Match upstream's error codes for the old sigalg code.
People seem to condition on these a lot. Since this code has now been moved
twice, just make them all cross-module errors rather than leave a trail of
renamed error codes in our wake.
Change-Id: Iea18ab3d320f03cf29a64a27acca119768c4115c
Reviewed-on: https://boringssl-review.googlesource.com/7431
Reviewed-by: Emily Stark (Dunn) <estark@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
diff --git a/crypto/asn1/asn1_lib.c b/crypto/asn1/asn1_lib.c
index 0025a67..3d1317b 100644
--- a/crypto/asn1/asn1_lib.c
+++ b/crypto/asn1/asn1_lib.c
@@ -63,9 +63,16 @@
#include <openssl/err.h>
#include <openssl/mem.h>
-/* Cross-module errors from crypto/x509/i2d_pr.c */
+/* Cross-module errors from crypto/x509/i2d_pr.c. */
OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_PUBLIC_KEY_TYPE);
+/* Cross-module errors from crypto/x509/algorithm.c. */
+OPENSSL_DECLARE_ERROR_REASON(ASN1, CONTEXT_NOT_INITIALISED);
+OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_MESSAGE_DIGEST_ALGORITHM);
+OPENSSL_DECLARE_ERROR_REASON(ASN1, UNKNOWN_SIGNATURE_ALGORITHM);
+OPENSSL_DECLARE_ERROR_REASON(ASN1, UNSUPPORTED_ALGORITHM);
+OPENSSL_DECLARE_ERROR_REASON(ASN1, WRONG_PUBLIC_KEY_TYPE);
+
/*
* Cross-module errors from crypto/x509/asn1_gen.c. TODO(davidben): Remove
* these once asn1_gen.c is gone.
diff --git a/crypto/err/asn1.errordata b/crypto/err/asn1.errordata
index b1b0437..ec8ea53 100644
--- a/crypto/err/asn1.errordata
+++ b/crypto/err/asn1.errordata
@@ -6,6 +6,7 @@
ASN1,105,BN_LIB
ASN1,106,BOOLEAN_IS_WRONG_LENGTH
ASN1,107,BUFFER_TOO_SMALL
+ASN1,190,CONTEXT_NOT_INITIALISED
ASN1,108,DECODE_ERROR
ASN1,109,DEPTH_EXCEEDED
ASN1,110,ENCODE_ERROR
@@ -79,9 +80,13 @@
ASN1,178,UNEXPECTED_EOC
ASN1,179,UNIVERSALSTRING_IS_WRONG_LENGTH
ASN1,180,UNKNOWN_FORMAT
+ASN1,187,UNKNOWN_MESSAGE_DIGEST_ALGORITHM
+ASN1,188,UNKNOWN_SIGNATURE_ALGORITHM
ASN1,181,UNKNOWN_TAG
+ASN1,191,UNSUPPORTED_ALGORITHM
ASN1,182,UNSUPPORTED_ANY_DEFINED_BY_TYPE
ASN1,183,UNSUPPORTED_PUBLIC_KEY_TYPE
ASN1,184,UNSUPPORTED_TYPE
+ASN1,189,WRONG_PUBLIC_KEY_TYPE
ASN1,185,WRONG_TAG
ASN1,186,WRONG_TYPE
diff --git a/crypto/err/rsa.errordata b/crypto/err/rsa.errordata
index c19f73c..4a5272d 100644
--- a/crypto/err/rsa.errordata
+++ b/crypto/err/rsa.errordata
@@ -24,6 +24,9 @@
RSA,119,INCONSISTENT_SET_OF_CRT_VALUES
RSA,120,INTERNAL_ERROR
RSA,121,INVALID_MESSAGE_LENGTH
+RSA,146,INVALID_PSS_PARAMETERS
+RSA,147,INVALID_SALT_LENGTH
+RSA,148,INVALID_TRAILER
RSA,122,KEY_SIZE_TOO_SMALL
RSA,123,LAST_OCTET_INVALID
RSA,124,MODULUS_TOO_LARGE
diff --git a/crypto/err/x509.errordata b/crypto/err/x509.errordata
index 727d729..412a351 100644
--- a/crypto/err/x509.errordata
+++ b/crypto/err/x509.errordata
@@ -4,39 +4,30 @@
X509,103,BASE64_DECODE_ERROR
X509,104,CANT_CHECK_DH_KEY
X509,105,CERT_ALREADY_IN_HASH_TABLE
-X509,137,CONTEXT_NOT_INITIALISED
X509,106,CRL_ALREADY_DELTA
X509,107,CRL_VERIFY_FAILURE
X509,108,IDP_MISMATCH
X509,109,INVALID_BIT_STRING_BITS_LEFT
X509,110,INVALID_DIRECTORY
X509,111,INVALID_FIELD_NAME
-X509,138,INVALID_PSS_PARAMETERS
-X509,139,INVALID_SALT_LENGTH
-X509,140,INVALID_TRAILER
X509,112,INVALID_TRUST
X509,113,ISSUER_MISMATCH
X509,114,KEY_TYPE_MISMATCH
X509,115,KEY_VALUES_MISMATCH
X509,116,LOADING_CERT_DIR
X509,117,LOADING_DEFAULTS
-X509,118,METHOD_NOT_SUPPORTED
-X509,119,NEWER_CRL_NOT_NEWER
-X509,120,NOT_PKCS7_SIGNED_DATA
-X509,121,NO_CERTIFICATES_INCLUDED
-X509,122,NO_CERT_SET_FOR_US_TO_VERIFY
-X509,136,NO_CRLS_INCLUDED
+X509,118,NEWER_CRL_NOT_NEWER
+X509,119,NOT_PKCS7_SIGNED_DATA
+X509,120,NO_CERTIFICATES_INCLUDED
+X509,121,NO_CERT_SET_FOR_US_TO_VERIFY
+X509,122,NO_CRLS_INCLUDED
X509,123,NO_CRL_NUMBER
X509,124,PUBLIC_KEY_DECODE_ERROR
X509,125,PUBLIC_KEY_ENCODE_ERROR
X509,126,SHOULD_RETRY
-X509,127,UNABLE_TO_FIND_PARAMETERS_IN_CHAIN
-X509,128,UNABLE_TO_GET_CERTS_PUBLIC_KEY
-X509,129,UNKNOWN_KEY_TYPE
-X509,130,UNKNOWN_NID
-X509,131,UNKNOWN_PURPOSE_ID
-X509,132,UNKNOWN_TRUST_ID
-X509,133,UNSUPPORTED_ALGORITHM
-X509,134,WRONG_LOOKUP_TYPE
-X509,141,WRONG_PUBLIC_KEY_TYPE
-X509,135,WRONG_TYPE
+X509,127,UNKNOWN_KEY_TYPE
+X509,128,UNKNOWN_NID
+X509,129,UNKNOWN_PURPOSE_ID
+X509,130,UNKNOWN_TRUST_ID
+X509,131,WRONG_LOOKUP_TYPE
+X509,132,WRONG_TYPE
diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index 9ffea1f..dccd201 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c
@@ -71,6 +71,11 @@
#include "../internal.h"
+/* Cross-module errors from crypto/x509/rsa_pss.c. */
+OPENSSL_DECLARE_ERROR_REASON(RSA, INVALID_PSS_PARAMETERS);
+OPENSSL_DECLARE_ERROR_REASON(RSA, INVALID_SALT_LENGTH);
+OPENSSL_DECLARE_ERROR_REASON(RSA, INVALID_TRAILER);
+
static CRYPTO_EX_DATA_CLASS g_ex_data_class = CRYPTO_EX_DATA_CLASS_INIT;
RSA *RSA_new(void) { return RSA_new_method(NULL); }
diff --git a/crypto/x509/algorithm.c b/crypto/x509/algorithm.c
index af8ebfc..29bfc8d 100644
--- a/crypto/x509/algorithm.c
+++ b/crypto/x509/algorithm.c
@@ -69,7 +69,7 @@
const EVP_MD *digest = EVP_MD_CTX_md(ctx);
EVP_PKEY *pkey = EVP_PKEY_CTX_get0_pkey(ctx->pctx);
if (digest == NULL || pkey == NULL) {
- OPENSSL_PUT_ERROR(X509, X509_R_CONTEXT_NOT_INITIALISED);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_CONTEXT_NOT_INITIALISED);
return 0;
}
@@ -89,7 +89,7 @@
int sign_nid;
if (!OBJ_find_sigid_by_algs(&sign_nid, EVP_MD_type(digest),
EVP_PKEY_id(pkey))) {
- OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_ALGORITHM);
return 0;
}
@@ -107,20 +107,20 @@
int sigalg_nid = OBJ_obj2nid(sigalg->algorithm);
int digest_nid, pkey_nid;
if (!OBJ_find_sigid_algs(sigalg_nid, &digest_nid, &pkey_nid)) {
- OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_ALGORITHM);
return 0;
}
/* Check the public key OID matches the public key type. */
if (pkey_nid != EVP_PKEY_id(pkey)) {
- OPENSSL_PUT_ERROR(X509, X509_R_WRONG_PUBLIC_KEY_TYPE);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_WRONG_PUBLIC_KEY_TYPE);
return 0;
}
/* NID_undef signals that there are custom parameters to set. */
if (digest_nid == NID_undef) {
if (sigalg_nid != NID_rsassaPss) {
- OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_ALGORITHM);
return 0;
}
return x509_rsa_pss_to_ctx(ctx, sigalg, pkey);
diff --git a/crypto/x509/rsa_pss.c b/crypto/x509/rsa_pss.c
index 82995a4..887f372 100644
--- a/crypto/x509/rsa_pss.c
+++ b/crypto/x509/rsa_pss.c
@@ -161,7 +161,7 @@
}
md = EVP_get_digestbyobj(alg->algorithm);
if (md == NULL) {
- OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_ALGORITHM);
}
return md;
}
@@ -174,16 +174,16 @@
}
/* Check mask and lookup mask hash algorithm */
if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) {
- OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_ALGORITHM);
return NULL;
}
if (!maskHash) {
- OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_ALGORITHM);
return NULL;
}
md = EVP_get_digestbyobj(maskHash->algorithm);
if (md == NULL) {
- OPENSSL_PUT_ERROR(X509, X509_R_UNSUPPORTED_ALGORITHM);
+ OPENSSL_PUT_ERROR(ASN1, ASN1_R_UNSUPPORTED_ALGORITHM);
return NULL;
}
return md;
@@ -253,7 +253,7 @@
X509_ALGOR *maskHash;
RSA_PSS_PARAMS *pss = rsa_pss_decode(sigalg, &maskHash);
if (pss == NULL) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_PSS_PARAMETERS);
+ OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_PSS_PARAMETERS);
goto err;
}
@@ -270,7 +270,7 @@
/* Could perform more salt length sanity checks but the main
* RSA routines will trap other invalid values anyway. */
if (saltlen < 0) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_SALT_LENGTH);
+ OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_SALT_LENGTH);
goto err;
}
}
@@ -278,7 +278,7 @@
/* low-level routines support only trailer field 0xbc (value 1)
* and PKCS#1 says we should reject any other value anyway. */
if (pss->trailerField != NULL && ASN1_INTEGER_get(pss->trailerField) != 1) {
- OPENSSL_PUT_ERROR(X509, X509_R_INVALID_TRAILER);
+ OPENSSL_PUT_ERROR(RSA, RSA_R_INVALID_TRAILER);
goto err;
}
diff --git a/include/openssl/asn1.h b/include/openssl/asn1.h
index 8296ca4..2291641 100644
--- a/include/openssl/asn1.h
+++ b/include/openssl/asn1.h
@@ -1165,5 +1165,10 @@
#define ASN1_R_UNSUPPORTED_TYPE 184
#define ASN1_R_WRONG_TAG 185
#define ASN1_R_WRONG_TYPE 186
+#define ASN1_R_UNKNOWN_MESSAGE_DIGEST_ALGORITHM 187
+#define ASN1_R_UNKNOWN_SIGNATURE_ALGORITHM 188
+#define ASN1_R_WRONG_PUBLIC_KEY_TYPE 189
+#define ASN1_R_CONTEXT_NOT_INITIALISED 190
+#define ASN1_R_UNSUPPORTED_ALGORITHM 191
#endif
diff --git a/include/openssl/base.h b/include/openssl/base.h
index b685ec3..0379b74 100644
--- a/include/openssl/base.h
+++ b/include/openssl/base.h
@@ -109,6 +109,7 @@
#define OPENSSL_IS_BORINGSSL
#define BORINGSSL_201512
+#define BORINGSSL_201603
#define OPENSSL_VERSION_NUMBER 0x10002000
#define SSLEAY_VERSION_NUMBER OPENSSL_VERSION_NUMBER
diff --git a/include/openssl/rsa.h b/include/openssl/rsa.h
index df75af0..dbbe635 100644
--- a/include/openssl/rsa.h
+++ b/include/openssl/rsa.h
@@ -637,5 +637,8 @@
#define RSA_R_BAD_ENCODING 143
#define RSA_R_ENCODE_ERROR 144
#define RSA_R_BAD_VERSION 145
+#define RSA_R_INVALID_PSS_PARAMETERS 146
+#define RSA_R_INVALID_SALT_LENGTH 147
+#define RSA_R_INVALID_TRAILER 148
#endif /* OPENSSL_HEADER_RSA_H */
diff --git a/include/openssl/x509.h b/include/openssl/x509.h
index 3b21c14..480355b 100644
--- a/include/openssl/x509.h
+++ b/include/openssl/x509.h
@@ -1244,29 +1244,20 @@
#define X509_R_KEY_VALUES_MISMATCH 115
#define X509_R_LOADING_CERT_DIR 116
#define X509_R_LOADING_DEFAULTS 117
-#define X509_R_METHOD_NOT_SUPPORTED 118
-#define X509_R_NEWER_CRL_NOT_NEWER 119
-#define X509_R_NOT_PKCS7_SIGNED_DATA 120
-#define X509_R_NO_CERTIFICATES_INCLUDED 121
-#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 122
+#define X509_R_NEWER_CRL_NOT_NEWER 118
+#define X509_R_NOT_PKCS7_SIGNED_DATA 119
+#define X509_R_NO_CERTIFICATES_INCLUDED 120
+#define X509_R_NO_CERT_SET_FOR_US_TO_VERIFY 121
+#define X509_R_NO_CRLS_INCLUDED 122
#define X509_R_NO_CRL_NUMBER 123
#define X509_R_PUBLIC_KEY_DECODE_ERROR 124
#define X509_R_PUBLIC_KEY_ENCODE_ERROR 125
#define X509_R_SHOULD_RETRY 126
-#define X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN 127
-#define X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY 128
-#define X509_R_UNKNOWN_KEY_TYPE 129
-#define X509_R_UNKNOWN_NID 130
-#define X509_R_UNKNOWN_PURPOSE_ID 131
-#define X509_R_UNKNOWN_TRUST_ID 132
-#define X509_R_UNSUPPORTED_ALGORITHM 133
-#define X509_R_WRONG_LOOKUP_TYPE 134
-#define X509_R_WRONG_TYPE 135
-#define X509_R_NO_CRLS_INCLUDED 136
-#define X509_R_CONTEXT_NOT_INITIALISED 137
-#define X509_R_INVALID_PSS_PARAMETERS 138
-#define X509_R_INVALID_SALT_LENGTH 139
-#define X509_R_INVALID_TRAILER 140
-#define X509_R_WRONG_PUBLIC_KEY_TYPE 141
+#define X509_R_UNKNOWN_KEY_TYPE 127
+#define X509_R_UNKNOWN_NID 128
+#define X509_R_UNKNOWN_PURPOSE_ID 129
+#define X509_R_UNKNOWN_TRUST_ID 130
+#define X509_R_WRONG_LOOKUP_TYPE 131
+#define X509_R_WRONG_TYPE 132
#endif
