diff --git a/include/polarssl/error.h b/include/polarssl/error.h index c32615493..f8c23e686 100644 --- a/include/polarssl/error.h +++ b/include/polarssl/error.h @@ -76,7 +76,8 @@ * Name ID Nr of Errors * PEM 1 9 * PKCS#12 1 4 (Started from top) - * X509 2 23 + * X509 2 25 + * PK 2 1 (Started from top) * DHM 3 6 * PKCS5 3 4 (Started from top) * RSA 4 9 diff --git a/include/polarssl/pk.h b/include/polarssl/pk.h index 16aac4349..3806027b4 100644 --- a/include/polarssl/pk.h +++ b/include/polarssl/pk.h @@ -27,6 +27,8 @@ #ifndef POLARSSL_PK_H #define POLARSSL_PK_H +#define POLARSSL_ERR_PK_MALLOC_FAILED -0x2F80 /**< Memory alloation failed. */ + #ifdef __cplusplus extern "C" { #endif @@ -66,8 +68,7 @@ void pk_free( pk_context *ctx ); * \param ctx Context to initialize * \param type Type of key * - * \return O on success, -1 on memory allocation error - * TODO: use appropriate error constant + * \return O on success, or POLARSSL_ERR_PK_MALLOC_FAILED */ int pk_set_type( pk_context *ctx, pk_type_t type ); diff --git a/library/error.c b/library/error.c index 7042bbd1b..0a739b5d5 100644 --- a/library/error.c +++ b/library/error.c @@ -113,6 +113,10 @@ #include "polarssl/pem.h" #endif +#if defined(POLARSSL_PK_C) +#include "polarssl/pk.h" +#endif + #if defined(POLARSSL_PKCS12_C) #include "polarssl/pkcs12.h" #endif @@ -243,6 +247,11 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "PEM - Bad input parameters to function" ); #endif /* POLARSSL_PEM_C */ +#if defined(POLARSSL_PK_C) + if( use_ret == -(POLARSSL_ERR_PK_MALLOC_FAILED) ) + snprintf( buf, buflen, "PK - Memory alloation failed" ); +#endif /* POLARSSL_PK_C */ + #if defined(POLARSSL_PKCS12_C) if( use_ret == -(POLARSSL_ERR_PKCS12_BAD_INPUT_DATA) ) snprintf( buf, buflen, "PKCS12 - Bad input parameters to function" ); @@ -388,7 +397,7 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_SIG_ALG) ) snprintf( buf, buflen, "X509 - Signature algorithm (oid) is unsupported" ); if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_PK_ALG) ) - snprintf( buf, buflen, "X509 - Key algorithm is unsupported (only RSA is supported)" ); + snprintf( buf, buflen, "X509 - Key algorithm is unsupported (only RSA and EC are supported)" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_SIG_MISMATCH) ) snprintf( buf, buflen, "X509 - Certificate signature algorithms do not match. (see \\c ::x509_cert sig_oid)" ); if( use_ret == -(POLARSSL_ERR_X509_CERT_VERIFY_FAILED) ) @@ -409,6 +418,8 @@ void polarssl_strerror( int ret, char *buf, size_t buflen ) snprintf( buf, buflen, "X509 - Private key password can't be empty" ); if( use_ret == -(POLARSSL_ERR_X509_PASSWORD_MISMATCH) ) snprintf( buf, buflen, "X509 - Given private key password does not allow for correct decryption" ); + if( use_ret == -(POLARSSL_ERR_X509_UNKNOWN_NAMED_CURVE) ) + snprintf( buf, buflen, "X509 - Elliptic curve is unsupported (only NIST curves are supported)" ); #endif /* POLARSSL_X509_PARSE_C */ if( strlen( buf ) == 0 ) diff --git a/library/pk.c b/library/pk.c index a5f8d6b9b..ca99fc633 100644 --- a/library/pk.c +++ b/library/pk.c @@ -84,7 +84,7 @@ int pk_set_type( pk_context *ctx, pk_type_t type ) return( 0 ); if( ( ctx->data = malloc( size ) ) == NULL ) - return( -1 ); + return( POLARSSL_ERR_PK_MALLOC_FAILED ); memset( ctx->data, 0, size ); ctx->type = type; diff --git a/scripts/generate_errors.pl b/scripts/generate_errors.pl index 009107b6e..7257ae670 100755 --- a/scripts/generate_errors.pl +++ b/scripts/generate_errors.pl @@ -13,7 +13,7 @@ my @low_level_modules = ( "AES", "ASN1", "BLOWFISH", "CAMELLIA", "BIGNUM", "PADLOCK", "DES", "NET", "CTR_DRBG", "ENTROPY", "MD2", "MD4", "MD5", "SHA1", "SHA256", "SHA512", "GCM" ); my @high_level_modules = ( "PEM", "X509", "DHM", "RSA", "ECP", "MD", "CIPHER", "SSL", - "PKCS12", "PKCS5" ); + "PK", "PKCS12", "PKCS5" ); my $line_separator = $/; undef $/;