[pkg-opensc-commit] [libp11] 14/27: Engine error reporting

Eric Dorland eric at moszumanska.debian.org
Mon Aug 7 19:48:09 UTC 2017


This is an automated email from the git hooks/post-receive script.

eric pushed a commit to branch master
in repository libp11.

commit 7729161b024f6a8b9887f59e3d7fb971ab24889f
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date:   Sun Jun 11 08:35:27 2017 +0200

    Engine error reporting
---
 NEWS             |  1 +
 src/Makefile.am  |  3 +-
 src/Makefile.mak |  2 +-
 src/eng_back.c   | 51 ++++++++++++++++++++++++-------
 src/eng_err.c    | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 src/eng_err.h    | 48 +++++++++++++++++++++++++++++
 src/eng_front.c  |  2 ++
 src/engine.h     |  1 +
 src/p11.ec       |  2 ++
 9 files changed, 189 insertions(+), 13 deletions(-)

diff --git a/NEWS b/NEWS
index 42ceaac..a93c622 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
 NEWS for Libp11 -- History of user visible changes
 
 New in 0.4.7; unreleased
+* Engine error reporting (Michał Trojnara)
 * Added FORCE_LOGIN engine ctrl command (Michał Trojnara)
 * Fixed a bug in printing hex values (Michał Trojnara)
 
diff --git a/src/Makefile.am b/src/Makefile.am
index 5c79b35..423245e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -34,7 +34,8 @@ else
 libp11_la_LDFLAGS += -export-symbols "$(srcdir)/libp11.exports"
 endif
 
-pkcs11_la_SOURCES = eng_front.c eng_back.c eng_parse.c engine.h pkcs11.exports
+pkcs11_la_SOURCES = eng_front.c eng_back.c eng_parse.c eng_err.c \
+	engine.h eng_err.h pkcs11.exports
 if WIN32
 pkcs11_la_SOURCES += pkcs11.rc
 else
diff --git a/src/Makefile.mak b/src/Makefile.mak
index de3d58f..a8ee2b4 100644
--- a/src/Makefile.mak
+++ b/src/Makefile.mak
@@ -8,7 +8,7 @@ LIBP11_OBJECTS = libpkcs11.obj p11_attr.obj p11_cert.obj \
 LIBP11_LIB = libp11.lib
 LIBP11_TARGET = libp11.dll
 
-PKCS11_OBJECTS = eng_front.obj eng_back.obj eng_parse.obj
+PKCS11_OBJECTS = eng_front.obj eng_back.obj eng_parse.obj eng_err.obj
 PKCS11_TARGET = pkcs11.dll
 
 OBJECTS = $(LIBP11_OBJECTS) $(PKCS11_OBJECTS)
diff --git a/src/eng_back.c b/src/eng_back.c
index 8ba0e13..2497b15 100644
--- a/src/eng_back.c
+++ b/src/eng_back.c
@@ -399,6 +399,7 @@ static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id,
 				ctx_log(ctx, 0,
 					"The certificate ID is not a valid PKCS#11 URI\n"
 					"The PKCS#11 URI format is defined by RFC7512\n");
+				ENGerr(ENG_F_CTX_LOAD_CERT, ENG_R_INVALID_ID);
 				return NULL;
 			}
 			if (tmp_pin_len > 0 && tmp_pin[0] != 0) {
@@ -421,6 +422,7 @@ static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id,
 					"The PKCS#11 URI format is defined by RFC7512\n"
 					"The legacy ENGINE_pkcs11 ID format is also "
 					"still accepted for now\n");
+				ENGerr(ENG_F_CTX_LOAD_CERT, ENG_R_INVALID_ID);
 				return NULL;
 			}
 		}
@@ -562,16 +564,26 @@ static int ctx_ctrl_load_cert(ENGINE_CTX *ctx, void *p)
 		X509 *cert;
 	} *parms = p;
 
-	if (parms->cert != NULL)
+	if (parms == NULL) {
+		ENGerr(ENG_F_CTX_CTRL_LOAD_CERT, ERR_R_PASSED_NULL_PARAMETER);
 		return 0;
-
+	}
+	if (parms->cert != NULL) {
+		ENGerr(ENG_F_CTX_CTRL_LOAD_CERT, ENG_R_INVALID_PARAMETER);
+		return 0;
+	}
+	ERR_clear_error();
 	if (!ctx->force_login)
 		parms->cert = ctx_load_cert(ctx, parms->s_slot_cert_id, 0);
-	if (parms->cert == NULL) /* Try again with login */
+	if (parms->cert == NULL) { /* Try again with login */
+		ERR_clear_error();
 		parms->cert = ctx_load_cert(ctx, parms->s_slot_cert_id, 1);
-
-	if (parms->cert == NULL)
+	}
+	if (parms->cert == NULL) {
+		if (!ERR_peek_last_error())
+			ENGerr(ENG_F_CTX_CTRL_LOAD_CERT, ENG_R_OBJECT_NOT_FOUND);
 		return 0;
+	}
 	return 1;
 }
 
@@ -613,6 +625,7 @@ static EVP_PKEY *ctx_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
 				ctx_log(ctx, 0,
 					"The certificate ID is not a valid PKCS#11 URI\n"
 					"The PKCS#11 URI format is defined by RFC7512\n");
+				ENGerr(ENG_F_CTX_LOAD_KEY, ENG_R_INVALID_ID);
 				return NULL;
 			}
 			if (tmp_pin_len > 0 && tmp_pin[0] != 0) {
@@ -635,6 +648,7 @@ static EVP_PKEY *ctx_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
 					"The PKCS#11 URI format is defined by RFC7512\n"
 					"The legacy ENGINE_pkcs11 ID format is also "
 					"still accepted for now\n");
+				ENGerr(ENG_F_CTX_LOAD_KEY, ENG_R_INVALID_ID);
 				return NULL;
 			}
 		}
@@ -828,12 +842,17 @@ EVP_PKEY *ctx_load_pubkey(ENGINE_CTX *ctx, const char *s_key_id,
 {
 	EVP_PKEY *pk = NULL;
 
+	ERR_clear_error();
 	if (!ctx->force_login)
 		pk = ctx_load_key(ctx, s_key_id, ui_method, callback_data, 0, 0);
-	if (pk == NULL) /* Try again with login */
+	if (pk == NULL) { /* Try again with login */
+		ERR_clear_error();
 		pk = ctx_load_key(ctx, s_key_id, ui_method, callback_data, 0, 1);
+	}
 	if (pk == NULL) {
 		ctx_log(ctx, 0, "PKCS11_load_public_key returned NULL\n");
+		if (!ERR_peek_last_error())
+			ENGerr(ENG_F_CTX_LOAD_PUBKEY, ENG_R_OBJECT_NOT_FOUND);
 		return NULL;
 	}
 	return pk;
@@ -844,12 +863,17 @@ EVP_PKEY *ctx_load_privkey(ENGINE_CTX *ctx, const char *s_key_id,
 {
 	EVP_PKEY *pk = NULL;
 
+	ERR_clear_error();
 	if (!ctx->force_login)
 		pk = ctx_load_key(ctx, s_key_id, ui_method, callback_data, 1, 0);
-	if (pk == NULL) /* Try again with login */
+	if (pk == NULL) { /* Try again with login */
+		ERR_clear_error();
 		pk = ctx_load_key(ctx, s_key_id, ui_method, callback_data, 1, 1);
+	}
 	if (pk == NULL) {
 		ctx_log(ctx, 0, "PKCS11_get_private_key returned NULL\n");
+		if (!ERR_peek_last_error())
+			ENGerr(ENG_F_CTX_LOAD_PRIVKEY, ENG_R_OBJECT_NOT_FOUND);
 		return NULL;
 	}
 	return pk;
@@ -883,6 +907,7 @@ static int ctx_ctrl_set_pin(ENGINE_CTX *ctx, const char *pin)
 {
 	/* Pre-condition check */
 	if (pin == NULL) {
+		ENGerr(ENG_F_CTX_CTRL_SET_PIN, ERR_R_PASSED_NULL_PARAMETER);
 		errno = EINVAL;
 		return 0;
 	}
@@ -891,10 +916,13 @@ static int ctx_ctrl_set_pin(ENGINE_CTX *ctx, const char *pin)
 	 * shall be returned and errno shall be set. */
 	ctx_destroy_pin(ctx);
 	ctx->pin = OPENSSL_strdup(pin);
-	if (ctx->pin != NULL)
-		ctx->pin_length = strlen(ctx->pin);
-
-	return ctx->pin != NULL;
+	if (ctx->pin == NULL) {
+		ENGerr(ENG_F_CTX_CTRL_SET_PIN, ERR_R_MALLOC_FAILURE);
+		errno = ENOMEM;
+		return 0;
+	}
+	ctx->pin_length = strlen(ctx->pin);
+	return 1;
 }
 
 static int ctx_ctrl_inc_verbose(ENGINE_CTX *ctx)
@@ -967,6 +995,7 @@ int ctx_engine_ctrl(ENGINE_CTX *ctx, int cmd, long i, void *p, void (*f)())
 	case CMD_FORCE_LOGIN:
 		return ctx_ctrl_force_login(ctx);
 	default:
+		ENGerr(ENG_F_CTX_ENGINE_CTRL, ENG_R_UNKNOWN_COMMAND);
 		break;
 	}
 	return 0;
diff --git a/src/eng_err.c b/src/eng_err.c
new file mode 100644
index 0000000..3b26d2a
--- /dev/null
+++ b/src/eng_err.c
@@ -0,0 +1,92 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "eng_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA ENG_str_functs[] = {
+    {ERR_FUNC(ENG_F_CTX_CTRL_LOAD_CERT), "ctx_ctrl_load_cert"},
+    {ERR_FUNC(ENG_F_CTX_CTRL_SET_PIN), "ctx_ctrl_set_pin"},
+    {ERR_FUNC(ENG_F_CTX_ENGINE_CTRL), "ctx_engine_ctrl"},
+    {ERR_FUNC(ENG_F_CTX_LOAD_CERT), "ctx_load_cert"},
+    {ERR_FUNC(ENG_F_CTX_LOAD_KEY), "ctx_load_key"},
+    {ERR_FUNC(ENG_F_CTX_LOAD_PRIVKEY), "ctx_load_privkey"},
+    {ERR_FUNC(ENG_F_CTX_LOAD_PUBKEY), "ctx_load_pubkey"},
+    {0, NULL}
+};
+
+static ERR_STRING_DATA ENG_str_reasons[] = {
+    {ERR_REASON(ENG_R_INVALID_ID), "invalid id"},
+    {ERR_REASON(ENG_R_INVALID_PARAMETER), "invalid parameter"},
+    {ERR_REASON(ENG_R_OBJECT_NOT_FOUND), "object not found"},
+    {ERR_REASON(ENG_R_UNKNOWN_COMMAND), "unknown command"},
+    {0, NULL}
+};
+
+#endif
+
+#ifdef ENG_LIB_NAME
+static ERR_STRING_DATA ENG_lib_name[] = {
+    {0, ENG_LIB_NAME},
+    {0, NULL}
+};
+#endif
+
+static int ENG_lib_error_code = 0;
+static int ENG_error_init = 1;
+
+int ERR_load_ENG_strings(void)
+{
+    if (ENG_lib_error_code == 0)
+        ENG_lib_error_code = ERR_get_next_error_library();
+
+    if (ENG_error_init) {
+        ENG_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+        ERR_load_strings(ENG_lib_error_code, ENG_str_functs);
+        ERR_load_strings(ENG_lib_error_code, ENG_str_reasons);
+#endif
+
+#ifdef ENG_LIB_NAME
+        ENG_lib_name->error = ERR_PACK(ENG_lib_error_code, 0, 0);
+        ERR_load_strings(0, ENG_lib_name);
+#endif
+    }
+    return 1;
+}
+
+void ERR_unload_ENG_strings(void)
+{
+    if (ENG_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+        ERR_unload_strings(ENG_lib_error_code, ENG_str_functs);
+        ERR_unload_strings(ENG_lib_error_code, ENG_str_reasons);
+#endif
+
+#ifdef ENG_LIB_NAME
+        ERR_unload_strings(0, ENG_lib_name);
+#endif
+        ENG_error_init = 1;
+    }
+}
+
+void ERR_ENG_error(int function, int reason, char *file, int line)
+{
+    if (ENG_lib_error_code == 0)
+        ENG_lib_error_code = ERR_get_next_error_library();
+    ERR_PUT_error(ENG_lib_error_code, function, reason, file, line);
+}
diff --git a/src/eng_err.h b/src/eng_err.h
new file mode 100644
index 0000000..e542a3d
--- /dev/null
+++ b/src/eng_err.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License").  You may not use
+ * this file except in compliance with the License.  You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENG_ERR_H
+# define HEADER_ENG_ERR_H
+
+# ifdef  __cplusplus
+extern "C" {
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_ENG_strings(void);
+void ERR_unload_ENG_strings(void);
+void ERR_ENG_error(int function, int reason, char *file, int line);
+# define ENGerr(f,r) ERR_ENG_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ENG functions. */
+
+/* Function codes. */
+# define ENG_F_CTX_CTRL_LOAD_CERT                         102
+# define ENG_F_CTX_CTRL_SET_PIN                           106
+# define ENG_F_CTX_ENGINE_CTRL                            105
+# define ENG_F_CTX_LOAD_CERT                              100
+# define ENG_F_CTX_LOAD_KEY                               101
+# define ENG_F_CTX_LOAD_PRIVKEY                           103
+# define ENG_F_CTX_LOAD_PUBKEY                            104
+
+/* Reason codes. */
+# define ENG_R_INVALID_ID                                 100
+# define ENG_R_INVALID_PARAMETER                          103
+# define ENG_R_OBJECT_NOT_FOUND                           101
+# define ENG_R_UNKNOWN_COMMAND                            102
+
+# ifdef  __cplusplus
+}
+# endif
+#endif
diff --git a/src/eng_front.c b/src/eng_front.c
index 3b74864..050fe0a 100644
--- a/src/eng_front.c
+++ b/src/eng_front.c
@@ -155,6 +155,7 @@ static int engine_destroy(ENGINE *engine)
 		return 0;
 	rv = ctx_destroy(ctx);
 	ENGINE_set_ex_data(engine, pkcs11_idx, NULL);
+	ERR_unload_ENG_strings();
 	return rv;
 }
 
@@ -242,6 +243,7 @@ static int bind_helper(ENGINE *e)
 			!ENGINE_set_load_privkey_function(e, load_privkey)) {
 		return 0;
 	} else {
+		ERR_load_ENG_strings();
 		return 1;
 	}
 }
diff --git a/src/engine.h b/src/engine.h
index f7f6cd2..1a1e3dd 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -33,6 +33,7 @@
 #endif
 
 #include "libp11.h"
+#include "eng_err.h"
 #include <stdio.h>
 #include <string.h>
 #include <openssl/crypto.h>
diff --git a/src/p11.ec b/src/p11.ec
new file mode 100644
index 0000000..ad98300
--- /dev/null
+++ b/src/p11.ec
@@ -0,0 +1,2 @@
+L ENG eng_err.h eng_err.c
+L P11 p11_err.h p11_err.c

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git



More information about the pkg-opensc-commit mailing list