Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Do not add error codes #167

Open
wants to merge 9 commits into
base: development
Choose a base branch
from
Open

Do not add error codes #167

wants to merge 9 commits into from
+89 −89

Conversation

gilles-peskine-arm
Copy link
Contributor

@gilles-peskine-arm gilles-peskine-arm commented Jan 24, 2025
edited
Loading

Never add a low-level error code to a high-level error code. Just use the low-level error code. Resolves Mbed-TLS/mbedtls#9619, a step towards having unified PSA and mbedtls error codes.

In this pull request, we keep calls to MBEDTLS_ERROR_ADD. The idea is to keep them around for a while, but not to use addition in new code. Thus

  • High-level error codes may still appear as false positives in searches even where they're not used, in calls of the form MBEDTLS_ERROR_ADD(MBEDTLS_ERR_HIGH, xxx) where xxx is never 0.
  • We still have the opportunity to change some places where we want the high-level error to win.
  • There are few lines of code to change, and unchanged code can still have bug fixes that will be easy to backport in 3.6.

Follow-up to Mbed-TLS/mbedtls#9566, which added enforcement that we do use MBEDTLS_ERROR_ADD when constructing high+low error codes, and not just directly the plus operator.

PR checklist

@gilles-peskine-arm
Have a low-level error code override any high-level one
4a71260 
Let the low-level error code win because that is usually the right choice,
e.g. to propagate out-of-memory errors through semantic errors, or to
propagate an ASN.1 parsing error through certificate verification.

We mostly use MBEDTLS_ERROR_ADD with both a low-level and a high-level
error, but we also occasionally use it with a low-level code that can be 0.
Ensure that the value is nonzero whenever either value is nonzero.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Make it possible to include psa/crypto_values.h independently
7168431 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Remove obsolete error code layout
3b6557b 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
error_common.h: turn error code constants into aliases for PSA codes
f916903 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm gilles-peskine-arm added size-s Estimated task size: small (~2d) priority-high High priority - will be reviewed soon needs-ci Needs to pass CI tests labels Jan 24, 2025
This was referenced Jan 24, 2025
Open
Closed
@gilles-peskine-arm gilles-peskine-arm force-pushed the error-codes-add-force-low-crypto branch from 6d1c757 to 0799704 Compare January 24, 2025 17:26
@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members needs-reviewer This PR needs someone to pick it up for review and removed needs-ci Needs to pass CI tests labels Jan 24, 2025
@minosgalanakis minosgalanakis self-requested a review January 27, 2025 10:02
mpg
mpg reviewed Jan 27, 2025
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

First pass, haven't looked at the mbedtls companion PR yet. Looking good except the point in the ChangeLog I noted as a surprise.

drivers/builtin/include/mbedtls/error_common.h Outdated Show resolved Hide resolved
ChangeLog.d/error-unification.txt Outdated Show resolved Hide resolved
@mpg mpg removed the needs-reviewer This PR needs someone to pick it up for review label Jan 27, 2025
gilles-peskine-arm
gilles-peskine-arm commented Jan 30, 2025
View reviewed changes
drivers/builtin/include/mbedtls/error_common.h
/** This is a bug in the library */
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E
/* Generic error */
#define MBEDTLS_ERR_ERROR_GENERIC_ERROR PSA_ERROR_GENERIC_ERROR
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we have a changelog entry to call out:

  • when a specific MBEDTLS_ERR_xxx constant becomes private?
  • when a specific MBEDTLS_ERR_xxx constant remains public, but becomes an alias of another value?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think we shoud in both cases. This is a user facing error, and people will look at the changelog first when they see something not matching what they expect.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agreed.

On the practical side, this may make the ChangeLog pretty verbose, so perhaps in the end we'll just want to have a generic entry like "Some MBEDTLS_ERR_ constants have become private, and others have become aliases to other values. For details, see in the migration guide." But in the meantime it's probably better to create a ChangeLog entry for every change we make, so we have a comprehensive list (while avoiding conflicts) and we can consolidate/edit in the late stages before the release.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I propose to start the migration document right away. Maybe multiple files that we'll merge at the end, similar to changelog.d, to avoid conflicts during the work?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I've gone ahead and created a directory for migration document fragments, and written a fragment about error codes.

mpg
mpg previously approved these changes Jan 31, 2025
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpg mpg mpg left review comments

@minosgalanakis minosgalanakis Awaiting requested review from minosgalanakis

At least 2 approving reviews are required to merge this pull request.

Assignees
No one assigned
Labels
needs-review Every commit must be reviewed by at least two team members priority-high High priority - will be reviewed soon size-s Estimated task size: small (~2d)
Projects
No open projects
Roadmap Board for Mbed TLS
Status: To Do
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Error codes in 4.0
3 participants
@gilles-peskine-arm @mpg @minosgalanakis