Use MBEDTLS_ERROR_ADD instead of explicit addition: enforcement
Reject direct additions of error constants (regex-based approximation).
Fix the lone straggler.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
diff --git a/library/x509_crt.c b/library/x509_crt.c
index 00f3107..d72e2fb 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -679,8 +679,8 @@
}
if (*p != end) {
- return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
- MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
+ return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
+ MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
}
return 0;
diff --git a/tests/scripts/check_files.py b/tests/scripts/check_files.py
index e937202..87326e8 100755
--- a/tests/scripts/check_files.py
+++ b/tests/scripts/check_files.py
@@ -446,6 +446,25 @@
return False
+class ErrorAddIssueTracker(LineIssueTracker):
+ """Signal direct additions of error codes.
+
+ Adding a low-level error code with a high-level error code is deprecated
+ and should use MBEDTLS_ERROR_ADD.
+ """
+
+ heading = "Direct addition of error codes"
+
+ _ERR_PLUS_RE = re.compile(br'MBEDTLS_ERR_\w+ *\+|'
+ br'\+ *MBEDTLS_ERR_')
+ _EXCLUDE_RE = re.compile(br' *case ')
+
+ def issue_with_line(self, line, filepath, line_number):
+ if self._ERR_PLUS_RE.search(line) and not self._EXCLUDE_RE.match(line):
+ return True
+ return False
+
+
class IntegrityChecker:
"""Sanity-check files under the current directory."""
@@ -467,6 +486,7 @@
TabIssueTracker(),
MergeArtifactIssueTracker(),
LicenseIssueTracker(),
+ ErrorAddIssueTracker(),
]
def setup_logger(self, log_file, level=logging.INFO):