Relocate OCSP and CRL errors to x509.h

Relocate the new OCSP and CRL X509 related errors to x509.h as the error message generation scripts cannot handle these anywhere else. Also, update the error.c file with the new human-readable strings for the OCSP and CRL errors.
2026-04-05 20:15:36 +02:00 · 2017-08-29 11:28:54 +01:00
parent caa1c8f827
commit dafbfc4b8a
6 changed files with 17 additions and 11 deletions
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h
@@ -71,7 +71,7 @@
 * Name      ID  Nr of Errors
 * PEM       1   9
 * PKCS#12   1   4 (Started from top)
- * X509      2   20
+ * X509      2   24
 * PKCS5     2   4 (Started from top)
 * DHM       3   9
 * PK        3   14 (Started from top)
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h
@@ -76,6 +76,10 @@
 #define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  /**< Allocation of memory failed. */
 #define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  /**< Read/write of file failed. */
 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  /**< Destination buffer is too small. */
+#define MBEDTLS_ERR_X509_INVALID_RESPONSE_STATUS          -0x2A00 /**< The OCSP response status is invalid */
+#define MBEDTLS_ERR_X509_INVALID_RESPONSE_TYPE            -0x2A10 /**< The OCSP response type is invalid */
+#define MBEDTLS_ERR_X509_INVALID_CERT_STATUS              -0x2A20 /**< A SingleResponse in the OCSP response specifies an invalid certificate status value */
+#define MBEDTLS_ERR_X509_INVALID_CRL_REASON               -0x2B00 /**< The CRLReason value is invalid */
 #define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000  /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
 /* \} name */

--- a/include/mbedtls/x509_crl.h
+++ b/include/mbedtls/x509_crl.h
@@ -35,8 +35,6 @@
 extern "C" {
 #endif

-#define MBEDTLS_ERR_X509_CRL_INVALID_CRL_REASON         -0x2B00
-
 #define MBEDTLS_X509_CRL_REASON_UNSPECIFIED                 0
 #define MBEDTLS_X509_CRL_REASON_KEY_COMPROMISE              1
 #define MBEDTLS_X509_CRL_REASON_CA_COMPROMISE               2
--- a/include/mbedtls/x509_ocsp.h
+++ b/include/mbedtls/x509_ocsp.h
@@ -36,10 +36,6 @@

 #include <stdint.h>

-#define MBEDTLS_ERR_X509_OCSP_INVALID_RESPONSE_STATUS    -0x2A00 /**< The OCSP response status is invalid */
-#define MBEDTLS_ERR_X509_OCSP_INVALID_RESPONSE_TYPE      -0x2A10 /**< The OCSP response type is invalid */
-#define MBEDTLS_ERR_X509_OCSP_INVALID_CERT_STATUS        -0x2A20 /**< A SingleResponse in the OCSP response specifies an invalid certificate status value */
-
 /* OCSP response status values as defined in RFC 6960 Section 4.2.1 */
 #define MBEDTLS_X509_OCSP_RESPONSE_STATUS_SUCCESSFUL        0
 #define MBEDTLS_X509_OCSP_RESPONSE_STATUS_MALFORMED_REQ     1
--- a/library/error.c
+++ b/library/error.c
@@ -480,6 +480,14 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
            mbedtls_snprintf( buf, buflen, "X509 - Read/write of file failed" );
        if( use_ret == -(MBEDTLS_ERR_X509_BUFFER_TOO_SMALL) )
            mbedtls_snprintf( buf, buflen, "X509 - Destination buffer is too small" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_RESPONSE_STATUS) )
+            mbedtls_snprintf( buf, buflen, "X509 - The OCSP response status is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_RESPONSE_TYPE) )
+            mbedtls_snprintf( buf, buflen, "X509 - The OCSP response type is invalid" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_CERT_STATUS) )
+            mbedtls_snprintf( buf, buflen, "X509 - A SingleResponse in the OCSP response specifies an invalid certificate status value" );
+        if( use_ret == -(MBEDTLS_ERR_X509_INVALID_CRL_REASON) )
+            mbedtls_snprintf( buf, buflen, "X509 - The CRLReason value is invalid" );
        if( use_ret == -(MBEDTLS_ERR_X509_FATAL_ERROR) )
            mbedtls_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" );
 #endif /* MBEDTLS_X509_USE_C || MBEDTLS_X509_CREATE_C */
--- a/library/x509_ocsp.c
+++ b/library/x509_ocsp.c
@@ -151,7 +151,7 @@ static int x509_ocsp_get_response_status( unsigned char **p,
        case MBEDTLS_X509_OCSP_RESPONSE_STATUS_UNAUTHORIZED:
            break;
        default:
-            return( MBEDTLS_ERR_X509_OCSP_INVALID_RESPONSE_STATUS );
+            return( MBEDTLS_ERR_X509_INVALID_RESPONSE_STATUS );
    }

    return( 0 );
@@ -174,7 +174,7 @@ static int x509_ocsp_get_response_type( unsigned char **p,
    if( MBEDTLS_OID_CMP( MBEDTLS_OID_OCSP, resp_type ) != 0 &&
        MBEDTLS_OID_CMP( MBEDTLS_OID_OCSP_BASIC, resp_type ) != 0 )
    {
-        return( MBEDTLS_ERR_X509_OCSP_INVALID_RESPONSE_TYPE );
+        return( MBEDTLS_ERR_X509_INVALID_RESPONSE_TYPE );
    }

    *p = *p + len;
@@ -459,7 +459,7 @@ static int x509_ocsp_get_crl_reason( unsigned char **p,
        case MBEDTLS_X509_CRL_REASON_AA_COMPROMISE:
            break;
        default:
-            return( MBEDTLS_ERR_X509_CRL_INVALID_CRL_REASON );
+            return( MBEDTLS_ERR_X509_INVALID_CRL_REASON );
    }

    return( 0 );
@@ -565,7 +565,7 @@ static int x509_ocsp_get_cert_status( unsigned char **p,
            return( ret );
    }
    else
-            return( MBEDTLS_ERR_X509_OCSP_INVALID_CERT_STATUS );
+            return( MBEDTLS_ERR_X509_INVALID_CERT_STATUS );

    if( *p != end )
        return( MBEDTLS_ERR_X509_INVALID_FORMAT +