eden-emu/mbedtls
15
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

- Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.

Browse source 
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
This commit is contained in:
Paul Bakker 2011-12-10 21:55:01 +00:00
parent 18d32911c0
commit 69e095cc15
38 changed files with 254 additions and 162 deletions
Download patch file Download diff file Expand all files Collapse all files

1
include/polarssl/asn1.h
View file

@ -52,6 +52,7 @@
#define POLARSSL_ERR_ASN1_INVALID_LENGTH -0x0018 /**< Error when trying to determine the length or invalid length. */
#define POLARSSL_ERR_ASN1_LENGTH_MISMATCH -0x001A /**< Actual length differs from expected length. */
#define POLARSSL_ERR_ASN1_INVALID_DATA -0x001C /**< Data is invalid. (not used) */
#define POLARSSL_ERR_ASN1_MALLOC_FAILED -0x001E /**< Memory allocation failed */
/* \} name */
/**

4
include/polarssl/base64.h
View file

@ -29,8 +29,8 @@
#include <string.h>
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x0010 /**< Output buffer too small. */
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x0012 /**< Invalid character in input. */
#define POLARSSL_ERR_BASE64_BUFFER_TOO_SMALL -0x002A /**< Output buffer too small. */
#define POLARSSL_ERR_BASE64_INVALID_CHARACTER -0x002C /**< Invalid character in input. */
#ifdef __cplusplus
extern "C" {

51
include/polarssl/bignum.h
View file

@ -33,10 +33,11 @@
#define POLARSSL_ERR_MPI_FILE_IO_ERROR -0x0002 /**< An error occurred while reading from or writing to a file. */
#define POLARSSL_ERR_MPI_BAD_INPUT_DATA -0x0004 /**< Bad input parameters to function. */
#define POLARSSL_ERR_MPI_INVALID_CHARACTER -0x0006 /**< There is an invalid character in the digit string. */
#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write too. */
#define POLARSSL_ERR_MPI_BUFFER_TOO_SMALL -0x0008 /**< The buffer is too small to write to. */
#define POLARSSL_ERR_MPI_NEGATIVE_VALUE -0x000A /**< The input arguments are negative or result in illegal output. */
#define POLARSSL_ERR_MPI_DIVISION_BY_ZERO -0x000C /**< The input argument for division is zero, which is not allowed. */
#define POLARSSL_ERR_MPI_NOT_ACCEPTABLE -0x000E /**< The input arguments are not acceptable. */
#define POLARSSL_ERR_MPI_MALLOC_FAILED -0x0010 /**< Memory allocation failed. */
#define MPI_CHK(f) if( ( ret = f ) != 0 ) goto cleanup
@ -145,7 +146,7 @@ void mpi_free( mpi *X );
* \param nblimbs The target number of limbs
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_grow( mpi *X, size_t nblimbs );
@ -156,7 +157,7 @@ int mpi_grow( mpi *X, size_t nblimbs );
* \param Y Source MPI
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_copy( mpi *X, const mpi *Y );
@ -175,7 +176,7 @@ void mpi_swap( mpi *X, mpi *Y );
* \param z Value to use
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_lset( mpi *X, t_sint z );
@ -200,7 +201,7 @@ int mpi_get_bit( mpi *X, size_t pos );
* \param val The value to set the bit to (0 or 1)
*
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if val is not 0 or 1
*/
int mpi_set_bit( mpi *X, size_t pos, unsigned char val );
@ -289,7 +290,7 @@ int mpi_write_file( const char *p, const mpi *X, int radix, FILE *fout );
* \param buflen Input buffer size
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_read_binary( mpi *X, const unsigned char *buf, size_t buflen );
@ -312,7 +313,7 @@ int mpi_write_binary( const mpi *X, unsigned char *buf, size_t buflen );
* \param count Amount to shift
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_shift_l( mpi *X, size_t count );
@ -323,7 +324,7 @@ int mpi_shift_l( mpi *X, size_t count );
* \param count Amount to shift
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_shift_r( mpi *X, size_t count );
@ -371,7 +372,7 @@ int mpi_cmp_int( const mpi *X, t_sint z );
* \param B Right-hand MPI
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_add_abs( mpi *X, const mpi *A, const mpi *B );
@ -395,7 +396,7 @@ int mpi_sub_abs( mpi *X, const mpi *A, const mpi *B );
* \param B Right-hand MPI
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B );
@ -407,7 +408,7 @@ int mpi_add_mpi( mpi *X, const mpi *A, const mpi *B );
* \param B Right-hand MPI
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B );
@ -419,7 +420,7 @@ int mpi_sub_mpi( mpi *X, const mpi *A, const mpi *B );
* \param b The integer value to add
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_add_int( mpi *X, const mpi *A, t_sint b );
@ -431,7 +432,7 @@ int mpi_add_int( mpi *X, const mpi *A, t_sint b );
* \param b The integer value to subtract
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_sub_int( mpi *X, const mpi *A, t_sint b );
@ -443,7 +444,7 @@ int mpi_sub_int( mpi *X, const mpi *A, t_sint b );
* \param B Right-hand MPI
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B );
@ -457,7 +458,7 @@ int mpi_mul_mpi( mpi *X, const mpi *A, const mpi *B );
* \param b The integer value to multiply with
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_mul_int( mpi *X, const mpi *A, t_sint b );
@ -470,7 +471,7 @@ int mpi_mul_int( mpi *X, const mpi *A, t_sint b );
* \param B Right-hand MPI
*
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0
*
* \note Either Q or R can be NULL.
@ -486,7 +487,7 @@ int mpi_div_mpi( mpi *Q, mpi *R, const mpi *A, const mpi *B );
* \param b Integer to divide by
*
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0
*
* \note Either Q or R can be NULL.
@ -501,7 +502,7 @@ int mpi_div_int( mpi *Q, mpi *R, const mpi *A, t_sint b );
* \param B Right-hand MPI
*
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if B == 0,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if B < 0
*/
@ -515,7 +516,7 @@ int mpi_mod_mpi( mpi *R, const mpi *A, const mpi *B );
* \param b Integer to divide by
*
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_DIVISION_BY_ZERO if b == 0,
* POLARSSL_ERR_MPI_NEGATIVE_VALUE if b < 0
*/
@ -531,7 +532,7 @@ int mpi_mod_int( t_uint *r, const mpi *A, t_sint b );
* \param _RR Speed-up MPI used for recalculations
*
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or even
*
* \note _RR is used to avoid re-computing R*R mod N across
@ -549,7 +550,7 @@ int mpi_exp_mod( mpi *X, const mpi *A, const mpi *E, const mpi *N, mpi *_RR );
* \param p_rng RNG parameter
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_fill_random( mpi *X, size_t size,
int (*f_rng)(void *, unsigned char *, size_t),
@ -563,7 +564,7 @@ int mpi_fill_random( mpi *X, size_t size,
* \param B Right-hand MPI
*
* \return 0 if successful,
* 1 if memory allocation failed
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed
*/
int mpi_gcd( mpi *G, const mpi *A, const mpi *B );
@ -575,7 +576,7 @@ int mpi_gcd( mpi *G, const mpi *A, const mpi *B );
* \param N Right-hand MPI
*
* \return 0 if successful,
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if N is negative or nil
POLARSSL_ERR_MPI_NOT_ACCEPTABLE if A has no inverse mod N
*/
@ -589,7 +590,7 @@ int mpi_inv_mod( mpi *X, const mpi *A, const mpi *N );
* \param p_rng RNG parameter
*
* \return 0 if successful (probably prime),
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_NOT_ACCEPTABLE if X is not prime
*/
int mpi_is_prime( mpi *X,
@ -606,7 +607,7 @@ int mpi_is_prime( mpi *X,
* \param p_rng RNG parameter
*
* \return 0 if successful (probably prime),
* 1 if memory allocation failed,
* POLARSSL_ERR_MPI_MALLOC_FAILED if memory allocation failed,
* POLARSSL_ERR_MPI_BAD_INPUT_DATA if nbits is < 3
*/
int mpi_gen_prime( mpi *X, size_t nbits, int dh_flag,

1
include/polarssl/ctr_drbg.h
View file

@ -34,6 +34,7 @@
#define POLARSSL_ERR_CTR_DRBG_ENTROPY_SOURCE_FAILED -0x0034 /**< The entropy source failed. */
#define POLARSSL_ERR_CTR_DRBG_REQUEST_TOO_BIG -0x0036 /**< Too many random requested in single call. */
#define POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG -0x0038 /**< Input too large (Entropy + additional). */
#define POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR -0x003A /**< Read/write error in file. */
#define CTR_DRBG_BLOCKSIZE 16 /**< Block size used by the cipher */
#define CTR_DRBG_KEYSIZE 32 /**< Key size used by the cipher */

4
include/polarssl/entropy.h
View file

@ -31,8 +31,8 @@
#include "sha4.h"
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003A /**< Critical entropy source failure. */
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003C /**< No more sources can be added. */
#define POLARSSL_ERR_ENTROPY_SOURCE_FAILED -0x003C /**< Critical entropy source failure. */
#define POLARSSL_ERR_ENTROPY_MAX_SOURCES -0x003E /**< No more sources can be added. */
#define ENTROPY_MAX_SOURCES 20 /**< Maximum number of sources supported */
#define ENTROPY_MAX_GATHER 128 /**< Maximum amount requested from entropy sources */

20
include/polarssl/error.h
View file

@ -48,27 +48,33 @@
* Low-level module errors (0x007E-0x0002)
*
* Module Nr Codes assigned
* MPI 7 0x0002-0x000E
* BASE64 2 0x0010-0x0012
* ASN1 5 0x0014-0x001C
* MPI 7 0x0002-0x0010
* ASN1 6 0x0014-0x001E
* AES 2 0x0020-0x0022
* CAMELLIA 2 0x0024-0x0026
* XTEA 1 0x0028-0x0028
* BASE64 2 0x002A-0x002C
* PADLOCK 1 0x0030-0x0030
* DES 1 0x0032-0x0032
* NET 11 0x0040-0x0054
* CTR_DBRG 3 0x0034-0x0038
* ENTROPY 2 0x003A-0x003C
* CTR_DBRG 3 0x0034-0x003A
* ENTROPY 2 0x003C-0x003E
* MD2 1 0x0070-0x0070
* MD4 1 0x0072-0x0072
* MD5 1 0x0074-0x0074
* SHA1 1 0x0076-0x0076
* SHA2 1 0x0078-0x0078
* SHA4 1 0x007A-0x007A
*
* High-level module nr (3 bits - 0x1...-0x8...)
* Name ID Nr of Errors
* PEM 1 8
* X509 2 20
* X509 2 21
* DHM 3 6
* RSA 4 9
* MD 5 1
* CIPER 6 1
* SSL 7 27
* SSL 7 30
*
* Module dependent error code (5 bits 0x.08.-0x.F8.)
*/

5
include/polarssl/md2.h
View file

@ -29,6 +29,8 @@
#include <string.h>
#define POLARSSL_ERR_MD2_FILE_IO_ERROR -0x0070 /**< Read/write error in file. */
/**
* \brief MD2 context structure
*/
@ -87,8 +89,7 @@ void md2( const unsigned char *input, size_t ilen, unsigned char output[16] );
* \param path input file name
* \param output MD2 checksum result
*
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
* \return 0 if successful, or POLARSSL_ERR_MD2_FILE_IO_ERROR
*/
int md2_file( const char *path, unsigned char output[16] );

5
include/polarssl/md4.h
View file

@ -29,6 +29,8 @@
#include <string.h>
#define POLARSSL_ERR_MD4_FILE_IO_ERROR -0x0072 /**< Read/write error in file. */
/**
* \brief MD4 context structure
*/
@ -86,8 +88,7 @@ void md4( const unsigned char *input, size_t ilen, unsigned char output[16] );
* \param path input file name
* \param output MD4 checksum result
*
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
* \return 0 if successful, or POLARSSL_ERR_MD4_FILE_IO_ERROR
*/
int md4_file( const char *path, unsigned char output[16] );

5
include/polarssl/md5.h
View file

@ -29,6 +29,8 @@
#include <string.h>
#define POLARSSL_ERR_MD5_FILE_IO_ERROR -0x0074 /**< Read/write error in file. */
/**
* \brief MD5 context structure
*/
@ -86,8 +88,7 @@ void md5( const unsigned char *input, size_t ilen, unsigned char output[16] );
* \param path input file name
* \param output MD5 checksum result
*
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
* \return 0 if successful, or POLARSSL_ERR_MD5_FILE_IO_ERROR
*/
int md5_file( const char *path, unsigned char output[16] );

5
include/polarssl/sha1.h
View file

@ -29,6 +29,8 @@
#include <string.h>
#define POLARSSL_ERR_SHA1_FILE_IO_ERROR -0x0076 /**< Read/write error in file. */
/**
* \brief SHA-1 context structure
*/
@ -86,8 +88,7 @@ void sha1( const unsigned char *input, size_t ilen, unsigned char output[20] );
* \param path input file name
* \param output SHA-1 checksum result
*
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
* \return 0 if successful, or POLARSSL_ERR_SHA1_FILE_IO_ERROR
*/
int sha1_file( const char *path, unsigned char output[20] );

5
include/polarssl/sha2.h
View file

@ -29,6 +29,8 @@
#include <string.h>
#define POLARSSL_ERR_SHA2_FILE_IO_ERROR -0x0078 /**< Read/write error in file. */
/**
* \brief SHA-256 context structure
*/
@ -91,8 +93,7 @@ void sha2( const unsigned char *input, size_t ilen,
* \param output SHA-224/256 checksum result
* \param is224 0 = use SHA256, 1 = use SHA224
*
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
* \return 0 if successful, or POLARSSL_ERR_SHA2_FILE_IO_ERROR
*/
int sha2_file( const char *path, unsigned char output[32], int is224 );

5
include/polarssl/sha4.h
View file

@ -29,6 +29,8 @@
#include <string.h>
#define POLARSSL_ERR_SHA4_FILE_IO_ERROR -0x007A /**< Read/write error in file. */
#if defined(_MSC_VER) || defined(__WATCOMC__)
#define UL64(x) x##ui64
#define long64 __int64
@ -99,8 +101,7 @@ void sha4( const unsigned char *input, size_t ilen,
* \param output SHA-384/512 checksum result
* \param is384 0 = use SHA512, 1 = use SHA384
*
* \return 0 if successful, 1 if fopen failed,
* or 2 if fread failed
* \return 0 if successful, or POLARSSL_ERR_SHA4_FILE_IO_ERROR
*/
int sha4_file( const char *path, unsigned char output[64], int is384 );

4
include/polarssl/ssl.h
View file

@ -81,6 +81,7 @@
#define POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY -0x7D80 /**< Processing of the CertificateVerify handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC -0x7E00 /**< Processing of the ChangeCipherSpec handshake message failed. */
#define POLARSSL_ERR_SSL_BAD_HS_FINISHED -0x7E80 /**< Processing of the Finished handshake message failed. */
#define POLARSSL_ERR_SSL_MALLOC_FAILED -0x7F00 /**< Memory allocation failed */
/*
* Various constants
@ -373,7 +374,8 @@ int ssl_get_ciphersuite_id( const char *ciphersuite_name );
*
* \param ssl SSL context
*
* \return 0 if successful, or 1 if memory allocation failed
* \return 0 if successful, or POLARSSL_ERR_SSL_MALLOC_FAILED if
* memory allocation failed
*/
int ssl_init( ssl_context *ssl );

37
include/polarssl/x509.h
View file

@ -59,7 +59,9 @@
#define POLARSSL_ERR_X509_KEY_INVALID_VERSION -0x2880 /**< Unsupported RSA key version */
#define POLARSSL_ERR_X509_KEY_INVALID_FORMAT -0x2900 /**< Invalid RSA key tag or value. */
#define POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT -0x2980 /**< Format not recognized as DER or PEM. */
#define POLARSSL_ERR_X509_VALUE_TO_LENGTH -0x2A00 /**< Not used. */
#define POLARSSL_ERR_X509_INVALID_INPUT -0x2A00 /**< Input invalid. */
#define POLARSSL_ERR_X509_MALLOC_FAILED -0x2A80 /**< Allocation of memory failed. */
#define POLARSSL_ERR_X509_FILE_IO_ERROR -0x2B00 /**< Read/write of file failed. */
/* \} name */
@ -227,10 +229,6 @@
#define X509_FORMAT_DER 1
#define X509_FORMAT_PEM 2
#define X509_NON_PERMISSIVE 0
#define X509_PERMISSIVE 1
/**
* \addtogroup x509_module
* \{ */
@ -420,34 +418,35 @@ extern "C" {
/** \ingroup x509_module */
/**
* \brief Parse one or more certificates and add them
* to the chained list. With permissive parsing enabled
* all certificates that cannot be parsed are ignored.
* If none complete correctly, the first error is returned.
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param buf buffer holding the certificate data
* \param buflen size of the buffer
* \param permissive X509_PERMISSIVE or X509_NON_PERMISSIVE
*
* \return 0 if successful, or a specific X509 or PEM error code
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
int permissive );
int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen );
/** \ingroup x509_module */
/**
* \brief Load one or more certificates and add them
* to the chained list. With permissive parsing enabled
* all certificates that cannot be parsed are ignored.
* If none complete correctly, the first error is returned.
* to the chained list. Parses permissively. If some
* certificates can be parsed, the result is the number
* of failed certificates it encountered. If none complete
* correctly, the first error is returned.
*
* \param chain points to the start of the chain
* \param path filename to read the certificates from
* \param permissive X509_PERMISSIVE or X509_NON_PERMISSIVE
*
* \return 0 if successful, or a specific X509 or PEM error code
* \return 0 if all certificates parsed successfully, a positive number
* if partly successful or a specific X509 or PEM error code
*/
int x509parse_crtfile( x509_cert *chain, const char *path, int permissive );
int x509parse_crtfile( x509_cert *chain, const char *path );
/** \ingroup x509_module */
/**
@ -552,8 +551,6 @@ int x509parse_dhmfile( dhm_context *dhm, const char *path );
/** \} name Functions to read in DHM parameters, a certificate, CRL or private RSA key */
/**
* \brief Store the certificate DN in printable form into buf;
* no more than size characters will be written.