Merge pull request #4434 from chris-jones-arm/development

Backport 2.x: Add macro to check error code additions/combinations
This commit is contained in:
Gilles Peskine 2021-04-28 16:47:26 +02:00 committed by GitHub
commit e0427c777f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
20 changed files with 447 additions and 298 deletions

View file

@ -0,0 +1,2 @@
Bugfix
* Fix an incorrect error code when parsing a PKCS#8 private key.

View file

@ -30,6 +30,11 @@
#include <stddef.h> #include <stddef.h>
#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \
!defined(inline) && !defined(__cplusplus)
#define inline __inline
#endif
/** /**
* Error code layout. * Error code layout.
* *
@ -114,6 +119,54 @@ extern "C" {
#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ #define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */
/**
* \brief Combines a high-level and low-level error code together.
*
* Wrapper macro for mbedtls_error_add(). See that function for
* more details.
*/
#define MBEDTLS_ERROR_ADD( high, low ) \
mbedtls_error_add( high, low, __FILE__, __LINE__ )
#if defined(MBEDTLS_TEST_HOOKS)
/**
* \brief Testing hook called before adding/combining two error codes together.
* Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS.
*/
extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
#endif
/**
* \brief Combines a high-level and low-level error code together.
*
* This function can be called directly however it is usually
* called via the #MBEDTLS_ERROR_ADD macro.
*
* While a value of zero is not a negative error code, it is still an
* error code (that denotes success) and can be combined with both a
* negative error code or another value of zero.
*
* \note When invasive testing is enabled via #MBEDTLS_TEST_HOOKS, also try to
* call \link mbedtls_test_hook_error_add \endlink.
*
* \param high high-level error code. See error.h for more details.
* \param low low-level error code. See error.h for more details.
* \param file file where this error code addition occured.
* \param line line where this error code addition occured.
*/
static inline int mbedtls_error_add( int high, int low,
const char *file, int line )
{
#if defined(MBEDTLS_TEST_HOOKS)
if( *mbedtls_test_hook_error_add != NULL )
( *mbedtls_test_hook_error_add )( high, low, file, line );
#endif
(void)file;
(void)line;
return( high + low );
}
/** /**
* \brief Translate a mbed TLS error code into a string representation, * \brief Translate a mbed TLS error code into a string representation,
* Result is truncated if necessary and always includes a terminating * Result is truncated if necessary and always includes a terminating

View file

@ -79,7 +79,7 @@ static int dhm_read_bignum( mbedtls_mpi *X,
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 ) if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 )
return( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) );
(*p) += n; (*p) += n;
@ -222,7 +222,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size,
cleanup: cleanup:
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret ) );
return( 0 ); return( 0 );
} }
@ -242,7 +242,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx,
if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 || if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 ||
( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 ) ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 )
{ {
return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) );
} }
ctx->len = mbedtls_mpi_size( &ctx->P ); ctx->len = mbedtls_mpi_size( &ctx->P );
@ -263,7 +263,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx,
return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA );
if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 ) if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 )
return( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) );
return( 0 ); return( 0 );
} }
@ -313,7 +313,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size,
cleanup: cleanup:
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret ) );
return( 0 ); return( 0 );
} }
@ -462,7 +462,7 @@ cleanup:
mbedtls_mpi_free( &GYb ); mbedtls_mpi_free( &GYb );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) );
return( 0 ); return( 0 );
} }
@ -544,7 +544,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
goto exit; goto exit;
} }
@ -553,7 +553,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P ) ) != 0 || if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P ) ) != 0 ||
( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 ) ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 )
{ {
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
goto exit; goto exit;
} }
@ -567,13 +567,13 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin,
mbedtls_mpi_free( &rec ); mbedtls_mpi_free( &rec );
if ( ret != 0 ) if ( ret != 0 )
{ {
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret );
goto exit; goto exit;
} }
if ( p != end ) if ( p != end )
{ {
ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
goto exit; goto exit;
} }
} }

View file

@ -870,8 +870,8 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx,
if( p + len != end ) if( p + len != end )
{ {
ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_ECP_BAD_INPUT_DATA,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
goto cleanup; goto cleanup;
} }

View file

@ -973,4 +973,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
#endif /* MBEDTLS_ERROR_C */ #endif /* MBEDTLS_ERROR_C */
#if defined(MBEDTLS_TEST_HOOKS)
void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
#endif
#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ #endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */

View file

@ -343,7 +343,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 );
if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER )
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) );
if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) if( ( buf = mbedtls_calloc( 1, len ) ) == NULL )
return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); return( MBEDTLS_ERR_PEM_ALLOC_FAILED );
@ -352,7 +352,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const
{ {
mbedtls_platform_zeroize( buf, len ); mbedtls_platform_zeroize( buf, len );
mbedtls_free( buf ); mbedtls_free( buf );
return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) );
} }
if( enc != 0 ) if( enc != 0 )

View file

@ -60,21 +60,21 @@ static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params,
* *
*/ */
if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) );
salt->p = *p; salt->p = *p;
*p += salt->len; *p += salt->len;
if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 )
return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) );
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }

View file

@ -60,8 +60,8 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
const unsigned char *end = params->p + params->len; const unsigned char *end = params->p + params->len;
if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
/* /*
* PBKDF2-params ::= SEQUENCE { * PBKDF2-params ::= SEQUENCE {
* salt OCTET STRING, * salt OCTET STRING,
@ -73,13 +73,13 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
*/ */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
salt->p = p; salt->p = p;
p += salt->len; p += salt->len;
if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
if( p == end ) if( p == end )
return( 0 ); return( 0 );
@ -87,21 +87,21 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params,
if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 )
{ {
if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
} }
if( p == end ) if( p == end )
return( 0 ); return( 0 );
if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 ) if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 ) if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 )
return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE );
if( p != end ) if( p != end )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -134,12 +134,12 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
* } * }
*/ */
if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid,
&kdf_alg_params ) ) != 0 ) &kdf_alg_params ) ) != 0 )
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
// Only PBKDF2 supported at the moment // Only PBKDF2 supported at the moment
// //
@ -160,7 +160,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode,
if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid, if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid,
&enc_scheme_params ) ) != 0 ) &enc_scheme_params ) ) != 0 )
{ {
return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) );
} }
if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 ) if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 )

View file

@ -186,8 +186,8 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if ( end - *p < 1 ) if ( end - *p < 1 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ); MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
/* Tag may be either OID or SEQUENCE */ /* Tag may be either OID or SEQUENCE */
params->tag = **p; params->tag = **p;
@ -197,21 +197,21 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end,
#endif #endif
) )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
} }
if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( p, end, &params->len, params->tag ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
params->p = *p; params->p = *p;
*p += params->len; *p += params->len;
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -247,7 +247,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
/* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */
if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
if( ver < 1 || ver > 3 ) if( ver < 1 || ver > 3 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT );
@ -285,13 +285,13 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
/* Prime-p ::= INTEGER -- Field of size p. */ /* Prime-p ::= INTEGER -- Field of size p. */
if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
grp->pbits = mbedtls_mpi_bitlen( &grp->P ); grp->pbits = mbedtls_mpi_bitlen( &grp->P );
if( p != end_field ) if( p != end_field )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/* /*
* Curve ::= SEQUENCE { * Curve ::= SEQUENCE {
@ -315,7 +315,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 ) ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
p += len; p += len;
@ -323,7 +323,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ||
( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 ) ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
p += len; p += len;
@ -333,14 +333,14 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
p += len; p += len;
if( p != end_curve ) if( p != end_curve )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/* /*
* ECPoint ::= OCTET STRING * ECPoint ::= OCTET STRING
*/ */
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G, if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G,
( const unsigned char *) p, len ) ) != 0 ) ( const unsigned char *) p, len ) ) != 0 )
@ -366,7 +366,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_
* order INTEGER * order INTEGER
*/ */
if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
grp->nbits = mbedtls_mpi_bitlen( &grp->N ); grp->nbits = mbedtls_mpi_bitlen( &grp->N );
@ -528,15 +528,15 @@ static int pk_get_rsapubkey( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
if( *p + len != end ) if( *p + len != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/* Import N */ /* Import N */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0,
NULL, 0, NULL, 0 ) ) != 0 ) NULL, 0, NULL, 0 ) ) != 0 )
@ -546,7 +546,7 @@ static int pk_get_rsapubkey( unsigned char **p,
/* Import E */ /* Import E */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0,
NULL, 0, *p, len ) ) != 0 ) NULL, 0, *p, len ) ) != 0 )
@ -561,8 +561,8 @@ static int pk_get_rsapubkey( unsigned char **p,
} }
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -584,7 +584,7 @@ static int pk_get_pk_alg( unsigned char **p,
memset( params, 0, sizeof(mbedtls_asn1_buf) ); memset( params, 0, sizeof(mbedtls_asn1_buf) );
if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 )
return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_ALG, ret ) );
if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
@ -624,7 +624,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
end = *p + len; end = *p + len;
@ -633,11 +633,11 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
return( ret ); return( ret );
if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) );
if( *p + len != end ) if( *p + len != end )
return( MBEDTLS_ERR_PK_INVALID_PUBKEY + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
@ -662,8 +662,8 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end,
ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG;
if( ret == 0 && *p != end ) if( ret == 0 && *p != end )
ret = MBEDTLS_ERR_PK_INVALID_PUBKEY + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
if( ret != 0 ) if( ret != 0 )
mbedtls_pk_free( pk ); mbedtls_pk_free( pk );
@ -734,14 +734,14 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
end = p + len; end = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
if( version != 0 ) if( version != 0 )
@ -831,8 +831,8 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa,
if( p != end ) if( p != end )
{ {
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; MBEDTLS_ERR_ASN1_LENGTH_MISMATCH );
} }
cleanup: cleanup:
@ -843,7 +843,7 @@ cleanup:
{ {
/* Wrap error code if it's coming from a lower level */ /* Wrap error code if it's coming from a lower level */
if( ( ret & 0xff80 ) == 0 ) if( ( ret & 0xff80 ) == 0 )
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret );
else else
ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT;
@ -883,24 +883,24 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
end = p + len; end = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
if( version != 1 ) if( version != 1 )
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 ) if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 )
{ {
mbedtls_ecp_keypair_free( eck ); mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
p += len; p += len;
@ -924,7 +924,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
{ {
mbedtls_ecp_keypair_free( eck ); mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
} }
@ -940,11 +940,11 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
end2 = p + len; end2 = p + len;
if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
if( p + len != end2 ) if( p + len != end2 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 )
pubkey_done = 1; pubkey_done = 1;
@ -961,7 +961,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
{ {
mbedtls_ecp_keypair_free( eck ); mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
} }
@ -970,7 +970,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck,
NULL, NULL ) ) != 0 ) NULL, NULL ) ) != 0 )
{ {
mbedtls_ecp_keypair_free( eck ); mbedtls_ecp_keypair_free( eck );
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 )
@ -1028,26 +1028,28 @@ static int pk_parse_key_pkcs8_unencrypted_der(
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
end = p + len; end = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
if( version != 0 ) if( version != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) );
if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 ) if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); {
return( ret );
}
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
if( len < 1 ) if( len < 1 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ); MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL )
return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG );
@ -1130,16 +1132,16 @@ static int pk_parse_key_pkcs8_encrypted_der(
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
} }
end = p + len; end = p + len;
if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
buf = p; buf = p;
@ -1518,7 +1520,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx,
return( ret ); return( ret );
} }
mbedtls_pk_free( ctx ); mbedtls_pk_free( ctx );
if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) )
{ {
return( ret ); return( ret );
} }

View file

@ -102,7 +102,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx,
( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) ||
( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) )
{ {
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
} }
if( N != NULL ) if( N != NULL )
@ -142,7 +142,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx,
cleanup: cleanup:
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
return( 0 ); return( 0 );
} }
@ -293,7 +293,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P,
&ctx->Q ) ) != 0 ) &ctx->Q ) ) != 0 )
{ {
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
} }
ctx->len = mbedtls_mpi_size( &ctx->N ); ctx->len = mbedtls_mpi_size( &ctx->N );
@ -308,7 +308,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D,
&ctx->P, &ctx->Q ); &ctx->P, &ctx->Q );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
} }
else if( d_missing ) else if( d_missing )
@ -318,7 +318,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
&ctx->E, &ctx->E,
&ctx->D ) ) != 0 ) &ctx->D ) ) != 0 )
{ {
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
} }
} }
@ -333,7 +333,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx )
ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
&ctx->DP, &ctx->DQ, &ctx->QP ); &ctx->DP, &ctx->DQ, &ctx->QP );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
} }
#endif /* MBEDTLS_RSA_NO_CRT */ #endif /* MBEDTLS_RSA_NO_CRT */
@ -461,13 +461,13 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx,
( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) ||
( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) )
{ {
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
} }
#else #else
if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D,
DP, DQ, QP ) ) != 0 ) DP, DQ, QP ) ) != 0 )
{ {
return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) );
} }
#endif #endif
@ -635,8 +635,9 @@ cleanup:
if( ret != 0 ) if( ret != 0 )
{ {
mbedtls_rsa_free( ctx ); mbedtls_rsa_free( ctx );
if( ( -ret & ~0x7f ) == 0 ) if( ( -ret & ~0x7f ) == 0 )
ret = MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret; ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret );
return( ret ); return( ret );
} }
@ -769,7 +770,7 @@ cleanup:
mbedtls_mpi_free( &T ); mbedtls_mpi_free( &T );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) );
return( 0 ); return( 0 );
} }
@ -1085,7 +1086,7 @@ cleanup:
mbedtls_mpi_free( &I ); mbedtls_mpi_free( &I );
if( ret != 0 && ret >= -0x007f ) if( ret != 0 && ret >= -0x007f )
return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) );
return( ret ); return( ret );
} }
@ -1198,7 +1199,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx,
/* Generate a random octet string seed */ /* Generate a random octet string seed */
if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
p += hlen; p += hlen;
@ -1287,7 +1288,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx,
/* Check if RNG failed to generate data */ /* Check if RNG failed to generate data */
if( rng_dl == 0 || ret != 0 ) if( rng_dl == 0 || ret != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
p++; p++;
} }
@ -1881,7 +1882,7 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx,
/* Generate salt of length slen in place in the encoded message */ /* Generate salt of length slen in place in the encoded message */
salt = p; salt = p;
if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 )
return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) );
p += slen; p += slen;

View file

@ -174,7 +174,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
#endif #endif
ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4, ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4,
@ -182,8 +182,8 @@ int mbedtls_ssl_cookie_write( void *p_ctx,
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
MBEDTLS_ERR_THREADING_MUTEX_ERROR ); MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
#endif #endif
return( ret ); return( ret );
@ -210,7 +210,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) );
#endif #endif
if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie, if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie,
@ -220,8 +220,8 @@ int mbedtls_ssl_cookie_check( void *p_ctx,
#if defined(MBEDTLS_THREADING_C) #if defined(MBEDTLS_THREADING_C)
if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 )
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR,
MBEDTLS_ERR_THREADING_MUTEX_ERROR ); MBEDTLS_ERR_THREADING_MUTEX_ERROR ) );
#endif #endif
if( ret != 0 ) if( ret != 0 )

View file

@ -81,18 +81,18 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( end - *p ) < 1 ) if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_X509_INVALID_SERIAL + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ); MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) && if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) &&
**p != MBEDTLS_ASN1_INTEGER ) **p != MBEDTLS_ASN1_INTEGER )
return( MBEDTLS_ERR_X509_INVALID_SERIAL + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
serial->tag = *(*p)++; serial->tag = *(*p)++;
if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 ) if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, ret ) );
serial->p = *p; serial->p = *p;
*p += serial->len; *p += serial->len;
@ -112,7 +112,7 @@ int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
return( 0 ); return( 0 );
} }
@ -126,7 +126,7 @@ int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 ) if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
return( 0 ); return( 0 );
} }
@ -151,39 +151,39 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md
/* Make sure we got a SEQUENCE and setup bounds */ /* Make sure we got a SEQUENCE and setup bounds */
if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
p = alg->p; p = alg->p;
end = p + alg->len; end = p + alg->len;
if( p >= end ) if( p >= end )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ); MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
/* Parse md_oid */ /* Parse md_oid */
md_oid.tag = *p; md_oid.tag = *p;
if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
md_oid.p = p; md_oid.p = p;
p += md_oid.len; p += md_oid.len;
/* Get md_alg from md_oid */ /* Get md_alg from md_oid */
if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 ) if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
/* Make sure params is absent of NULL */ /* Make sure params is absent of NULL */
if( p == end ) if( p == end )
return( 0 ); return( 0 );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 ) if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
if( p != end ) if( p != end )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -217,8 +217,8 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
/* Make sure params is a SEQUENCE and setup bounds */ /* Make sure params is a SEQUENCE and setup bounds */
if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
p = (unsigned char *) params->p; p = (unsigned char *) params->p;
end = p + params->len; end = p + params->len;
@ -239,14 +239,14 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
return( ret ); return( ret );
if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 ) if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
if( p != end2 ) if( p != end2 )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
if( p == end ) if( p == end )
return( 0 ); return( 0 );
@ -265,19 +265,19 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
/* Only MFG1 is recognised for now */ /* Only MFG1 is recognised for now */
if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 ) if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 )
return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
MBEDTLS_ERR_OID_NOT_FOUND ); MBEDTLS_ERR_OID_NOT_FOUND ) );
/* Parse HashAlgorithm */ /* Parse HashAlgorithm */
if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 ) if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 )
return( ret ); return( ret );
if( p != end2 ) if( p != end2 )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
if( p == end ) if( p == end )
return( 0 ); return( 0 );
@ -291,14 +291,14 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
end2 = p + len; end2 = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
if( p != end2 ) if( p != end2 )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
if( p == end ) if( p == end )
return( 0 ); return( 0 );
@ -314,21 +314,21 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params,
end2 = p + len; end2 = p + len;
if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
if( p != end2 ) if( p != end2 )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
if( trailer_field != 1 ) if( trailer_field != 1 )
return( MBEDTLS_ERR_X509_INVALID_ALG ); return( MBEDTLS_ERR_X509_INVALID_ALG );
} }
else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) );
if( p != end ) if( p != end )
return( MBEDTLS_ERR_X509_INVALID_ALG + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -354,47 +354,47 @@ static int x509_get_attr_type_value( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
end = *p + len; end = *p + len;
if( ( end - *p ) < 1 ) if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_X509_INVALID_NAME + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ); MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
oid = &cur->oid; oid = &cur->oid;
oid->tag = **p; oid->tag = **p;
if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
oid->p = *p; oid->p = *p;
*p += oid->len; *p += oid->len;
if( ( end - *p ) < 1 ) if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_X509_INVALID_NAME + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ); MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING &&
**p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING &&
**p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING &&
**p != MBEDTLS_ASN1_BIT_STRING ) **p != MBEDTLS_ASN1_BIT_STRING )
return( MBEDTLS_ERR_X509_INVALID_NAME + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
val = &cur->val; val = &cur->val;
val->tag = *(*p)++; val->tag = *(*p)++;
if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 ) if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
val->p = *p; val->p = *p;
*p += val->len; *p += val->len;
if( *p != end ) if( *p != end )
{ {
return( MBEDTLS_ERR_X509_INVALID_NAME + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
cur->next = NULL; cur->next = NULL;
@ -440,7 +440,7 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end,
*/ */
if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len, if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) );
end_set = *p + set_len; end_set = *p + set_len;
@ -604,8 +604,8 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
unsigned char tag; unsigned char tag;
if( ( end - *p ) < 1 ) if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_X509_INVALID_DATE + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ); MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
tag = **p; tag = **p;
@ -614,14 +614,14 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end,
else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME )
year_len = 4; year_len = 4;
else else
return( MBEDTLS_ERR_X509_INVALID_DATE + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
(*p)++; (*p)++;
ret = mbedtls_asn1_get_len( p, end, &len ); ret = mbedtls_asn1_get_len( p, end, &len );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) );
return x509_parse_time( p, len, year_len, tm ); return x509_parse_time( p, len, year_len, tm );
} }
@ -633,13 +633,13 @@ int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x
int tag_type; int tag_type;
if( ( end - *p ) < 1 ) if( ( end - *p ) < 1 )
return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ); MBEDTLS_ERR_ASN1_OUT_OF_DATA ) );
tag_type = **p; tag_type = **p;
if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret ) );
sig->tag = tag_type; sig->tag = tag_type;
sig->len = len; sig->len = len;
@ -663,7 +663,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50
return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); return( MBEDTLS_ERR_X509_BAD_INPUT_DATA );
if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 )
return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret ) );
#if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT)
if( *pk_alg == MBEDTLS_PK_RSASSA_PSS ) if( *pk_alg == MBEDTLS_PK_RSASSA_PSS )
@ -714,7 +714,7 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
ret = mbedtls_asn1_get_tag( p, end, &ext->len, ret = mbedtls_asn1_get_tag( p, end, &ext->len,
MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ); MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag;
ext->p = *p; ext->p = *p;
@ -725,11 +725,11 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end,
*/ */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( end != *p + len ) if( end != *p + len )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }

View file

@ -79,7 +79,7 @@ static int x509_crl_get_version( unsigned char **p,
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
} }
return( 0 ); return( 0 );
@ -125,7 +125,7 @@ static int x509_get_crl_ext( unsigned char **p,
/* Get enclosing sequence tag */ /* Get enclosing sequence tag */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
end_ext_data = *p + len; end_ext_data = *p + len;
@ -133,7 +133,7 @@ static int x509_get_crl_ext( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
MBEDTLS_ASN1_OID ) ) != 0 ) MBEDTLS_ASN1_OID ) ) != 0 )
{ {
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
} }
*p += len; *p += len;
@ -142,29 +142,29 @@ static int x509_get_crl_ext( unsigned char **p,
&is_critical ) ) != 0 && &is_critical ) ) != 0 &&
( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
{ {
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
} }
/* Data should be octet string type */ /* Data should be octet string type */
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
/* Ignore data so far and just check its length */ /* Ignore data so far and just check its length */
*p += len; *p += len;
if( *p != end_ext_data ) if( *p != end_ext_data )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/* Abort on (unsupported) critical extensions */ /* Abort on (unsupported) critical extensions */
if( is_critical ) if( is_critical )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
} }
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -198,27 +198,27 @@ static int x509_get_crl_entry_ext( unsigned char **p,
ext->p = NULL; ext->p = NULL;
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
} }
end = *p + ext->len; end = *p + ext->len;
if( end != *p + ext->len ) if( end != *p + ext->len )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
while( *p < end ) while( *p < end )
{ {
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
*p += len; *p += len;
} }
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -364,8 +364,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
if( len != (size_t) ( end - p ) ) if( len != (size_t) ( end - p ) )
{ {
mbedtls_x509_crl_free( crl ); mbedtls_x509_crl_free( crl );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
/* /*
@ -377,7 +377,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
mbedtls_x509_crl_free( crl ); mbedtls_x509_crl_free( crl );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
end = p + len; end = p + len;
@ -421,7 +421,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
mbedtls_x509_crl_free( crl ); mbedtls_x509_crl_free( crl );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 )
@ -444,10 +444,10 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 ) if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 )
{ {
if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE + if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) && MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) &&
ret != ( MBEDTLS_ERR_X509_INVALID_DATE + ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) )
{ {
mbedtls_x509_crl_free( crl ); mbedtls_x509_crl_free( crl );
return( ret ); return( ret );
@ -486,8 +486,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
if( p != end ) if( p != end )
{ {
mbedtls_x509_crl_free( crl ); mbedtls_x509_crl_free( crl );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
end = crl->raw.p + crl->raw.len; end = crl->raw.p + crl->raw.len;
@ -521,8 +521,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain,
if( p != end ) if( p != end )
{ {
mbedtls_x509_crl_free( crl ); mbedtls_x509_crl_free( crl );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
return( 0 ); return( 0 );

View file

@ -397,17 +397,17 @@ static int x509_get_version( unsigned char **p,
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
end = *p + len; end = *p + len;
if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_VERSION + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -427,7 +427,7 @@ static int x509_get_dates( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) );
end = *p + len; end = *p + len;
@ -438,8 +438,8 @@ static int x509_get_dates( unsigned char **p,
return( ret ); return( ret );
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_DATE + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -464,7 +464,7 @@ static int x509_get_uid( unsigned char **p,
if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG )
return( 0 ); return( 0 );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
uid->p = *p; uid->p = *p;
@ -491,7 +491,7 @@ static int x509_get_basic_constraints( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( *p == end ) if( *p == end )
return( 0 ); return( 0 );
@ -502,7 +502,7 @@ static int x509_get_basic_constraints( unsigned char **p,
ret = mbedtls_asn1_get_int( p, end, ca_istrue ); ret = mbedtls_asn1_get_int( p, end, ca_istrue );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( *ca_istrue != 0 ) if( *ca_istrue != 0 )
*ca_istrue = 1; *ca_istrue = 1;
@ -512,17 +512,17 @@ static int x509_get_basic_constraints( unsigned char **p,
return( 0 ); return( 0 );
if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer
* overflow, which is an undefined behavior. */ * overflow, which is an undefined behavior. */
if( *max_pathlen == INT_MAX ) if( *max_pathlen == INT_MAX )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_INVALID_LENGTH ); MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
(*max_pathlen)++; (*max_pathlen)++;
@ -537,11 +537,11 @@ static int x509_get_ns_cert_type( unsigned char **p,
mbedtls_x509_bitstring bs = { 0, 0, NULL }; mbedtls_x509_bitstring bs = { 0, 0, NULL };
if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( bs.len != 1 ) if( bs.len != 1 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_INVALID_LENGTH ); MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
/* Get actual bitstring */ /* Get actual bitstring */
*ns_cert_type = *bs.p; *ns_cert_type = *bs.p;
@ -557,11 +557,11 @@ static int x509_get_key_usage( unsigned char **p,
mbedtls_x509_bitstring bs = { 0, 0, NULL }; mbedtls_x509_bitstring bs = { 0, 0, NULL };
if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( bs.len < 1 ) if( bs.len < 1 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_INVALID_LENGTH ); MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
/* Get actual bitstring */ /* Get actual bitstring */
*key_usage = 0; *key_usage = 0;
@ -585,12 +585,12 @@ static int x509_get_ext_key_usage( unsigned char **p,
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
/* Sequence length must be >= 1 */ /* Sequence length must be >= 1 */
if( ext_key_usage->buf.p == NULL ) if( ext_key_usage->buf.p == NULL )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_INVALID_LENGTH ); MBEDTLS_ERR_ASN1_INVALID_LENGTH ) );
return( 0 ); return( 0 );
} }
@ -635,11 +635,11 @@ static int x509_get_subject_alt_name( unsigned char **p,
/* Get main sequence tag */ /* Get main sequence tag */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( *p + len != end ) if( *p + len != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
while( *p < end ) while( *p < end )
{ {
@ -649,13 +649,13 @@ static int x509_get_subject_alt_name( unsigned char **p,
tag = **p; tag = **p;
(*p)++; (*p)++;
if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) !=
MBEDTLS_ASN1_CONTEXT_SPECIFIC ) MBEDTLS_ASN1_CONTEXT_SPECIFIC )
{ {
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
} }
/* /*
@ -691,8 +691,8 @@ static int x509_get_subject_alt_name( unsigned char **p,
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
if( cur->next == NULL ) if( cur->next == NULL )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_ALLOC_FAILED ); MBEDTLS_ERR_ASN1_ALLOC_FAILED ) );
cur = cur->next; cur = cur->next;
} }
@ -708,8 +708,8 @@ static int x509_get_subject_alt_name( unsigned char **p,
cur->next = NULL; cur->next = NULL;
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -776,18 +776,18 @@ static int x509_get_certificate_policies( unsigned char **p,
ret = mbedtls_asn1_get_tag( p, end, &len, ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( *p + len != end ) if( *p + len != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/* /*
* Cannot be an empty sequence. * Cannot be an empty sequence.
*/ */
if( len == 0 ) if( len == 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
while( *p < end ) while( *p < end )
{ {
@ -799,13 +799,13 @@ static int x509_get_certificate_policies( unsigned char **p,
*/ */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
policy_end = *p + len; policy_end = *p + len;
if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
MBEDTLS_ASN1_OID ) ) != 0 ) MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
policy_oid.tag = MBEDTLS_ASN1_OID; policy_oid.tag = MBEDTLS_ASN1_OID;
policy_oid.len = len; policy_oid.len = len;
@ -833,8 +833,8 @@ static int x509_get_certificate_policies( unsigned char **p,
cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) );
if( cur->next == NULL ) if( cur->next == NULL )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_ALLOC_FAILED ); MBEDTLS_ERR_ASN1_ALLOC_FAILED ) );
cur = cur->next; cur = cur->next;
} }
@ -854,7 +854,7 @@ static int x509_get_certificate_policies( unsigned char **p,
{ {
if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
/* /*
* Skip the optional policy qualifiers. * Skip the optional policy qualifiers.
*/ */
@ -862,16 +862,16 @@ static int x509_get_certificate_policies( unsigned char **p,
} }
if( *p != policy_end ) if( *p != policy_end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
/* Set final sequence entry's next pointer to NULL */ /* Set final sequence entry's next pointer to NULL */
cur->next = NULL; cur->next = NULL;
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( parse_ret ); return( parse_ret );
} }
@ -911,14 +911,14 @@ static int x509_get_crt_ext( unsigned char **p,
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
end_ext_data = *p + len; end_ext_data = *p + len;
/* Get extension ID */ /* Get extension ID */
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len,
MBEDTLS_ASN1_OID ) ) != 0 ) MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
extn_oid.tag = MBEDTLS_ASN1_OID; extn_oid.tag = MBEDTLS_ASN1_OID;
extn_oid.p = *p; extn_oid.p = *p;
@ -927,19 +927,19 @@ static int x509_get_crt_ext( unsigned char **p,
/* Get optional critical */ /* Get optional critical */
if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 &&
( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
/* Data should be octet string type */ /* Data should be octet string type */
if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
start_ext_octet = *p; start_ext_octet = *p;
end_ext_octet = *p + len; end_ext_octet = *p + len;
if( end_ext_octet != end_ext_data ) if( end_ext_octet != end_ext_data )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/* /*
* Detect supported extensions * Detect supported extensions
@ -965,8 +965,8 @@ static int x509_get_crt_ext( unsigned char **p,
if( is_critical ) if( is_critical )
{ {
/* Data is marked as critical: fail */ /* Data is marked as critical: fail */
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
} }
#endif #endif
continue; continue;
@ -1059,8 +1059,8 @@ static int x509_get_crt_ext( unsigned char **p,
} }
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( 0 ); return( 0 );
} }
@ -1138,7 +1138,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
mbedtls_x509_crt_free( crt ); mbedtls_x509_crt_free( crt );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
end = p + len; end = p + len;
@ -1185,7 +1185,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
mbedtls_x509_crt_free( crt ); mbedtls_x509_crt_free( crt );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 )
@ -1218,7 +1218,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
mbedtls_x509_crt_free( crt ); mbedtls_x509_crt_free( crt );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 )
@ -1283,8 +1283,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
if( p != end ) if( p != end )
{ {
mbedtls_x509_crt_free( crt ); mbedtls_x509_crt_free( crt );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
end = crt_end; end = crt_end;
@ -1322,8 +1322,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt,
if( p != end ) if( p != end )
{ {
mbedtls_x509_crt_free( crt ); mbedtls_x509_crt_free( crt );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
return( 0 ); return( 0 );
@ -1706,7 +1706,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_OID ) ) != 0 ) MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
cur_oid.tag = MBEDTLS_ASN1_OID; cur_oid.tag = MBEDTLS_ASN1_OID;
cur_oid.p = p; cur_oid.p = p;
@ -1723,20 +1723,20 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
if( p + len >= end ) if( p + len >= end )
{ {
mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
p += len; p += len;
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID;
other_name->value.hardware_module_name.oid.p = p; other_name->value.hardware_module_name.oid.p = p;
@ -1745,13 +1745,13 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
if( p + len >= end ) if( p + len >= end )
{ {
mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); mbedtls_platform_zeroize( other_name, sizeof( *other_name ) );
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
p += len; p += len;
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len,
MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING;
other_name->value.hardware_module_name.val.p = p; other_name->value.hardware_module_name.val.p = p;
@ -1761,8 +1761,8 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name,
{ {
mbedtls_platform_zeroize( other_name, mbedtls_platform_zeroize( other_name,
sizeof( *other_name ) ); sizeof( *other_name ) );
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
return( 0 ); return( 0 );
} }

View file

@ -73,7 +73,7 @@ static int x509_csr_get_version( unsigned char **p,
return( 0 ); return( 0 );
} }
return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) );
} }
return( 0 ); return( 0 );
@ -131,8 +131,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
if( len != (size_t) ( end - p ) ) if( len != (size_t) ( end - p ) )
{ {
mbedtls_x509_csr_free( csr ); mbedtls_x509_csr_free( csr );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
/* /*
@ -144,7 +144,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
mbedtls_x509_csr_free( csr ); mbedtls_x509_csr_free( csr );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
end = p + len; end = p + len;
@ -176,7 +176,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
{ {
mbedtls_x509_csr_free( csr ); mbedtls_x509_csr_free( csr );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 ) if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 )
@ -210,7 +210,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 )
{ {
mbedtls_x509_csr_free( csr ); mbedtls_x509_csr_free( csr );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) );
} }
p += len; p += len;
@ -244,8 +244,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr,
if( p != end ) if( p != end )
{ {
mbedtls_x509_csr_free( csr ); mbedtls_x509_csr_free( csr );
return( MBEDTLS_ERR_X509_INVALID_FORMAT + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
return( 0 ); return( 0 );

View file

@ -162,4 +162,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
#endif /* MBEDTLS_ERROR_C */ #endif /* MBEDTLS_ERROR_C */
#if defined(MBEDTLS_TEST_HOOKS)
void (*mbedtls_test_hook_error_add)( int, int, const char *, int );
#endif
#endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ #endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */

View file

@ -278,4 +278,20 @@ void mbedtls_test_mutex_usage_init( void );
void mbedtls_test_mutex_usage_check( void ); void mbedtls_test_mutex_usage_check( void );
#endif /* MBEDTLS_TEST_MUTEX_USAGE */ #endif /* MBEDTLS_TEST_MUTEX_USAGE */
#if defined(MBEDTLS_TEST_HOOKS)
/**
* \brief Check that only a pure high-level error code is being combined with
* a pure low-level error code as otherwise the resultant error code
* would be corrupted.
*
* \note Both high-level and low-level error codes cannot be greater than
* zero however can be zero. If one error code is zero then the
* other error code is returned even if both codes are zero.
*
* \note If the check fails, fail the test currently being run.
*/
void mbedtls_test_err_add_check( int high, int low,
const char *file, int line);
#endif
#endif /* TEST_HELPERS_H */ #endif /* TEST_HELPERS_H */

View file

@ -282,3 +282,59 @@ void mbedtls_param_failed( const char *failure_condition,
} }
} }
#endif /* MBEDTLS_CHECK_PARAMS */ #endif /* MBEDTLS_CHECK_PARAMS */
#if defined(MBEDTLS_TEST_HOOKS)
void mbedtls_test_err_add_check( int high, int low,
const char *file, int line )
{
/* Error codes are always negative (a value of zero is a success) however
* their positive opposites can be easier to understand. The following
* examples given in comments have been made positive for ease of
* understanding. The structure of an error code is such:
*
* shhhhhhhhlllllll
*
* s = sign bit.
* h = high level error code (includes high level module ID (bits 12..14)
* and module-dependent error code (bits 7..11)).
* l = low level error code.
*/
if ( high > -0x1000 && high != 0 )
/* high < 0001000000000000
* No high level module ID bits are set.
*/
{
mbedtls_test_fail( "'high' is not a high-level error code",
line, file );
}
else if ( high < -0x7F80 )
/* high > 0111111110000000
* Error code is greater than the largest allowed high level module ID.
*/
{
mbedtls_test_fail( "'high' error code is greater than 15 bits",
line, file );
}
else if ( ( high & 0x7F ) != 0 )
/* high & 0000000001111111
* Error code contains low level error code bits.
*/
{
mbedtls_test_fail( "'high' contains a low-level error code",
line, file );
}
else if ( low < -0x007F )
/* low > 0000000001111111
* Error code contains high or module level error code bits.
*/
{
mbedtls_test_fail( "'low' error code is greater than 7 bits",
line, file );
}
else if ( low > 0 )
{
mbedtls_test_fail( "'low' error code is greater than zero",
line, file );
}
}
#endif /* MBEDTLS_TEST_HOOKS */

View file

@ -33,6 +33,10 @@
#include "psa/crypto.h" #include "psa/crypto.h"
#endif /* MBEDTLS_USE_PSA_CRYPTO */ #endif /* MBEDTLS_USE_PSA_CRYPTO */
#if defined(MBEDTLS_TEST_HOOKS)
#include "mbedtls/error.h"
#endif
/* Test code may use deprecated identifiers only if the preprocessor symbol /* Test code may use deprecated identifiers only if the preprocessor symbol
* MBEDTLS_TEST_DEPRECATED is defined. When building tests, set * MBEDTLS_TEST_DEPRECATED is defined. When building tests, set
* MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is * MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is
@ -279,6 +283,10 @@ $platform_code
*/ */
int main( int argc, const char *argv[] ) int main( int argc, const char *argv[] )
{ {
#if defined(MBEDTLS_TEST_HOOKS) && defined (MBEDTLS_ERROR_C)
mbedtls_test_hook_error_add = &mbedtls_test_err_add_check;
#endif
int ret = mbedtls_test_platform_setup(); int ret = mbedtls_test_platform_setup();
if( ret != 0 ) if( ret != 0 )
{ {

View file

@ -7,6 +7,7 @@
#include "mbedtls/pem.h" #include "mbedtls/pem.h"
#include "mbedtls/oid.h" #include "mbedtls/oid.h"
#include "mbedtls/base64.h" #include "mbedtls/base64.h"
#include "mbedtls/error.h"
#include "string.h" #include "string.h"
#if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 #if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19
@ -320,18 +321,18 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf
ret = mbedtls_asn1_get_tag( p, end, &len, ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE );
if( ret != 0 ) if( ret != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
if( *p + len != end ) if( *p + len != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
/* /*
* Cannot be an empty sequence. * Cannot be an empty sequence.
*/ */
if( len == 0 ) if( len == 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
while( *p < end ) while( *p < end )
{ {
@ -342,13 +343,13 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf
*/ */
if( ( ret = mbedtls_asn1_get_tag( p, end, &len, if( ( ret = mbedtls_asn1_get_tag( p, end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
policy_end = *p + len; policy_end = *p + len;
if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
MBEDTLS_ASN1_OID ) ) != 0 ) MBEDTLS_ASN1_OID ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
/* /*
* Recognize exclusively the policy with OID 1 * Recognize exclusively the policy with OID 1
@ -366,7 +367,7 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf
{ {
if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len,
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) );
/* /*
* Skip the optional policy qualifiers. * Skip the optional policy qualifiers.
*/ */
@ -374,13 +375,13 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf
} }
if( *p != policy_end ) if( *p != policy_end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
} }
if( *p != end ) if( *p != end )
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) );
return( parse_ret ); return( parse_ret );
} }
@ -388,7 +389,8 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf
memcmp( new_oid->p, oid->p, oid->len ) == 0 ) memcmp( new_oid->p, oid->p, oid->len ) == 0 )
return( 0 ); return( 0 );
else else
return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) );
} }
#endif /* MBEDTLS_X509_CRT_PARSE_C */ #endif /* MBEDTLS_X509_CRT_PARSE_C */
/* END_HEADER */ /* END_HEADER */