Skip to content

Commit

Permalink
Rename error variants according to Rust conventions.
Browse files Browse the repository at this point in the history
  • Loading branch information
@briansmith
briansmith committed Apr 9, 2021
1 parent 2cb889b commit 5b67fb9
Show file tree
Hide file tree
Showing 9 changed files with 59 additions and 59 deletions.
2 changes: 1 addition & 1 deletion src/calendar.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ fn days_before_year_since_unix_epoch(year: u64) -> Result<u64, Error> {
// Unix epoch. It is likely that other software won't deal well with
// certificates that have dates before the epoch.
if year < 1970 {
return Err(Error::BadDERTime);
return Err(Error::BadDerTime);
}
let days_before_year_ad = days_before_year_ad(year);
debug_assert!(days_before_year_ad >= DAYS_BEFORE_UNIX_EPOCH_AD);
Expand Down
12 changes: 6 additions & 6 deletions src/cert.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -49,16 +49,16 @@ pub(crate) fn parse_cert_internal<'a>(
ee_or_ca: EndEntityOrCA<'a>,
serial_number: fn(input: &mut untrusted::Reader<'_>) -> Result<(), Error>,
) -> Result<Cert<'a>, Error> {
let (tbs, signed_data) = cert_der.read_all(Error::BadDER, |cert_der| {
let (tbs, signed_data) = cert_der.read_all(Error::BadDer, |cert_der| {
der::nested(
cert_der,
der::Tag::Sequence,
Error::BadDER,
Error::BadDer,
signed_data::parse_signed_data,
)
})?;

tbs.read_all(Error::BadDER, |tbs| {
tbs.read_all(Error::BadDer, |tbs| {
version3(tbs)?;
serial_number(tbs)?;

Expand Down Expand Up @@ -110,7 +110,7 @@ pub(crate) fn parse_cert_internal<'a>(
tagged,
der::Tag::Sequence,
der::Tag::Sequence,
Error::BadDER,
Error::BadDer,
|extension| {
let extn_id = der::expect_tag_and_get_value(extension, der::Tag::OID)?;
let critical = der::optional_boolean(extension)?;
Expand Down Expand Up @@ -154,7 +154,7 @@ pub fn certificate_serial_number(input: &mut untrusted::Reader) -> Result<(), Er

let value = der::positive_integer(input)?;
if value.big_endian_without_leading_zero().len() > 20 {
return Err(Error::BadDER);
return Err(Error::BadDer);
}
Ok(())
}
Expand Down Expand Up @@ -215,7 +215,7 @@ fn remember_extension<'a>(
}
None => {
// All the extensions that we care about are wrapped in a SEQUENCE.
let sequence_value = value.read_all(Error::BadDER, |value| {
let sequence_value = value.read_all(Error::BadDer, |value| {
der::expect_tag_and_get_value(value, der::Tag::Sequence)
})?;
*out = Some(sequence_value);
Expand Down
32 changes: 16 additions & 16 deletions src/der.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ pub fn expect_tag_and_get_value<'a>(
input: &mut untrusted::Reader<'a>,
tag: Tag,
) -> Result<untrusted::Input<'a>, Error> {
ring::io::der::expect_tag_and_get_value(input, tag).map_err(|_| Error::BadDER)
ring::io::der::expect_tag_and_get_value(input, tag).map_err(|_| Error::BadDer)
}

pub struct Value<'a> {
Expand All @@ -39,7 +39,7 @@ impl<'a> Value<'a> {
pub fn expect_tag<'a>(input: &mut untrusted::Reader<'a>, tag: Tag) -> Result<Value<'a>, Error> {
let (actual_tag, value) = read_tag_and_get_value(input)?;
if usize::from(tag) != usize::from(actual_tag) {
return Err(Error::BadDER);
return Err(Error::BadDer);
}

Ok(Value { value })
Expand All @@ -49,7 +49,7 @@ pub fn expect_tag<'a>(input: &mut untrusted::Reader<'a>, tag: Tag) -> Result<Val
pub fn read_tag_and_get_value<'a>(
input: &mut untrusted::Reader<'a>,
) -> Result<(u8, untrusted::Input<'a>), Error> {
ring::io::der::read_tag_and_get_value(input).map_err(|_| Error::BadDER)
ring::io::der::read_tag_and_get_value(input).map_err(|_| Error::BadDer)
}

// TODO: investigate taking decoder as a reference to reduce generated code
Expand Down Expand Up @@ -78,10 +78,10 @@ where
pub fn bit_string_with_no_unused_bits<'a>(
input: &mut untrusted::Reader<'a>,
) -> Result<untrusted::Input<'a>, Error> {
nested(input, Tag::BitString, Error::BadDER, |value| {
let unused_bits_at_end = value.read_byte().map_err(|_| Error::BadDER)?;
nested(input, Tag::BitString, Error::BadDer, |value| {
let unused_bits_at_end = value.read_byte().map_err(|_| Error::BadDer)?;
if unused_bits_at_end != 0 {
return Err(Error::BadDER);
return Err(Error::BadDer);
}
Ok(value.read_bytes_to_end())
})
Expand All @@ -93,21 +93,21 @@ pub fn optional_boolean(input: &mut untrusted::Reader) -> Result<bool, Error> {
if !input.peek(Tag::Boolean.into()) {
return Ok(false);
}
nested(input, Tag::Boolean, Error::BadDER, |input| {
nested(input, Tag::Boolean, Error::BadDer, |input| {
match input.read_byte() {
Ok(0xff) => Ok(true),
Ok(0x00) => Ok(false),
_ => Err(Error::BadDER),
_ => Err(Error::BadDer),
}
})
}

pub fn positive_integer<'a>(input: &'a mut untrusted::Reader) -> Result<Positive<'a>, Error> {
ring::io::der::positive_integer(input).map_err(|_| Error::BadDER)
ring::io::der::positive_integer(input).map_err(|_| Error::BadDer)
}

pub fn small_nonnegative_integer(input: &mut untrusted::Reader) -> Result<u8, Error> {
ring::io::der::small_nonnegative_integer(input).map_err(|_| Error::BadDER)
ring::io::der::small_nonnegative_integer(input).map_err(|_| Error::BadDer)
}

pub fn time_choice(input: &mut untrusted::Reader) -> Result<time::Time, Error> {
Expand All @@ -120,24 +120,24 @@ pub fn time_choice(input: &mut untrusted::Reader) -> Result<time::Time, Error> {

fn read_digit(inner: &mut untrusted::Reader) -> Result<u64, Error> {
const DIGIT: core::ops::RangeInclusive<u8> = b'0'..=b'9';
let b = inner.read_byte().map_err(|_| Error::BadDERTime)?;
let b = inner.read_byte().map_err(|_| Error::BadDerTime)?;
if DIGIT.contains(&b) {
return Ok(u64::from(b - DIGIT.start()));
}
Err(Error::BadDERTime)
Err(Error::BadDerTime)
}

fn read_two_digits(inner: &mut untrusted::Reader, min: u64, max: u64) -> Result<u64, Error> {
let hi = read_digit(inner)?;
let lo = read_digit(inner)?;
let value = (hi * 10) + lo;
if value < min || value > max {
return Err(Error::BadDERTime);
return Err(Error::BadDerTime);
}
Ok(value)
}

nested(input, expected_tag, Error::BadDER, |value| {
nested(input, expected_tag, Error::BadDer, |value| {
let (year_hi, year_lo) = if is_utc_time {
let lo = read_two_digits(value, 0, 99)?;
let hi = if lo >= 50 { 19 } else { 20 };
Expand All @@ -156,9 +156,9 @@ pub fn time_choice(input: &mut untrusted::Reader) -> Result<time::Time, Error> {
let minutes = read_two_digits(value, 0, 59)?;
let seconds = read_two_digits(value, 0, 59)?;

let time_zone = value.read_byte().map_err(|_| Error::BadDERTime)?;
let time_zone = value.read_byte().map_err(|_| Error::BadDerTime)?;
if time_zone != b'Z' {
return Err(Error::BadDERTime);
return Err(Error::BadDerTime);
}

calendar::time_from_ymdhms_utc(year, month, day_of_month, hours, minutes, seconds)
Expand Down
10 changes: 5 additions & 5 deletions src/error.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,13 +18,13 @@ use core::fmt;
#[derive(Clone, Copy, Debug, PartialEq)]
pub enum Error {
/// The encoding of some ASN.1 DER-encoded item is invalid.
BadDER,
BadDer,

/// The encoding of an ASN.1 DER-encoded time is invalid.
BadDERTime,
BadDerTime,

/// A CA certificate is being used as an end-entity certificate.
CAUsedAsEndEntity,
CaUsedAsEndEntity,

/// The certificate is expired; i.e. the time it is being validated for is
/// later than the certificate's notAfter time.
Expand All @@ -38,7 +38,7 @@ pub enum Error {
CertNotValidYet,

/// An end-entity certificate is being used as a CA certificate.
EndEntityUsedAsCA,
EndEntityUsedAsCa,

/// An X.509 extension is invalid.
ExtensionValueInvalid,
Expand All @@ -62,7 +62,7 @@ pub enum Error {

/// The certificate is not valid for the Extended Key Usage for which it is
/// being validated.
RequiredEKUNotFound,
RequiredEkuNotFound,

/// A valid issuer for the certificate could not be found.
UnknownIssuer,
Expand Down
6 changes: 3 additions & 3 deletions src/name/ip_address.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,18 +28,18 @@ pub(super) fn presented_id_matches_constraint(
constraint: untrusted::Input,
) -> Result<bool, Error> {
if name.len() != 4 && name.len() != 16 {
return Err(Error::BadDER);
return Err(Error::BadDer);
}
if constraint.len() != 8 && constraint.len() != 32 {
return Err(Error::BadDER);
return Err(Error::BadDer);
}

// an IPv4 address never matches an IPv6 constraint, and vice versa.
if name.len() * 2 != constraint.len() {
return Ok(false);
}

let (constraint_address, constraint_mask) = constraint.read_all(Error::BadDER, |value| {
let (constraint_address, constraint_mask) = constraint.read_all(Error::BadDer, |value| {
let address = value.read_bytes(constraint.len() / 2).unwrap();
let mask = value.read_bytes(constraint.len() / 2).unwrap();
Ok((address, mask))
Expand Down
10 changes: 5 additions & 5 deletions src/name/verify.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,7 @@ pub fn verify_cert_dns_name(
}
Some(false) => (),
None => {
return NameIteration::Stop(Err(Error::BadDER));
return NameIteration::Stop(Err(Error::BadDer));
}
}
}
Expand Down Expand Up @@ -70,7 +70,7 @@ pub fn check_name_constraints(
if !inner.peek(subtrees_tag.into()) {
return Ok(None);
}
let subtrees = der::nested(inner, subtrees_tag, Error::BadDER, |tagged| {
let subtrees = der::nested(inner, subtrees_tag, Error::BadDer, |tagged| {
der::expect_tag_and_get_value(tagged, der::Tag::Sequence)
})?;
Ok(Some(subtrees))
Expand Down Expand Up @@ -152,7 +152,7 @@ fn check_presented_id_conforms_to_constraints_in_subtree(
input: &mut untrusted::Reader<'b>,
) -> Result<GeneralName<'b>, Error> {
let general_subtree = der::expect_tag_and_get_value(input, der::Tag::Sequence)?;
general_subtree.read_all(Error::BadDER, |subtree| general_name(subtree))
general_subtree.read_all(Error::BadDer, |subtree| general_name(subtree))
}

let base = match general_subtree(&mut constraints) {
Expand All @@ -164,7 +164,7 @@ fn check_presented_id_conforms_to_constraints_in_subtree(

let matches = match (name, base) {
(GeneralName::DnsName(name), GeneralName::DnsName(base)) => {
dns_name::presented_id_matches_constraint(name, base).ok_or(Error::BadDER)
dns_name::presented_id_matches_constraint(name, base).ok_or(Error::BadDer)
}

(GeneralName::DirectoryName(name), GeneralName::DirectoryName(base)) => Ok(
Expand Down Expand Up @@ -322,7 +322,7 @@ fn general_name<'a>(input: &mut untrusted::Reader<'a>) -> Result<GeneralName<'a>
| UNIFORM_RESOURCE_IDENTIFIER_TAG
| REGISTERED_ID_TAG => GeneralName::Unsupported(tag & !(CONTEXT_SPECIFIC | CONSTRUCTED)),

_ => return Err(Error::BadDER),
_ => return Err(Error::BadDer),
};
Ok(name)
}
20 changes: 10 additions & 10 deletions src/signed_data.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -175,7 +175,7 @@ struct SubjectPublicKeyInfo<'a> {
// `PublicKeyAlgorithm` for the `SignatureAlgorithm` that is matched when
// parsing the signature.
fn parse_spki_value(input: untrusted::Input) -> Result<SubjectPublicKeyInfo, Error> {
input.read_all(Error::BadDER, |input| {
input.read_all(Error::BadDer, |input| {
let algorithm_id_value = der::expect_tag_and_get_value(input, der::Tag::Sequence)?;
let key_value = der::bit_string_with_no_unused_bits(input)?;
Ok(SubjectPublicKeyInfo {
Expand Down Expand Up @@ -402,7 +402,7 @@ mod tests {
let tsd = parse_test_signed_data(file_contents);
let spki_value = untrusted::Input::from(&tsd.spki);
let spki_value = spki_value
.read_all(Error::BadDER, |input| {
.read_all(Error::BadDer, |input| {
der::expect_tag_and_get_value(input, der::Tag::Sequence)
})
.unwrap();
Expand All @@ -415,14 +415,14 @@ mod tests {

let algorithm = untrusted::Input::from(&tsd.algorithm);
let algorithm = algorithm
.read_all(Error::BadDER, |input| {
.read_all(Error::BadDer, |input| {
der::expect_tag_and_get_value(input, der::Tag::Sequence)
})
.unwrap();

let signature = untrusted::Input::from(&tsd.signature);
let signature = signature
.read_all(Error::BadDER, |input| {
.read_all(Error::BadDer, |input| {
der::bit_string_with_no_unused_bits(input)
})
.unwrap();
Expand Down Expand Up @@ -461,7 +461,7 @@ mod tests {
let signature = untrusted::Input::from(&tsd.signature);
assert_eq!(
Err(expected_error),
signature.read_all(Error::BadDER, |input| {
signature.read_all(Error::BadDer, |input| {
der::bit_string_with_no_unused_bits(input)
})
);
Expand All @@ -482,7 +482,7 @@ mod tests {
let spki = untrusted::Input::from(&tsd.spki);
assert_eq!(
Err(expected_error),
spki.read_all(Error::BadDER, |input| {
spki.read_all(Error::BadDer, |input| {
der::expect_tag_and_get_value(input, der::Tag::Sequence)
})
);
Expand Down Expand Up @@ -518,7 +518,7 @@ mod tests {
test_verify_signed_data_signature_outer!(
test_ecdsa_prime256v1_sha512_unused_bits_signature,
"ecdsa-prime256v1-sha512-unused-bits-signature.pem",
Error::BadDER
Error::BadDer
);
// XXX: We should have a variant of this test with a SHA-256 digest that gives
// `Error::UnsupportedSignatureAlgorithmForPublicKey`.
Expand Down Expand Up @@ -571,12 +571,12 @@ mod tests {
test_parse_spki_bad_outer!(
test_rsa_pkcs1_sha1_bad_key_der_length,
"rsa-pkcs1-sha1-bad-key-der-length.pem",
Error::BadDER
Error::BadDer
);
test_parse_spki_bad_outer!(
test_rsa_pkcs1_sha1_bad_key_der_null,
"rsa-pkcs1-sha1-bad-key-der-null.pem",
Error::BadDER
Error::BadDer
);
test_verify_signed_data!(
test_rsa_pkcs1_sha1_key_params_absent,
Expand Down Expand Up @@ -610,7 +610,7 @@ mod tests {
test_parse_spki_bad_outer!(
test_rsa_pkcs1_sha256_key_encoded_ber,
"rsa-pkcs1-sha256-key-encoded-ber.pem",
Error::BadDER
Error::BadDer
);
test_verify_signed_data!(
test_rsa_pkcs1_sha256_spki_non_null_params,
Expand Down
8 changes: 4 additions & 4 deletions src/trust_anchor.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ impl<'a> TrustAnchor<'a> {
possibly_invalid_certificate_serial_number,
) {
Ok(cert) => Ok(Self::from(cert)),
Err(Error::UnsupportedCertVersion) => parse_cert_v1(cert_der).or(Err(Error::BadDER)),
Err(Error::UnsupportedCertVersion) => parse_cert_v1(cert_der).or(Err(Error::BadDer)),
Err(err) => Err(err),
}
}
Expand Down Expand Up @@ -86,9 +86,9 @@ impl<'a> From<Cert<'a>> for TrustAnchor<'a> {
/// Parses a v1 certificate directly into a TrustAnchor.
fn parse_cert_v1(cert_der: untrusted::Input) -> Result<TrustAnchor, Error> {
// X.509 Certificate: https://tools.ietf.org/html/rfc5280#section-4.1.
cert_der.read_all(Error::BadDER, |cert_der| {
der::nested(cert_der, der::Tag::Sequence, Error::BadDER, |cert_der| {
let anchor = der::nested(cert_der, der::Tag::Sequence, Error::BadDER, |tbs| {
cert_der.read_all(Error::BadDer, |cert_der| {
der::nested(cert_der, der::Tag::Sequence, Error::BadDer, |cert_der| {
let anchor = der::nested(cert_der, der::Tag::Sequence, Error::BadDer, |tbs| {
// The version number field does not appear in v1 certificates.
certificate_serial_number(tbs)?;

Expand Down
Loading

0 comments on commit 5b67fb9

Please sign in to comment.