[pkg-opensc-commit] [libp11] 14/27: Engine error reporting
Eric Dorland
eric at moszumanska.debian.org
Mon Aug 7 19:48:09 UTC 2017
This is an automated email from the git hooks/post-receive script.
eric pushed a commit to branch master
in repository libp11.
commit 7729161b024f6a8b9887f59e3d7fb971ab24889f
Author: Michał Trojnara <Michal.Trojnara at stunnel.org>
Date: Sun Jun 11 08:35:27 2017 +0200
Engine error reporting
---
NEWS | 1 +
src/Makefile.am | 3 +-
src/Makefile.mak | 2 +-
src/eng_back.c | 51 ++++++++++++++++++++++++-------
src/eng_err.c | 92 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++
src/eng_err.h | 48 +++++++++++++++++++++++++++++
src/eng_front.c | 2 ++
src/engine.h | 1 +
src/p11.ec | 2 ++
9 files changed, 189 insertions(+), 13 deletions(-)
diff --git a/NEWS b/NEWS
index 42ceaac..a93c622 100644
--- a/NEWS
+++ b/NEWS
@@ -1,6 +1,7 @@
NEWS for Libp11 -- History of user visible changes
New in 0.4.7; unreleased
+* Engine error reporting (Michał Trojnara)
* Added FORCE_LOGIN engine ctrl command (Michał Trojnara)
* Fixed a bug in printing hex values (Michał Trojnara)
diff --git a/src/Makefile.am b/src/Makefile.am
index 5c79b35..423245e 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -34,7 +34,8 @@ else
libp11_la_LDFLAGS += -export-symbols "$(srcdir)/libp11.exports"
endif
-pkcs11_la_SOURCES = eng_front.c eng_back.c eng_parse.c engine.h pkcs11.exports
+pkcs11_la_SOURCES = eng_front.c eng_back.c eng_parse.c eng_err.c \
+ engine.h eng_err.h pkcs11.exports
if WIN32
pkcs11_la_SOURCES += pkcs11.rc
else
diff --git a/src/Makefile.mak b/src/Makefile.mak
index de3d58f..a8ee2b4 100644
--- a/src/Makefile.mak
+++ b/src/Makefile.mak
@@ -8,7 +8,7 @@ LIBP11_OBJECTS = libpkcs11.obj p11_attr.obj p11_cert.obj \
LIBP11_LIB = libp11.lib
LIBP11_TARGET = libp11.dll
-PKCS11_OBJECTS = eng_front.obj eng_back.obj eng_parse.obj
+PKCS11_OBJECTS = eng_front.obj eng_back.obj eng_parse.obj eng_err.obj
PKCS11_TARGET = pkcs11.dll
OBJECTS = $(LIBP11_OBJECTS) $(PKCS11_OBJECTS)
diff --git a/src/eng_back.c b/src/eng_back.c
index 8ba0e13..2497b15 100644
--- a/src/eng_back.c
+++ b/src/eng_back.c
@@ -399,6 +399,7 @@ static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id,
ctx_log(ctx, 0,
"The certificate ID is not a valid PKCS#11 URI\n"
"The PKCS#11 URI format is defined by RFC7512\n");
+ ENGerr(ENG_F_CTX_LOAD_CERT, ENG_R_INVALID_ID);
return NULL;
}
if (tmp_pin_len > 0 && tmp_pin[0] != 0) {
@@ -421,6 +422,7 @@ static X509 *ctx_load_cert(ENGINE_CTX *ctx, const char *s_slot_cert_id,
"The PKCS#11 URI format is defined by RFC7512\n"
"The legacy ENGINE_pkcs11 ID format is also "
"still accepted for now\n");
+ ENGerr(ENG_F_CTX_LOAD_CERT, ENG_R_INVALID_ID);
return NULL;
}
}
@@ -562,16 +564,26 @@ static int ctx_ctrl_load_cert(ENGINE_CTX *ctx, void *p)
X509 *cert;
} *parms = p;
- if (parms->cert != NULL)
+ if (parms == NULL) {
+ ENGerr(ENG_F_CTX_CTRL_LOAD_CERT, ERR_R_PASSED_NULL_PARAMETER);
return 0;
-
+ }
+ if (parms->cert != NULL) {
+ ENGerr(ENG_F_CTX_CTRL_LOAD_CERT, ENG_R_INVALID_PARAMETER);
+ return 0;
+ }
+ ERR_clear_error();
if (!ctx->force_login)
parms->cert = ctx_load_cert(ctx, parms->s_slot_cert_id, 0);
- if (parms->cert == NULL) /* Try again with login */
+ if (parms->cert == NULL) { /* Try again with login */
+ ERR_clear_error();
parms->cert = ctx_load_cert(ctx, parms->s_slot_cert_id, 1);
-
- if (parms->cert == NULL)
+ }
+ if (parms->cert == NULL) {
+ if (!ERR_peek_last_error())
+ ENGerr(ENG_F_CTX_CTRL_LOAD_CERT, ENG_R_OBJECT_NOT_FOUND);
return 0;
+ }
return 1;
}
@@ -613,6 +625,7 @@ static EVP_PKEY *ctx_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
ctx_log(ctx, 0,
"The certificate ID is not a valid PKCS#11 URI\n"
"The PKCS#11 URI format is defined by RFC7512\n");
+ ENGerr(ENG_F_CTX_LOAD_KEY, ENG_R_INVALID_ID);
return NULL;
}
if (tmp_pin_len > 0 && tmp_pin[0] != 0) {
@@ -635,6 +648,7 @@ static EVP_PKEY *ctx_load_key(ENGINE_CTX *ctx, const char *s_slot_key_id,
"The PKCS#11 URI format is defined by RFC7512\n"
"The legacy ENGINE_pkcs11 ID format is also "
"still accepted for now\n");
+ ENGerr(ENG_F_CTX_LOAD_KEY, ENG_R_INVALID_ID);
return NULL;
}
}
@@ -828,12 +842,17 @@ EVP_PKEY *ctx_load_pubkey(ENGINE_CTX *ctx, const char *s_key_id,
{
EVP_PKEY *pk = NULL;
+ ERR_clear_error();
if (!ctx->force_login)
pk = ctx_load_key(ctx, s_key_id, ui_method, callback_data, 0, 0);
- if (pk == NULL) /* Try again with login */
+ if (pk == NULL) { /* Try again with login */
+ ERR_clear_error();
pk = ctx_load_key(ctx, s_key_id, ui_method, callback_data, 0, 1);
+ }
if (pk == NULL) {
ctx_log(ctx, 0, "PKCS11_load_public_key returned NULL\n");
+ if (!ERR_peek_last_error())
+ ENGerr(ENG_F_CTX_LOAD_PUBKEY, ENG_R_OBJECT_NOT_FOUND);
return NULL;
}
return pk;
@@ -844,12 +863,17 @@ EVP_PKEY *ctx_load_privkey(ENGINE_CTX *ctx, const char *s_key_id,
{
EVP_PKEY *pk = NULL;
+ ERR_clear_error();
if (!ctx->force_login)
pk = ctx_load_key(ctx, s_key_id, ui_method, callback_data, 1, 0);
- if (pk == NULL) /* Try again with login */
+ if (pk == NULL) { /* Try again with login */
+ ERR_clear_error();
pk = ctx_load_key(ctx, s_key_id, ui_method, callback_data, 1, 1);
+ }
if (pk == NULL) {
ctx_log(ctx, 0, "PKCS11_get_private_key returned NULL\n");
+ if (!ERR_peek_last_error())
+ ENGerr(ENG_F_CTX_LOAD_PRIVKEY, ENG_R_OBJECT_NOT_FOUND);
return NULL;
}
return pk;
@@ -883,6 +907,7 @@ static int ctx_ctrl_set_pin(ENGINE_CTX *ctx, const char *pin)
{
/* Pre-condition check */
if (pin == NULL) {
+ ENGerr(ENG_F_CTX_CTRL_SET_PIN, ERR_R_PASSED_NULL_PARAMETER);
errno = EINVAL;
return 0;
}
@@ -891,10 +916,13 @@ static int ctx_ctrl_set_pin(ENGINE_CTX *ctx, const char *pin)
* shall be returned and errno shall be set. */
ctx_destroy_pin(ctx);
ctx->pin = OPENSSL_strdup(pin);
- if (ctx->pin != NULL)
- ctx->pin_length = strlen(ctx->pin);
-
- return ctx->pin != NULL;
+ if (ctx->pin == NULL) {
+ ENGerr(ENG_F_CTX_CTRL_SET_PIN, ERR_R_MALLOC_FAILURE);
+ errno = ENOMEM;
+ return 0;
+ }
+ ctx->pin_length = strlen(ctx->pin);
+ return 1;
}
static int ctx_ctrl_inc_verbose(ENGINE_CTX *ctx)
@@ -967,6 +995,7 @@ int ctx_engine_ctrl(ENGINE_CTX *ctx, int cmd, long i, void *p, void (*f)())
case CMD_FORCE_LOGIN:
return ctx_ctrl_force_login(ctx);
default:
+ ENGerr(ENG_F_CTX_ENGINE_CTRL, ENG_R_UNKNOWN_COMMAND);
break;
}
return 0;
diff --git a/src/eng_err.c b/src/eng_err.c
new file mode 100644
index 0000000..3b26d2a
--- /dev/null
+++ b/src/eng_err.c
@@ -0,0 +1,92 @@
+/*
+ * Generated by util/mkerr.pl DO NOT EDIT
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#include <stdio.h>
+#include <openssl/err.h>
+#include "eng_err.h"
+
+/* BEGIN ERROR CODES */
+#ifndef OPENSSL_NO_ERR
+
+# define ERR_FUNC(func) ERR_PACK(0,func,0)
+# define ERR_REASON(reason) ERR_PACK(0,0,reason)
+
+static ERR_STRING_DATA ENG_str_functs[] = {
+ {ERR_FUNC(ENG_F_CTX_CTRL_LOAD_CERT), "ctx_ctrl_load_cert"},
+ {ERR_FUNC(ENG_F_CTX_CTRL_SET_PIN), "ctx_ctrl_set_pin"},
+ {ERR_FUNC(ENG_F_CTX_ENGINE_CTRL), "ctx_engine_ctrl"},
+ {ERR_FUNC(ENG_F_CTX_LOAD_CERT), "ctx_load_cert"},
+ {ERR_FUNC(ENG_F_CTX_LOAD_KEY), "ctx_load_key"},
+ {ERR_FUNC(ENG_F_CTX_LOAD_PRIVKEY), "ctx_load_privkey"},
+ {ERR_FUNC(ENG_F_CTX_LOAD_PUBKEY), "ctx_load_pubkey"},
+ {0, NULL}
+};
+
+static ERR_STRING_DATA ENG_str_reasons[] = {
+ {ERR_REASON(ENG_R_INVALID_ID), "invalid id"},
+ {ERR_REASON(ENG_R_INVALID_PARAMETER), "invalid parameter"},
+ {ERR_REASON(ENG_R_OBJECT_NOT_FOUND), "object not found"},
+ {ERR_REASON(ENG_R_UNKNOWN_COMMAND), "unknown command"},
+ {0, NULL}
+};
+
+#endif
+
+#ifdef ENG_LIB_NAME
+static ERR_STRING_DATA ENG_lib_name[] = {
+ {0, ENG_LIB_NAME},
+ {0, NULL}
+};
+#endif
+
+static int ENG_lib_error_code = 0;
+static int ENG_error_init = 1;
+
+int ERR_load_ENG_strings(void)
+{
+ if (ENG_lib_error_code == 0)
+ ENG_lib_error_code = ERR_get_next_error_library();
+
+ if (ENG_error_init) {
+ ENG_error_init = 0;
+#ifndef OPENSSL_NO_ERR
+ ERR_load_strings(ENG_lib_error_code, ENG_str_functs);
+ ERR_load_strings(ENG_lib_error_code, ENG_str_reasons);
+#endif
+
+#ifdef ENG_LIB_NAME
+ ENG_lib_name->error = ERR_PACK(ENG_lib_error_code, 0, 0);
+ ERR_load_strings(0, ENG_lib_name);
+#endif
+ }
+ return 1;
+}
+
+void ERR_unload_ENG_strings(void)
+{
+ if (ENG_error_init == 0) {
+#ifndef OPENSSL_NO_ERR
+ ERR_unload_strings(ENG_lib_error_code, ENG_str_functs);
+ ERR_unload_strings(ENG_lib_error_code, ENG_str_reasons);
+#endif
+
+#ifdef ENG_LIB_NAME
+ ERR_unload_strings(0, ENG_lib_name);
+#endif
+ ENG_error_init = 1;
+ }
+}
+
+void ERR_ENG_error(int function, int reason, char *file, int line)
+{
+ if (ENG_lib_error_code == 0)
+ ENG_lib_error_code = ERR_get_next_error_library();
+ ERR_PUT_error(ENG_lib_error_code, function, reason, file, line);
+}
diff --git a/src/eng_err.h b/src/eng_err.h
new file mode 100644
index 0000000..e542a3d
--- /dev/null
+++ b/src/eng_err.h
@@ -0,0 +1,48 @@
+/*
+ * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
+ *
+ * Licensed under the OpenSSL license (the "License"). You may not use
+ * this file except in compliance with the License. You can obtain a copy
+ * in the file LICENSE in the source distribution or at
+ * https://www.openssl.org/source/license.html
+ */
+
+#ifndef HEADER_ENG_ERR_H
+# define HEADER_ENG_ERR_H
+
+# ifdef __cplusplus
+extern "C" {
+# endif
+
+/* BEGIN ERROR CODES */
+/*
+ * The following lines are auto generated by the script mkerr.pl. Any changes
+ * made after this point may be overwritten when the script is next run.
+ */
+
+int ERR_load_ENG_strings(void);
+void ERR_unload_ENG_strings(void);
+void ERR_ENG_error(int function, int reason, char *file, int line);
+# define ENGerr(f,r) ERR_ENG_error((f),(r),__FILE__,__LINE__)
+
+/* Error codes for the ENG functions. */
+
+/* Function codes. */
+# define ENG_F_CTX_CTRL_LOAD_CERT 102
+# define ENG_F_CTX_CTRL_SET_PIN 106
+# define ENG_F_CTX_ENGINE_CTRL 105
+# define ENG_F_CTX_LOAD_CERT 100
+# define ENG_F_CTX_LOAD_KEY 101
+# define ENG_F_CTX_LOAD_PRIVKEY 103
+# define ENG_F_CTX_LOAD_PUBKEY 104
+
+/* Reason codes. */
+# define ENG_R_INVALID_ID 100
+# define ENG_R_INVALID_PARAMETER 103
+# define ENG_R_OBJECT_NOT_FOUND 101
+# define ENG_R_UNKNOWN_COMMAND 102
+
+# ifdef __cplusplus
+}
+# endif
+#endif
diff --git a/src/eng_front.c b/src/eng_front.c
index 3b74864..050fe0a 100644
--- a/src/eng_front.c
+++ b/src/eng_front.c
@@ -155,6 +155,7 @@ static int engine_destroy(ENGINE *engine)
return 0;
rv = ctx_destroy(ctx);
ENGINE_set_ex_data(engine, pkcs11_idx, NULL);
+ ERR_unload_ENG_strings();
return rv;
}
@@ -242,6 +243,7 @@ static int bind_helper(ENGINE *e)
!ENGINE_set_load_privkey_function(e, load_privkey)) {
return 0;
} else {
+ ERR_load_ENG_strings();
return 1;
}
}
diff --git a/src/engine.h b/src/engine.h
index f7f6cd2..1a1e3dd 100644
--- a/src/engine.h
+++ b/src/engine.h
@@ -33,6 +33,7 @@
#endif
#include "libp11.h"
+#include "eng_err.h"
#include <stdio.h>
#include <string.h>
#include <openssl/crypto.h>
diff --git a/src/p11.ec b/src/p11.ec
new file mode 100644
index 0000000..ad98300
--- /dev/null
+++ b/src/p11.ec
@@ -0,0 +1,2 @@
+L ENG eng_err.h eng_err.c
+L P11 p11_err.h p11_err.c
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-opensc/libp11.git
More information about the pkg-opensc-commit
mailing list