TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / 34d5e931cf50a0647d13b05ac1577333b2c8a249^! / .
commit34d5e931cf50a0647d13b05ac1577333b2c8a249[log] [tgz]
authorNick Child <nick.child@ibm.com>Wed Sep 14 14:44:03 2022 -0500
committerNick Child <nick.child@ibm.com>Wed Sep 14 14:44:03 2022 -0500
tree0344cd173d306f5844cf7d1fb5018759fd74e2ce
parent7089ce83812a13191ba4f3af4b68e840d4660693 [diff]
pkcs7: Use better return code for unimplemented specifications

In response to feedback [1] [2], use MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
instead of MBEDTLS_ERR_PKCS7_INVALID_FORMAT for errors due to the
pkcs7 implemntation being incomplete.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953649079
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953658276

Signed-off-by: Nick Child <nick.child@ibm.com>

diff --git a/library/pkcs7.c b/library/pkcs7.c
index 3178ddc..9dcbab2 100644
--- a/library/pkcs7.c
+++ b/library/pkcs7.c

@@ -168,7 +168,6 @@
 
     end = *p + len;
 
-    /** For now, it assumes there is only one digest algorithm specified **/
     ret = mbedtls_asn1_get_alg_null( p, end, alg );
     if( ret != 0 )
     {
@@ -176,8 +175,9 @@
         goto out;
     }
 
+    /** For now, it assumes there is only one digest algorithm specified **/
     if ( *p != end )
-        ret = MBEDTLS_ERR_PKCS7_INVALID_FORMAT;
+        ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
 
 out:
     return( ret );
@@ -231,7 +231,7 @@
      */
     if (end_cert != end_set)
     {
-        ret = MBEDTLS_ERR_PKCS7_INVALID_CERT;
+        ret = MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE;
         goto out;
     }
 

diff --git a/tests/suites/test_suite_pkcs7.data b/tests/suites/test_suite_pkcs7.data
index b26a16f..4f81b6f 100644
--- a/tests/suites/test_suite_pkcs7.data
+++ b/tests/suites/test_suite_pkcs7.data

@@ -12,7 +12,7 @@
 
 PKCS7 Signed Data Parse Fail with multiple certs #4
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C
-pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_INVALID_CERT
+pkcs7_parse:"data_files/pkcs7_data_multiple_certs_signed.der":MBEDTLS_ERR_PKCS7_FEATURE_UNAVAILABLE
 
 PKCS7 Signed Data Parse Fail with corrupted cert #5
 depends_on:MBEDTLS_SHA256_C:MBEDTLS_RSA_C