Replace MBEDTLS_ERR_OID_NOT_FOUND with MBEDTLS_ERR_X509_UNKNOWN_OID
Replace the non-X.509-named error code `MBEDTLS_ERR_OID_NOT_FOUND` with
`MBEDTLS_ERR_X509_UNKNOWN_OID`, which already exists and is currently not
used for anything.
Public functions in X.509 propagate this error code, so it needs to have a
public name.
Remove the definition of `MBEDTLS_ERR_OID_NOT_FOUND` in `x509_oid.h`, then
```
git grep -l MBEDTLS_ERR_OID_NOT_FOUND | xargs perl -i -pe 's/\bMBEDTLS_ERR_OID_NOT_FOUND\b/MBEDTLS_ERR_X509_UNKNOWN_OID/g'
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 0c992bf..519b5b4 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -7016,7 +7016,7 @@
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
switch (ret) {
case 0: /*ok*/
- case MBEDTLS_ERR_OID_NOT_FOUND:
+ case MBEDTLS_ERR_X509_UNKNOWN_OID:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
break;
diff --git a/library/ssl_tls13_generic.c b/library/ssl_tls13_generic.c
index 70175e0..44525dd 100644
--- a/library/ssl_tls13_generic.c
+++ b/library/ssl_tls13_generic.c
@@ -505,7 +505,7 @@
switch (ret) {
case 0: /*ok*/
break;
- case MBEDTLS_ERR_OID_NOT_FOUND:
+ case MBEDTLS_ERR_X509_UNKNOWN_OID:
/* Ignore certificate with an unknown algorithm: maybe a
prior certificate was already trusted. */
break;
diff --git a/library/x509.c b/library/x509.c
index fe4e3e3..54275eb 100644
--- a/library/x509.c
+++ b/library/x509.c
@@ -314,7 +314,7 @@
/* Only MFG1 is recognised for now */
if (MBEDTLS_OID_CMP(MBEDTLS_OID_MGF1, &alg_id) != 0) {
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE,
- MBEDTLS_ERR_OID_NOT_FOUND);
+ MBEDTLS_ERR_X509_UNKNOWN_OID);
}
/* Parse HashAlgorithm */
diff --git a/library/x509_oid.c b/library/x509_oid.c
index 0a5da54..3517ee3 100644
--- a/library/x509_oid.c
+++ b/library/x509_oid.c
@@ -66,7 +66,7 @@
int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
- if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
*ATTR1 = data->descriptor.ATTR1; \
return 0; \
}
@@ -80,7 +80,7 @@
int FN_NAME(const mbedtls_asn1_buf *oid, ATTR1_TYPE * ATTR1) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
- if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
*ATTR1 = data->ATTR1; \
return 0; \
}
@@ -95,7 +95,7 @@
ATTR2_TYPE * ATTR2) \
{ \
const TYPE_T *data = oid_ ## TYPE_NAME ## _from_asn1(oid); \
- if (data == NULL) return MBEDTLS_ERR_OID_NOT_FOUND; \
+ if (data == NULL) return MBEDTLS_ERR_X509_UNKNOWN_OID; \
*(ATTR1) = data->ATTR1; \
*(ATTR2) = data->ATTR2; \
return 0; \
@@ -117,7 +117,7 @@
} \
cur++; \
} \
- return MBEDTLS_ERR_OID_NOT_FOUND; \
+ return MBEDTLS_ERR_X509_UNKNOWN_OID; \
}
/*
@@ -138,7 +138,7 @@
} \
cur++; \
} \
- return MBEDTLS_ERR_OID_NOT_FOUND; \
+ return MBEDTLS_ERR_X509_UNKNOWN_OID; \
}
/*
diff --git a/library/x509_oid.h b/library/x509_oid.h
index 46cfd54..6b2da98 100644
--- a/library/x509_oid.h
+++ b/library/x509_oid.h
@@ -19,9 +19,6 @@
#include "mbedtls/md.h"
-/** OID is not found. */
-#define MBEDTLS_ERR_OID_NOT_FOUND -0x002E
-
/*
* Maximum number of OID components allowed
*/
@@ -459,7 +456,7 @@
* \param oid OID to use
* \param ext_type place to store the extension type
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_x509_ext_type(const mbedtls_asn1_buf *oid, int *ext_type);
@@ -470,7 +467,7 @@
* \param oid OID to use
* \param short_name place to store the string pointer
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_attr_short_name(const mbedtls_asn1_buf *oid, const char **short_name);
@@ -481,7 +478,7 @@
* \param md_alg place to store message digest algorithm
* \param pk_alg place to store public key algorithm
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_sig_alg(const mbedtls_asn1_buf *oid,
mbedtls_md_type_t *md_alg, mbedtls_pk_type_t *pk_alg);
@@ -492,7 +489,7 @@
* \param oid OID to use
* \param desc place to store string pointer
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_sig_alg_desc(const mbedtls_asn1_buf *oid, const char **desc);
@@ -504,7 +501,7 @@
* \param oid place to store ASN.1 OID string pointer
* \param olen length of the OID
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_oid_by_sig_alg(mbedtls_pk_type_t pk_alg, mbedtls_md_type_t md_alg,
const char **oid, size_t *olen);
@@ -515,7 +512,7 @@
* \param oid OID to use
* \param md_alg place to store message digest algorithm
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_md_alg(const mbedtls_asn1_buf *oid, mbedtls_md_type_t *md_alg);
@@ -526,7 +523,7 @@
* \param oid OID to use
* \param desc place to store string pointer
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_extended_key_usage(const mbedtls_asn1_buf *oid, const char **desc);
#endif
@@ -537,7 +534,7 @@
* \param oid OID to use
* \param desc place to store string pointer
*
- * \return 0 if successful, or MBEDTLS_ERR_OID_NOT_FOUND
+ * \return 0 if successful, or MBEDTLS_ERR_X509_UNKNOWN_OID
*/
int mbedtls_x509_oid_get_certificate_policies(const mbedtls_asn1_buf *oid, const char **desc);