mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-07-30 22:43:08 +03:00
Replace MBEDTLS_ERR_OID_NOT_FOUND with MBEDTLS_ERR_X509_UNKNOWN_OID
Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with `MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not used for anything. Public functions in X.509 propagate this error code, so it needs to have a public name. Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then ``` git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g' ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
This commit is contained in:
Gilles Peskine
@ -7016,7 +7016,7 @@ static int ssl_parse_certificate_chain(mbedtls_ssl_context *ssl,
|
||||
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
|
||||
switch (ret) {
|
||||
case 0: /*ok*/
|
||||
case MBEDTLS_ERR_OID_NOT_FOUND:
|
||||
case MBEDTLS_ERR_X509_UNKNOWN_OID:
|
||||
/* Ignore certificate with an unknown algorithm: maybe a
|
||||
prior certificate was already trusted. */
|
||||
break;
|
||||
|
||||
@ -505,7 +505,7 @@ int mbedtls_ssl_tls13_parse_certificate(mbedtls_ssl_context *ssl,
|
||||
switch (ret) {
|
||||
case 0: /*ok*/
|
||||
break;
|
||||
case MBEDTLS_ERR_OID_NOT_FOUND:
|
||||
case MBEDTLS_ERR_X509_UNKNOWN_OID:
|
||||
/* Ignore certificate with an unknown algorithm: maybe a
|
||||
prior certificate was already trusted. */
|
||||
break;
|
||||
|
||||
@ -314,7 +314,7 @@ int mbedtls_x509_get_rsassa_pss_params(const mbedtls_x509_buf *params,
|
||||
/* Only MFG1 is recognised for now */
|
||||
if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) {
|
||||
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
|
||||
MBEDTLS_ERR_OID_NOT_FOUND);
|
||||
MBEDTLS_ERR_X509_UNKNOWN_OID);
|
||||
}
|
||||
|
||||
/* Parse HashAlgorithm */
|
||||
|
||||
@ -66,7 +66,7 @@
|
||||
int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
|
||||
{ \
|
||||
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
|
||||
if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
|
||||
if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
|
||||
*ATTR1 = data->descriptor.ATTR1; \
|
||||
return 0; \
|
||||
}
|
||||
@ -80,7 +80,7 @@
|
||||
int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
|
||||
{ \
|
||||
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
|
||||
if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
|
||||
if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
|
||||
*ATTR1 = data->ATTR1; \
|
||||
return 0; \
|
||||
}
|
||||
@ -95,7 +95,7 @@
|
||||
ATTR2_TYPE * ATTR2) \
|
||||
{ \
|
||||
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
|
||||
if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
|
||||
if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
|
||||
*(ATTR1) = data->ATTR1; \
|
||||
*(ATTR2) = data->ATTR2; \
|
||||
return 0; \
|
||||
@ -117,7 +117,7 @@
|
||||
} \
|
||||
cur++; \
|
||||
} \
|
||||
return MBEDTLS_ERR_OID_NOT_FOUND; \
|
||||
return MBEDTLS_ERR_X509_UNKNOWN_OID; \
|
||||
}
|
||||
|
||||
/*
|
||||
@ -138,7 +138,7 @@
|
||||
} \
|
||||
cur++; \
|
||||
} \
|
||||
return MBEDTLS_ERR_OID_NOT_FOUND; \
|
||||
return MBEDTLS_ERR_X509_UNKNOWN_OID; \
|
||||
}
|
||||
|
||||
/*
|
||||
|
||||
@ -19,9 +19,6 @@
|
||||
|
||||
#include "mbedtls/md.h"
|
||||
|
||||
/** OID is not found. */
|
||||
#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
|
||||
|
||||
/*
|
||||
* Maximum number of OID components allowed
|
||||
*/
|
||||
@ -459,7 +456,7 @@ typedef struct {
|
||||
* \param oid OID to use
|
||||
* \param ext_type place to store the extension type
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
*/
|
||||
int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type);
|
||||
|
||||
@ -470,7 +467,7 @@ int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_typ
|
||||
* \param oid OID to use
|
||||
* \param short_name place to store the string pointer
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
*/
|
||||
int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name);
|
||||
|
||||
@ -481,7 +478,7 @@ int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char
|
||||
* \param md_alg place to store message digest algorithm
|
||||
* \param pk_alg place to store public key algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
*/
|
||||
int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
|
||||
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
|
||||
@ -492,7 +489,7 @@ int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
|
||||
* \param oid OID to use
|
||||
* \param desc place to store string pointer
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
*/
|
||||
int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc);
|
||||
|
||||
@ -504,7 +501,7 @@ int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **
|
||||
* \param oid place to store ASN.1 OID string pointer
|
||||
* \param olen length of the OID
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
*/
|
||||
int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
|
||||
const char **oid, size_t *olen);
|
||||
@ -515,7 +512,7 @@ int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_typ
|
||||
* \param oid OID to use
|
||||
* \param md_alg place to store message digest algorithm
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
*/
|
||||
int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg);
|
||||
|
||||
@ -526,7 +523,7 @@ int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *
|
||||
* \param oid OID to use
|
||||
* \param desc place to store string pointer
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
*/
|
||||
int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc);
|
||||
#endif
|
||||
@ -537,7 +534,7 @@ int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const c
|
||||
* \param oid OID to use
|
||||
* \param desc place to store string pointer
|
||||
*
|
||||
* \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
|
||||
* \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
|
||||
*/
|
||||
int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc);
|
||||
|
||||
|
||||
@ -23,7 +23,7 @@ void oid_get_certificate_policies(data_t *oid, char *result_str)
|
||||
|
||||
ret = mbedtls_x509_oid_get_certificate_policies(&asn1_buf, &desc);
|
||||
if (strlen(result_str) == 0) {
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID);
|
||||
} else {
|
||||
TEST_ASSERT(ret == 0);
|
||||
TEST_ASSERT(strcmp((char *) desc, result_str) == 0);
|
||||
@ -44,7 +44,7 @@ void oid_get_extended_key_usage(data_t *oid, char *result_str)
|
||||
|
||||
ret = mbedtls_x509_oid_get_extended_key_usage(&asn1_buf, &desc);
|
||||
if (strlen(result_str) == 0) {
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID);
|
||||
} else {
|
||||
TEST_ASSERT(ret == 0);
|
||||
TEST_ASSERT(strcmp((char *) desc, result_str) == 0);
|
||||
@ -65,7 +65,7 @@ void oid_get_x509_extension(data_t *oid, int exp_type)
|
||||
|
||||
ret = mbedtls_x509_oid_get_x509_ext_type(&ext_oid, &ext_type);
|
||||
if (exp_type == 0) {
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID);
|
||||
} else {
|
||||
TEST_ASSERT(ret == 0);
|
||||
TEST_ASSERT(ext_type == exp_type);
|
||||
@ -87,7 +87,7 @@ void oid_get_md_alg_id(data_t *oid, int exp_md_id)
|
||||
ret = mbedtls_x509_oid_get_md_alg(&md_oid, &md_id);
|
||||
|
||||
if (exp_md_id < 0) {
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
|
||||
TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID);
|
||||
TEST_ASSERT(md_id == 0);
|
||||
} else {
|
||||
TEST_ASSERT(ret == 0);
|
||||
|
||||
@ -1386,11 +1386,11 @@ x509parse_crt:"307f3075a0030201008204deadbeef30020601300c310a3008060013045465737
|
||||
|
||||
X509 CRT ASN1 (TBS, inv AlgID, OID empty)
|
||||
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
|
||||
x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
|
||||
x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
|
||||
|
||||
X509 CRT ASN1 (TBS, inv AlgID, OID unknown)
|
||||
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
|
||||
x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
|
||||
x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
|
||||
|
||||
X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding)
|
||||
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
|
||||
@ -2845,7 +2845,7 @@ X509 RSASSA-PSS parameters ASN1 (HashAlg with parameters)
|
||||
x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_DATA)
|
||||
|
||||
X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID)
|
||||
x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
|
||||
x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
|
||||
|
||||
X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256)
|
||||
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
|
||||
@ -2866,7 +2866,7 @@ X509 RSASSA-PSS parameters ASN1 (MGAlg AlgId wrong len #1)
|
||||
x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
|
||||
|
||||
X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1)
|
||||
x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_OID_NOT_FOUND)
|
||||
x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_X509_UNKNOWN_OID)
|
||||
|
||||
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag)
|
||||
x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
|
||||
@ -2881,7 +2881,7 @@ X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg not an OID)
|
||||
x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
|
||||
|
||||
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID)
|
||||
x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
|
||||
x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
|
||||
|
||||
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL)
|
||||
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
|
||||
|
||||
Reference in New Issue
Block a user