning features or use of this
.\" software must display the following acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
.\"
.\" 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
.\" endorse or promote products derived from this software without
.\" prior written permission. For written permission, please contact
.\" openssl-core@openssl.org.
.\"
.\" 5. Products derived from this software may not be called "OpenSSL"
.\" nor may "OpenSSL" appear in their names without prior written
.\" permission of the OpenSSL Project.
.\"
.\" 6. Redistributions of any form whatsoever must retain the following
.\" acknowledgment:
.\" "This product includes software developed by the OpenSSL Project
.\" for use in the OpenSSL Toolkit (http://www.openssl.org/)"
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
.\" EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
.\" PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
.\" ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
.\" SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
.\" LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
.\" STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
.\" ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
.\" OF THE POSSIBILITY OF SUCH DAMAGE.
.\"
.Dd $Mdocdate: June 10 2019 $
.Dt ERR 3
.Os
.Sh NAME
.Nm ERR
.Nd OpenSSL error codes
.Sh SYNOPSIS
.In openssl/err.h
.Sh DESCRIPTION
When a call to the OpenSSL library fails, this is usually signaled by
the return value, and an error code is stored in an error queue
associated with the current thread.
The
.Nm
library provides functions to obtain these error codes and textual error
messages.
The
.Xr ERR_get_error 3
manpage describes how to access error codes.
.Pp
Error codes contain information about where the error occurred, and what
went wrong.
.Xr ERR_GET_LIB 3
describes how to extract this information.
A method to obtain human-readable error messages is described in
.Xr ERR_error_string 3 .
.Pp
.Xr ERR_clear_error 3
can be used to clear the error queue.
.Pp
Note that
.Xr ERR_remove_state 3
should be used to avoid memory leaks when threads are terminated.
.Sh ADDING NEW ERROR CODES TO OPENSSL
See
.Xr ERR_put_error 3
if you want to record error codes in the OpenSSL error system from
within your application.
.Pp
The remainder of this section is of interest only if you want to add new
error codes to OpenSSL or add error codes from external libraries.
.Pp
When you are using new function or reason codes, run
.Sy make errors .
The necessary
.Sy #define Ns s
will then automatically be added to the sub-library's header file.
.Ss Adding new libraries
When adding a new sub-library to OpenSSL, assign it a library number
.Dv ERR_LIB_XXX ,
define a macro
.Fn XXXerr
(both in
.In openssl/err.h ) ,
add its name to
.Va ERR_str_libraries[]
(in
.Pa /usr/src/lib/libcrypto/err/err.c ) ,
and add
.Fn ERR_load_XXX_strings
to the
.Fn ERR_load_crypto_strings
function (in
.Sy /usr/src/lib/libcrypto/err/err_all.c ) .
Finally, add an entry
.Pp
.Dl L XXX xxx.h xxx_err.c
.Pp
to
.Sy /usr/src/lib/libcrypto/err/openssl.ec ,
and add
.Pa xxx_err.c
to the
.Pa Makefile .
Running
.Sy make errors
will then generate a file
.Pa xxx_err.c ,
and add all error codes used in the library to
.Pa xxx.h .
.Pp
Additionally the library include file must have a certain form.
Typically it will initially look like this:
.Bd -literal -offset indent
#ifndef HEADER_XXX_H
#define HEADER_XXX_H
#ifdef __cplusplus
extern "C" {
#endif
/* Include files */
#include <openssl/bio.h>
#include <openssl/x509.h>
/* Macros, structures and function prototypes */
/* BEGIN ERROR CODES */
.Ed
.Pp
The
.Sy BEGIN ERROR CODES
sequence is used by the error code generation script as the point to
place new error codes.
Any text after this point will be overwritten when
.Sy make errors
is run.
The closing #endif etc. will be automatically added by the script.
.Pp
The generated C error code file
.Pa xxx_err.c
will load the header files
.In stdio.h ,
.In openssl/err.h
and
.In openssl/xxx.h
so the header file must load any additional header files containing any
definitions it uses.
.Sh USING ERROR CODES IN EXTERNAL LIBRARIES
It is also possible to use OpenSSL's error code scheme in external
libraries.
The library needs to load its own codes and call the OpenSSL error code
insertion script
.Pa mkerr.pl
explicitly to add codes to the header file and generate the C error code
file.
This will normally be done if the external library needs to generate new
ASN.1 structures but it can also be used to add more general purpose
error code handling.
.Sh INTERNALS
The error queues are stored in a hash table with one
.Vt ERR_STATE
entry for each PID.
.Fn ERR_get_state
returns the current thread's
.Vt ERR_STATE .
An
.Vt ERR_STATE
can hold up to
.Dv ERR_NUM_ERRORS
error codes.
When more error codes are added, the old ones are overwritten, on the
assumption that the most recent errors are most important.
.Pp
Error strings are also stored in a hash table.
The hash tables can be obtained by calling
.Fn ERR_get_err_state_table
and
.Fn ERR_get_string_table .
.Sh SEE ALSO
.Xr crypto 3 ,
.Xr ERR_asprintf_error_data 3 ,
.Xr ERR_clear_error 3 ,
.Xr ERR_error_string 3 ,
.Xr ERR_get_error 3 ,
.Xr ERR_GET_LIB 3 ,
.Xr ERR_load_crypto_strings 3 ,
.Xr ERR_load_strings 3 ,
.Xr ERR_print_errors 3 ,
.Xr ERR_put_error 3 ,
.Xr ERR_remove_state 3 ,
.Xr ERR_set_mark 3 ,
.Xr SSL_get_error 3
|