Hygiene/use mbedtls error strings in logs #1875
Conversation
…use-mbedtls-error-strings-in-logs
…-error-strings-in-logs
| @@ -0,0 +1,58 @@ | |||
| /* | |||
There was a problem hiding this comment.
Also does this custom file belong in the third party folder?
There was a problem hiding this comment.
Will move it to the 3rdparty/mbedtls_utlils folder once #1881 is merged
There was a problem hiding this comment.
Have relocated files to mbedtls_utils
…-error-strings-in-logs
… include mbedtls_utils in Project files
| const char * mbedtls_strerror_highlevel( int errnum ) | ||
| { | ||
| const char * rc = NULL; | ||
| int use_ret; |
There was a problem hiding this comment.
Should initial this to 0. Notably the Espressif project will consider this as an error. (For the make project at least)
There was a problem hiding this comment.
We discussed offline that this will follow the mbedtls coding style with the goal of eventually pushing it to mbedtls repository
| const char * mbedtls_strerror_lowlevel( int errnum ) | ||
| { | ||
| const char * rc = NULL; | ||
| int use_ret; |
There was a problem hiding this comment.
Same comment about initialization
|
|
||
| if( use_ret == 0 ) | ||
| { | ||
| return NULL; |
There was a problem hiding this comment.
single point of return as per the coding standard
There was a problem hiding this comment.
Correct, this will be contributed to a third-party dependency so needs to be in that style.
| @@ -3472,7 +3476,9 @@ CK_DECLARE_FUNCTION( CK_RV, C_Sign )( CK_SESSION_HANDLE xSession, | |||
|
|
|||
| if( lMbedTLSResult != CKR_OK ) | |||
| { | |||
| PKCS11_PRINT( ( "mbedTLS sign failed with error %d \r\n", lMbedTLSResult ) ); | |||
| PKCS11_PRINT( ( "mbedTLS sign failed with error %s : %s \r\n", | |||
| mbedtls_strerror_highlevel( lMbedTLSResult ), | |||
There was a problem hiding this comment.
It the function returns NULL this is technically UB, but most implementations will just print (NULL).
I did quick test on the Xtensa compiler and this hardfaults if NULL is returned.
There was a problem hiding this comment.
Good point. To address this concern, we could return a default value like "<low-level-code-not-included>"
There was a problem hiding this comment.
I'm thinking of adding file-specific constants and macros to log level-codes only if non-null.
static const char * pNoHighLevelMbedTlsCodeStr = "<No-High-Level-Code>";
static const char * pNoLowLevelMbedTlsCodeStr = "<No-Low-Level-Code>";
#define mbedTlsHighLevelCodeOrDefault( errnum ) \
{ \
( mbedtls_strerror_highlevel( errnum ) != NULL ) ? \
mbedtls_strerror_highlevel( errnum ) : pNoHighLevelMbedTlsCodeStr ); \
}
#define mbedTlsLowLevelCodeOrDefault( errnum ) \
{ \
( mbedtls_strerror_lowlevel( errnum ) != NULL ) ? \
mbedtls_strerror_lowlevel( errnum ) : pNoLowLevelMbedTlsCodeStr ); \
}
| @@ -65,6 +65,35 @@ | |||
| #include <stdio.h> | |||
| #include <string.h> | |||
|
|
|||
| /** | |||
| * @brief Represents string to be loggedwhen mbed TLS returned error | |||
There was a problem hiding this comment.
I do not see it fixed. Also, I see the same at multiple places.
There was a problem hiding this comment.
Also, please end comment with period.
There was a problem hiding this comment.
Oops, I forgot to push the change. I will make the change in a follow-up PR.
|
|
||
| if( use_ret == 0 ) | ||
| { | ||
| return NULL; |
There was a problem hiding this comment.
Correct, this will be contributed to a third-party dependency so needs to be in that style.
| @@ -65,6 +65,35 @@ | |||
| #include <stdio.h> | |||
| #include <string.h> | |||
|
|
|||
| /** | |||
| * @brief Represents string to be loggedwhen mbed TLS returned error | |||
There was a problem hiding this comment.
I do not see it fixed. Also, I see the same at multiple places.
| @@ -65,6 +65,35 @@ | |||
| #include <stdio.h> | |||
| #include <string.h> | |||
|
|
|||
| /** | |||
| * @brief Represents string to be loggedwhen mbed TLS returned error | |||
There was a problem hiding this comment.
Also, please end comment with period.
| /* High level error codes */ | ||
| /* */ | ||
| /* BEGIN generated code */ | ||
| #if defined( MBEDTLS_CIPHER_C ) |
There was a problem hiding this comment.
Use of switch would result in a faster code, right? (The same was suggested by ARM here: Mbed-TLS/mbedtls#3176).
There was a problem hiding this comment.
Will look into tackling this in a separate PR to avoid scope-creep.
Stringify mbed TLS error codes in logs (to improve debugging experience)
Description
mbedtls_strerror_highlevelandmbedtls_strerror_lowlevel, to support stringification of mbed TLS (high-level and low-level) codes with constant strings. (Existingmbedtls_sterrorinvolves population of buffer string at runtime which is memory intensive)Checklist:
By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.