mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-03 10:13:40 +00:00
Fix error codes returned on failures
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
parent
160968586b
commit
86d1946164
@ -78,7 +78,6 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *end_ext_data;
|
unsigned char *end_ext_data;
|
||||||
|
|
||||||
while (*p < end) {
|
while (*p < end) {
|
||||||
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
|
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
|
||||||
int ext_type = 0;
|
int ext_type = 0;
|
||||||
@ -86,7 +85,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
/* Read sequence tag */
|
/* Read sequence tag */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
end_ext_data = *p + len;
|
end_ext_data = *p + len;
|
||||||
@ -94,7 +93,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
/* Get extension ID */
|
/* Get extension ID */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
|
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
|
||||||
MBEDTLS_ASN1_OID)) != 0) {
|
MBEDTLS_ASN1_OID)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
extn_oid.tag = MBEDTLS_ASN1_OID;
|
extn_oid.tag = MBEDTLS_ASN1_OID;
|
||||||
@ -104,11 +103,12 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
/* Data should be octet string type */
|
/* Data should be octet string type */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
|
||||||
MBEDTLS_ASN1_OCTET_STRING)) != 0) {
|
MBEDTLS_ASN1_OCTET_STRING)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*p + len != end_ext_data) {
|
if (*p + len != end_ext_data) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -116,10 +116,16 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
*/
|
*/
|
||||||
ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
|
ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret != 0) {
|
||||||
|
*p = end_ext_data;
|
||||||
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
|
ret);
|
||||||
|
}
|
||||||
|
|
||||||
/* Forbid repeated extensions */
|
/* Forbid repeated extensions */
|
||||||
if ((csr->ext_types & ext_type) != 0) {
|
if ((csr->ext_types & ext_type) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
|
return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
|
MBEDTLS_ERR_ASN1_INVALID_DATA));
|
||||||
}
|
}
|
||||||
|
|
||||||
csr->ext_types |= ext_type;
|
csr->ext_types |= ext_type;
|
||||||
@ -151,14 +157,13 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
default:
|
default:
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
}
|
|
||||||
|
|
||||||
*p = end_ext_data;
|
*p = end_ext_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*p != end) {
|
if (*p != end) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -180,14 +185,14 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr,
|
|||||||
|
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
end_attr_data = *p + len;
|
end_attr_data = *p + len;
|
||||||
|
|
||||||
/* Get attribute ID */
|
/* Get attribute ID */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end_attr_data, &attr_oid.len,
|
if ((ret = mbedtls_asn1_get_tag(p, end_attr_data, &attr_oid.len,
|
||||||
MBEDTLS_ASN1_OID)) != 0) {
|
MBEDTLS_ASN1_OID)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
attr_oid.tag = MBEDTLS_ASN1_OID;
|
attr_oid.tag = MBEDTLS_ASN1_OID;
|
||||||
@ -196,24 +201,25 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr,
|
|||||||
|
|
||||||
/* Check that this is an extension-request attribute */
|
/* Check that this is an extension-request attribute */
|
||||||
if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS9_CSR_EXT_REQ, &attr_oid) == 0) {
|
if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS9_CSR_EXT_REQ, &attr_oid) == 0) {
|
||||||
|
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) {
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
|
||||||
0) {
|
0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = x509_csr_parse_extensions(csr, p, *p + len)) != 0) {
|
if ((ret = x509_csr_parse_extensions(csr, p, *p + len)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*p != end_attr_data) {
|
if (*p != end_attr_data) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -221,8 +227,8 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (*p != end) {
|
if (*p != end) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user