Add two error codes to the Error module

One of the error codes was already reserved, this commit just makes it
explicit. The other one is a new error code for initializing return
values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should
not be returned by the library. If it is returned, then it is surely a
bug in the library or somebody is tampering with the device.
This commit is contained in:
Janos Follath 2019-12-03 15:55:56 +00:00
parent ab534cfd62
commit 2d20567122
3 changed files with 17 additions and 2 deletions

View File

@ -52,9 +52,10 @@
* For historical reasons, low-level error codes are divided in even and odd, * For historical reasons, low-level error codes are divided in even and odd,
* even codes were assigned first, and -1 is reserved for other errors. * even codes were assigned first, and -1 is reserved for other errors.
* *
* Low-level module errors (0x0002-0x007E, 0x0003-0x007F) * Low-level module errors (0x0002-0x007E, 0x0001-0x007F)
* *
* Module Nr Codes assigned * Module Nr Codes assigned
* ERROR 2 0x006E 0x0001
* MPI 7 0x0002-0x0010 * MPI 7 0x0002-0x0010
* GCM 3 0x0012-0x0014 0x0013-0x0013 * GCM 3 0x0012-0x0014 0x0013-0x0013
* BLOWFISH 3 0x0016-0x0018 0x0017-0x0017 * BLOWFISH 3 0x0016-0x0018 0x0017-0x0017
@ -112,6 +113,9 @@
extern "C" { extern "C" {
#endif #endif
#define MBEDTLS_ERR_ERROR_GENERIC_ERROR -0x0001 /**< Generic error */
#define MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED -0x006E /**< This is a bug in the library */
/** /**
* \brief Translate a mbed TLS error code into a string representation, * \brief Translate a mbed TLS error code into a string representation,
* Result is truncated if necessary and always includes a terminating * Result is truncated if necessary and always includes a terminating

View File

@ -109,6 +109,10 @@
#include "mbedtls/entropy.h" #include "mbedtls/entropy.h"
#endif #endif
#if defined(MBEDTLS_ERROR_C)
#include "mbedtls/error.h"
#endif
#if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_GCM_C)
#include "mbedtls/gcm.h" #include "mbedtls/gcm.h"
#endif #endif
@ -754,6 +758,13 @@ void mbedtls_strerror( int ret, char *buf, size_t buflen )
mbedtls_snprintf( buf, buflen, "ENTROPY - Read/write error in file" ); mbedtls_snprintf( buf, buflen, "ENTROPY - Read/write error in file" );
#endif /* MBEDTLS_ENTROPY_C */ #endif /* MBEDTLS_ENTROPY_C */
#if defined(MBEDTLS_ERROR_C)
if( use_ret == -(MBEDTLS_ERR_ERROR_GENERIC_ERROR) )
mbedtls_snprintf( buf, buflen, "ERROR - Generic error" );
if( use_ret == -(MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED) )
mbedtls_snprintf( buf, buflen, "ERROR - This is a bug in the library" );
#endif /* MBEDTLS_ERROR_C */
#if defined(MBEDTLS_GCM_C) #if defined(MBEDTLS_GCM_C)
if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) ) if( use_ret == -(MBEDTLS_ERR_GCM_AUTH_FAILED) )
mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" ); mbedtls_snprintf( buf, buflen, "GCM - Authenticated decryption failed" );

View File

@ -38,7 +38,7 @@ my $error_format_file = $data_dir.'/error.fmt';
my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH my @low_level_modules = qw( AES ARC4 ARIA ASN1 BASE64 BIGNUM BLOWFISH
CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES CAMELLIA CCM CHACHA20 CHACHAPOLY CMAC CTR_DRBG DES
ENTROPY GCM HKDF HMAC_DRBG MD2 MD4 MD5 ENTROPY ERROR GCM HKDF HMAC_DRBG MD2 MD4 MD5
NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160 NET OID PADLOCK PBKDF2 PLATFORM POLY1305 RIPEMD160
SHA1 SHA256 SHA512 THREADING XTEA ); SHA1 SHA256 SHA512 THREADING XTEA );
my @high_level_modules = qw( CIPHER DHM ECP MD my @high_level_modules = qw( CIPHER DHM ECP MD