mirror of
https://github.com/Mbed-TLS/mbedtls.git
synced 2025-03-02 16:13:27 +00:00
Fix error codes returned on failures
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
This commit is contained in:
Przemek Stekiel
parent
160968586b
commit
86d1946164
@ -78,7 +78,6 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
int ret;
|
int ret;
|
||||||
size_t len;
|
size_t len;
|
||||||
unsigned char *end_ext_data;
|
unsigned char *end_ext_data;
|
||||||
|
|
||||||
while (*p < end) {
|
while (*p < end) {
|
||||||
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
|
mbedtls_x509_buf extn_oid = { 0, 0, NULL };
|
||||||
int ext_type = 0;
|
int ext_type = 0;
|
||||||
@ -86,7 +85,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
/* Read sequence tag */
|
/* Read sequence tag */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
end_ext_data = *p + len;
|
end_ext_data = *p + len;
|
||||||
@ -94,7 +93,7 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
/* Get extension ID */
|
/* Get extension ID */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
|
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &extn_oid.len,
|
||||||
MBEDTLS_ASN1_OID)) != 0) {
|
MBEDTLS_ASN1_OID)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
extn_oid.tag = MBEDTLS_ASN1_OID;
|
extn_oid.tag = MBEDTLS_ASN1_OID;
|
||||||
@ -104,11 +103,12 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
/* Data should be octet string type */
|
/* Data should be octet string type */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end_ext_data, &len,
|
||||||
MBEDTLS_ASN1_OCTET_STRING)) != 0) {
|
MBEDTLS_ASN1_OCTET_STRING)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*p + len != end_ext_data) {
|
if (*p + len != end_ext_data) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@ -116,49 +116,54 @@ static int x509_csr_parse_extensions(mbedtls_x509_csr *csr,
|
|||||||
*/
|
*/
|
||||||
ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
|
ret = mbedtls_oid_get_x509_ext_type(&extn_oid, &ext_type);
|
||||||
|
|
||||||
if (ret == 0) {
|
if (ret != 0) {
|
||||||
/* Forbid repeated extensions */
|
*p = end_ext_data;
|
||||||
if ((csr->ext_types & ext_type) != 0) {
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS;
|
ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
csr->ext_types |= ext_type;
|
/* Forbid repeated extensions */
|
||||||
|
if ((csr->ext_types & ext_type) != 0) {
|
||||||
|
return (MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
|
MBEDTLS_ERR_ASN1_INVALID_DATA));
|
||||||
|
}
|
||||||
|
|
||||||
switch (ext_type) {
|
csr->ext_types |= ext_type;
|
||||||
case MBEDTLS_X509_EXT_KEY_USAGE:
|
|
||||||
/* Parse key usage */
|
|
||||||
if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data,
|
|
||||||
&csr->key_usage)) != 0) {
|
|
||||||
return ret;
|
|
||||||
}
|
|
||||||
break;
|
|
||||||
|
|
||||||
case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
|
switch (ext_type) {
|
||||||
/* Parse subject alt name */
|
case MBEDTLS_X509_EXT_KEY_USAGE:
|
||||||
if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data,
|
/* Parse key usage */
|
||||||
&csr->subject_alt_names)) != 0) {
|
if ((ret = mbedtls_x509_get_key_usage(p, end_ext_data,
|
||||||
return ret;
|
&csr->key_usage)) != 0) {
|
||||||
}
|
return ret;
|
||||||
break;
|
}
|
||||||
|
break;
|
||||||
|
|
||||||
case MBEDTLS_X509_EXT_NS_CERT_TYPE:
|
case MBEDTLS_X509_EXT_SUBJECT_ALT_NAME:
|
||||||
/* Parse netscape certificate type */
|
/* Parse subject alt name */
|
||||||
if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data,
|
if ((ret = mbedtls_x509_get_subject_alt_name(p, end_ext_data,
|
||||||
&csr->ns_cert_type)) != 0) {
|
&csr->subject_alt_names)) != 0) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default:
|
|
||||||
break;
|
case MBEDTLS_X509_EXT_NS_CERT_TYPE:
|
||||||
}
|
/* Parse netscape certificate type */
|
||||||
|
if ((ret = mbedtls_x509_get_ns_cert_type(p, end_ext_data,
|
||||||
|
&csr->ns_cert_type)) != 0) {
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
*p = end_ext_data;
|
*p = end_ext_data;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*p != end) {
|
if (*p != end) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
@ -180,14 +185,14 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr,
|
|||||||
|
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
end_attr_data = *p + len;
|
end_attr_data = *p + len;
|
||||||
|
|
||||||
/* Get attribute ID */
|
/* Get attribute ID */
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end_attr_data, &attr_oid.len,
|
if ((ret = mbedtls_asn1_get_tag(p, end_attr_data, &attr_oid.len,
|
||||||
MBEDTLS_ASN1_OID)) != 0) {
|
MBEDTLS_ASN1_OID)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
attr_oid.tag = MBEDTLS_ASN1_OID;
|
attr_oid.tag = MBEDTLS_ASN1_OID;
|
||||||
@ -196,24 +201,25 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr,
|
|||||||
|
|
||||||
/* Check that this is an extension-request attribute */
|
/* Check that this is an extension-request attribute */
|
||||||
if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS9_CSR_EXT_REQ, &attr_oid) == 0) {
|
if (MBEDTLS_OID_CMP(MBEDTLS_OID_PKCS9_CSR_EXT_REQ, &attr_oid) == 0) {
|
||||||
|
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) {
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SET)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
if ((ret = mbedtls_asn1_get_tag(p, end, &len,
|
||||||
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
|
MBEDTLS_ASN1_CONSTRUCTED | MBEDTLS_ASN1_SEQUENCE)) !=
|
||||||
0) {
|
0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS, ret);
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((ret = x509_csr_parse_extensions(csr, p, *p + len)) != 0) {
|
if ((ret = x509_csr_parse_extensions(csr, p, *p + len)) != 0) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS + ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (*p != end_attr_data) {
|
if (*p != end_attr_data) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -221,8 +227,8 @@ static int x509_csr_parse_attributes(mbedtls_x509_csr *csr,
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (*p != end) {
|
if (*p != end) {
|
||||||
return MBEDTLS_ERR_X509_INVALID_EXTENSIONS +
|
return MBEDTLS_ERROR_ADD(MBEDTLS_ERR_X509_INVALID_EXTENSIONS,
|
||||||
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH;
|
MBEDTLS_ERR_ASN1_LENGTH_MISMATCH);
|
||||||
}
|
}
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user