Page MenuHomeFreeBSD

cryptocheck: Don't treat OpenSSL errors as fatal
ClosedPublic

Authored by jhb on May 20 2024, 11:45 PM.
Tags
None
Referenced Files
F102699545: D45279.diff
Sat, Nov 16, 12:55 AM
Unknown Object (File)
Fri, Nov 1, 2:22 AM
Unknown Object (File)
Fri, Nov 1, 2:22 AM
Unknown Object (File)
Fri, Nov 1, 1:58 AM
Unknown Object (File)
Sun, Oct 20, 9:44 PM
Unknown Object (File)
Sep 29 2024, 4:48 PM
Unknown Object (File)
Sep 26 2024, 9:41 AM
Unknown Object (File)
Sep 24 2024, 4:01 PM
Subscribers

Details

Summary

Abort the current test but keep running additional tests if OpenSSL
reports an error during a test. This matches the behavior for other
tests such as an error from OCF.

Diff Detail

Repository
rG FreeBSD src repository
Lint
Lint Skipped
Unit
Tests Skipped
Build Status
Buildable 57808
Build 54696: arc lint + arc unit

Event Timeline

jhb requested review of this revision.May 20 2024, 11:45 PM

Why would openssl return an error?

These errors don't get propagated up so cryptocheck may still exit with status 0 after an error. Is that reasonable?

Why would openssl return an error?

When OpenSSL 3.0 removes support for IV sizes for chacha20 for example. :(

These errors don't get propagated up so cryptocheck may still exit with status 0 after an error. Is that reasonable?

That is true of non-OpenSSL errors today, so is at least consistent. If we wanted to propagate errors we could perhaps add a global boolean that determines the return value from main. Some errors we might want to ignore though which is the hard part. OCF doesn't implement AES-XTS with small payload sizes for example, and I think two of the small tests (single byte payload) when doing -a all -z have identical cipher and plain text because the first byte of the keystream is 0x00. I generally redirect stdout/stderr to a file and use diff or a side-by-side tool like kompare.

This revision is now accepted and ready to land.Jun 5 2024, 5:03 PM
This revision was automatically updated to reflect the committed changes.