diff --git a/src/internal.c b/src/internal.c index b08e6f7715..54025b8287 100644 --- a/src/internal.c +++ b/src/internal.c @@ -25116,7 +25116,7 @@ const char* wolfSSL_ERR_reason_error_string(unsigned long e) } /* pass to wolfCrypt */ - if (error < MAX_CODE_E && error > MIN_CODE_E) { + if (error <= WC_FIRST_E && error >= WC_LAST_E) { return wc_GetErrorString(error); } diff --git a/src/ssl.c b/src/ssl.c index afd505027a..5a67b6c03d 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -15361,7 +15361,9 @@ int wolfSSL_ERR_GET_REASON(unsigned long err) ret = 0 - ret; /* setting as negative value */ /* wolfCrypt range is less than MAX (-100) wolfSSL range is MIN (-300) and lower */ - if (ret < MAX_CODE_E && ret > MIN_CODE_E) { + if ((ret <= WC_FIRST_E && ret >= WC_LAST_E) || + (ret <= WOLFSSL_FIRST_E && ret >= WOLFSSL_LAST_E)) + { return ret; } else { diff --git a/support/gen-debug-trace-error-codes.sh b/support/gen-debug-trace-error-codes.sh index 01f32faa80..4bd325dc30 100755 --- a/support/gen-debug-trace-error-codes.sh +++ b/support/gen-debug-trace-error-codes.sh @@ -12,7 +12,7 @@ BEGIN { print("#undef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H") >> "wolfssl/debug-untrace-error-codes.h"; } { - if (match($0, "^[[:space:]]+([A-Z][A-Z0-9_]+)[[:space:]]*=[[:space:]]*(-[0-9]+)[,[:space:]]")) { + if (match($0, "^[[:space:]]+([A-Z][A-Z0-9_]+)[[:space:]]*=[[:space:]]*(-[0-9]+)([,[:space:]]|$)")) { # for mawkward compatibility -- gawk allows errcode_a as the 3rd arg to match(). gsub("^[[:space:]]+", "", $0); diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 46d7da16c3..8085fea6d7 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -2491,8 +2491,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a, } if (err == MP_OKAY && mp_iszero((MP_INT_SIZE*)t2)) { /* T2 = X * X */ - if (err == MP_OKAY) - err = mp_sqr(x, t2); + err = mp_sqr(x, t2); if (err == MP_OKAY) err = mp_montgomery_reduce(t2, modulus, mp); /* T1 = T2 + T1 */ @@ -2506,8 +2505,7 @@ static int _ecc_projective_dbl_point(ecc_point *P, ecc_point *R, mp_int* a, /* use "a" in calc */ /* T2 = T1 * T1 */ - if (err == MP_OKAY) - err = mp_sqr(t1, t2); + err = mp_sqr(t1, t2); if (err == MP_OKAY) err = mp_montgomery_reduce(t2, modulus, mp); /* T1 = T2 * a */ diff --git a/wolfcrypt/src/error.c b/wolfcrypt/src/error.c index 3a1ae2151d..7624fa8011 100644 --- a/wolfcrypt/src/error.c +++ b/wolfcrypt/src/error.c @@ -44,6 +44,18 @@ const char* wc_GetErrorString(int error) { switch (error) { + case MP_MEM : + return "MP integer dynamic memory allocation failed"; + + case MP_VAL : + return "MP integer invalid argument"; + + case MP_WOULDBLOCK : + return "MP integer non-blocking operation would block"; + + case MP_NOT_INF: + return "MP point not at infinity"; + case OPEN_RAN_E : return "opening random device error"; diff --git a/wolfcrypt/src/sp_int.c b/wolfcrypt/src/sp_int.c index a25ddab4ab..35d6aa300d 100644 --- a/wolfcrypt/src/sp_int.c +++ b/wolfcrypt/src/sp_int.c @@ -31,6 +31,7 @@ This library provides single precision (SP) integer math functions. #endif #include +#include #if defined(WOLFSSL_SP_MATH) || defined(WOLFSSL_SP_MATH_ALL) diff --git a/wolfcrypt/src/tfm.c b/wolfcrypt/src/tfm.c index ccf15a5f43..753c747bee 100644 --- a/wolfcrypt/src/tfm.c +++ b/wolfcrypt/src/tfm.c @@ -5685,9 +5685,9 @@ int mp_rand_prime(mp_int* a, int len, WC_RNG* rng, void* heap) err = fp_randprime(a, len, rng, heap); switch(err) { - case FP_VAL: + case WC_NO_ERR_TRACE(MP_VAL): return MP_VAL; - case FP_MEM: + case WC_NO_ERR_TRACE(MP_MEM): return MP_MEM; default: break; diff --git a/wolfcrypt/test/test.c b/wolfcrypt/test/test.c index 4a6c7fe096..64c2ef25e4 100644 --- a/wolfcrypt/test/test.c +++ b/wolfcrypt/test/test.c @@ -2623,40 +2623,54 @@ WOLFSSL_TEST_SUBROUTINE wc_test_ret_t error_test(void) int i; int j = 0; /* Values that are not or no longer error codes. */ - int missing[] = { -124, -166, -167, -168, -169, 0 }; + static const struct { + int first; + int last; + } missing[] = { + { -6, -100 }, + { -124, -124 }, + { -166, -169 } + }; /* Check that all errors have a string and it's the same through the two * APIs. Check that the values that are not errors map to the unknown * string. */ - for (i = MAX_CODE_E-1; i >= WC_LAST_E; i--) { + for (i = WC_FIRST_E; i >= WC_LAST_E; i--) { + int this_missing = 0; + for (j = 0; j < (int)XELEM_CNT(missing); ++j) { + if ((i <= missing[j].first) && (i >= missing[j].last)) { + this_missing = 1; + break; + } + } errStr = wc_GetErrorString(i); wc_ErrorString(i, out); - if (i != missing[j]) { + if (! this_missing) { if (XSTRCMP(errStr, unknownStr) == 0) { WOLFSSL_MSG("errStr unknown"); - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(-i); } if (XSTRCMP(out, unknownStr) == 0) { WOLFSSL_MSG("out unknown"); - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(-i); } if (XSTRCMP(errStr, out) != 0) { WOLFSSL_MSG("errStr does not match output"); - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(-i); } if (XSTRLEN(errStr) >= WOLFSSL_MAX_ERROR_SZ) { WOLFSSL_MSG("errStr too long"); - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(-i); } } else { j++; if (XSTRCMP(errStr, unknownStr) != 0) - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(-i); if (XSTRCMP(out, unknownStr) != 0) - return WC_TEST_RET_ENC_NC; + return WC_TEST_RET_ENC_I(-i); } } diff --git a/wolfssl/error-ssl.h b/wolfssl/error-ssl.h index 6354f635a8..2dde4fb90a 100644 --- a/wolfssl/error-ssl.h +++ b/wolfssl/error-ssl.h @@ -35,6 +35,8 @@ #endif enum wolfSSL_ErrorCodes { + WOLFSSL_FIRST_E = -301, + INPUT_CASE_ERROR = -301, /* process input state error */ PREFIX_ERROR = -302, /* bad index to key rounds */ MEMORY_ERROR = -303, /* out of memory */ @@ -196,8 +198,11 @@ enum wolfSSL_ErrorCodes { KEY_SHARE_ERROR = -503, /* key share mismatch */ POST_HAND_AUTH_ERROR = -504, /* client won't do post-hand auth */ HRR_COOKIE_ERROR = -505, /* HRR msg cookie mismatch */ - UNSUPPORTED_CERTIFICATE = -506 /* unsupported certificate type */ + UNSUPPORTED_CERTIFICATE = -506, /* unsupported certificate type */ /* end negotiation parameter errors only 10 for now */ + + WOLFSSL_LAST_E = -506 + /* add strings to wolfSSL_ERR_reason_error_string in internal.c !!!!! */ /* no error strings go down here, add above negotiation errors !!!! */ diff --git a/wolfssl/wolfcrypt/error-crypt.h b/wolfssl/wolfcrypt/error-crypt.h index 413868ebbc..eb392fe72b 100644 --- a/wolfssl/wolfcrypt/error-crypt.h +++ b/wolfssl/wolfcrypt/error-crypt.h @@ -37,10 +37,21 @@ the error status. extern "C" { #endif +#ifdef WOLFSSL_DEBUG_TRACE_ERROR_CODES_H +#include +#endif /* error codes, add string for new errors !!! */ enum { - MAX_CODE_E = -100, /* errors -101 - -299 */ + MAX_CODE_E = -1, /* errors -2 - -299 */ + WC_FIRST_E = -2, /* errors -2 - -299 */ + + MP_MEM = -2, /* MP dynamic memory allocation failed. */ + MP_VAL = -3, /* MP value passed is not able to be used. */ + MP_WOULDBLOCK = -4, /* MP non-blocking operation is returning after + * partial completion. */ + MP_NOT_INF = -5, /* MP point not at infinity */ + OPEN_RAN_E = -101, /* opening random device error */ READ_RAN_E = -102, /* reading random device error */ WINCRYPT_E = -103, /* windows crypt init error */ @@ -276,13 +287,12 @@ enum { SM4_CCM_AUTH_E = -299, /* SM4-CCM Authentication check failure */ WC_LAST_E = -299, /* Update this to indicate last error */ - MIN_CODE_E = -300 /* errors -101 - -299 */ + MIN_CODE_E = -300 /* errors -2 - -299 */ /* add new companion error id strings for any new error codes wolfcrypt/src/error.c !!! */ }; - #ifdef NO_ERROR_STRINGS #define wc_GetErrorString(error) "no support for error strings built in" #define wc_ErrorString(err, buf) \ diff --git a/wolfssl/wolfcrypt/integer.h b/wolfssl/wolfcrypt/integer.h index 6efb4d8e23..27e0200179 100644 --- a/wolfssl/wolfcrypt/integer.h +++ b/wolfssl/wolfcrypt/integer.h @@ -42,6 +42,8 @@ #else +#include +#include #include #ifndef CHAR_BIT @@ -162,9 +164,6 @@ extern "C" { #define MP_NEG 1 /* negative */ #define MP_OKAY 0 /* ok result */ -#define MP_MEM (-2) /* out of mem */ -#define MP_VAL (-3) /* invalid input */ -#define MP_NOT_INF (-4) /* point not at infinity */ #define MP_RANGE MP_NOT_INF #define MP_YES 1 /* yes response */ diff --git a/wolfssl/wolfcrypt/sp_int.h b/wolfssl/wolfcrypt/sp_int.h index 26978acfe0..626af9e0b7 100644 --- a/wolfssl/wolfcrypt/sp_int.h +++ b/wolfssl/wolfcrypt/sp_int.h @@ -742,24 +742,18 @@ typedef struct sp_ecc_ctx { #define MP_LT (-1) /* ERROR VALUES */ + +/* MP_MEM, MP_VAL, MP_WOULDBLOCK, and MP_NOT_INF are defined in error-crypt.h */ + /** Error value on success. */ #define MP_OKAY 0 -/** Error value when dynamic memory allocation fails. */ -#define MP_MEM (-2) -/** Error value when value passed is not able to be used. */ -#define MP_VAL (-3) -/** Error value when non-blocking operation is returning after partial - * completion. - */ -#define FP_WOULDBLOCK (-4) -/* Unused error. Defined for backward compatibility. */ -#define MP_NOT_INF (-5) + +#define FP_WOULDBLOCK MP_WOULDBLOCK /* Unused error. Defined for backward compatibility. */ #define MP_RANGE MP_NOT_INF - #ifdef USE_FAST_MATH /* For old FIPS, need FP_MEM defined for old implementation. */ -#define FP_MEM (-2) +#define FP_MEM MP_MEM #endif /* Number of bits in each word/digit. */ diff --git a/wolfssl/wolfcrypt/tfm.h b/wolfssl/wolfcrypt/tfm.h index 7d29b1f67e..ecb01ae973 100644 --- a/wolfssl/wolfcrypt/tfm.h +++ b/wolfssl/wolfcrypt/tfm.h @@ -40,6 +40,7 @@ #define WOLF_CRYPT_TFM_H #include +#include #ifndef CHAR_BIT #include #endif @@ -305,10 +306,10 @@ /* return codes */ #define FP_OKAY 0 -#define FP_VAL (-1) -#define FP_MEM (-2) -#define FP_NOT_INF (-3) -#define FP_WOULDBLOCK (-4) +#define FP_VAL MP_VAL +#define FP_MEM MP_MEM +#define FP_NOT_INF MP_NOT_INF +#define FP_WOULDBLOCK MP_WOULDBLOCK /* equalities */ #define FP_LT (-1) /* less than */ @@ -776,10 +777,7 @@ int fp_sqr_comba64(fp_int *a, fp_int *b); #define MP_LT FP_LT /* less than */ #define MP_EQ FP_EQ /* equal to */ #define MP_GT FP_GT /* greater than */ -#define MP_VAL FP_VAL /* invalid */ -#define MP_MEM FP_MEM /* memory error */ -#define MP_NOT_INF FP_NOT_INF /* point not at infinity */ -#define MP_RANGE FP_NOT_INF +#define MP_RANGE MP_NOT_INF #define MP_OKAY FP_OKAY /* ok result */ #define MP_NO FP_NO /* yes/no result */ #define MP_YES FP_YES /* yes/no result */