Open maxtropets opened 2 weeks ago
Ok, seems like all the output is from these two testcases
TEST_CASE("Sign, fail to verify with bad signature")
TEST_CASE("Sign, fail to verify with wrong key on wrong curve")
Both test negative scenarios, one is corrupting a signature, another is using a wrong curve.
Both tests try out
static constexpr CurveID supported_curves[] = {
CurveID::SECP384R1, CurveID::SECP256R1};
The corrupted signature produces error msgs for boths, however TEST_CASE("Sign, fail to verify with wrong key on wrong curve")
only does it for SECP384R1
Errors from TEST_CASE("Sign, fail to verify with bad signature")
From TEST_CASE("Sign, fail to verify with wrong key on wrong curve")
From CCF perspective, all produced here.
That seems logical, now the question is - do we want them to be there in production or shall we look for suppression mechanisms?
My opinion - we don't failure scenarios, so we can keep those, as they may be useful and shall not be populated to often.
Would like to hear more opinions, @eddyashton, @achamayou
do we want them to be there in production or shall we look for suppression mechanisms?
We want to suppress these in production - we handle the failure ourselves and don't want to see symcrypt's internal logging. It's fine if they remain for debug builds, where there's a chance they're eventually useful.
Looked for ways to shut it up, seems like there's this function https://github.com/microsoft/SymCrypt-OpenSSL/blob/main/ScosslCommon/inc/scossl_helpers.h#L84
but I don't see a header under /usr/...
I wonder if there's a way to access it via symcrypt somehow?..
@maxtropets might need to install a symcrypt-devel or similarly named to get the relevant header
SO far
nm -CD /usr/lib/engines-3/symcryptengine.so | grep set_trace
is thereWe could've defined void SCOSSL_set_trace_level(int trace_level, int ossl_ERR_level);
and call it, but linker doesn't find a symbol, obviously. Removing LINKER:--no-undefined
doesn't solve the issue.
I wonder if there is a way to defer the linkage to runtime until symcrypt is loaded?.