TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 1fd4321ba2016dfaff2b48c11f731fc9ccbd7ccf^! / . / library / error.c
commit1fd4321ba2016dfaff2b48c11f731fc9ccbd7ccf[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Mon Jun 17 15:14:42 2013 +0200
committerPaul Bakker <p.j.bakker@polarssl.org>Mon Jun 17 15:14:42 2013 +0200
tree89d7e1089c7d280d0f51493044eee6a4253fedbb
parent19bd297dc896410e0d859729f9e8d4b1e107e6c8 [diff] [blame]
PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates

The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.

diff --git a/library/error.c b/library/error.c
index 17b414a..cb64d6b 100644
--- a/library/error.c
+++ b/library/error.c

@@ -233,6 +233,17 @@
             snprintf( buf, buflen, "PKCS12 - PBE ASN.1 data not as expected" );
 #endif /* POLARSSL_PKCS12_C */
 
+#if defined(POLARSSL_PKCS5_C)
+        if( use_ret == -(POLARSSL_ERR_PKCS5_BAD_INPUT_DATA) )
+            snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
+        if( use_ret == -(POLARSSL_ERR_PKCS5_INVALID_FORMAT) )
+            snprintf( buf, buflen, "PKCS5 - Unexpected ASN.1 data" );
+        if( use_ret == -(POLARSSL_ERR_PKCS5_FEATURE_UNAVAILABLE) )
+            snprintf( buf, buflen, "PKCS5 - Requested encryption or digest alg not available" );
+        if( use_ret == -(POLARSSL_ERR_PKCS5_PASSWORD_MISMATCH) )
+            snprintf( buf, buflen, "PKCS5 - Given private key password does not allow for correct decryption" );
+#endif /* POLARSSL_PKCS5_C */
+
 #if defined(POLARSSL_RSA_C)
         if( use_ret == -(POLARSSL_ERR_RSA_BAD_INPUT_DATA) )
             snprintf( buf, buflen, "RSA - Bad input parameters to function" );
@@ -373,6 +384,10 @@
             snprintf( buf, buflen, "X509 - Allocation of memory failed" );
         if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
             snprintf( buf, buflen, "X509 - Read/write of file failed" );
+        if( use_ret == -(POLARSSL_ERR_X509_PASSWORD_REQUIRED) )
+            snprintf( buf, buflen, "X509 - Private key password can't be empty" );
+        if( use_ret == -(POLARSSL_ERR_X509_PASSWORD_MISMATCH) )
+            snprintf( buf, buflen, "X509 - Given private key password does not allow for correct decryption" );
 #endif /* POLARSSL_X509_PARSE_C */
 
         if( strlen( buf ) == 0 )
@@ -548,11 +563,6 @@
         snprintf( buf, buflen, "PBKDF2 - Bad input parameters to function" );
 #endif /* POLARSSL_PBKDF2_C */
 
-#if defined(POLARSSL_PKCS5_C)
-    if( use_ret == -(POLARSSL_ERR_PKCS5_BAD_INPUT_DATA) )
-        snprintf( buf, buflen, "PKCS5 - Bad input parameters to function" );
-#endif /* POLARSSL_PKCS5_C */
-
 #if defined(POLARSSL_SHA1_C)
     if( use_ret == -(POLARSSL_ERR_SHA1_FILE_IO_ERROR) )
         snprintf( buf, buflen, "SHA1 - Read/write error in file" );