cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-02 01:50:33 -04:00
Code Issues Packages Projects Releases Wiki Activity

pkcs7: Use better return code for unimplemented specifications

Browse Source 
In response to feedback [1] [2], use MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
instead of MBEDTLS_ERR_PKCS7_INVALID_FORMAT for errors due to the
pkcs7 implemntation being incomplete.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953649079
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953658276

Signed-off-by: Nick Child <nick.child@ibm.com>
This commit is contained in:
Nick Child 2022-09-14 14:44:03 -05:00
parent 7089ce8381
commit 34d5e931cf
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
library/pkcs7.c
View File

@ -168,7 +168,6 @@ static int pkcs7_get_digest_algorithm_set( unsigned char **p,
end = *p + len; end = *p + len;
/** For now, it assumes there is only one digest algorithm specified **/
ret = mbedtls_asn1_get_alg_null( p, end, alg ); ret = mbedtls_asn1_get_alg_null( p, end, alg );
if( ret != 0 ) if( ret != 0 )
{ {
@ -176,8 +175,9 @@ static int pkcs7_get_digest_algorithm_set( unsigned char **p,
goto out; goto out;
} }
/** For now, it assumes there is only one digest algorithm specified **/
if ( *p != end ) if ( *p != end )
ret = MBEDTLS_ERR_PKCS7_INVALID_FORMAT; ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
out: out:
return( ret ); return( ret );
@ -231,7 +231,7 @@ static int pkcs7_get_certificates( unsigned char **p, unsigned char *end,
*/ */
if (end_cert != end_set) if (end_cert != end_set)
{ {
ret = MBEDTLS_ERR_PKCS7_INVALID_CERT; ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
goto out; goto out;
} }

2
tests/suites/test_suite_pkcs7.data
View File

@ -12,7 +12,7 @@ pkcs7_parse:"data_files/pkcs7_data_without_cert_signed.der":MBEDTLS_PKCS7_SIGNED
PKCS7 Signed Data Parse Fail with multiple certs #4 PKCS7 Signed Data Parse Fail with multiple certs #4
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_INVALID_CERT pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
PKCS7 Signed Data Parse Fail with corrupted cert #5 PKCS7 Signed Data Parse Fail with corrupted cert #5
depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C