Improve handling of md errors in X.509
md() already checks for md_info == NULL. Also, in the future it might also
return other errors (eg hardware errors if acceleration is used), so it make
more sense to check its return value than to check for NULL ourselves and then
assume no other error can occur.
Also, currently, md_info == NULL can never happen except if the MD and OID modules
get out of sync, or if the user messes with members of the x509_crt structure
directly.
This commit does not change the current behaviour, which is to treat MD errors
the same way as a bad signature or no trusted root.
diff --git a/library/x509_crt.c b/library/x509_crt.c
index c6209fb..1adf8bf 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1675,17 +1675,13 @@
flags |= MBEDTLS_X509_BADCRL_BAD_PK;
md_info = mbedtls_md_info_from_type( crl_list->sig_md );
- if( md_info == NULL )
+ if( mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash ) != 0 )
{
- /*
- * Cannot check 'unknown' hash
- */
+ /* Note: this can't happen except after an internal error */
flags |= MBEDTLS_X509_BADCRL_NOT_TRUSTED;
break;
}
- mbedtls_md( md_info, crl_list->tbs.p, crl_list->tbs.len, hash );
-
if( x509_profile_check_key( profile, crl_list->sig_pk, &ca->pk ) != 0 )
flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
@@ -1930,15 +1926,12 @@
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
md_info = mbedtls_md_info_from_type( child->sig_md );
- if( md_info == NULL )
+ if( mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash ) != 0 )
{
- /*
- * Cannot check 'unknown', no need to try any CA
- */
+ /* Note: this can't happen except after an internal error */
+ /* Cannot check signature, no need to try any CA */
trust_ca = NULL;
}
- else
- mbedtls_md( md_info, child->tbs.p, child->tbs.len, hash );
for( /* trust_ca */ ; trust_ca != NULL; trust_ca = trust_ca->next )
{
