Removing function names from errors (PR 9058)

Salz, Rich rsalz at akamai.com
Thu Jun 13 01:47:32 UTC 2019


I think exposing the function internals is a mistake for a couple of reasons: it encourages familiarity with, and dependence on, OpenSSL library internals, and it goes against the spirit of layering, and there is no guarantee that the function code does not change as internal code gets moved around (refactored, removed, etc).

We have the source filename and line number available, although this has the some of the same drawbacks as function codes. It's just a little less ugly because C provides that data and we don't wedge it into the error code space.

The proper way to handle this, in my experience, is *DO NOT REUSE ERROR CODES.* Each error code appears in exactly one place, and we could eventually build up documentation explaining what they mean, the causes, and how to address this. This means, we don't use ERR_R_MALLOC when trying to create an RSA key, for example, but rather a handful of new errors for ERR_R_RSA_CANT_CREATE_D, ...CANT_CREATE_N, etc.  That is a big job, albeit mostly a tedious one.





More information about the openssl-project mailing list