From 96ae73b0ea49b550edb48cb97f2983213e071ecc Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Fri, 8 Jan 2021 17:04:59 +0000 Subject: [PATCH 01/25] Add macro for error code addition Adds a macro (`MBEDTLS_ERR_ADD`) to add error codes together and check that the result will not be corrupted. This additional check is only enabled during testing when `MBEDTLS_TEST_HOOKS` is defined. Also includes a reference usage example in `rsa.c` where two high-level error codes could be incorrectly added together under the right conditions. This now ensures that when this error occurs during testing it will be correctly reported. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 10 ++++++++++ library/error.c | 7 +++++++ library/rsa.c | 2 +- tests/include/test/helpers.h | 10 ++++++++++ tests/src/helpers.c | 13 +++++++++++++ tests/suites/main_test.function | 8 ++++++++ 6 files changed, 49 insertions(+), 1 deletion(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index cd7731e6b..d164e9f8f 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -114,6 +114,16 @@ extern "C" { #define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ +#if defined(MBEDTLS_TEST_HOOKS) +void (*mbedtls_test_err_add_hook)( int, int, const char *, int ); +int mbedtls_err_add( int high, int low, const char *file, int line ); +#define MBEDTLS_ERR_ADD( high, low ) \ + ( mbedtls_err_add( high, low, __FILE__, __LINE__ ) ) +#else +#define MBEDTLS_ERR_ADD( high, low ) \ + ( high + low ) +#endif + /** * \brief Translate a mbed TLS error code into a string representation, * Result is truncated if necessary and always includes a terminating diff --git a/library/error.c b/library/error.c index 901a3699a..486afedfa 100644 --- a/library/error.c +++ b/library/error.c @@ -210,6 +210,13 @@ #include "mbedtls/xtea.h" #endif +#if defined(MBEDTLS_TEST_HOOKS) +int mbedtls_err_add( int high, int low, const char *file, int line ) { + if( mbedtls_test_err_add_hook != NULL ) + (*mbedtls_test_err_add_hook)( high, low, file, line ); + return ( high + low ); +} +#endif const char * mbedtls_high_level_strerr( int error_code ) { diff --git a/library/rsa.c b/library/rsa.c index fea76bf7d..f4bec4682 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -1085,7 +1085,7 @@ cleanup: mbedtls_mpi_free( &I ); if( ret != 0 && ret >= -0x007f ) - return( MBEDTLS_ERR_RSA_PRIVATE_FAILED + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) ); return( ret ); } diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index c3a844b60..1fe25d89f 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -278,4 +278,14 @@ void mbedtls_test_mutex_usage_init( void ); void mbedtls_test_mutex_usage_check( void ); #endif /* MBEDTLS_TEST_MUTEX_USAGE */ +#if defined(MBEDTLS_TEST_HOOKS) +/** + * \brief Check that a pure high-level error code is being combined with a + * pure low-level error code as otherwise the resultant error code + * would be corrupted. + */ +void mbedtls_test_err_add_check( int high, int low, + const char *file, int line); +#endif + #endif /* TEST_HELPERS_H */ diff --git a/tests/src/helpers.c b/tests/src/helpers.c index e323275e5..2c01a584a 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -282,3 +282,16 @@ void mbedtls_param_failed( const char *failure_condition, } } #endif /* MBEDTLS_CHECK_PARAMS */ + +#if defined(MBEDTLS_TEST_HOOKS) +void mbedtls_test_err_add_check( int high, int low, + const char *file, int line ) +{ + if ( high < -0x0FFF && low > -0x007F ) + { + mbedtls_fprintf( stderr, "\nIncorrect error code addition at %s:%d\n", + file, line ); + mbedtls_exit( 1 ); + } +} +#endif /* MBEDTLS_TEST_HOOKS */ diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 36a7d231e..6a4758af9 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -33,6 +33,10 @@ #include "psa/crypto.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_TEST_HOOKS) +#include "mbedtls/error.h" +#endif + /* Test code may use deprecated identifiers only if the preprocessor symbol * MBEDTLS_TEST_DEPRECATED is defined. When building tests, set * MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is @@ -279,6 +283,10 @@ $platform_code */ int main( int argc, const char *argv[] ) { +#if defined(MBEDTLS_TEST_HOOKS) + mbedtls_test_err_add_hook = &mbedtls_test_err_add_check; +#endif + int ret = mbedtls_test_platform_setup(); if( ret != 0 ) { From 220cdece404c53be0017aaf6597622662b6bd696 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 11 Jan 2021 12:27:21 +0000 Subject: [PATCH 02/25] Fix error code combination check `mbedtls_test_err_add_check` was previously incorrectly throwing an error if both error codes were correct and valid pure error codes. This change fixes that behaviour to correctly throw errors when invalid combinations are found. Signed-off-by: Chris Jones --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 2c01a584a..d88ef43f0 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -287,7 +287,7 @@ void mbedtls_param_failed( const char *failure_condition, void mbedtls_test_err_add_check( int high, int low, const char *file, int line ) { - if ( high < -0x0FFF && low > -0x007F ) + if ( high > -0x1000 || low < -0x007F ) { mbedtls_fprintf( stderr, "\nIncorrect error code addition at %s:%d\n", file, line ); From 713e4e77b4aade1f7c86d3c27a2d88f85bee84bd Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 11 Jan 2021 12:31:27 +0000 Subject: [PATCH 03/25] Expand use of MBEDTLS_ERR_ADD to the rest of rsa.c All occurences of manual error code addition/combination, in `rsa.c`, have been replaced with the `MBEDTLS_ERR_ADD` macro. Signed-off-by: Chris Jones --- library/rsa.c | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/library/rsa.c b/library/rsa.c index f4bec4682..a32d4e8c5 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -102,7 +102,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } if( N != NULL ) @@ -142,7 +142,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, cleanup: if( ret != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); return( 0 ); } @@ -293,7 +293,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ) != 0 ) { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } ctx->len = mbedtls_mpi_size( &ctx->N ); @@ -308,7 +308,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, &ctx->P, &ctx->Q ); if( ret != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } else if( d_missing ) @@ -318,7 +318,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) &ctx->E, &ctx->D ) ) != 0 ) { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } } @@ -333,7 +333,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, &ctx->DP, &ctx->DQ, &ctx->QP ); if( ret != 0 ) - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #endif /* MBEDTLS_RSA_NO_CRT */ @@ -461,13 +461,13 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #else if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, DP, DQ, QP ) ) != 0 ) { - return( MBEDTLS_ERR_RSA_BAD_INPUT_DATA + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #endif @@ -636,7 +636,7 @@ cleanup: { mbedtls_rsa_free( ctx ); if( ( -ret & ~0x7f ) == 0 ) - ret = MBEDTLS_ERR_RSA_KEY_GEN_FAILED + ret; + ret = MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret ); return( ret ); } @@ -769,7 +769,7 @@ cleanup: mbedtls_mpi_free( &T ); if( ret != 0 ) - return( MBEDTLS_ERR_RSA_PUBLIC_FAILED + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) ); return( 0 ); } @@ -1198,7 +1198,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, /* Generate a random octet string seed */ if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) - return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p += hlen; @@ -1287,7 +1287,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, /* Check if RNG failed to generate data */ if( rng_dl == 0 || ret != 0 ) - return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p++; } @@ -1881,7 +1881,7 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, /* Generate salt of length slen in place in the encoded message */ salt = p; if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) - return( MBEDTLS_ERR_RSA_RNG_FAILED + ret ); + return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p += slen; From 5e8805afeb3e14756f9364b3af2033c97047aab3 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Tue, 12 Jan 2021 15:21:57 +0000 Subject: [PATCH 04/25] Move `MBEDTLS_ERR_ADD` macro and function to `common.*` `error.c` is a file generated from `error.h` and thus cannot contain the code that was previously added. This commit fixes that issue by moving the `MBEDTLS_ERR_ADD` macro and associated function and function pointer into `common.h` and `common.c`. Also fix a typo in `tests/include/test/helpers.h` where tabs were accidentally used instead of spaces. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 10 ---------- library/common.c | 27 +++++++++++++++++++++++++++ library/common.h | 20 ++++++++++++++++++-- library/error.c | 7 ------- tests/include/test/helpers.h | 6 +++--- tests/suites/main_test.function | 4 ---- visualc/VS2010/mbedTLS.vcxproj | 1 + 7 files changed, 49 insertions(+), 26 deletions(-) create mode 100644 library/common.c diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index d164e9f8f..cd7731e6b 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -114,16 +114,6 @@ extern "C" { #define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ -#if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_err_add_hook)( int, int, const char *, int ); -int mbedtls_err_add( int high, int low, const char *file, int line ); -#define MBEDTLS_ERR_ADD( high, low ) \ - ( mbedtls_err_add( high, low, __FILE__, __LINE__ ) ) -#else -#define MBEDTLS_ERR_ADD( high, low ) \ - ( high + low ) -#endif - /** * \brief Translate a mbed TLS error code into a string representation, * Result is truncated if necessary and always includes a terminating diff --git a/library/common.c b/library/common.c new file mode 100644 index 000000000..9f901f006 --- /dev/null +++ b/library/common.c @@ -0,0 +1,27 @@ +/* + * Internal invasive testing helper functions + * + * Copyright The Mbed TLS Contributors + * SPDX-License-Identifier: Apache-2.0 + * + * Licensed under the Apache License, Version 2.0 (the "License"); you may + * not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT + * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +#if defined(MBEDTLS_TEST_HOOKS) +void (*mbedtls_test_err_add_hook)( int, int, const char *, int ); +int mbedtls_err_add( int high, int low, const char *file, int line ) { + if( mbedtls_test_err_add_hook != NULL ) + (*mbedtls_test_err_add_hook)( high, low, file, line ); + return ( high + low ); +} +#endif diff --git a/library/common.h b/library/common.h index 5845766ac..f4cef97b9 100644 --- a/library/common.h +++ b/library/common.h @@ -29,6 +29,7 @@ #include "mbedtls/config.h" #endif +#if defined(MBEDTLS_TEST_HOOKS) /** Helper to define a function as static except when building invasive tests. * * If a function is only used inside its own source file and should be @@ -44,10 +45,25 @@ * #endif * ``` */ -#if defined(MBEDTLS_TEST_HOOKS) #define MBEDTLS_STATIC_TESTABLE + +/** Helper macro and function to combine a high and low level error code. + * + * This function uses a hook (`mbedtls_test_err_add_hook`) to allow invasive + * testing of its inputs. This is used in the test infrastructure to report + * on errors when combining two error codes of the same level (e.g: two high + * or two low level errors). + */ +int mbedtls_err_add( int high, int low, const char *file, int line ); +#define MBEDTLS_ERR_ADD( high, low ) \ + ( mbedtls_err_add( high, low, __FILE__, __LINE__ ) ) + #else #define MBEDTLS_STATIC_TESTABLE static -#endif + +#define MBEDTLS_ERR_ADD( high, low ) \ + ( high + low ) + +#endif /* MBEDTLS_TEST_HOOKS */ #endif /* MBEDTLS_LIBRARY_COMMON_H */ diff --git a/library/error.c b/library/error.c index 486afedfa..901a3699a 100644 --- a/library/error.c +++ b/library/error.c @@ -210,13 +210,6 @@ #include "mbedtls/xtea.h" #endif -#if defined(MBEDTLS_TEST_HOOKS) -int mbedtls_err_add( int high, int low, const char *file, int line ) { - if( mbedtls_test_err_add_hook != NULL ) - (*mbedtls_test_err_add_hook)( high, low, file, line ); - return ( high + low ); -} -#endif const char * mbedtls_high_level_strerr( int error_code ) { diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index 1fe25d89f..a26f1eeda 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -280,9 +280,9 @@ void mbedtls_test_mutex_usage_check( void ); #if defined(MBEDTLS_TEST_HOOKS) /** - * \brief Check that a pure high-level error code is being combined with a - * pure low-level error code as otherwise the resultant error code - * would be corrupted. + * \brief Check that a pure high-level error code is being combined with a + * pure low-level error code as otherwise the resultant error code + * would be corrupted. */ void mbedtls_test_err_add_check( int high, int low, const char *file, int line); diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 6a4758af9..b35b1437f 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -33,10 +33,6 @@ #include "psa/crypto.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ -#if defined(MBEDTLS_TEST_HOOKS) -#include "mbedtls/error.h" -#endif - /* Test code may use deprecated identifiers only if the preprocessor symbol * MBEDTLS_TEST_DEPRECATED is defined. When building tests, set * MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index cb819a8bd..9cf432915 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -293,6 +293,7 @@ + From 808b7c8a8abe61aa9e2f19ee5a63502c13b36307 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 13 Jan 2021 12:33:36 +0000 Subject: [PATCH 05/25] Fix building with `MBEDTLS_TEST_HOOKS` enabled Fix building by adding `common.c` to the build scripts (both make and Cmake). Also reworks the hook function pointer (also renamed to `err_add_hook`) to be a static local to `common.c` with a setter function to set the pointer to a checking function. Signed-off-by: Chris Jones --- library/CMakeLists.txt | 1 + library/Makefile | 1 + library/common.c | 17 +++++++++++++---- library/common.h | 8 +++++++- tests/suites/main_test.function | 6 +++++- 5 files changed, 27 insertions(+), 6 deletions(-) diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index 220fbf92b..e25fe57e5 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -27,6 +27,7 @@ set(src_crypto cipher.c cipher_wrap.c cmac.c + common.c ctr_drbg.c des.c dhm.c diff --git a/library/Makefile b/library/Makefile index 13b0b2934..66110166a 100644 --- a/library/Makefile +++ b/library/Makefile @@ -84,6 +84,7 @@ OBJS_CRYPTO= \ cipher.o \ cipher_wrap.o \ cmac.o \ + common.o \ ctr_drbg.o \ des.o \ dhm.o \ diff --git a/library/common.c b/library/common.c index 9f901f006..4273600c4 100644 --- a/library/common.c +++ b/library/common.c @@ -17,11 +17,20 @@ * limitations under the License. */ +#include "common.h" + +#include + #if defined(MBEDTLS_TEST_HOOKS) -void (*mbedtls_test_err_add_hook)( int, int, const char *, int ); -int mbedtls_err_add( int high, int low, const char *file, int line ) { - if( mbedtls_test_err_add_hook != NULL ) - (*mbedtls_test_err_add_hook)( high, low, file, line ); +static void (*err_add_hook)( int, int, const char *, int ); +void mbedtls_set_err_add_hook(void *hook) +{ + err_add_hook = hook; +} +int mbedtls_err_add( int high, int low, const char *file, int line ) +{ + if( err_add_hook != NULL ) + (*err_add_hook)( high, low, file, line ); return ( high + low ); } #endif diff --git a/library/common.h b/library/common.h index f4cef97b9..a9b6187b3 100644 --- a/library/common.h +++ b/library/common.h @@ -48,12 +48,18 @@ #define MBEDTLS_STATIC_TESTABLE /** Helper macro and function to combine a high and low level error code. - * + * * This function uses a hook (`mbedtls_test_err_add_hook`) to allow invasive * testing of its inputs. This is used in the test infrastructure to report * on errors when combining two error codes of the same level (e.g: two high * or two low level errors). + * + * To set a hook use + * ``` + * mbedtls_set_err_add_hook(&mbedtls_check_foo); + * ``` */ +void mbedtls_set_err_add_hook( void *hook ); int mbedtls_err_add( int high, int low, const char *file, int line ); #define MBEDTLS_ERR_ADD( high, low ) \ ( mbedtls_err_add( high, low, __FILE__, __LINE__ ) ) diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index b35b1437f..09927fe7b 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -33,6 +33,10 @@ #include "psa/crypto.h" #endif /* MBEDTLS_USE_PSA_CRYPTO */ +#if defined(MBEDTLS_TEST_HOOKS) +#include "common.h" +#endif + /* Test code may use deprecated identifiers only if the preprocessor symbol * MBEDTLS_TEST_DEPRECATED is defined. When building tests, set * MBEDTLS_TEST_DEPRECATED explicitly if MBEDTLS_DEPRECATED_WARNING is @@ -280,7 +284,7 @@ $platform_code int main( int argc, const char *argv[] ) { #if defined(MBEDTLS_TEST_HOOKS) - mbedtls_test_err_add_hook = &mbedtls_test_err_add_check; + mbedtls_set_err_add_hook( &mbedtls_test_err_add_check ); #endif int ret = mbedtls_test_platform_setup(); From ef180af3505656e9965345ab52b651c9a2c61dfd Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Tue, 26 Jan 2021 17:50:48 +0000 Subject: [PATCH 06/25] Move `MBEDTLS_ERR_ADD` macro and functions to `error.*` `error.c` and error.h are the more logical place to keep this code and it prevents issues with building `common.c` and conflicts with other projects that use mbedtls (such as mbedOS). `error.c` has been automatically generated by first adding the code to `error.fmt` and then running `./scripts/generate_errors.pl`. Also add parenthesis to the addition in `MBEDTLS_ERR_ADD`. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 22 ++++++++++++++++++++ library/CMakeLists.txt | 1 - library/Makefile | 1 - library/common.c | 36 --------------------------------- library/common.h | 26 ++---------------------- library/error.c | 16 +++++++++++++++ scripts/data_files/error.fmt | 16 +++++++++++++++ tests/suites/main_test.function | 2 +- visualc/VS2010/mbedTLS.vcxproj | 1 - 9 files changed, 57 insertions(+), 64 deletions(-) delete mode 100644 library/common.c diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index cd7731e6b..d060d177b 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -114,6 +114,28 @@ extern "C" { #define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ +/** Helper macro and function to combine a high and low level error code. + * + * This function uses a hook (`mbedtls_test_err_add_hook`) to allow invasive + * testing of its inputs. This is used in the test infrastructure to report + * on errors when combining two error codes of the same level (e.g: two high + * or two low level errors). + * + * To set a hook use + * ``` + * mbedtls_set_err_add_hook(&mbedtls_check_foo); + * ``` + */ +#if defined(MBEDTLS_TEST_HOOKS) +void mbedtls_set_err_add_hook( void *hook ); +int mbedtls_err_add( int high, int low, const char *file, int line ); +#define MBEDTLS_ERR_ADD( high, low ) \ + ( mbedtls_err_add( high, low, __FILE__, __LINE__ ) ) +#else +#define MBEDTLS_ERR_ADD( high, low ) \ + ( ( high ) + ( low ) ) +#endif /* MBEDTLS_TEST_HOOKS */ + /** * \brief Translate a mbed TLS error code into a string representation, * Result is truncated if necessary and always includes a terminating diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt index e25fe57e5..220fbf92b 100644 --- a/library/CMakeLists.txt +++ b/library/CMakeLists.txt @@ -27,7 +27,6 @@ set(src_crypto cipher.c cipher_wrap.c cmac.c - common.c ctr_drbg.c des.c dhm.c diff --git a/library/Makefile b/library/Makefile index 66110166a..13b0b2934 100644 --- a/library/Makefile +++ b/library/Makefile @@ -84,7 +84,6 @@ OBJS_CRYPTO= \ cipher.o \ cipher_wrap.o \ cmac.o \ - common.o \ ctr_drbg.o \ des.o \ dhm.o \ diff --git a/library/common.c b/library/common.c deleted file mode 100644 index 4273600c4..000000000 --- a/library/common.c +++ /dev/null @@ -1,36 +0,0 @@ -/* - * Internal invasive testing helper functions - * - * Copyright The Mbed TLS Contributors - * SPDX-License-Identifier: Apache-2.0 - * - * Licensed under the Apache License, Version 2.0 (the "License"); you may - * not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT - * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - -#include "common.h" - -#include - -#if defined(MBEDTLS_TEST_HOOKS) -static void (*err_add_hook)( int, int, const char *, int ); -void mbedtls_set_err_add_hook(void *hook) -{ - err_add_hook = hook; -} -int mbedtls_err_add( int high, int low, const char *file, int line ) -{ - if( err_add_hook != NULL ) - (*err_add_hook)( high, low, file, line ); - return ( high + low ); -} -#endif diff --git a/library/common.h b/library/common.h index a9b6187b3..5845766ac 100644 --- a/library/common.h +++ b/library/common.h @@ -29,7 +29,6 @@ #include "mbedtls/config.h" #endif -#if defined(MBEDTLS_TEST_HOOKS) /** Helper to define a function as static except when building invasive tests. * * If a function is only used inside its own source file and should be @@ -45,31 +44,10 @@ * #endif * ``` */ +#if defined(MBEDTLS_TEST_HOOKS) #define MBEDTLS_STATIC_TESTABLE - -/** Helper macro and function to combine a high and low level error code. - * - * This function uses a hook (`mbedtls_test_err_add_hook`) to allow invasive - * testing of its inputs. This is used in the test infrastructure to report - * on errors when combining two error codes of the same level (e.g: two high - * or two low level errors). - * - * To set a hook use - * ``` - * mbedtls_set_err_add_hook(&mbedtls_check_foo); - * ``` - */ -void mbedtls_set_err_add_hook( void *hook ); -int mbedtls_err_add( int high, int low, const char *file, int line ); -#define MBEDTLS_ERR_ADD( high, low ) \ - ( mbedtls_err_add( high, low, __FILE__, __LINE__ ) ) - #else #define MBEDTLS_STATIC_TESTABLE static - -#define MBEDTLS_ERR_ADD( high, low ) \ - ( high + low ) - -#endif /* MBEDTLS_TEST_HOOKS */ +#endif #endif /* MBEDTLS_LIBRARY_COMMON_H */ diff --git a/library/error.c b/library/error.c index 901a3699a..4e279b069 100644 --- a/library/error.c +++ b/library/error.c @@ -893,6 +893,22 @@ const char * mbedtls_low_level_strerr( int error_code ) return( NULL ); } +#if defined(MBEDTLS_TEST_HOOKS) +static void (*err_add_hook)( int, int, const char *, int ); + +void mbedtls_set_err_add_hook(void *hook) +{ + err_add_hook = hook; +} + +int mbedtls_err_add( int high, int low, const char *file, int line ) +{ + if( err_add_hook != NULL ) + (*err_add_hook)( high, low, file, line ); + return ( high + low ); +} +#endif /* MBEDTLS_TEST_HOOKS */ + void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 9e479bbfd..fdb3ce291 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -82,6 +82,22 @@ LOW_LEVEL_CODE_CHECKS return( NULL ); } +#if defined(MBEDTLS_TEST_HOOKS) +static void (*err_add_hook)( int, int, const char *, int ); + +void mbedtls_set_err_add_hook(void *hook) +{ + err_add_hook = hook; +} + +int mbedtls_err_add( int high, int low, const char *file, int line ) +{ + if( err_add_hook != NULL ) + (*err_add_hook)( high, low, file, line ); + return ( high + low ); +} +#endif /* MBEDTLS_TEST_HOOKS */ + void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 09927fe7b..76e1057d1 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -34,7 +34,7 @@ #endif /* MBEDTLS_USE_PSA_CRYPTO */ #if defined(MBEDTLS_TEST_HOOKS) -#include "common.h" +#include "mbedtls/error.h" #endif /* Test code may use deprecated identifiers only if the preprocessor symbol diff --git a/visualc/VS2010/mbedTLS.vcxproj b/visualc/VS2010/mbedTLS.vcxproj index 9cf432915..cb819a8bd 100644 --- a/visualc/VS2010/mbedTLS.vcxproj +++ b/visualc/VS2010/mbedTLS.vcxproj @@ -293,7 +293,6 @@ - From a203c38576cd455740fc8581dbb680e264be8e7a Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Fri, 29 Jan 2021 14:56:20 +0000 Subject: [PATCH 07/25] Expand error addition checks Add new checks and specific error messages to `mbedtls_test_err_add_check`. This should now catch all types of error when combining error codes and provide a specific error message to explain what occured. Signed-off-by: Chris Jones --- tests/src/helpers.c | 30 +++++++++++++++++++++++++++--- 1 file changed, 27 insertions(+), 3 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index d88ef43f0..9c981de67 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -287,10 +287,34 @@ void mbedtls_param_failed( const char *failure_condition, void mbedtls_test_err_add_check( int high, int low, const char *file, int line ) { - if ( high > -0x1000 || low < -0x007F ) + if ( high > -0x1000 ) { - mbedtls_fprintf( stderr, "\nIncorrect error code addition at %s:%d\n", - file, line ); + mbedtls_fprintf( stderr, "\n'high' is not a high-level error code - " + "%s:%d\n", file, line ); + mbedtls_exit( 1 ); + } + else if ( high < -0x7F80 ) + { + mbedtls_fprintf( stderr, "\n'high' is greater than 16-bits - " + "%s:%d\n", file, line ); + mbedtls_exit( 1 ); + } + else if ( ( high & 0x7F ) != 0 ) + { + mbedtls_fprintf( stderr, "\n'high' contains a low-level error code - " + "%s:%d\n", file, line ); + mbedtls_exit( 1 ); + } + else if ( low < -0x007F ) + { + mbedtls_fprintf( stderr, "\n'low' is greater than 8-bits - " + "%s:%d\n", file, line ); + mbedtls_exit( 1 ); + } + else if ( low > 0 ) + { + mbedtls_fprintf( stderr, "\n'low' is zero or greater - " + "%s:%d\n", file, line ); mbedtls_exit( 1 ); } } From d86ad60aa538ea9a376f979af83e364bae77f8f4 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Fri, 29 Jan 2021 15:47:47 +0000 Subject: [PATCH 08/25] Change mbedtls_set_err_add_hook to use doxygen style comment Signed-off-by: Chris Jones --- include/mbedtls/error.h | 22 ++++++++++------------ 1 file changed, 10 insertions(+), 12 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index d060d177b..752f7bf05 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -114,19 +114,17 @@ extern "C" { #define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ -/** Helper macro and function to combine a high and low level error code. - * - * This function uses a hook (`mbedtls_test_err_add_hook`) to allow invasive - * testing of its inputs. This is used in the test infrastructure to report - * on errors when combining two error codes of the same level (e.g: two high - * or two low level errors). - * - * To set a hook use - * ``` - * mbedtls_set_err_add_hook(&mbedtls_check_foo); - * ``` - */ + #if defined(MBEDTLS_TEST_HOOKS) +/** + * \brief Set a function pointer (hook) to allow for invasive testing of error + * code addition. + * + * This hook is used in the test infrastructure to report on errors when + * combining two error codes of the same level. + * + * \param hook hook to invasive testing function + */ void mbedtls_set_err_add_hook( void *hook ); int mbedtls_err_add( int high, int low, const char *file, int line ); #define MBEDTLS_ERR_ADD( high, low ) \ From fe285f53e6f5ce8a23a2ea7cbf8ae851d56d9b52 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 8 Feb 2021 12:32:41 +0000 Subject: [PATCH 09/25] Make mbedtls_test_err_add_check fail tests Previously an error message was printed and then the test manually exited via `mbedtls_exit( 1 )`. This commit includes a rebase onto: 540320bf7b5de6d3dbd78abb3e5527674189d09c so that `mbedtls_test_fail` can be used instead to properly fail tests (and report them as such). Signed-off-by: Chris Jones --- tests/src/helpers.c | 22 +++++++--------------- 1 file changed, 7 insertions(+), 15 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 9c981de67..8319e9004 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -289,33 +289,25 @@ void mbedtls_test_err_add_check( int high, int low, { if ( high > -0x1000 ) { - mbedtls_fprintf( stderr, "\n'high' is not a high-level error code - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'high' is not a high-level error code", + line, file ); } else if ( high < -0x7F80 ) { - mbedtls_fprintf( stderr, "\n'high' is greater than 16-bits - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'high' is greater than 16-bits", line, file ); } else if ( ( high & 0x7F ) != 0 ) { - mbedtls_fprintf( stderr, "\n'high' contains a low-level error code - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'high' contains a low-level error code", + line, file ); } else if ( low < -0x007F ) { - mbedtls_fprintf( stderr, "\n'low' is greater than 8-bits - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'low' is greater than 8-bits", line, file ); } else if ( low > 0 ) { - mbedtls_fprintf( stderr, "\n'low' is zero or greater - " - "%s:%d\n", file, line ); - mbedtls_exit( 1 ); + mbedtls_test_fail( "'low' is zero or greater", line, file ); } } #endif /* MBEDTLS_TEST_HOOKS */ From b179b843352643a1b53bc0acd9990366f37ea51b Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 8 Feb 2021 16:53:29 +0000 Subject: [PATCH 10/25] Change set_err_add_hook void pointer to actual function pointer signature Change the signature of the `hook` parameter of `mbedtls_set_err_add_hook` to use the actual signature of the function as opposed to `void *`. This fixes a warning when compiling with clang `-pedantic`. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 2 +- library/error.c | 2 +- scripts/data_files/error.fmt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 752f7bf05..154f0718e 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -125,7 +125,7 @@ extern "C" { * * \param hook hook to invasive testing function */ -void mbedtls_set_err_add_hook( void *hook ); +void mbedtls_set_err_add_hook( void (*hook)( int, int, const char *, int ) ); int mbedtls_err_add( int high, int low, const char *file, int line ); #define MBEDTLS_ERR_ADD( high, low ) \ ( mbedtls_err_add( high, low, __FILE__, __LINE__ ) ) diff --git a/library/error.c b/library/error.c index 4e279b069..aaa66dddf 100644 --- a/library/error.c +++ b/library/error.c @@ -896,7 +896,7 @@ const char * mbedtls_low_level_strerr( int error_code ) #if defined(MBEDTLS_TEST_HOOKS) static void (*err_add_hook)( int, int, const char *, int ); -void mbedtls_set_err_add_hook(void *hook) +void mbedtls_set_err_add_hook( void (*hook)( int, int, const char *, int ) ) { err_add_hook = hook; } diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index fdb3ce291..5925904a4 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -85,7 +85,7 @@ LOW_LEVEL_CODE_CHECKS #if defined(MBEDTLS_TEST_HOOKS) static void (*err_add_hook)( int, int, const char *, int ); -void mbedtls_set_err_add_hook(void *hook) +void mbedtls_set_err_add_hook( void (*hook)( int, int, const char *, int ) ) { err_add_hook = hook; } From 759e30bdb0960ad78e58e8987b478e004ece387f Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Tue, 9 Feb 2021 15:30:54 +0000 Subject: [PATCH 11/25] Add MBEDTLS_ERROR_C dependency to invasive error code testing Fix builds where `MBEDTLS_ERROR_C` is not defined but `MBEDTLS_TEST_HOOKS` is defined. This was previously causing undefined reference errors in these builds. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 2 +- tests/suites/main_test.function | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 154f0718e..5f2482284 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -115,7 +115,7 @@ extern "C" { #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ERROR_C) /** * \brief Set a function pointer (hook) to allow for invasive testing of error * code addition. diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 76e1057d1..7cae0da2b 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -283,7 +283,7 @@ $platform_code */ int main( int argc, const char *argv[] ) { -#if defined(MBEDTLS_TEST_HOOKS) +#if defined(MBEDTLS_TEST_HOOKS) && defined (MBEDTLS_ERROR_C) mbedtls_set_err_add_hook( &mbedtls_test_err_add_check ); #endif From 3f613c17c1340bf30c5345fff8981e2367c2cb79 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 31 Mar 2021 09:34:22 +0100 Subject: [PATCH 12/25] Improve mbedtls_test_err_add_check documentation Improve and clarify error messages and comments when checking error codes. Signed-off-by: Chris Jones --- tests/include/test/helpers.h | 10 ++++++++-- tests/src/helpers.c | 28 +++++++++++++++++++++------- 2 files changed, 29 insertions(+), 9 deletions(-) diff --git a/tests/include/test/helpers.h b/tests/include/test/helpers.h index a26f1eeda..9bfe08547 100644 --- a/tests/include/test/helpers.h +++ b/tests/include/test/helpers.h @@ -280,9 +280,15 @@ void mbedtls_test_mutex_usage_check( void ); #if defined(MBEDTLS_TEST_HOOKS) /** - * \brief Check that a pure high-level error code is being combined with a - * pure low-level error code as otherwise the resultant error code + * \brief Check that only a pure high-level error code is being combined with + * a pure low-level error code as otherwise the resultant error code * would be corrupted. + * + * \note Both high-level and low-level error codes cannot be greater than + * zero however can be zero. If one error code is zero then the + * other error code is returned even if both codes are zero. + * + * \note If the check fails, fail the test currently being run. */ void mbedtls_test_err_add_check( int high, int low, const char *file, int line); diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 8319e9004..881967409 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -287,27 +287,41 @@ void mbedtls_param_failed( const char *failure_condition, void mbedtls_test_err_add_check( int high, int low, const char *file, int line ) { - if ( high > -0x1000 ) + /* Error codes are always negative (a value of zero is a success) however + * their positive opposites can be easier to understand. The following + * examples given in comments have been made positive for ease of + * understanding. The structure of an error code is such: + * + * shhhhhhhllllllll + * + * s = sign bit. + * h = high level error code (includes high and module error codes). + * l = low level error code. + */ + if ( high > -0x1000 ) // high < 0001000000000000 { mbedtls_test_fail( "'high' is not a high-level error code", line, file ); } - else if ( high < -0x7F80 ) + else if ( high < -0x7F80 ) // high > 0111111110000000 { - mbedtls_test_fail( "'high' is greater than 16-bits", line, file ); + mbedtls_test_fail( "'high' error code is greater than 15 bits", + line, file ); } - else if ( ( high & 0x7F ) != 0 ) + else if ( ( high & 0x7F ) != 0 ) // high & 0000000011111111 { mbedtls_test_fail( "'high' contains a low-level error code", line, file ); } - else if ( low < -0x007F ) + else if ( low < -0x007F ) // low > 0000000001111111 { - mbedtls_test_fail( "'low' is greater than 8-bits", line, file ); + mbedtls_test_fail( "'low' error code is greater than 7 bits", + line, file ); } else if ( low > 0 ) { - mbedtls_test_fail( "'low' is zero or greater", line, file ); + mbedtls_test_fail( "'low' error code is greater than zero", + line, file ); } } #endif /* MBEDTLS_TEST_HOOKS */ From ac33a3ab12bd3bfd6fd1bf642e5e73125aef6210 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 31 Mar 2021 16:09:28 +0100 Subject: [PATCH 13/25] Add exception in check when high error code == 0 Although not commonly done, it should be possible to add error codes together even if the high level error code is equal to zero. Signed-off-by: Chris Jones --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 881967409..9c1198ea3 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -298,7 +298,7 @@ void mbedtls_test_err_add_check( int high, int low, * h = high level error code (includes high and module error codes). * l = low level error code. */ - if ( high > -0x1000 ) // high < 0001000000000000 + if ( high > -0x1000 && high != 0 ) // high < 0001000000000000 { mbedtls_test_fail( "'high' is not a high-level error code", line, file ); From 7439209bcca2f64c30334ca3754eeaea27df32d1 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Thu, 1 Apr 2021 16:00:01 +0100 Subject: [PATCH 14/25] Rewrite error addition interface The previous implementation of the error addition interface did not comply with the invasive testing architecture guidelines. This commit fixes that by: - Renaming functions/macros/variables to follow the mbedtls_error_xxx or mbedtls_test_hook_xxx convention. - Making mbedtls_test_hook_error_add a global variable that can be set by the testing code. - Using a static inline function call, as opposed to macro, to keep discrepancies between debug and production version to a minimum. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 51 ++++++++++++++++++++++----------- library/error.c | 16 ----------- library/rsa.c | 29 ++++++++++--------- scripts/data_files/error.fmt | 16 ----------- tests/suites/main_test.function | 2 +- 5 files changed, 51 insertions(+), 63 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 5f2482284..5b31b61be 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -114,25 +114,44 @@ extern "C" { #define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */ #define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */ - -#if defined(MBEDTLS_TEST_HOOKS) && defined(MBEDTLS_ERROR_C) /** - * \brief Set a function pointer (hook) to allow for invasive testing of error - * code addition. + * \brief Combines a high-level and low-level error code together. * - * This hook is used in the test infrastructure to report on errors when - * combining two error codes of the same level. - * - * \param hook hook to invasive testing function + * Wrapper function for mbedtls_err_add_ext(). See that function for + * more details. */ -void mbedtls_set_err_add_hook( void (*hook)( int, int, const char *, int ) ); -int mbedtls_err_add( int high, int low, const char *file, int line ); -#define MBEDTLS_ERR_ADD( high, low ) \ - ( mbedtls_err_add( high, low, __FILE__, __LINE__ ) ) -#else -#define MBEDTLS_ERR_ADD( high, low ) \ - ( ( high ) + ( low ) ) -#endif /* MBEDTLS_TEST_HOOKS */ +#define mbedtls_error_add( high, low ) \ + mbedtls_error_add_ext( high, low, __FILE__, __LINE__ ) + +/** + * \brief Testing hook called before adding/combining two error codes together. + * Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS. + */ +void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); + +/** + * \brief Combines a high-level and low-level error code together. + * + * This function can be called directly however it is usually + * called via the mbedtls_error_add macro. + * + * \note When invasive testing is enabled via MBEDTLS_TEST_HOOKS also try to + * call mbedtls_test_hook_error_add. + * + * \param high high-level error code. See error.h for more details. + * \param low low-level error code. See error.h for more details. + * \param file file where this error code addition occured. + * \param line line where this error code addition occured. + */ +static inline int mbedtls_error_add_ext( int high, int low, + const char *file, int line ) +{ +#if defined(MBEDTLS_TEST_HOOKS) + if( *mbedtls_test_hook_error_add != NULL ) + ( *mbedtls_test_hook_error_add )( high, low, file, line ); +#endif + return( high + low ); +} /** * \brief Translate a mbed TLS error code into a string representation, diff --git a/library/error.c b/library/error.c index aaa66dddf..901a3699a 100644 --- a/library/error.c +++ b/library/error.c @@ -893,22 +893,6 @@ const char * mbedtls_low_level_strerr( int error_code ) return( NULL ); } -#if defined(MBEDTLS_TEST_HOOKS) -static void (*err_add_hook)( int, int, const char *, int ); - -void mbedtls_set_err_add_hook( void (*hook)( int, int, const char *, int ) ) -{ - err_add_hook = hook; -} - -int mbedtls_err_add( int high, int low, const char *file, int line ) -{ - if( err_add_hook != NULL ) - (*err_add_hook)( high, low, file, line ); - return ( high + low ); -} -#endif /* MBEDTLS_TEST_HOOKS */ - void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; diff --git a/library/rsa.c b/library/rsa.c index a32d4e8c5..42b43ca4d 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -102,7 +102,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) { - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } if( N != NULL ) @@ -142,7 +142,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, cleanup: if( ret != 0 ) - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); return( 0 ); } @@ -293,7 +293,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ) != 0 ) { - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } ctx->len = mbedtls_mpi_size( &ctx->N ); @@ -308,7 +308,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, &ctx->P, &ctx->Q ); if( ret != 0 ) - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } else if( d_missing ) @@ -318,7 +318,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) &ctx->E, &ctx->D ) ) != 0 ) { - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } } @@ -333,7 +333,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, &ctx->DP, &ctx->DQ, &ctx->QP ); if( ret != 0 ) - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #endif /* MBEDTLS_RSA_NO_CRT */ @@ -461,13 +461,13 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) { - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #else if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, DP, DQ, QP ) ) != 0 ) { - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #endif @@ -635,8 +635,9 @@ cleanup: if( ret != 0 ) { mbedtls_rsa_free( ctx ); + if( ( -ret & ~0x7f ) == 0 ) - ret = MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret ); + ret = mbedtls_error_add( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret ); return( ret ); } @@ -769,7 +770,7 @@ cleanup: mbedtls_mpi_free( &T ); if( ret != 0 ) - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) ); return( 0 ); } @@ -1085,7 +1086,7 @@ cleanup: mbedtls_mpi_free( &I ); if( ret != 0 && ret >= -0x007f ) - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) ); return( ret ); } @@ -1198,7 +1199,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, /* Generate a random octet string seed */ if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p += hlen; @@ -1287,7 +1288,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, /* Check if RNG failed to generate data */ if( rng_dl == 0 || ret != 0 ) - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p++; } @@ -1881,7 +1882,7 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, /* Generate salt of length slen in place in the encoded message */ salt = p; if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) - return( MBEDTLS_ERR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + return( mbedtls_error_add( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p += slen; diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 5925904a4..9e479bbfd 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -82,22 +82,6 @@ LOW_LEVEL_CODE_CHECKS return( NULL ); } -#if defined(MBEDTLS_TEST_HOOKS) -static void (*err_add_hook)( int, int, const char *, int ); - -void mbedtls_set_err_add_hook( void (*hook)( int, int, const char *, int ) ) -{ - err_add_hook = hook; -} - -int mbedtls_err_add( int high, int low, const char *file, int line ) -{ - if( err_add_hook != NULL ) - (*err_add_hook)( high, low, file, line ); - return ( high + low ); -} -#endif /* MBEDTLS_TEST_HOOKS */ - void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; diff --git a/tests/suites/main_test.function b/tests/suites/main_test.function index 7cae0da2b..ac00f45e5 100644 --- a/tests/suites/main_test.function +++ b/tests/suites/main_test.function @@ -284,7 +284,7 @@ $platform_code int main( int argc, const char *argv[] ) { #if defined(MBEDTLS_TEST_HOOKS) && defined (MBEDTLS_ERROR_C) - mbedtls_set_err_add_hook( &mbedtls_test_err_add_check ); + mbedtls_test_hook_error_add = &mbedtls_test_err_add_check; #endif int ret = mbedtls_test_platform_setup(); From b7d02e0f15469237073aeaf4fe71e50ad1b0543b Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Thu, 1 Apr 2021 17:40:03 +0100 Subject: [PATCH 15/25] Fix misc issues with unused parameters and check-names.sh Fix unused parameter warnings when MBEDTLS_TEST_HOOKS is not enabled. A few issues were caught by check-names.sh namely: - mbedtls_error_add was not capitalised. - mbedtls_test_hook_error_add was being defined multiple times as the definition was in a header. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 7 +++++-- library/error.c | 2 ++ library/rsa.c | 28 ++++++++++++++-------------- scripts/data_files/error.fmt | 2 ++ 4 files changed, 23 insertions(+), 16 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 5b31b61be..39874b9c4 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -120,14 +120,14 @@ extern "C" { * Wrapper function for mbedtls_err_add_ext(). See that function for * more details. */ -#define mbedtls_error_add( high, low ) \ +#define MBEDTLS_ERROR_ADD( high, low ) \ mbedtls_error_add_ext( high, low, __FILE__, __LINE__ ) /** * \brief Testing hook called before adding/combining two error codes together. * Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS. */ -void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); +extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); /** * \brief Combines a high-level and low-level error code together. @@ -150,6 +150,9 @@ static inline int mbedtls_error_add_ext( int high, int low, if( *mbedtls_test_hook_error_add != NULL ) ( *mbedtls_test_hook_error_add )( high, low, file, line ); #endif + (void)file; + (void)line; + return( high + low ); } diff --git a/library/error.c b/library/error.c index 901a3699a..b5bd8d77c 100644 --- a/library/error.c +++ b/library/error.c @@ -893,6 +893,8 @@ const char * mbedtls_low_level_strerr( int error_code ) return( NULL ); } +void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); + void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; diff --git a/library/rsa.c b/library/rsa.c index 42b43ca4d..268d025e6 100644 --- a/library/rsa.c +++ b/library/rsa.c @@ -102,7 +102,7 @@ int mbedtls_rsa_import( mbedtls_rsa_context *ctx, ( D != NULL && ( ret = mbedtls_mpi_copy( &ctx->D, D ) ) != 0 ) || ( E != NULL && ( ret = mbedtls_mpi_copy( &ctx->E, E ) ) != 0 ) ) { - return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } if( N != NULL ) @@ -142,7 +142,7 @@ int mbedtls_rsa_import_raw( mbedtls_rsa_context *ctx, cleanup: if( ret != 0 ) - return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); return( 0 ); } @@ -293,7 +293,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) if( ( ret = mbedtls_mpi_mul_mpi( &ctx->N, &ctx->P, &ctx->Q ) ) != 0 ) { - return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } ctx->len = mbedtls_mpi_size( &ctx->N ); @@ -308,7 +308,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) ret = mbedtls_rsa_deduce_primes( &ctx->N, &ctx->E, &ctx->D, &ctx->P, &ctx->Q ); if( ret != 0 ) - return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } else if( d_missing ) @@ -318,7 +318,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) &ctx->E, &ctx->D ) ) != 0 ) { - return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } } @@ -333,7 +333,7 @@ int mbedtls_rsa_complete( mbedtls_rsa_context *ctx ) ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, &ctx->DP, &ctx->DQ, &ctx->QP ); if( ret != 0 ) - return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #endif /* MBEDTLS_RSA_NO_CRT */ @@ -461,13 +461,13 @@ int mbedtls_rsa_export_crt( const mbedtls_rsa_context *ctx, ( DQ != NULL && ( ret = mbedtls_mpi_copy( DQ, &ctx->DQ ) ) != 0 ) || ( QP != NULL && ( ret = mbedtls_mpi_copy( QP, &ctx->QP ) ) != 0 ) ) { - return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #else if( ( ret = mbedtls_rsa_deduce_crt( &ctx->P, &ctx->Q, &ctx->D, DP, DQ, QP ) ) != 0 ) { - return( mbedtls_error_add( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_BAD_INPUT_DATA, ret ) ); } #endif @@ -637,7 +637,7 @@ cleanup: mbedtls_rsa_free( ctx ); if( ( -ret & ~0x7f ) == 0 ) - ret = mbedtls_error_add( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret ); + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_KEY_GEN_FAILED, ret ); return( ret ); } @@ -770,7 +770,7 @@ cleanup: mbedtls_mpi_free( &T ); if( ret != 0 ) - return( mbedtls_error_add( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PUBLIC_FAILED, ret ) ); return( 0 ); } @@ -1086,7 +1086,7 @@ cleanup: mbedtls_mpi_free( &I ); if( ret != 0 && ret >= -0x007f ) - return( mbedtls_error_add( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_PRIVATE_FAILED, ret ) ); return( ret ); } @@ -1199,7 +1199,7 @@ int mbedtls_rsa_rsaes_oaep_encrypt( mbedtls_rsa_context *ctx, /* Generate a random octet string seed */ if( ( ret = f_rng( p_rng, p, hlen ) ) != 0 ) - return( mbedtls_error_add( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p += hlen; @@ -1288,7 +1288,7 @@ int mbedtls_rsa_rsaes_pkcs1_v15_encrypt( mbedtls_rsa_context *ctx, /* Check if RNG failed to generate data */ if( rng_dl == 0 || ret != 0 ) - return( mbedtls_error_add( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p++; } @@ -1882,7 +1882,7 @@ static int rsa_rsassa_pss_sign( mbedtls_rsa_context *ctx, /* Generate salt of length slen in place in the encoded message */ salt = p; if( ( ret = f_rng( p_rng, salt, slen ) ) != 0 ) - return( mbedtls_error_add( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_RSA_RNG_FAILED, ret ) ); p += slen; diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 9e479bbfd..7fed598ea 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -82,6 +82,8 @@ LOW_LEVEL_CODE_CHECKS return( NULL ); } +void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); + void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; From abded0ed39a1d144755595d04782306c0071694f Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 12 Apr 2021 15:44:47 +0100 Subject: [PATCH 16/25] Improve and fix documentation for error code combination Improve documentation by: - Fixing off by one errors in binary representations of error codes. - Clarifying combinations of zero. - Linking references to variables/macros via doxygen. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 10 +++++++--- tests/src/helpers.c | 4 ++-- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 39874b9c4..624228914 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -133,10 +133,14 @@ extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); * \brief Combines a high-level and low-level error code together. * * This function can be called directly however it is usually - * called via the mbedtls_error_add macro. + * called via the #MBEDTLS_ERROR_ADD macro. * - * \note When invasive testing is enabled via MBEDTLS_TEST_HOOKS also try to - * call mbedtls_test_hook_error_add. + * While a value of zero is not a negative error code, it is still an + * error code (that denotes success) and can be combined with both a + * negative error code or another value of zero. + * + * \note When invasive testing is enabled via #MBEDTLS_TEST_HOOKS, also try to + * call \link mbedtls_test_hook_error_add \endlink. * * \param high high-level error code. See error.h for more details. * \param low low-level error code. See error.h for more details. diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 9c1198ea3..b54661195 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -292,7 +292,7 @@ void mbedtls_test_err_add_check( int high, int low, * examples given in comments have been made positive for ease of * understanding. The structure of an error code is such: * - * shhhhhhhllllllll + * shhhhhhhhlllllll * * s = sign bit. * h = high level error code (includes high and module error codes). @@ -308,7 +308,7 @@ void mbedtls_test_err_add_check( int high, int low, mbedtls_test_fail( "'high' error code is greater than 15 bits", line, file ); } - else if ( ( high & 0x7F ) != 0 ) // high & 0000000011111111 + else if ( ( high & 0x7F ) != 0 ) // high & 0000000001111111 { mbedtls_test_fail( "'high' contains a low-level error code", line, file ); From ef01852d65987a461621b06306d80cb42be6ed0e Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 12 Apr 2021 17:27:18 +0100 Subject: [PATCH 17/25] Add missing guard to mbedtls_test_hook_error_add Add a missing guard for the definition and declaration of mbedtls_test_hook_error_add. Also make the declaration always visible when MBEDTLS_TEST_HOOKS is enabled. This fixes an issue when MBEDTLS_ERROR_C is not defined but MBEDTLS_TEST_HOOKS is. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 2 ++ library/error.c | 6 ++++-- scripts/data_files/error.fmt | 6 ++++-- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 624228914..49c312082 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -123,11 +123,13 @@ extern "C" { #define MBEDTLS_ERROR_ADD( high, low ) \ mbedtls_error_add_ext( high, low, __FILE__, __LINE__ ) +#if defined(MBEDTLS_TEST_HOOKS) /** * \brief Testing hook called before adding/combining two error codes together. * Only used when invasive testing is enabled via MBEDTLS_TEST_HOOKS. */ extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); +#endif /** * \brief Combines a high-level and low-level error code together. diff --git a/library/error.c b/library/error.c index b5bd8d77c..afad38904 100644 --- a/library/error.c +++ b/library/error.c @@ -893,8 +893,6 @@ const char * mbedtls_low_level_strerr( int error_code ) return( NULL ); } -void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); - void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; @@ -975,4 +973,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_ERROR_C */ +#if defined(MBEDTLS_TEST_HOOKS) +void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); +#endif + #endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ diff --git a/scripts/data_files/error.fmt b/scripts/data_files/error.fmt index 7fed598ea..3be94bd2c 100644 --- a/scripts/data_files/error.fmt +++ b/scripts/data_files/error.fmt @@ -82,8 +82,6 @@ LOW_LEVEL_CODE_CHECKS return( NULL ); } -void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); - void mbedtls_strerror( int ret, char *buf, size_t buflen ) { size_t len; @@ -164,4 +162,8 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen ) #endif /* MBEDTLS_ERROR_C */ +#if defined(MBEDTLS_TEST_HOOKS) +void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); +#endif + #endif /* MBEDTLS_ERROR_C || MBEDTLS_ERROR_STRERROR_DUMMY */ From defe10df528f513ecafe02f01b24744b45be2499 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 12 Apr 2021 17:31:39 +0100 Subject: [PATCH 18/25] Add compatibility macro for the inline keyword in error.h MSVC is not fully compliant with C99 where the 'inline' keyword is defined. Add a macro to define an alternative for non-compliant compilers. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 49c312082..3d8a5eac0 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -30,6 +30,11 @@ #include +#if ( defined(__ARMCC_VERSION) || defined(_MSC_VER) ) && \ + !defined(inline) && !defined(__cplusplus) +#define inline __inline +#endif + /** * Error code layout. * From 9f7a693f2c89419be19054e9065f8d2b71a88aca Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 14 Apr 2021 12:12:09 +0100 Subject: [PATCH 19/25] Apply MBEDTLS_ERROR_ADD to library Replace all occurences of error code addition in the library with the new MBEDTLS_ERROR_ADD macro. Signed-off-by: Chris Jones --- library/dhm.c | 22 +-- library/ecdsa.c | 4 +- library/pem.c | 4 +- library/pkcs12.c | 12 +- library/pkcs5.c | 24 ++-- library/pkparse.c | 115 ++++++++-------- library/ssl_cookie.c | 12 +- library/x509.c | 124 ++++++++--------- library/x509_crl.c | 58 ++++---- library/x509_crt.c | 152 ++++++++++----------- library/x509_csr.c | 16 +-- tests/suites/test_suite_x509parse.function | 28 ++-- 12 files changed, 287 insertions(+), 284 deletions(-) diff --git a/library/dhm.c b/library/dhm.c index f79681231..9758af787 100644 --- a/library/dhm.c +++ b/library/dhm.c @@ -79,7 +79,7 @@ static int dhm_read_bignum( mbedtls_mpi *X, return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ( ret = mbedtls_mpi_read_binary( X, *p, n ) ) != 0 ) - return( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PARAMS_FAILED, ret ) ); (*p) += n; @@ -222,7 +222,7 @@ int mbedtls_dhm_make_params( mbedtls_dhm_context *ctx, int x_size, cleanup: if( ret != 0 ) - return( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PARAMS_FAILED, ret ) ); return( 0 ); } @@ -242,7 +242,7 @@ int mbedtls_dhm_set_group( mbedtls_dhm_context *ctx, if( ( ret = mbedtls_mpi_copy( &ctx->P, P ) ) != 0 || ( ret = mbedtls_mpi_copy( &ctx->G, G ) ) != 0 ) { - return( MBEDTLS_ERR_DHM_SET_GROUP_FAILED + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_SET_GROUP_FAILED, ret ) ); } ctx->len = mbedtls_mpi_size( &ctx->P ); @@ -263,7 +263,7 @@ int mbedtls_dhm_read_public( mbedtls_dhm_context *ctx, return( MBEDTLS_ERR_DHM_BAD_INPUT_DATA ); if( ( ret = mbedtls_mpi_read_binary( &ctx->GY, input, ilen ) ) != 0 ) - return( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_READ_PUBLIC_FAILED, ret ) ); return( 0 ); } @@ -313,7 +313,7 @@ int mbedtls_dhm_make_public( mbedtls_dhm_context *ctx, int x_size, cleanup: if( ret != 0 ) - return( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_MAKE_PUBLIC_FAILED, ret ) ); return( 0 ); } @@ -462,7 +462,7 @@ cleanup: mbedtls_mpi_free( &GYb ); if( ret != 0 ) - return( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_CALC_SECRET_FAILED, ret ) ); return( 0 ); } @@ -544,7 +544,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { - ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret ); goto exit; } @@ -553,7 +553,7 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, if( ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->P ) ) != 0 || ( ret = mbedtls_asn1_get_mpi( &p, end, &dhm->G ) ) != 0 ) { - ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret ); goto exit; } @@ -567,13 +567,13 @@ int mbedtls_dhm_parse_dhm( mbedtls_dhm_context *dhm, const unsigned char *dhmin, mbedtls_mpi_free( &rec ); if ( ret != 0 ) { - ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + ret; + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, ret ); goto exit; } if ( p != end ) { - ret = MBEDTLS_ERR_DHM_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_DHM_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); goto exit; } } diff --git a/library/ecdsa.c b/library/ecdsa.c index 7dc8708a3..7f259e105 100644 --- a/library/ecdsa.c +++ b/library/ecdsa.c @@ -870,8 +870,8 @@ int mbedtls_ecdsa_read_signature_restartable( mbedtls_ecdsa_context *ctx, if( p + len != end ) { - ret = MBEDTLS_ERR_ECP_BAD_INPUT_DATA + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_ECP_BAD_INPUT_DATA, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); goto cleanup; } diff --git a/library/pem.c b/library/pem.c index 969d492e3..fcfde9479 100644 --- a/library/pem.c +++ b/library/pem.c @@ -343,7 +343,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const ret = mbedtls_base64_decode( NULL, 0, &len, s1, s2 - s1 ); if( ret == MBEDTLS_ERR_BASE64_INVALID_CHARACTER ) - return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) ); if( ( buf = mbedtls_calloc( 1, len ) ) == NULL ) return( MBEDTLS_ERR_PEM_ALLOC_FAILED ); @@ -352,7 +352,7 @@ int mbedtls_pem_read_buffer( mbedtls_pem_context *ctx, const char *header, const { mbedtls_platform_zeroize( buf, len ); mbedtls_free( buf ); - return( MBEDTLS_ERR_PEM_INVALID_DATA + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PEM_INVALID_DATA, ret ) ); } if( enc != 0 ) diff --git a/library/pkcs12.c b/library/pkcs12.c index 4bdeb6835..9823d963c 100644 --- a/library/pkcs12.c +++ b/library/pkcs12.c @@ -60,21 +60,21 @@ static int pkcs12_parse_pbe_params( mbedtls_asn1_buf *params, * */ if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); if( ( ret = mbedtls_asn1_get_tag( p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) ); salt->p = *p; *p += salt->len; if( ( ret = mbedtls_asn1_get_int( p, end, iterations ) ) != 0 ) - return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, ret ) ); if( *p != end ) - return( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS12_PBE_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } diff --git a/library/pkcs5.c b/library/pkcs5.c index e9e743fa9..2b014d91c 100644 --- a/library/pkcs5.c +++ b/library/pkcs5.c @@ -60,8 +60,8 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, const unsigned char *end = params->p + params->len; if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); /* * PBKDF2-params ::= SEQUENCE { * salt OCTET STRING, @@ -73,13 +73,13 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &salt->len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); salt->p = p; p += salt->len; if( ( ret = mbedtls_asn1_get_int( &p, end, iterations ) ) != 0 ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); if( p == end ) return( 0 ); @@ -87,21 +87,21 @@ static int pkcs5_parse_pbkdf2_params( const mbedtls_asn1_buf *params, if( ( ret = mbedtls_asn1_get_int( &p, end, keylen ) ) != 0 ) { if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); } if( p == end ) return( 0 ); if( ( ret = mbedtls_asn1_get_alg_null( &p, end, &prf_alg_oid ) ) != 0 ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); if( mbedtls_oid_get_md_hmac( &prf_alg_oid, md_type ) != 0 ) return( MBEDTLS_ERR_PKCS5_FEATURE_UNAVAILABLE ); if( p != end ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -134,12 +134,12 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, * } */ if( pbe_params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); if( ( ret = mbedtls_asn1_get_alg( &p, end, &kdf_alg_oid, &kdf_alg_params ) ) != 0 ) - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); // Only PBKDF2 supported at the moment // @@ -160,7 +160,7 @@ int mbedtls_pkcs5_pbes2( const mbedtls_asn1_buf *pbe_params, int mode, if( ( ret = mbedtls_asn1_get_alg( &p, end, &enc_scheme_oid, &enc_scheme_params ) ) != 0 ) { - return( MBEDTLS_ERR_PKCS5_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PKCS5_INVALID_FORMAT, ret ) ); } if( mbedtls_oid_get_cipher_alg( &enc_scheme_oid, &cipher_alg ) != 0 ) diff --git a/library/pkparse.c b/library/pkparse.c index 0590f2b05..3f3d5585a 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -186,8 +186,8 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if ( end - *p < 1 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); /* Tag may be either OID or SEQUENCE */ params->tag = **p; @@ -197,21 +197,21 @@ static int pk_get_ecparams( unsigned char **p, const unsigned char *end, #endif ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); } if( ( ret = mbedtls_asn1_get_tag( p, end, ¶ms->len, params->tag ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } params->p = *p; *p += params->len; if( *p != end ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -247,7 +247,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ /* SpecifiedECDomainVersion ::= INTEGER { 1, 2, 3 } */ if( ( ret = mbedtls_asn1_get_int( &p, end, &ver ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( ver < 1 || ver > 3 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT ); @@ -285,13 +285,13 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ /* Prime-p ::= INTEGER -- Field of size p. */ if( ( ret = mbedtls_asn1_get_mpi( &p, end_field, &grp->P ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); grp->pbits = mbedtls_mpi_bitlen( &grp->P ); if( p != end_field ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); /* * Curve ::= SEQUENCE { @@ -315,7 +315,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || ( ret = mbedtls_mpi_read_binary( &grp->A, p, len ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } p += len; @@ -323,7 +323,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ if( ( ret = mbedtls_asn1_get_tag( &p, end_curve, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 || ( ret = mbedtls_mpi_read_binary( &grp->B, p, len ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } p += len; @@ -333,14 +333,14 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ p += len; if( p != end_curve ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); /* * ECPoint ::= OCTET STRING */ if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( ( ret = mbedtls_ecp_point_read_binary( grp, &grp->G, ( const unsigned char *) p, len ) ) != 0 ) @@ -366,7 +366,7 @@ static int pk_group_from_specified( const mbedtls_asn1_buf *params, mbedtls_ecp_ * order INTEGER */ if( ( ret = mbedtls_asn1_get_mpi( &p, end, &grp->N ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); grp->nbits = mbedtls_mpi_bitlen( &grp->N ); @@ -528,15 +528,15 @@ static int pk_get_rsapubkey( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) ); if( *p + len != end ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); /* Import N */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) ); if( ( ret = mbedtls_rsa_import_raw( rsa, *p, len, NULL, 0, NULL, 0, NULL, 0, NULL, 0 ) ) != 0 ) @@ -546,7 +546,7 @@ static int pk_get_rsapubkey( unsigned char **p, /* Import E */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_INTEGER ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) ); if( ( ret = mbedtls_rsa_import_raw( rsa, NULL, 0, NULL, 0, NULL, 0, NULL, 0, *p, len ) ) != 0 ) @@ -561,8 +561,8 @@ static int pk_get_rsapubkey( unsigned char **p, } if( *p != end ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -584,7 +584,7 @@ static int pk_get_pk_alg( unsigned char **p, memset( params, 0, sizeof(mbedtls_asn1_buf) ); if( ( ret = mbedtls_asn1_get_alg( p, end, &alg_oid, params ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_ALG, ret ) ); if( mbedtls_oid_get_pk_alg( &alg_oid, pk_alg ) != 0 ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); @@ -624,7 +624,7 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } end = *p + len; @@ -633,11 +633,11 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, return( ret ); if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, ret ) ); if( *p + len != end ) - return( MBEDTLS_ERR_PK_INVALID_PUBKEY + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); @@ -662,8 +662,8 @@ int mbedtls_pk_parse_subpubkey( unsigned char **p, const unsigned char *end, ret = MBEDTLS_ERR_PK_UNKNOWN_PK_ALG; if( ret == 0 && *p != end ) - ret = MBEDTLS_ERR_PK_INVALID_PUBKEY + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH; + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); if( ret != 0 ) mbedtls_pk_free( pk ); @@ -734,14 +734,14 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } end = p + len; if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } if( version != 0 ) @@ -831,8 +831,8 @@ static int pk_parse_key_pkcs1_der( mbedtls_rsa_context *rsa, if( p != end ) { - ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ; + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); } cleanup: @@ -843,7 +843,7 @@ cleanup: { /* Wrap error code if it's coming from a lower level */ if( ( ret & 0xff80 ) == 0 ) - ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret; + ret = MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ); else ret = MBEDTLS_ERR_PK_KEY_INVALID_FORMAT; @@ -883,24 +883,24 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } end = p + len; if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( version != 1 ) return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION ); if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( ( ret = mbedtls_mpi_read_binary( &eck->d, p, len ) ) != 0 ) { mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } p += len; @@ -924,7 +924,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) { mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } } @@ -940,11 +940,11 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, end2 = p + len; if( ( ret = mbedtls_asn1_get_bitstring_null( &p, end2, &len ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( p + len != end2 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); if( ( ret = pk_get_ecpubkey( &p, end2, eck ) ) == 0 ) pubkey_done = 1; @@ -961,7 +961,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) { mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } } @@ -970,7 +970,7 @@ static int pk_parse_key_sec1_der( mbedtls_ecp_keypair *eck, NULL, NULL ) ) != 0 ) { mbedtls_ecp_keypair_free( eck ); - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } if( ( ret = mbedtls_ecp_check_privkey( &eck->grp, &eck->d ) ) != 0 ) @@ -1028,26 +1028,26 @@ static int pk_parse_key_pkcs8_unencrypted_der( if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } end = p + len; if( ( ret = mbedtls_asn1_get_int( &p, end, &version ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( version != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) ); if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( len < 1 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); if( ( pk_info = mbedtls_pk_info_from_type( pk_alg ) ) == NULL ) return( MBEDTLS_ERR_PK_UNKNOWN_PK_ALG ); @@ -1130,16 +1130,16 @@ static int pk_parse_key_pkcs8_encrypted_der( if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); } end = p + len; if( ( ret = mbedtls_asn1_get_alg( &p, end, &pbe_alg_oid, &pbe_params ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); buf = p; @@ -1518,7 +1518,8 @@ int mbedtls_pk_parse_public_key( mbedtls_pk_context *ctx, return( ret ); } mbedtls_pk_free( ctx ); - if( ret != ( MBEDTLS_ERR_PK_INVALID_PUBKEY + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) + if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_INVALID_PUBKEY, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) ) { return( ret ); } diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index c8bd1bd52..b64c354e6 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -174,7 +174,7 @@ int mbedtls_ssl_cookie_write( void *p_ctx, #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) ); #endif ret = ssl_cookie_hmac( &ctx->hmac_ctx, *p - 4, @@ -182,8 +182,8 @@ int mbedtls_ssl_cookie_write( void *p_ctx, #if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + - MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, + MBEDTLS_ERR_THREADING_MUTEX_ERROR ) ); #endif return( ret ); @@ -210,7 +210,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx, #if defined(MBEDTLS_THREADING_C) if( ( ret = mbedtls_mutex_lock( &ctx->mutex ) ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, ret ) ); #endif if( ssl_cookie_hmac( &ctx->hmac_ctx, cookie, @@ -220,8 +220,8 @@ int mbedtls_ssl_cookie_check( void *p_ctx, #if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERR_SSL_INTERNAL_ERROR + - MBEDTLS_ERR_THREADING_MUTEX_ERROR ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR , + MBEDTLS_ERR_THREADING_MUTEX_ERROR ) ); #endif if( ret != 0 ) diff --git a/library/x509.c b/library/x509.c index 2a7be329b..f21e9e694 100644 --- a/library/x509.c +++ b/library/x509.c @@ -81,18 +81,18 @@ int mbedtls_x509_get_serial( unsigned char **p, const unsigned char *end, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_SERIAL + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); if( **p != ( MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_PRIMITIVE | 2 ) && **p != MBEDTLS_ASN1_INTEGER ) - return( MBEDTLS_ERR_X509_INVALID_SERIAL + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); serial->tag = *(*p)++; if( ( ret = mbedtls_asn1_get_len( p, end, &serial->len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_SERIAL + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SERIAL, ret ) ); serial->p = *p; *p += serial->len; @@ -112,7 +112,7 @@ int mbedtls_x509_get_alg_null( unsigned char **p, const unsigned char *end, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_alg_null( p, end, alg ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); return( 0 ); } @@ -126,7 +126,7 @@ int mbedtls_x509_get_alg( unsigned char **p, const unsigned char *end, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_alg( p, end, alg, params ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); return( 0 ); } @@ -151,39 +151,39 @@ static int x509_get_hash_alg( const mbedtls_x509_buf *alg, mbedtls_md_type_t *md /* Make sure we got a SEQUENCE and setup bounds */ if( alg->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); p = alg->p; end = p + alg->len; if( p >= end ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); /* Parse md_oid */ md_oid.tag = *p; if( ( ret = mbedtls_asn1_get_tag( &p, end, &md_oid.len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); md_oid.p = p; p += md_oid.len; /* Get md_alg from md_oid */ if( ( ret = mbedtls_oid_get_md_alg( &md_oid, md_alg ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); /* Make sure params is absent of NULL */ if( p == end ) return( 0 ); if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_NULL ) ) != 0 || len != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); if( p != end ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -217,8 +217,8 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, /* Make sure params is a SEQUENCE and setup bounds */ if( params->tag != ( MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); p = (unsigned char *) params->p; end = p + params->len; @@ -239,14 +239,14 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, return( ret ); if( ( ret = mbedtls_oid_get_md_alg( &alg_id, md_alg ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); if( p != end2 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); if( p == end ) return( 0 ); @@ -265,19 +265,19 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, /* Only MFG1 is recognised for now */ if( MBEDTLS_OID_CMP( MBEDTLS_OID_MGF1, &alg_id ) != 0 ) - return( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE + - MBEDTLS_ERR_OID_NOT_FOUND ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, + MBEDTLS_ERR_OID_NOT_FOUND ) ); /* Parse HashAlgorithm */ if( ( ret = x509_get_hash_alg( &alg_params, mgf_md ) ) != 0 ) return( ret ); if( p != end2 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); if( p == end ) return( 0 ); @@ -291,14 +291,14 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, end2 = p + len; if( ( ret = mbedtls_asn1_get_int( &p, end2, salt_len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); if( p != end2 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); if( p == end ) return( 0 ); @@ -314,21 +314,21 @@ int mbedtls_x509_get_rsassa_pss_params( const mbedtls_x509_buf *params, end2 = p + len; if( ( ret = mbedtls_asn1_get_int( &p, end2, &trailer_field ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); if( p != end2 ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); if( trailer_field != 1 ) return( MBEDTLS_ERR_X509_INVALID_ALG ); } else if( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) - return( MBEDTLS_ERR_X509_INVALID_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, ret ) ); if( p != end ) - return( MBEDTLS_ERR_X509_INVALID_ALG + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_ALG, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -354,47 +354,47 @@ static int x509_get_attr_type_value( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); end = *p + len; if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); oid = &cur->oid; oid->tag = **p; if( ( ret = mbedtls_asn1_get_tag( p, end, &oid->len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); oid->p = *p; *p += oid->len; if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); if( **p != MBEDTLS_ASN1_BMP_STRING && **p != MBEDTLS_ASN1_UTF8_STRING && **p != MBEDTLS_ASN1_T61_STRING && **p != MBEDTLS_ASN1_PRINTABLE_STRING && **p != MBEDTLS_ASN1_IA5_STRING && **p != MBEDTLS_ASN1_UNIVERSAL_STRING && **p != MBEDTLS_ASN1_BIT_STRING ) - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); val = &cur->val; val->tag = *(*p)++; if( ( ret = mbedtls_asn1_get_len( p, end, &val->len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); val->p = *p; *p += val->len; if( *p != end ) { - return( MBEDTLS_ERR_X509_INVALID_NAME + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } cur->next = NULL; @@ -440,7 +440,7 @@ int mbedtls_x509_get_name( unsigned char **p, const unsigned char *end, */ if( ( ret = mbedtls_asn1_get_tag( p, end, &set_len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_NAME + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_NAME, ret ) ); end_set = *p + set_len; @@ -604,8 +604,8 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, unsigned char tag; if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); tag = **p; @@ -614,14 +614,14 @@ int mbedtls_x509_get_time( unsigned char **p, const unsigned char *end, else if( tag == MBEDTLS_ASN1_GENERALIZED_TIME ) year_len = 4; else - return( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); (*p)++; ret = mbedtls_asn1_get_len( p, end, &len ); if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) ); return x509_parse_time( p, len, year_len, tm ); } @@ -633,13 +633,13 @@ int mbedtls_x509_get_sig( unsigned char **p, const unsigned char *end, mbedtls_x int tag_type; if( ( end - *p ) < 1 ) - return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ); tag_type = **p; if( ( ret = mbedtls_asn1_get_bitstring_null( p, end, &len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_SIGNATURE + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_SIGNATURE, ret ) ); sig->tag = tag_type; sig->len = len; @@ -663,7 +663,7 @@ int mbedtls_x509_get_sig_alg( const mbedtls_x509_buf *sig_oid, const mbedtls_x50 return( MBEDTLS_ERR_X509_BAD_INPUT_DATA ); if( ( ret = mbedtls_oid_get_sig_alg( sig_oid, md_alg, pk_alg ) ) != 0 ) - return( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, ret ) ); #if defined(MBEDTLS_X509_RSASSA_PSS_SUPPORT) if( *pk_alg == MBEDTLS_PK_RSASSA_PSS ) @@ -714,7 +714,7 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, ret = mbedtls_asn1_get_tag( p, end, &ext->len, MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag ); if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); ext->tag = MBEDTLS_ASN1_CONTEXT_SPECIFIC | MBEDTLS_ASN1_CONSTRUCTED | tag; ext->p = *p; @@ -725,11 +725,11 @@ int mbedtls_x509_get_ext( unsigned char **p, const unsigned char *end, */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( end != *p + len ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } diff --git a/library/x509_crl.c b/library/x509_crl.c index edeb39b02..ac4fc75de 100644 --- a/library/x509_crl.c +++ b/library/x509_crl.c @@ -79,7 +79,7 @@ static int x509_crl_get_version( unsigned char **p, return( 0 ); } - return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) ); } return( 0 ); @@ -125,7 +125,7 @@ static int x509_get_crl_ext( unsigned char **p, /* Get enclosing sequence tag */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); end_ext_data = *p + len; @@ -133,7 +133,7 @@ static int x509_get_crl_ext( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, MBEDTLS_ASN1_OID ) ) != 0 ) { - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); } *p += len; @@ -142,29 +142,29 @@ static int x509_get_crl_ext( unsigned char **p, &is_critical ) ) != 0 && ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) { - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); } /* Data should be octet string type */ if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); /* Ignore data so far and just check its length */ *p += len; if( *p != end_ext_data ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); /* Abort on (unsupported) critical extensions */ if( is_critical ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); } if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -198,27 +198,27 @@ static int x509_get_crl_entry_ext( unsigned char **p, ext->p = NULL; return( 0 ); } - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); } end = *p + ext->len; if( end != *p + ext->len ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); while( *p < end ) { if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); *p += len; } if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -364,8 +364,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, if( len != (size_t) ( end - p ) ) { mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } /* @@ -377,7 +377,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } end = p + len; @@ -421,7 +421,7 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } if( ( ret = mbedtls_x509_get_name( &p, p + len, &crl->issuer ) ) != 0 ) @@ -444,10 +444,10 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, if( ( ret = mbedtls_x509_get_time( &p, end, &crl->next_update ) ) != 0 ) { - if( ret != ( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) && - ret != ( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) + if( ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) && + ret != ( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_OUT_OF_DATA ) ) ) { mbedtls_x509_crl_free( crl ); return( ret ); @@ -486,8 +486,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, if( p != end ) { mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } end = crl->raw.p + crl->raw.len; @@ -521,8 +521,8 @@ int mbedtls_x509_crl_parse_der( mbedtls_x509_crl *chain, if( p != end ) { mbedtls_x509_crl_free( crl ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } return( 0 ); diff --git a/library/x509_crt.c b/library/x509_crt.c index 0aa4f4c21..8086cc034 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -397,17 +397,17 @@ static int x509_get_version( unsigned char **p, return( 0 ); } - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } end = *p + len; if( ( ret = mbedtls_asn1_get_int( p, end, ver ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) ); if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_VERSION + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -427,7 +427,7 @@ static int x509_get_dates( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_DATE + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, ret ) ); end = *p + len; @@ -438,8 +438,8 @@ static int x509_get_dates( unsigned char **p, return( ret ); if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_DATE + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_DATE, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -464,7 +464,7 @@ static int x509_get_uid( unsigned char **p, if( ret == MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) return( 0 ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } uid->p = *p; @@ -491,7 +491,7 @@ static int x509_get_basic_constraints( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( *p == end ) return( 0 ); @@ -502,7 +502,7 @@ static int x509_get_basic_constraints( unsigned char **p, ret = mbedtls_asn1_get_int( p, end, ca_istrue ); if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( *ca_istrue != 0 ) *ca_istrue = 1; @@ -512,17 +512,17 @@ static int x509_get_basic_constraints( unsigned char **p, return( 0 ); if( ( ret = mbedtls_asn1_get_int( p, end, max_pathlen ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); /* Do not accept max_pathlen equal to INT_MAX to avoid a signed integer * overflow, which is an undefined behavior. */ if( *max_pathlen == INT_MAX ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); (*max_pathlen)++; @@ -537,11 +537,11 @@ static int x509_get_ns_cert_type( unsigned char **p, mbedtls_x509_bitstring bs = { 0, 0, NULL }; if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( bs.len != 1 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); /* Get actual bitstring */ *ns_cert_type = *bs.p; @@ -557,11 +557,11 @@ static int x509_get_key_usage( unsigned char **p, mbedtls_x509_bitstring bs = { 0, 0, NULL }; if( ( ret = mbedtls_asn1_get_bitstring( p, end, &bs ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( bs.len < 1 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); /* Get actual bitstring */ *key_usage = 0; @@ -585,12 +585,12 @@ static int x509_get_ext_key_usage( unsigned char **p, int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED; if( ( ret = mbedtls_asn1_get_sequence_of( p, end, ext_key_usage, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); /* Sequence length must be >= 1 */ if( ext_key_usage->buf.p == NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_INVALID_LENGTH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_INVALID_LENGTH ) ); return( 0 ); } @@ -635,11 +635,11 @@ static int x509_get_subject_alt_name( unsigned char **p, /* Get main sequence tag */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( *p + len != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); while( *p < end ) { @@ -649,13 +649,13 @@ static int x509_get_subject_alt_name( unsigned char **p, tag = **p; (*p)++; if( ( ret = mbedtls_asn1_get_len( p, end, &tag_len ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( ( tag & MBEDTLS_ASN1_TAG_CLASS_MASK ) != MBEDTLS_ASN1_CONTEXT_SPECIFIC ) { - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); } /* @@ -691,8 +691,8 @@ static int x509_get_subject_alt_name( unsigned char **p, cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); if( cur->next == NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_ALLOC_FAILED ) ); cur = cur->next; } @@ -708,8 +708,8 @@ static int x509_get_subject_alt_name( unsigned char **p, cur->next = NULL; if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -776,18 +776,18 @@ static int x509_get_certificate_policies( unsigned char **p, ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( *p + len != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); /* * Cannot be an empty sequence. */ if( len == 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); while( *p < end ) { @@ -799,13 +799,13 @@ static int x509_get_certificate_policies( unsigned char **p, */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); policy_end = *p + len; if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); policy_oid.tag = MBEDTLS_ASN1_OID; policy_oid.len = len; @@ -833,8 +833,8 @@ static int x509_get_certificate_policies( unsigned char **p, cur->next = mbedtls_calloc( 1, sizeof( mbedtls_asn1_sequence ) ); if( cur->next == NULL ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_ALLOC_FAILED ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_ALLOC_FAILED ) ); cur = cur->next; } @@ -854,7 +854,7 @@ static int x509_get_certificate_policies( unsigned char **p, { if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); /* * Skip the optional policy qualifiers. */ @@ -862,16 +862,16 @@ static int x509_get_certificate_policies( unsigned char **p, } if( *p != policy_end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } /* Set final sequence entry's next pointer to NULL */ cur->next = NULL; if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( parse_ret ); } @@ -911,14 +911,14 @@ static int x509_get_crt_ext( unsigned char **p, if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); end_ext_data = *p + len; /* Get extension ID */ if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &extn_oid.len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); extn_oid.tag = MBEDTLS_ASN1_OID; extn_oid.p = *p; @@ -927,19 +927,19 @@ static int x509_get_crt_ext( unsigned char **p, /* Get optional critical */ if( ( ret = mbedtls_asn1_get_bool( p, end_ext_data, &is_critical ) ) != 0 && ( ret != MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); /* Data should be octet string type */ if( ( ret = mbedtls_asn1_get_tag( p, end_ext_data, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); start_ext_octet = *p; end_ext_octet = *p + len; if( end_ext_octet != end_ext_data ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); /* * Detect supported extensions @@ -965,8 +965,8 @@ static int x509_get_crt_ext( unsigned char **p, if( is_critical ) { /* Data is marked as critical: fail */ - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); } #endif continue; @@ -1059,8 +1059,8 @@ static int x509_get_crt_ext( unsigned char **p, } if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( 0 ); } @@ -1138,7 +1138,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } end = p + len; @@ -1185,7 +1185,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } if( ( ret = mbedtls_x509_get_name( &p, p + len, &crt->issuer ) ) != 0 ) @@ -1218,7 +1218,7 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } if( len && ( ret = mbedtls_x509_get_name( &p, p + len, &crt->subject ) ) != 0 ) @@ -1283,8 +1283,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, if( p != end ) { mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } end = crt_end; @@ -1322,8 +1322,8 @@ static int x509_crt_parse_der_core( mbedtls_x509_crt *crt, if( p != end ) { mbedtls_x509_crt_free( crt ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } return( 0 ); @@ -1706,7 +1706,7 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); cur_oid.tag = MBEDTLS_ASN1_OID; cur_oid.p = p; @@ -1723,20 +1723,20 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, if( p + len >= end ) { mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } p += len; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); other_name->value.hardware_module_name.oid.tag = MBEDTLS_ASN1_OID; other_name->value.hardware_module_name.oid.p = p; @@ -1745,13 +1745,13 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, if( p + len >= end ) { mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } p += len; if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); other_name->value.hardware_module_name.val.tag = MBEDTLS_ASN1_OCTET_STRING; other_name->value.hardware_module_name.val.p = p; @@ -1761,8 +1761,8 @@ static int x509_get_other_name( const mbedtls_x509_buf *subject_alt_name, { mbedtls_platform_zeroize( other_name, sizeof( *other_name ) ); - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } return( 0 ); } diff --git a/library/x509_csr.c b/library/x509_csr.c index 5463f8a9e..e259410d0 100644 --- a/library/x509_csr.c +++ b/library/x509_csr.c @@ -73,7 +73,7 @@ static int x509_csr_get_version( unsigned char **p, return( 0 ); } - return( MBEDTLS_ERR_X509_INVALID_VERSION + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_VERSION, ret ) ); } return( 0 ); @@ -131,8 +131,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, if( len != (size_t) ( end - p ) ) { mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } /* @@ -144,7 +144,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } end = p + len; @@ -176,7 +176,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) { mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } if( ( ret = mbedtls_x509_get_name( &p, p + len, &csr->subject ) ) != 0 ) @@ -210,7 +210,7 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_CONTEXT_SPECIFIC ) ) != 0 ) { mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, ret ) ); } p += len; @@ -244,8 +244,8 @@ int mbedtls_x509_csr_parse_der( mbedtls_x509_csr *csr, if( p != end ) { mbedtls_x509_csr_free( csr ); - return( MBEDTLS_ERR_X509_INVALID_FORMAT + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_FORMAT, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } return( 0 ); diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function index 66f03768b..29d28f780 100644 --- a/tests/suites/test_suite_x509parse.function +++ b/tests/suites/test_suite_x509parse.function @@ -7,6 +7,7 @@ #include "mbedtls/pem.h" #include "mbedtls/oid.h" #include "mbedtls/base64.h" +#include "mbedtls/error.h" #include "string.h" #if MBEDTLS_X509_MAX_INTERMEDIATE_CA > 19 @@ -320,18 +321,18 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ); if( ret != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); if( *p + len != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); /* * Cannot be an empty sequence. */ if( len == 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); while( *p < end ) { @@ -342,13 +343,13 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf */ if( ( ret = mbedtls_asn1_get_tag( p, end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); policy_end = *p + len; if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, MBEDTLS_ASN1_OID ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); /* * Recognize exclusively the policy with OID 1 @@ -366,7 +367,7 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf { if( ( ret = mbedtls_asn1_get_tag( p, policy_end, &len, MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE ) ) != 0 ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret ) ); /* * Skip the optional policy qualifiers. */ @@ -374,13 +375,13 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf } if( *p != policy_end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); } if( *p != end ) - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + - MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_LENGTH_MISMATCH ) ); return( parse_ret ); } @@ -388,7 +389,8 @@ int parse_crt_ext_cb( void *p_ctx, mbedtls_x509_crt const *crt, mbedtls_x509_buf memcmp( new_oid->p, oid->p, oid->len ) == 0 ) return( 0 ); else - return( MBEDTLS_ERR_X509_INVALID_EXTENSIONS + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ); + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_X509_INVALID_EXTENSIONS, + MBEDTLS_ERR_ASN1_UNEXPECTED_TAG ) ); } #endif /* MBEDTLS_X509_CRT_PARSE_C */ /* END_HEADER */ From fdb588b3a775751ce9a132bfe0ce1f5ef5026ffc Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 14 Apr 2021 18:15:24 +0100 Subject: [PATCH 20/25] Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_der An incorrect error code addition was spotted by the new invasive testing infrastructure whereby pk_get_pk_alg will always return a high level error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add another high level error, resulting in a garbage error code. Apply the same fix from ae3741e8a to fix the bug. Signed-off-by: Chris Jones --- ChangeLog.d/fix-pk-parse-key-error-code.txt | 2 ++ library/pkparse.c | 11 ++++++++++- 2 files changed, 12 insertions(+), 1 deletion(-) create mode 100644 ChangeLog.d/fix-pk-parse-key-error-code.txt diff --git a/ChangeLog.d/fix-pk-parse-key-error-code.txt b/ChangeLog.d/fix-pk-parse-key-error-code.txt new file mode 100644 index 000000000..3aa330b1a --- /dev/null +++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix an incorrect error code when parsing a PKCS#8 private key. diff --git a/library/pkparse.c b/library/pkparse.c index 3f3d5585a..31339c1cc 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1040,7 +1040,16 @@ static int pk_parse_key_pkcs8_unencrypted_der( return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) ); if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + { + if( ret >= -0x007F ) + { + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); + } + else + { + return ret; + } + } if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); From e11e81413d46577503d20a93ce7e791bf4324d2b Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Thu, 22 Apr 2021 15:28:56 +0100 Subject: [PATCH 21/25] Improve documentation for error code checking Improve comments explaining error code checking, fix incorrect comments and make a small formatting fix. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 2 +- library/ssl_cookie.c | 2 +- tests/src/helpers.c | 20 ++++++++++++++++---- 3 files changed, 18 insertions(+), 6 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 3d8a5eac0..52b818808 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -122,7 +122,7 @@ extern "C" { /** * \brief Combines a high-level and low-level error code together. * - * Wrapper function for mbedtls_err_add_ext(). See that function for + * Wrapper macro for mbedtls_error_add_ext(). See that function for * more details. */ #define MBEDTLS_ERROR_ADD( high, low ) \ diff --git a/library/ssl_cookie.c b/library/ssl_cookie.c index b64c354e6..69d1b3287 100644 --- a/library/ssl_cookie.c +++ b/library/ssl_cookie.c @@ -220,7 +220,7 @@ int mbedtls_ssl_cookie_check( void *p_ctx, #if defined(MBEDTLS_THREADING_C) if( mbedtls_mutex_unlock( &ctx->mutex ) != 0 ) - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR , + return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_SSL_INTERNAL_ERROR, MBEDTLS_ERR_THREADING_MUTEX_ERROR ) ); #endif diff --git a/tests/src/helpers.c b/tests/src/helpers.c index b54661195..4923e3c68 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -298,22 +298,34 @@ void mbedtls_test_err_add_check( int high, int low, * h = high level error code (includes high and module error codes). * l = low level error code. */ - if ( high > -0x1000 && high != 0 ) // high < 0001000000000000 + if ( high > -0x1000 && high != 0 ) + /* high < 0001000000000000 + * No high level error bits are set. + */ { mbedtls_test_fail( "'high' is not a high-level error code", line, file ); } - else if ( high < -0x7F80 ) // high > 0111111110000000 + else if ( high < -0x7F80 ) + /* high > 0111111110000000 + * Error code is larger than the greatest high + module level error. + */ { mbedtls_test_fail( "'high' error code is greater than 15 bits", line, file ); } - else if ( ( high & 0x7F ) != 0 ) // high & 0000000001111111 + else if ( ( high & 0x7F ) != 0 ) + /* high & 0000000001111111 + * Error code contains low level error code bits. + */ { mbedtls_test_fail( "'high' contains a low-level error code", line, file ); } - else if ( low < -0x007F ) // low > 0000000001111111 + else if ( low < -0x007F ) + /* low > 0000000001111111 + * Error code contains high or module level error code bits. + */ { mbedtls_test_fail( "'low' error code is greater than 7 bits", line, file ); From 456d29c20b8e750c183a770bbba0addebebb4045 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Fri, 23 Apr 2021 09:24:05 +0100 Subject: [PATCH 22/25] Rename mbedtls_error_add_ext to mbedtls_error_add This function was previously called mbedtls_error_add_ext because there was a macro called mbedtls_error_add. That later got capitalised which allows the function to now be named mbedtls_error_add. Signed-off-by: Chris Jones --- include/mbedtls/error.h | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h index 52b818808..aabbe6c39 100644 --- a/include/mbedtls/error.h +++ b/include/mbedtls/error.h @@ -122,11 +122,11 @@ extern "C" { /** * \brief Combines a high-level and low-level error code together. * - * Wrapper macro for mbedtls_error_add_ext(). See that function for + * Wrapper macro for mbedtls_error_add(). See that function for * more details. */ #define MBEDTLS_ERROR_ADD( high, low ) \ - mbedtls_error_add_ext( high, low, __FILE__, __LINE__ ) + mbedtls_error_add( high, low, __FILE__, __LINE__ ) #if defined(MBEDTLS_TEST_HOOKS) /** @@ -154,7 +154,7 @@ extern void (*mbedtls_test_hook_error_add)( int, int, const char *, int ); * \param file file where this error code addition occured. * \param line line where this error code addition occured. */ -static inline int mbedtls_error_add_ext( int high, int low, +static inline int mbedtls_error_add( int high, int low, const char *file, int line ) { #if defined(MBEDTLS_TEST_HOOKS) From 4f91d8d7adacfd34cfa7223608f3268a2a4ce635 Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Fri, 23 Apr 2021 12:07:25 +0100 Subject: [PATCH 23/25] Change "high level error" to "high level module ID" Signed-off-by: Chris Jones --- tests/src/helpers.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 4923e3c68..72b886de7 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -295,12 +295,13 @@ void mbedtls_test_err_add_check( int high, int low, * shhhhhhhhlllllll * * s = sign bit. - * h = high level error code (includes high and module error codes). + * h = high level error code (includes high level module ID (bits 12..14) + * and module-dependent error code (bits 7..11)). * l = low level error code. */ if ( high > -0x1000 && high != 0 ) /* high < 0001000000000000 - * No high level error bits are set. + * No high level module ID bits are set. */ { mbedtls_test_fail( "'high' is not a high-level error code", From 860f50942112cec90c8ad83fd92531008463b00b Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Mon, 26 Apr 2021 16:31:16 +0100 Subject: [PATCH 24/25] Clarify case when high level error code is incorrect Signed-off-by: Chris Jones --- tests/src/helpers.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/helpers.c b/tests/src/helpers.c index 72b886de7..b7c9867b0 100644 --- a/tests/src/helpers.c +++ b/tests/src/helpers.c @@ -309,7 +309,7 @@ void mbedtls_test_err_add_check( int high, int low, } else if ( high < -0x7F80 ) /* high > 0111111110000000 - * Error code is larger than the greatest high + module level error. + * Error code is greater than the largest allowed high level module ID. */ { mbedtls_test_fail( "'high' error code is greater than 15 bits", From 4d01c5b5c3770ad8c76b30ec415f857c6d454e9a Mon Sep 17 00:00:00 2001 From: Chris Jones Date: Wed, 28 Apr 2021 14:12:07 +0100 Subject: [PATCH 25/25] Remove dead code from pk_parse_key_pkcs8_unencrypted_der pk_get_pk_alg will either return 0 or a pk error code. This means that the error code will always be a high level module ID and so we just return ret. Signed-off-by: Chris Jones --- library/pkparse.c | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/library/pkparse.c b/library/pkparse.c index 31339c1cc..3222ca20f 100644 --- a/library/pkparse.c +++ b/library/pkparse.c @@ -1041,14 +1041,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) { - if( ret >= -0x007F ) - { - return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) ); - } - else - { - return ret; - } + return( ret ); } if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )