commit 8dbcc72d55f007c43c504ee98e40f352e996426f
author Andrew Geissler <geissonator@yahoo.com> Fri Dec 08 10:15:42 2023 -0600
committer Andrew Geissler <geissonator@yahoo.com> Fri Dec 08 10:25:14 2023 -0600
tree 69c28ccaa40c877f96a0357f6ff6c5a31e423881
parent 50b5009a550ca61c946979bbafc5bfd61827a8f9

certs_manager: log all OpenSSL errors on failure

I've been hitting intermittent fails in this code running simulation
with my system1 machine.

```
Sep 20 11:23:29 system1 phosphor-certificate-manager[237]: Error occurred during generate EC key
Sep 20 11:23:29 system1 phosphor-certificate-manager[237]: The operation failed internally.
Sep 20 11:23:29 system1 phosphor-certificate-manager[237]: The operation failed internally.
```

This code path logs an InternalError, which causes a BMC dump to get
generated. That dump causes the automated CI tests to fail.

The fail only occurs 1 out of every 10 runs and there's not currently
enough info to debug the cause of the fail. I think it may have to do
with the network or time being reconfigured during the same time the
certificate code is running but I have no evidence.

Doing some internet searching, it seems this ERR_print_errors_fp() call
is the recommended way to collect any debug info from OpenSSL libraries.
  https://www.openssl.org/docs/man1.1.1/man3/ERR_print_errors_fp.html

Tested:
- Unfortunately I can not recreate this issue manually so all I've been
  able to test is that this builds and does not affect the good path.

Change-Id: I373b8f481f393b3e783c1a0270c8f6f729c426a5
Signed-off-by: Andrew Geissler <geissonator@yahoo.com>

certs_manager.cpp

diff --git a/certs_manager.cpp b/certs_manager.cpp
index be1b98f..53a0bb3 100644
--- a/certs_manager.cpp
+++ b/certs_manager.cpp
@@ -7,6 +7,7 @@
 #include <openssl/asn1.h>
 #include <openssl/bn.h>
 #include <openssl/ec.h>
+#include <openssl/err.h>
 #include <openssl/evp.h>
 #include <openssl/obj_mac.h>
 #include <openssl/objects.h>
@@ -552,6 +553,7 @@
     if (ret == 0)
     {
         lg2::error("Error occurred during X509_REQ_set_version call");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -617,6 +619,7 @@
     if (ret == 0)
     {
         lg2::error("Error occurred while setting Public key");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -628,6 +631,7 @@
     if (ret == 0)
     {
         lg2::error("Error occurred while signing key of x509");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -666,6 +670,7 @@
     if (ret == 0)
     {
         lg2::error("Error occurred during BN_set_word call");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
     using RSAPtr = std::unique_ptr<RSA, decltype(&::RSA_free)>;
@@ -676,6 +681,7 @@
         lg2::error(
             "Error occurred during RSA_generate_key_ex call: {KEYBITLENGTH}",
             "KEYBITLENGTH", keyBitLen);
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -685,6 +691,7 @@
     if (ret == 0)
     {
         lg2::error("Error occurred during assign rsa key into EVP");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
     // Now |rsa| is managed by |pKey|
@@ -697,6 +704,7 @@
     if (!ctx)
     {
         lg2::error("Error occurred creating EVP_PKEY_CTX from algorithm");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -705,6 +713,7 @@
 
     {
         lg2::error("Error occurred initializing keygen context");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -712,6 +721,7 @@
     if (EVP_PKEY_keygen(ctx.get(), &pKey) <= 0)
     {
         lg2::error("Error occurred during generate EC key");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -750,6 +760,7 @@
         lg2::error(
             "Error occurred during create the EC_Key object from NID, ECGROUP:{ECGROUP}",
             "ECGROUP", ecGrp);
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -764,6 +775,7 @@
     {
         EC_KEY_free(ecKey);
         lg2::error("Error occurred during generate EC key");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -773,6 +785,7 @@
     {
         EC_KEY_free(ecKey);
         lg2::error("Error occurred during assign EC Key into EVP");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -790,6 +803,7 @@
     if (!ctx)
     {
         lg2::error("Error occurred creating EVP_PKEY_CTX for params");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -803,6 +817,7 @@
         (EVP_PKEY_paramgen(ctx.get(), &params) <= 0))
     {
         lg2::error("Error occurred setting curve parameters");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -815,6 +830,7 @@
     if (!ctx || (EVP_PKEY_keygen_init(ctx.get()) <= 0))
     {
         lg2::error("Error occurred initializing keygen context");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -822,6 +838,7 @@
     if (EVP_PKEY_keygen(ctx.get(), &pKey) <= 0)
     {
         lg2::error("Error occurred during generate EC key");
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 
@@ -866,6 +883,7 @@
     {
         lg2::error("Unable to set entry, FIELD:{FIELD}, VALUE:{VALUE}", "FIELD",
                    field, "VALUE", bytes);
+        ERR_print_errors_fp(stderr);
         elog<InternalFailure>();
     }
 }