diff --git a/CHANGELOG.md b/CHANGELOG.md index d4415bf981f..1059191e140 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,7 +5,12 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). -## Unreleased + +## [1.0.14] + +### Changed + +- Log more detailed errors on early startup (#3116). ### Added @@ -955,6 +960,7 @@ Some discrepancies with the TR remain, and are being tracked under https://githu Initial pre-release +[1.0.14]: https://github.com/microsoft/CCF/releases/tag/ccf-1.0.14 [1.0.13]: https://github.com/microsoft/CCF/releases/tag/ccf-1.0.13 [1.0.12]: https://github.com/microsoft/CCF/releases/tag/ccf-1.0.12 [1.0.11]: https://github.com/microsoft/CCF/releases/tag/ccf-1.0.11 diff --git a/src/common/enclave_interface_types.h b/src/common/enclave_interface_types.h index a6a3cdd2c15..94b68f0e923 100644 --- a/src/common/enclave_interface_types.h +++ b/src/common/enclave_interface_types.h @@ -21,6 +21,18 @@ enum CreateNodeStatus /** One of the input buffers is not located outside of the enclave memory */ MemoryNotOutsideEnclave = 5, + + /** Enclave initialisation failed */ + EnclaveInitFailed = 6, + + /** Open Enclave Verifier initialisation failed */ + OEVerifierInitFailed = 7, + + /** Open Enclave Attester initialisation failed */ + OEAttesterInitFailed = 8, + + /** OpenSSL RDRAND Init Failed */ + OpenSSLRDRANDInitFailed = 9 }; constexpr char const* create_node_result_to_str(CreateNodeStatus result) @@ -51,6 +63,22 @@ constexpr char const* create_node_result_to_str(CreateNodeStatus result) { return "MemoryNotOutsideEnclave"; } + case CreateNodeStatus::EnclaveInitFailed: + { + return "EnclaveInitFailed"; + } + case CreateNodeStatus::OEVerifierInitFailed: + { + return "OEVerifierInitFailed"; + } + case CreateNodeStatus::OEAttesterInitFailed: + { + return "OEAttesterInitFailed"; + } + case CreateNodeStatus::OpenSSLRDRANDInitFailed: + { + return "OpenSSLRDRANDInitFailed"; + } default: { return "Unknown CreateNodeStatus"; diff --git a/src/ds/ccf_exception.h b/src/ds/ccf_exception.h index ccfe5c21c40..6c9aab5d6d7 100644 --- a/src/ds/ccf_exception.h +++ b/src/ds/ccf_exception.h @@ -47,4 +47,28 @@ namespace ccf private: std::string result; }; + + class ccf_oe_attester_init_error : public ccf_logic_error + { + public: + ccf_oe_attester_init_error(const std::string& what_arg) : + ccf_logic_error(what_arg) + {} + }; + + class ccf_oe_verifier_init_error : public ccf_logic_error + { + public: + ccf_oe_verifier_init_error(const std::string& what_arg) : + ccf_logic_error(what_arg) + {} + }; + + class ccf_openssl_rdrand_init_error : public ccf_logic_error + { + public: + ccf_openssl_rdrand_init_error(const std::string& what_arg) : + ccf_logic_error(what_arg) + {} + }; }; diff --git a/src/enclave/enclave.h b/src/enclave/enclave.h index ffea6df7194..e0f62eaeb17 100644 --- a/src/enclave/enclave.h +++ b/src/enclave/enclave.h @@ -98,7 +98,7 @@ namespace enclave ENGINE_set_default(rdrand_engine, ENGINE_METHOD_RAND) != 1) { ENGINE_free(rdrand_engine); - throw std::runtime_error( + throw ccf::ccf_openssl_rdrand_init_error( "could not initialize RDRAND engine for OpenSSL"); } @@ -176,7 +176,7 @@ namespace enclave { r = node->create(start_type, std::move(ccf_config_)); } - catch (const std::runtime_error& e) + catch (const std::exception& e) { LOG_FAIL_FMT("Error starting node: {}", e.what()); return false; diff --git a/src/enclave/main.cpp b/src/enclave/main.cpp index ddf867ed2ad..f1860f34272 100644 --- a/src/enclave/main.cpp +++ b/src/enclave/main.cpp @@ -2,6 +2,7 @@ // Licensed under the Apache 2.0 License. #include "ccf/version.h" #include "common/enclave_interface_types.h" +#include "ds/ccf_exception.h" #include "ds/json.h" #include "ds/logger.h" #include "ds/spin_lock.h" @@ -143,13 +144,29 @@ extern "C" #ifdef DEBUG_CONFIG reserved_memory = new uint8_t[ec->debug_config.memory_reserve_startup]; #endif + enclave::Enclave* enclave; - auto enclave = new enclave::Enclave( - ec, - cc.signature_intervals, - consensus_type, - cc.consensus_config, - cc.curve_id); + try + { + enclave = new enclave::Enclave( + ec, cc.signature_intervals, consensus_type, cc.consensus_config, cc.curve_id); + } + catch (const ccf::ccf_oe_attester_init_error&) + { + return CreateNodeStatus::OEAttesterInitFailed; + } + catch (const ccf::ccf_oe_verifier_init_error&) + { + return CreateNodeStatus::OEVerifierInitFailed; + } + catch (const ccf::ccf_openssl_rdrand_init_error&) + { + return CreateNodeStatus::OpenSSLRDRANDInitFailed; + } + catch (const std::exception&) + { + return CreateNodeStatus::EnclaveInitFailed; + } if (!enclave->create_new_node( start_type, diff --git a/src/node/quote.h b/src/node/quote.h index 0cf6e75c6b1..a638842794c 100644 --- a/src/node/quote.h +++ b/src/node/quote.h @@ -11,6 +11,7 @@ # include "network_tables.h" # include "node/rpc/node_interface.h" # include "quote_info.h" +# include "ds/ccf_exception.h" # include # include @@ -215,14 +216,14 @@ namespace ccf auto rc = oe_attester_initialize(); if (rc != OE_OK) { - throw std::logic_error(fmt::format( + throw ccf::ccf_oe_attester_init_error(fmt::format( "Failed to initialise evidence attester: {}", oe_result_str(rc))); } rc = oe_verifier_initialize(); if (rc != OE_OK) { - throw std::logic_error(fmt::format( + throw ccf::ccf_oe_verifier_init_error(fmt::format( "Failed to initialise evidence verifier: {}", oe_result_str(rc))); } }