From: Matt Caswell <matt@openssl.org>
Date: Sat, 15 May 2021 09:27:09 +0000 (+0100)
Subject: Better error messages if there are no encoders/decoders/store loaders
X-Git-Tag: openssl-3.0.0-alpha17~65
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=40692ed7c80ae3bb6c92c674fb90a5e15d81052d;p=thirdparty%2Fopenssl.git

Better error messages if there are no encoders/decoders/store loaders

If you don't have the base or default providers loaded and therefore there
are no encoders/decoders or store loaders then the error messages can be
cryptic. We provide better hints about how to fix the problem.

Fixes #13798

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15306)
---

diff --git a/crypto/encode_decode/decoder_err.c b/crypto/encode_decode/decoder_err.c
index 1880c8f409c..c948d826980 100644
--- a/crypto/encode_decode/decoder_err.c
+++ b/crypto/encode_decode/decoder_err.c
@@ -17,6 +17,8 @@
 static const ERR_STRING_DATA OSSL_DECODER_str_reasons[] = {
     {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT),
     "could not decode object"},
+    {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_DECODER_NOT_FOUND),
+    "decoder not found"},
     {ERR_PACK(ERR_LIB_OSSL_DECODER, 0, OSSL_DECODER_R_MISSING_GET_PARAMS),
     "missing get params"},
     {0, NULL}
diff --git a/crypto/encode_decode/decoder_lib.c b/crypto/encode_decode/decoder_lib.c
index 8a5082c441d..c7eac0eddd6 100644
--- a/crypto/encode_decode/decoder_lib.c
+++ b/crypto/encode_decode/decoder_lib.c
@@ -48,6 +48,14 @@ int OSSL_DECODER_from_bio(OSSL_DECODER_CTX *ctx, BIO *in)
     int ok = 0;
     BIO *new_bio = NULL;
 
+    if (OSSL_DECODER_CTX_get_num_decoders(ctx) == 0) {
+        ERR_raise_data(ERR_LIB_OSSL_DECODER, OSSL_DECODER_R_DECODER_NOT_FOUND,
+                       "No decoders were found. For standard decoders you need "
+                       "at least one of the default or base providers "
+                       "available. Did you forget to load them?");
+        return 0;
+    }
+
     if (BIO_tell(in) < 0) {
         new_bio = BIO_new(BIO_f_readbuffer());
         if (new_bio == NULL)
diff --git a/crypto/encode_decode/encoder_lib.c b/crypto/encode_decode/encoder_lib.c
index ea0a556e56a..f074c9fb607 100644
--- a/crypto/encode_decode/encoder_lib.c
+++ b/crypto/encode_decode/encoder_lib.c
@@ -49,6 +49,14 @@ int OSSL_ENCODER_to_bio(OSSL_ENCODER_CTX *ctx, BIO *out)
     data.bio = out;
     data.current_encoder_inst_index = OSSL_ENCODER_CTX_get_num_encoders(ctx);
 
+    if (data.current_encoder_inst_index == 0) {
+        ERR_raise_data(ERR_LIB_OSSL_ENCODER, OSSL_ENCODER_R_ENCODER_NOT_FOUND,
+                       "No encoders were found. For standard encoders you need "
+                       "at least one of the default or base providers "
+                       "available. Did you forget to load them?");
+        return 0;
+    }
+
     return encoder_process(&data) > 0;
 }
 
diff --git a/crypto/err/openssl.txt b/crypto/err/openssl.txt
index 0bbdd886cee..3e9bfc1acf3 100644
--- a/crypto/err/openssl.txt
+++ b/crypto/err/openssl.txt
@@ -812,6 +812,7 @@ OCSP_R_UNKNOWN_MESSAGE_DIGEST:119:unknown message digest
 OCSP_R_UNKNOWN_NID:120:unknown nid
 OCSP_R_UNSUPPORTED_REQUESTORNAME_TYPE:129:unsupported requestorname type
 OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT:101:could not decode object
+OSSL_DECODER_R_DECODER_NOT_FOUND:102:decoder not found
 OSSL_DECODER_R_MISSING_GET_PARAMS:100:missing get params
 OSSL_ENCODER_R_ENCODER_NOT_FOUND:101:encoder not found
 OSSL_ENCODER_R_INCORRECT_PROPERTY_QUERY:100:incorrect property query
@@ -831,6 +832,7 @@ OSSL_STORE_R_NOT_A_NAME:103:not a name
 OSSL_STORE_R_NOT_A_PRIVATE_KEY:102:not a private key
 OSSL_STORE_R_NOT_A_PUBLIC_KEY:122:not a public key
 OSSL_STORE_R_NOT_PARAMETERS:104:not parameters
+OSSL_STORE_R_NO_LOADERS_FOUND:123:no loaders found
 OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR:114:passphrase callback error
 OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE:108:path must be absolute
 OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES:119:\
diff --git a/crypto/store/store_err.c b/crypto/store/store_err.c
index ab0a2c6cd20..8aa34446932 100644
--- a/crypto/store/store_err.c
+++ b/crypto/store/store_err.c
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 1995-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
@@ -40,6 +40,8 @@ static const ERR_STRING_DATA OSSL_STORE_str_reasons[] = {
     "not a public key"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NOT_PARAMETERS),
     "not parameters"},
+    {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_NO_LOADERS_FOUND),
+    "no loaders found"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR),
     "passphrase callback error"},
     {ERR_PACK(ERR_LIB_OSSL_STORE, 0, OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE),
diff --git a/crypto/store/store_lib.c b/crypto/store/store_lib.c
index 158b7be79da..1409f3aef46 100644
--- a/crypto/store/store_lib.c
+++ b/crypto/store/store_lib.c
@@ -144,8 +144,13 @@ OSSL_STORE_open_ex(const char *uri, OSSL_LIB_CTX *libctx, const char *propq,
     if (loader != NULL)
         OSSL_TRACE1(STORE, "Found loader for scheme %s\n", schemes[i]);
 
-    if (loader_ctx == NULL)
+    if (loader_ctx == NULL) {
+        ERR_raise_data(ERR_LIB_OSSL_STORE, OSSL_STORE_R_NO_LOADERS_FOUND,
+                       "No store loaders were found. For standard store "
+                       "loaders you need at least one of the default or base "
+                       "providers available. Did you forget to load them?");
         goto err;
+    }
 
     OSSL_TRACE2(STORE, "Opened %s => %p\n", uri, (void *)loader_ctx);
 
diff --git a/include/crypto/storeerr.h b/include/crypto/storeerr.h
index 94d4a1cf795..ed4a2195098 100644
--- a/include/crypto/storeerr.h
+++ b/include/crypto/storeerr.h
@@ -1,6 +1,6 @@
 /*
  * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 2020 The OpenSSL Project Authors. All Rights Reserved.
+ * Copyright 2020-2021 The OpenSSL Project Authors. All Rights Reserved.
  *
  * Licensed under the Apache License 2.0 (the "License").  You may not use
  * this file except in compliance with the License.  You can obtain a copy
diff --git a/include/openssl/decodererr.h b/include/openssl/decodererr.h
index 824a0a92539..4212a38bca2 100644
--- a/include/openssl/decodererr.h
+++ b/include/openssl/decodererr.h
@@ -22,6 +22,7 @@
  * OSSL_DECODER reason codes.
  */
 # define OSSL_DECODER_R_COULD_NOT_DECODE_OBJECT           101
+# define OSSL_DECODER_R_DECODER_NOT_FOUND                 102
 # define OSSL_DECODER_R_MISSING_GET_PARAMS                100
 
 #endif
diff --git a/include/openssl/storeerr.h b/include/openssl/storeerr.h
index 45e781d2aab..00529c88b59 100644
--- a/include/openssl/storeerr.h
+++ b/include/openssl/storeerr.h
@@ -35,6 +35,7 @@
 # define OSSL_STORE_R_NOT_A_PRIVATE_KEY                   102
 # define OSSL_STORE_R_NOT_A_PUBLIC_KEY                    122
 # define OSSL_STORE_R_NOT_PARAMETERS                      104
+# define OSSL_STORE_R_NO_LOADERS_FOUND                    123
 # define OSSL_STORE_R_PASSPHRASE_CALLBACK_ERROR           114
 # define OSSL_STORE_R_PATH_MUST_BE_ABSOLUTE               108
 # define OSSL_STORE_R_SEARCH_ONLY_SUPPORTED_FOR_DIRECTORIES 119