ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-13 18:29:52 +08:00
Code Issues Releases Wiki Activity

pkcs7: Use better error codes

Browse Source 
Remove an unnecessary debug print (whoops).
Use new error code for when the x509 is expired.
When there are no signers return invalid certificate.

Signed-off-by: Nick Child <nick.child@ibm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Nick Child <nick.child@ibm.com>
This commit is contained in:
Nick Child 2022-10-31 09:17:15 -05:00
parent 5f39767495
commit 3951a4f3ad
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
include/mbedtls/pkcs7.h
View File

@ -69,6 +69,7 @@
#define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */ #define MBEDTLS_ERR_PKCS7_BAD_INPUT_DATA -0x5700 /**< Input invalid. */
#define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */ #define MBEDTLS_ERR_PKCS7_ALLOC_FAILED -0x5780 /**< Allocation of memory failed. */
#define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */ #define MBEDTLS_ERR_PKCS7_VERIFY_FAIL -0x5800 /**< Verification Failed */
#define MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID -0x5880 /**< The PKCS7 date issued/expired dates are invalid */
/* \} name */ /* \} name */
/** /**

5
library/pkcs7.c
View File

@ -630,15 +630,14 @@ static int mbedtls_pkcs7_data_or_hash_verify( mbedtls_pkcs7 *pkcs7,
if( pkcs7->signed_data.no_of_signers == 0 ) if( pkcs7->signed_data.no_of_signers == 0 )
{ {
ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL; ret = MBEDTLS_ERR_PKCS7_INVALID_CERT;
goto out; goto out;
} }
if( mbedtls_x509_time_is_past( &cert->valid_to ) || if( mbedtls_x509_time_is_past( &cert->valid_to ) ||
mbedtls_x509_time_is_future( &cert->valid_from )) mbedtls_x509_time_is_future( &cert->valid_from ))
{ {
printf("EXPRED\n"); ret = MBEDTLS_ERR_PKCS7_CERT_DATE_INVALID;
ret = MBEDTLS_ERR_PKCS7_VERIFY_FAIL;
goto out; goto out;
} }