Fix an incorrect error code addition in pk_parse_key_pkcs8_unencrypted_derarchive/dev/gilles-peskine-arm/pr_4006-5

An incorrect error code addition was spotted by the new invasive testing
infrastructure whereby pk_get_pk_alg will always return a high level
error or zero and pk_parse_key_pkcs8_unencrypted_der will try to add
another high level error, resulting in a garbage error code.

Apply the same fix from ae3741e8a to fix the bug.

Signed-off-by: Chris Jones <christopher.jones@arm.com>

2 files changed, 12 insertions, 1 deletions

diff --git a/ChangeLog.d/fix-pk-parse-key-error-code.txt b/ChangeLog.d/fix-pk-parse-key-error-code.txt
new file mode 100644
index 0000000..3aa330b
--- /dev/null
+++ b/ChangeLog.d/fix-pk-parse-key-error-code.txt
@@ -0,0 +1,2 @@
+Bugfix
+   * Fix an incorrect error code when parsing a PKCS#8 private key.
diff --git a/library/pkparse.c b/library/pkparse.c
index 3f3d558..31339c1 100644
--- a/library/pkparse.c
+++ b/library/pkparse.c
@@ -1040,7 +1040,16 @@ static int pk_parse_key_pkcs8_unencrypted_der(
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_VERSION, ret ) );
 
     if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
-        return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+    {
+        if( ret >= -0x007F )
+        {
+            return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );
+        }
+        else
+        {
+            return ret;
+        }
+    }
 
     if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
         return( MBEDTLS_ERROR_ADD( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT, ret ) );