der: error position tracking improvements

- Changes all `Tag::*_error` methods to return `ErrorKind` rather than
  `Error`, and changes call sites where these methods were used with
  a `Reader` in scope to call `reader.error()` to ensure error position
  is propagated appropriately.
- Locates sites of `ErrorKind::*.into()` where a `Reader` is in scope
  and changes them to use `reader.error()`

Author: tarcieri

Cargo.lock

@@ -58,3 +58,7 @@ tls_codec_derive = { path = "./tls_codec/derive" }
 x509-tsp = { path = "./x509-tsp" }
 x509-cert = { path = "./x509-cert" }
 x509-ocsp = { path = "./x509-ocsp" }
+
+[patch.crates-io.elliptic-curve]
+git = "https://github.com/RustCrypto/traits.git"
+branch = "elliptic-curve/der-error-fixups"

Cargo.toml

@@ -63,7 +63,7 @@ impl<'a> AnyRef<'a> {
         T: Choice<'a> + DecodeValue<'a>,
     {
         if !T::can_decode(self.tag) {
-            return Err(self.tag.unexpected_error(None).into());
+            return Err(Error::from(self.tag.unexpected_error(None)).into());
         }
 
         let header = Header {

der/src/asn1/any.rs

@@ -39,7 +39,7 @@ impl<'a> BitStringRef<'a> {
     /// from the final octet. This number is 0 if the value is octet-aligned.
     pub fn new(unused_bits: u8, bytes: &'a [u8]) -> Result<Self> {
         if (unused_bits > Self::MAX_UNUSED_BITS) || (unused_bits != 0 && bytes.is_empty()) {
-            return Err(Self::TAG.value_error());
+            return Err(Self::TAG.value_error().into());
         }
 
         let inner = BytesRef::new(bytes).map_err(|_| Self::TAG.length_error())?;
@@ -206,8 +206,9 @@ impl<'a, const N: usize> TryFrom<BitStringRef<'a>> for [u8; N] {
 
     fn try_from(bit_string: BitStringRef<'a>) -> Result<Self> {
         let bytes: &[u8] = TryFrom::try_from(bit_string)?;
-
-        bytes.try_into().map_err(|_| Tag::BitString.length_error())
+        bytes
+            .try_into()
+            .map_err(|_| Tag::BitString.length_error().into())
     }
 }
 
@@ -217,7 +218,7 @@ impl<'a> TryFrom<BitStringRef<'a>> for &'a [u8] {
     fn try_from(bit_string: BitStringRef<'a>) -> Result<&'a [u8]> {
         bit_string
             .as_bytes()
-            .ok_or_else(|| Tag::BitString.value_error())
+            .ok_or_else(|| Tag::BitString.value_error().into())
     }
 }
 
@@ -400,7 +401,7 @@ mod allocating {
             bit_string
                 .as_bytes()
                 .map(|bytes| bytes.to_vec())
-                .ok_or_else(|| Tag::BitString.value_error())
+                .ok_or_else(|| Tag::BitString.value_error().into())
         }
     }
 
@@ -620,7 +621,7 @@ mod tests {
     fn reject_unused_bits_in_empty_string() {
         assert_eq!(
             parse_bitstring(&[0x03]).err().unwrap().kind(),
-            Tag::BitString.value_error().kind()
+            Tag::BitString.value_error()
         )
     }
 

der/src/asn1/bit_string.rs

@@ -22,7 +22,7 @@ impl BmpString {
         let bytes = bytes.into();
 
         if bytes.len() % 2 != 0 {
-            return Err(Tag::BmpString.length_error());
+            return Err(Tag::BmpString.length_error().into());
         }
 
         let ret = Self {
@@ -34,7 +34,7 @@ impl BmpString {
                 // Character is in the Basic Multilingual Plane
                 Ok(c) if (c as u64) < u64::from(u16::MAX) => (),
                 // Characters outside Basic Multilingual Plane or unpaired surrogates
-                _ => return Err(Tag::BmpString.value_error()),
+                _ => return Err(Tag::BmpString.value_error().into()),
             }
         }
 

der/src/asn1/bmp_string.rs

@@ -25,7 +25,7 @@ impl<'a> DecodeValue<'a> for bool {
         match reader.read_byte()? {
             FALSE_OCTET => Ok(false),
             TRUE_OCTET => Ok(true),
-            _ => Err(Self::TAG.non_canonical_error()),
+            _ => Err(reader.error(Self::TAG.non_canonical_error())),
         }
     }
 }

der/src/asn1/boolean.rs

@@ -49,7 +49,7 @@ impl GeneralizedTime {
     pub fn from_unix_duration(unix_duration: Duration) -> Result<Self> {
         DateTime::from_unix_duration(unix_duration)
             .map(Into::into)
-            .map_err(|_| Self::TAG.value_error())
+            .map_err(|_| Self::TAG.value_error().into())
     }
 
     /// Get the duration of this timestamp since `UNIX_EPOCH`.
@@ -62,7 +62,7 @@ impl GeneralizedTime {
     pub fn from_system_time(time: SystemTime) -> Result<Self> {
         DateTime::try_from(time)
             .map(Into::into)
-            .map_err(|_| Self::TAG.value_error())
+            .map_err(|_| Self::TAG.value_error().into())
     }
 
     /// Convert to [`SystemTime`].
@@ -79,7 +79,7 @@ impl<'a> DecodeValue<'a> for GeneralizedTime {
 
     fn decode_value<R: Reader<'a>>(reader: &mut R, header: Header) -> Result<Self> {
         if Self::LENGTH != usize::try_from(header.length)? {
-            return Err(Self::TAG.value_error());
+            return Err(reader.error(Self::TAG.value_error()));
         }
 
         let mut bytes = [0u8; Self::LENGTH];
@@ -117,10 +117,10 @@ impl<'a> DecodeValue<'a> for GeneralizedTime {
                 let second = datetime::decode_decimal(Self::TAG, sec1, sec2)?;
 
                 DateTime::new(year, month, day, hour, minute, second)
-                    .map_err(|_| Self::TAG.value_error())
+                    .map_err(|_| reader.error(Self::TAG.value_error()))
                     .and_then(|dt| Self::from_unix_duration(dt.unix_duration()))
             }
-            _ => Err(Self::TAG.value_error()),
+            _ => Err(reader.error(Self::TAG.value_error())),
         }
     }
 }

der/src/asn1/generalized_time.rs

@@ -50,12 +50,12 @@ impl<'a> Ia5StringRef<'a> {
 
         // Validate all characters are within IA5String's allowed set
         if input.iter().any(|&c| c > 0x7F) {
-            return Err(Self::TAG.value_error());
+            return Err(Self::TAG.value_error().into());
         }
 
         StrRef::from_bytes(input)
             .map(|inner| Self { inner })
-            .map_err(|_| Self::TAG.value_error())
+            .map_err(|_| Self::TAG.value_error().into())
     }
 }
 
@@ -122,7 +122,7 @@ mod allocation {
 
             StrOwned::from_bytes(input)
                 .map(|inner| Self { inner })
-                .map_err(|_| Self::TAG.value_error())
+                .map_err(|_| Self::TAG.value_error().into())
         }
     }
 
@@ -181,7 +181,7 @@ mod allocation {
 
             StrOwned::new(input)
                 .map(|inner| Self { inner })
-                .map_err(|_| Self::TAG.value_error())
+                .map_err(|_| Self::TAG.value_error().into())
         }
     }
 }

der/src/asn1/ia5_string.rs

@@ -21,11 +21,11 @@ macro_rules! impl_encoding_traits {
                     let max_length = u32::from(header.length) as usize;
 
                     if max_length == 0 {
-                        return Err(Tag::Integer.length_error());
+                        return Err(reader.error(Tag::Integer.length_error()));
                     }
 
                     if max_length > buf.len() {
-                        return Err(Self::TAG.non_canonical_error());
+                        return Err(reader.error(Self::TAG.non_canonical_error()));
                     }
 
                     let bytes = reader.read_into(&mut buf[..max_length])?;
@@ -40,7 +40,7 @@ macro_rules! impl_encoding_traits {
 
                     // Ensure we compute the same encoded length as the original any value
                     if header.length != result.value_len()? {
-                        return Err(Self::TAG.non_canonical_error());
+                        return Err(reader.error(Self::TAG.non_canonical_error()));
                     }
 
                     Ok(result)
@@ -144,7 +144,7 @@ impl<'a> DecodeValue<'a> for IntRef<'a> {
 
         // Ensure we compute the same encoded length as the original any value.
         if result.value_len()? != header.length {
-            return Err(Self::TAG.non_canonical_error());
+            return Err(reader.error(Self::TAG.non_canonical_error()));
         }
 
         Ok(result)
@@ -238,7 +238,7 @@ mod allocating {
 
             // Ensure we compute the same encoded length as the original any value.
             if result.value_len()? != header.length {
-                return Err(Self::TAG.non_canonical_error());
+                return Err(reader.error(Self::TAG.non_canonical_error()));
             }
 
             Ok(result)
@@ -375,13 +375,15 @@ mod allocating {
 
 /// Ensure `INTEGER` is canonically encoded.
 fn validate_canonical(bytes: &[u8]) -> Result<()> {
+    let non_canonical_error = Tag::Integer.non_canonical_error().into();
+
     // The `INTEGER` type always encodes a signed value and we're decoding
     // as signed here, so we allow a zero extension or sign extension byte,
     // but only as permitted under DER canonicalization.
     match bytes {
-        [] => Err(Tag::Integer.non_canonical_error()),
-        [0x00, byte, ..] if *byte < 0x80 => Err(Tag::Integer.non_canonical_error()),
-        [0xFF, byte, ..] if *byte >= 0x80 => Err(Tag::Integer.non_canonical_error()),
+        [] => Err(non_canonical_error),
+        [0x00, byte, ..] if *byte < 0x80 => Err(non_canonical_error),
+        [0xFF, byte, ..] if *byte >= 0x80 => Err(non_canonical_error),
         _ => Ok(()),
     }
 }

der/src/asn1/integer/int.rs

@@ -25,19 +25,19 @@ macro_rules! impl_encoding_traits {
                     let max_length = u32::from(header.length) as usize;
 
                     if max_length == 0 {
-                        return Err(Tag::Integer.length_error());
+                        return Err(reader.error(Tag::Integer.length_error()));
                     }
 
                     if max_length > buf.len() {
-                        return Err(Self::TAG.non_canonical_error());
+                        return Err(reader.error(Self::TAG.non_canonical_error()));
                     }
 
                     let bytes = reader.read_into(&mut buf[..max_length])?;
                     let result = Self::from_be_bytes(decode_to_array(bytes)?);
 
                     // Ensure we compute the same encoded length as the original any value
                     if header.length != result.value_len()? {
-                        return Err(Self::TAG.non_canonical_error());
+                        return Err(reader.error(Self::TAG.non_canonical_error()));
                     }
 
                     Ok(result)
@@ -127,7 +127,7 @@ impl<'a> DecodeValue<'a> for UintRef<'a> {
 
         // Ensure we compute the same encoded length as the original any value.
         if result.value_len()? != header.length {
-            return Err(Self::TAG.non_canonical_error());
+            return Err(reader.error(Self::TAG.non_canonical_error()));
         }
 
         Ok(result)
@@ -221,7 +221,7 @@ mod allocating {
 
             // Ensure we compute the same encoded length as the original any value.
             if result.value_len()? != header.length {
-                return Err(Self::TAG.non_canonical_error());
+                return Err(reader.error(Self::TAG.non_canonical_error()));
             }
 
             Ok(result)
@@ -328,11 +328,11 @@ pub(crate) fn decode_to_slice(bytes: &[u8]) -> Result<&[u8]> {
     // integer (since we're decoding an unsigned integer).
     // We expect all such cases to have a leading `0x00` byte.
     match bytes {
-        [] => Err(Tag::Integer.non_canonical_error()),
+        [] => Err(Tag::Integer.non_canonical_error().into()),
         [0] => Ok(bytes),
-        [0, byte, ..] if *byte < 0x80 => Err(Tag::Integer.non_canonical_error()),
+        [0, byte, ..] if *byte < 0x80 => Err(Tag::Integer.non_canonical_error().into()),
         [0, rest @ ..] => Ok(rest),
-        [byte, ..] if *byte >= 0x80 => Err(Tag::Integer.value_error()),
+        [byte, ..] if *byte >= 0x80 => Err(Tag::Integer.value_error().into()),
         _ => Ok(bytes),
     }
 }