Replace MBEDTLS_ERR_OID_NOT_FOUND with MBEDTLS_ERR_X509_UNKNOWN_OID
Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with
`MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not
used for anything.
Public functions in X.509 propagate this error code, so it needs to have a
public name.
Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then
```
git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0c992bf..519b5b4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7016,7 +7016,7 @@
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
switch (ret) {
case 0: /*ok*/
- case MBEDTLS_ERR_OID_NOT_FOUND:
+ case MBEDTLS_ERR_X509_UNKNOWN_OID:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
break;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 70175e0..44525dd 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -505,7 +505,7 @@
switch (ret) {
case 0: /*ok*/
break;
- case MBEDTLS_ERR_OID_NOT_FOUND:
+ case MBEDTLS_ERR_X509_UNKNOWN_OID:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
break;
diff --git a/library/x509.c b/library/x509.c
index fe4e3e3..54275eb 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -314,7 +314,7 @@
/* Only MFG1 is recognised for now */
if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
- MBEDTLS_ERR_OID_NOT_FOUND);
+ MBEDTLS_ERR_X509_UNKNOWN_OID);
}
/* Parse HashAlgorithm */
diff --git a/library/x509_oid.c b/library/x509_oid.c
index 0a5da54..3517ee3 100644
--- a/library/x509_oid.c
+++ b/library/x509_oid.c
@@ -66,7 +66,7 @@
int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
- if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
*ATTR1 = data->descriptor.ATTR1; \
return 0; \
}
@@ -80,7 +80,7 @@
int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
- if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
*ATTR1 = data->ATTR1; \
return 0; \
}
@@ -95,7 +95,7 @@
ATTR2_TYPE * ATTR2) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
- if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
*(ATTR1) = data->ATTR1; \
*(ATTR2) = data->ATTR2; \
return 0; \
@@ -117,7 +117,7 @@
} \
cur++; \
} \
- return MBEDTLS_ERR_OID_NOT_FOUND; \
+ return MBEDTLS_ERR_X509_UNKNOWN_OID; \
}
/*
@@ -138,7 +138,7 @@
} \
cur++; \
} \
- return MBEDTLS_ERR_OID_NOT_FOUND; \
+ return MBEDTLS_ERR_X509_UNKNOWN_OID; \
}
/*
diff --git a/library/x509_oid.h b/library/x509_oid.h
index 46cfd54..6b2da98 100644
--- a/library/x509_oid.h
+++ b/library/x509_oid.h
@@ -19,9 +19,6 @@
#include "mbedtls/md.h"
-/** OID is not found. */
-#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
-
/*
* Maximum number of OID components allowed
*/
@@ -459,7 +456,7 @@
* \param oid OID to use
* \param ext_type place to store the extension type
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type);
@@ -470,7 +467,7 @@
* \param oid OID to use
* \param short_name place to store the string pointer
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name);
@@ -481,7 +478,7 @@
* \param md_alg place to store message digest algorithm
* \param pk_alg place to store public key algorithm
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
@@ -492,7 +489,7 @@
* \param oid OID to use
* \param desc place to store string pointer
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc);
@@ -504,7 +501,7 @@
* \param oid place to store ASN.1 OID string pointer
* \param olen length of the OID
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const char **oid, size_t *olen);
@@ -515,7 +512,7 @@
* \param oid OID to use
* \param md_alg place to store message digest algorithm
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg);
@@ -526,7 +523,7 @@
* \param oid OID to use
* \param desc place to store string pointer
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc);
#endif
@@ -537,7 +534,7 @@
* \param oid OID to use
* \param desc place to store string pointer
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc);
diff --git a/tests/suites/test_suite_x509_oid.function b/tests/suites/test_suite_x509_oid.function
index 8273a71..f10c68d 100644
--- a/tests/suites/test_suite_x509_oid.function
+++ b/tests/suites/test_suite_x509_oid.function
@@ -23,7 +23,7 @@
ret = mbedtls_x509_oid_get_certificate_policies(&asn1_buf, &desc);
if (strlen(result_str) == 0) {
- TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID);
} else {
TEST_ASSERT(ret == 0);
TEST_ASSERT(strcmp((char *) desc, result_str) == 0);
@@ -44,7 +44,7 @@
ret = mbedtls_x509_oid_get_extended_key_usage(&asn1_buf, &desc);
if (strlen(result_str) == 0) {
- TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID);
} else {
TEST_ASSERT(ret == 0);
TEST_ASSERT(strcmp((char *) desc, result_str) == 0);
@@ -65,7 +65,7 @@
ret = mbedtls_x509_oid_get_x509_ext_type(&ext_oid, &ext_type);
if (exp_type == 0) {
- TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID);
} else {
TEST_ASSERT(ret == 0);
TEST_ASSERT(ext_type == exp_type);
@@ -87,7 +87,7 @@
ret = mbedtls_x509_oid_get_md_alg(&md_oid, &md_id);
if (exp_md_id < 0) {
- TEST_ASSERT(ret == MBEDTLS_ERR_OID_NOT_FOUND);
+ TEST_ASSERT(ret == MBEDTLS_ERR_X509_UNKNOWN_OID);
TEST_ASSERT(md_id == 0);
} else {
TEST_ASSERT(ret == 0);
diff --git a/tests/suites/test_suite_x509parse.data b/tests/suites/test_suite_x509parse.data
index 6a04ff0..c7c465b 100644
--- a/tests/suites/test_suite_x509parse.data
+++ b/tests/suites/test_suite_x509parse.data
@@ -1386,11 +1386,11 @@
X509 CRT ASN1 (TBS, inv AlgID, OID empty)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
+x509parse_crt:"307f3075a0030201008204deadbeef30020600300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30020600030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
X509 CRT ASN1 (TBS, inv AlgID, OID unknown)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
-x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
+x509parse_crt:"3081873079a0030201008204deadbeef30060604deadbeef300c310a30080600130454657374301c170c303930313031303030303030170c303931323331323335393539300c310a30080600130454657374302a300d06092A864886F70D010101050003190030160210ffffffffffffffffffffffffffffffff0202ffff30060604deadbeef030200ff":"":MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_UNKNOWN_SIG_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
X509 CRT ASN1 (TBS, inv AlgID, param inv length encoding)
depends_on:PSA_WANT_ALG_SHA_256:MBEDTLS_RSA_C
@@ -2845,7 +2845,7 @@
x509_parse_rsassa_pss_params:"a00f300d06096086480165030402013000":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_INVALID_DATA)
X509 RSASSA-PSS parameters ASN1 (HashAlg unknown OID)
-x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
+x509_parse_rsassa_pss_params:"a00d300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA256:MBEDTLS_MD_SHA1:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
X509 RSASSA-PSS parameters ASN1 (good, MGAlg = MGF1-SHA256)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256
@@ -2866,7 +2866,7 @@
x509_parse_rsassa_pss_params:"a11a301906092a864886f70d010108300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_OUT_OF_DATA)
X509 RSASSA-PSS parameters ASN1 (MGAlg OID != MGF1)
-x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_OID_NOT_FOUND)
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010109300b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE, MBEDTLS_ERR_X509_UNKNOWN_OID)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params wrong tag)
x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108310b0609608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
@@ -2881,7 +2881,7 @@
x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b0709608648016503040201":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_ASN1_UNEXPECTED_TAG)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.alg unknown OID)
-x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_OID_NOT_FOUND)
+x509_parse_rsassa_pss_params:"a11a301806092a864886f70d010108300b06096086480165030402ff":MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE:MBEDTLS_MD_SHA1:MBEDTLS_MD_SHA256:20:MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_ALG, MBEDTLS_ERR_X509_UNKNOWN_OID)
X509 RSASSA-PSS parameters ASN1 (MGAlg.params.params NULL)
depends_on:MBEDTLS_RSA_C:PSA_WANT_ALG_SHA_256