Replumbing: re-implement error reporting for providers#9174
Closed
levitte wants to merge 10 commits intoopenssl:masterfrom
Closed
Replumbing: re-implement error reporting for providers#9174levitte wants to merge 10 commits intoopenssl:masterfrom
levitte wants to merge 10 commits intoopenssl:masterfrom
Conversation
Member
Author
|
Note that this seems to conflict with #8887, but only partially. The change of semantics for |
mattcaswell
reviewed
Jun 18, 2019
levitte
force-pushed
the
provider-error-reporting
branch
from
4513aa3 to
6ab4a13
Compare
richsalz
reviewed
Jun 18, 2019
mattcaswell
requested changes
Jun 18, 2019
mattcaswell
previously approved these changes
Jun 18, 2019
mattcaswell
added
the
approval: done
Member
Author
|
Argh, too early approval... I realised that we need to add a string for the lib code ( |
mattcaswell
removed
the
approval: done
levitte
force-pushed
the
provider-error-reporting
branch
from
30d79e3 to
42e4b54
Compare
Member
Author
|
Now added the code I intended. |
richsalz
reviewed
Jun 18, 2019
richsalz
reviewed
Jun 18, 2019
levitte
force-pushed
the
provider-error-reporting
branch
from
1323102 to
03c4178
Compare
Member
Author
|
... and hopefully cleared the last Travis issue |
levitte
force-pushed
the
provider-error-reporting
branch
from
03c4178 to
e75fbbd
Compare
The idea is that providers should only have to report a reason code. The library code is considered to be libcrypto internal, and are allocated dynamically and automatically for providers on creation. We reserve the upper 8 bits of the reason code for internal OpenSSL use. This allows our own providers to report errors in form of a packed number that includes library number, function number and reason number. With this, a provider can potentially use any reason number it wants from 1 to 16777216, although the current error semantics really only allow 1 to 4095 (because only the lower 12 bits are currently considered an actual reason code by the ERR subsystem). A provider can provide a reason string table in form of an array of ERR_STRING_DATA, with each item containing just the reason code and the associated string, with the dispatch function numbered OSSL_FUNC_PROVIDER_GET_REASON_STRINGS matching the type OSSL_provider_get_reason_strings_fn. If available, libcrypto will call that function on provider activation.
The FIPS module inner provider doesn't need to deal with error reason strings or error library number, since it uses the outer provider's error reporting upcalls. We therefore disable that code in crypto/provider_core.c when building the FIPS module.
levitte
force-pushed
the
provider-error-reporting
branch
from
e75fbbd to
268180f
Compare
Member
Author
|
A rebase may make Travis happier... |
Member
Author
|
Ping |
1 similar comment
Member
Author
|
Ping |
mattcaswell
requested changes
Jul 2, 2019
mattcaswell
approved these changes
Jul 2, 2019
mattcaswell
added
the
approval: done
Member
Author
levitte
added a commit
that referenced
this pull request
Jul 2, 2019
The idea is that providers should only have to report a reason code. The library code is considered to be libcrypto internal, and are allocated dynamically and automatically for providers on creation. We reserve the upper 8 bits of the reason code for internal OpenSSL use. This allows our own providers to report errors in form of a packed number that includes library number, function number and reason number. With this, a provider can potentially use any reason number it wants from 1 to 16777216, although the current error semantics really only allow 1 to 4095 (because only the lower 12 bits are currently considered an actual reason code by the ERR subsystem). A provider can provide a reason string table in form of an array of ERR_STRING_DATA, with each item containing just the reason code and the associated string, with the dispatch function numbered OSSL_FUNC_PROVIDER_GET_REASON_STRINGS matching the type OSSL_provider_get_reason_strings_fn. If available, libcrypto will call that function on provider activation. Reviewed-by: Matt Caswell <[email protected]> (Merged from #9174)
levitte
added a commit
that referenced
this pull request
Jul 2, 2019
The FIPS module inner provider doesn't need to deal with error reason strings or error library number, since it uses the outer provider's error reporting upcalls. We therefore disable that code in crypto/provider_core.c when building the FIPS module. Reviewed-by: Matt Caswell <[email protected]> (Merged from #9174)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The idea is that providers should only have to report a reason code.
The library code is considered to be libcrypto internal, and are
allocated dynamically and automatically for providers on creation.
We reserve the upper 8 bits of the reason code for internal OpenSSL
use. This allows our own providers to report errors in form of a
packed number that includes library number, function number and
reason number.
With this, a provider can potentially use any reason number it wants
from 1 to 16777216, although the current error semantics really only
allow 1 to 4095 (because only the lower 12 bits are currently
considered an actual reason code by the ERR subsystem).
A provider can provide a reason string table in form of an array of
ERR_STRING_DATA, with each item containing just the reason code and
the associated string, with the dispatch function numbered
OSSL_FUNC_PROVIDER_GET_REASON_STRINGS matching the type
OSSL_provider_get_reason_strings_fn.
If available, libcrypto will call that function on provider
activation.
Also added the FIPS module adaptation.