commit 846ae7a70d1399347411106669dc0cb4b3f54b8e
author Janos Follath <janos.follath@arm.com> Fri Apr 05 16:45:01 2019 +0100
committer Janos Follath <janos.follath@arm.com> Fri Apr 05 16:45:01 2019 +0100
tree 8e8a7aa4c10981b2f03d23a1d3fbf397c64ce1f0
parent d7ecbd6914be02237e9f4b6d4473ebb306248c60

Document and test flags in x509_verify

include/mbedtls/x509_crt.h

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index 96f0142..eea2632 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h
@@ -425,6 +425,8 @@
  * \param cn       The expected Common Name. This may be \c NULL if the
  *                 CN need not be verified.
  * \param flags    The address at which to store the result of the verification.
+ *                 If the verification couldn't be completed, the flag value is
+ *                 set to (uint32_t) -1.
  * \param f_vrfy   The verification callback to use. See the documentation
  *                 of mbedtls_x509_crt_verify() for more information.
  * \param p_vrfy   The context to be passed to \p f_vrfy.
@@ -464,6 +466,8 @@
  * \param cn       The expected Common Name. This may be \c NULL if the
  *                 CN need not be verified.
  * \param flags    The address at which to store the result of the verification.
+ *                 If the verification couldn't be completed, the flag value is
+ *                 set to (uint32_t) -1.
  * \param f_vrfy   The verification callback to use. See the documentation
  *                 of mbedtls_x509_crt_verify() for more information.
  * \param p_vrfy   The context to be passed to \p f_vrfy.
@@ -500,6 +504,8 @@
  * \param cn       The expected Common Name. This may be \c NULL if the
  *                 CN need not be verified.
  * \param flags    The address at which to store the result of the verification.
+ *                 If the verification couldn't be completed, the flag value is
+ *                 set to (uint32_t) -1.
  * \param f_vrfy   The verification callback to use. See the documentation
  *                 of mbedtls_x509_crt_verify() for more information.
  * \param p_vrfy   The context to be passed to \p f_vrfy.
@@ -568,6 +574,8 @@
  * \param cn       The expected Common Name. This may be \c NULL if the
  *                 CN need not be verified.
  * \param flags    The address at which to store the result of the verification.
+ *                 If the verification couldn't be completed, the flag value is
+ *                 set to (uint32_t) -1.
  * \param f_vrfy   The verification callback to use. See the documentation
  *                 of mbedtls_x509_crt_verify() for more information.
  * \param p_vrfy   The context to be passed to \p f_vrfy.

tests/suites/test_suite_x509parse.function

diff --git a/tests/suites/test_suite_x509parse.function b/tests/suites/test_suite_x509parse.function
index cd6e292..b11ab84 100644
--- a/tests/suites/test_suite_x509parse.function
+++ b/tests/suites/test_suite_x509parse.function
@@ -482,6 +482,7 @@
                                               NULL, NULL );
 
     TEST_ASSERT( ret == exp_ret );
+    TEST_ASSERT( flags == (uint32_t)( -1 ) );
 exit:
     mbedtls_x509_crt_free( &crt );
     mbedtls_x509_crt_free( &ca );