Page MenuHomeFreeBSD
Differential D45279

cryptocheck: Don't treat OpenSSL errors as fatal
ClosedPublic
Actions

Authored by jhb on May 20 2024, 11:45 PM.
Tags
None
Referenced Files
F86717913: D45279.diff
Mon, Jun 24, 12:22 PM
Unknown Object (File)
Mon, Jun 17, 9:43 PM
Unknown Object (File)
Sat, May 25, 8:17 PM
Unknown Object (File)
Sat, May 25, 8:17 PM
Unknown Object (File)
Sat, May 25, 8:17 PM
Unknown Object (File)
May 23 2024, 4:55 PM
Unknown Object (File)
May 23 2024, 4:42 PM
Unknown Object (File)
May 21 2024, 8:55 PM
Subscribers
imp

Details

Reviewers
markj
Commits
rGb0e7358bf8b9: cryptocheck: Don't treat OpenSSL errors as fatal
Summary

Abort the current test but keep running additional tests if OpenSSL
reports an error during a test. This matches the behavior for other
tests such as an error from OCF.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

jhb created this revision.May 20 2024, 11:45 PM
Herald added a subscriber: imp. · View Herald TranscriptMay 20 2024, 11:45 PM
jhb requested review of this revision.May 20 2024, 11:45 PM
Harbormaster completed remote builds in B57808: Diff 138825.May 20 2024, 11:45 PM
jhb added a child revision: D45280: cryptocheck: Don't test Chacha20-Poly1305 with an IV size of 8.May 20 2024, 11:46 PM
markj added a comment.May 21 2024, 1:01 PM

Why would openssl return an error?

These errors don't get propagated up so cryptocheck may still exit with status 0 after an error. Is that reasonable?

jhb added a comment.May 21 2024, 4:35 PM
In D45279#1033131, @markj wrote:

Why would openssl return an error?

When OpenSSL 3.0 removes support for IV sizes for chacha20 for example. :(

These errors don't get propagated up so cryptocheck may still exit with status 0 after an error. Is that reasonable?

That is true of non-OpenSSL errors today, so is at least consistent. If we wanted to propagate errors we could perhaps add a global boolean that determines the return value from main. Some errors we might want to ignore though which is the hard part. OCF doesn't implement AES-XTS with small payload sizes for example, and I think two of the small tests (single byte payload) when doing -a all -z have identical cipher and plain text because the first byte of the keystream is 0x00. I generally redirect stdout/stderr to a file and use diff or a side-by-side tool like kompare.

markj accepted this revision.Wed, Jun 5, 5:03 PM
This revision is now accepted and ready to land.Wed, Jun 5, 5:03 PM
Closed by commit rGb0e7358bf8b9: cryptocheck: Don't treat OpenSSL errors as fatal (authored by jhb). · Explain WhyThu, Jun 6, 9:49 PM
This revision was automatically updated to reflect the committed changes.
jhb added a commit: rGb0e7358bf8b9: cryptocheck: Don't treat OpenSSL errors as fatal.

Revision Contents
Changeset List

PathSize
tools/
tools/
crypto/
322 lines

Diff 139611

View Options

tools/tools/crypto/cryptocheck.c

Loading...