TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 69e095cc15f42f32a29163b41cd599604a6ea1e8^! / . / library
commit69e095cc15f42f32a29163b41cd599604a6ea1e8[log] [tgz]
authorPaul Bakker <p.j.bakker@polarssl.org>Sat Dec 10 21:55:01 2011 +0000
committerPaul Bakker <p.j.bakker@polarssl.org>Sat Dec 10 21:55:01 2011 +0000
tree9316e1be00b86885d0c42585f95c421c2b01fef0
parent18d32911c0a14c9458c32f2cf97eb3ce6ca50126 [diff]
 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
 - As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly


diff --git a/library/asn1parse.c b/library/asn1parse.c
index 09f67fa..2584774 100644
--- a/library/asn1parse.c
+++ b/library/asn1parse.c

@@ -242,7 +242,7 @@
                  sizeof( asn1_sequence ) );
 
             if( cur->next == NULL )
-                return( 1 );
+                return( POLARSSL_ERR_ASN1_MALLOC_FAILED );
 
             cur = cur->next;
         }

diff --git a/library/bignum.c b/library/bignum.c
index 5920956..9dff991 100644
--- a/library/bignum.c
+++ b/library/bignum.c

@@ -89,12 +89,12 @@
     t_uint *p;
 
     if( nblimbs > POLARSSL_MPI_MAX_LIMBS )
-        return( 1 );
+        return( POLARSSL_ERR_MPI_MALLOC_FAILED );
 
     if( X->n < nblimbs )
     {
         if( ( p = (t_uint *) malloc( nblimbs * ciL ) ) == NULL )
-            return( 1 );
+            return( POLARSSL_ERR_MPI_MALLOC_FAILED );
 
         memset( p, 0, nblimbs * ciL );
 

diff --git a/library/ctr_drbg.c b/library/ctr_drbg.c
index 478304e..5b610a2 100644
--- a/library/ctr_drbg.c
+++ b/library/ctr_drbg.c

@@ -244,7 +244,7 @@
     memset( seed, 0, CTR_DRBG_MAX_SEED_INPUT );
 
     /*
-     * Gather POLARSSL_CTR_DRBG_ENTROPYLEN bytes of entropy to seed state
+     * Gather enropy_len bytes of entropy to seed state
      */
     if( 0 != ctx->f_entropy( ctx->p_entropy, seed,
                              ctx->entropy_len ) )
@@ -357,7 +357,7 @@
     unsigned char buf[ CTR_DRBG_MAX_INPUT ];
 
     if( ( f = fopen( path, "wb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
 
     if( ( ret = ctr_drbg_random( ctx, buf, CTR_DRBG_MAX_INPUT ) ) != 0 )
         return( ret );
@@ -365,7 +365,7 @@
     if( fwrite( buf, 1, CTR_DRBG_MAX_INPUT, f ) != CTR_DRBG_MAX_INPUT )
     {
         fclose( f );
-        return( 1 );
+        return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
     }
 
     fclose( f );
@@ -379,7 +379,7 @@
     unsigned char buf[ CTR_DRBG_MAX_INPUT ];
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
 
     fseek( f, 0, SEEK_END );
     n = (size_t) ftell( f );
@@ -391,7 +391,7 @@
     if( fread( buf, 1, n, f ) != n )
     {
         fclose( f );
-        return( 1 );
+        return( POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR );
     }
 
     ctr_drbg_update( ctx, buf, n );

diff --git a/library/error.c b/library/error.c
index 33fad85..05e84e7 100644
--- a/library/error.c
+++ b/library/error.c

@@ -67,6 +67,18 @@
 #include "polarssl/md.h"
 #endif
 
+#if defined(POLARSSL_MD2_C)
+#include "polarssl/md2.h"
+#endif
+
+#if defined(POLARSSL_MD4_C)
+#include "polarssl/md4.h"
+#endif
+
+#if defined(POLARSSL_MD5_C)
+#include "polarssl/md5.h"
+#endif
+
 #if defined(POLARSSL_NET_C)
 #include "polarssl/net.h"
 #endif
@@ -83,6 +95,18 @@
 #include "polarssl/rsa.h"
 #endif
 
+#if defined(POLARSSL_SHA1_C)
+#include "polarssl/sha1.h"
+#endif
+
+#if defined(POLARSSL_SHA2_C)
+#include "polarssl/sha2.h"
+#endif
+
+#if defined(POLARSSL_SHA4_C)
+#include "polarssl/sha4.h"
+#endif
+
 #if defined(POLARSSL_SSL_TLS_C)
 #include "polarssl/ssl.h"
 #endif
@@ -258,6 +282,8 @@
             snprintf( buf, buflen, "SSL - Processing of the ChangeCipherSpec handshake message failed" );
         if( use_ret == -(POLARSSL_ERR_SSL_BAD_HS_FINISHED) )
             snprintf( buf, buflen, "SSL - Processing of the Finished handshake message failed" );
+        if( use_ret == -(POLARSSL_ERR_SSL_MALLOC_FAILED) )
+            snprintf( buf, buflen, "SSL - Memory allocation failed" );
 #endif /* POLARSSL_SSL_TLS_C */
 
 #if defined(POLARSSL_X509_PARSE_C)
@@ -299,8 +325,12 @@
             snprintf( buf, buflen, "X509 - Invalid RSA key tag or value" );
         if( use_ret == -(POLARSSL_ERR_X509_CERT_UNKNOWN_FORMAT) )
             snprintf( buf, buflen, "X509 - Format not recognized as DER or PEM" );
-        if( use_ret == -(POLARSSL_ERR_X509_VALUE_TO_LENGTH) )
-            snprintf( buf, buflen, "X509 - Not used" );
+        if( use_ret == -(POLARSSL_ERR_X509_INVALID_INPUT) )
+            snprintf( buf, buflen, "X509 - Input invalid" );
+        if( use_ret == -(POLARSSL_ERR_X509_MALLOC_FAILED) )
+            snprintf( buf, buflen, "X509 - Allocation of memory failed" );
+        if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
+            snprintf( buf, buflen, "X509 - Read/write of file failed" );
 #endif /* POLARSSL_X509_PARSE_C */
 
         if( strlen( buf ) == 0 )
@@ -348,6 +378,8 @@
         snprintf( buf, buflen, "ASN1 - Actual length differs from expected length" );
     if( use_ret == -(POLARSSL_ERR_ASN1_INVALID_DATA) )
         snprintf( buf, buflen, "ASN1 - Data is invalid. (not used)" );
+    if( use_ret == -(POLARSSL_ERR_ASN1_MALLOC_FAILED) )
+        snprintf( buf, buflen, "ASN1 - Memory allocation failed" );
 #endif /* POLARSSL_ASN1_PARSE_C */
 
 #if defined(POLARSSL_BASE64_C)
@@ -365,13 +397,15 @@
     if( use_ret == -(POLARSSL_ERR_MPI_INVALID_CHARACTER) )
         snprintf( buf, buflen, "BIGNUM - There is an invalid character in the digit string" );
     if( use_ret == -(POLARSSL_ERR_MPI_BUFFER_TOO_SMALL) )
-        snprintf( buf, buflen, "BIGNUM - The output buffer is too small to write too" );
+        snprintf( buf, buflen, "BIGNUM - The buffer is too small to write to" );
     if( use_ret == -(POLARSSL_ERR_MPI_NEGATIVE_VALUE) )
         snprintf( buf, buflen, "BIGNUM - The input arguments are negative or result in illegal output" );
     if( use_ret == -(POLARSSL_ERR_MPI_DIVISION_BY_ZERO) )
         snprintf( buf, buflen, "BIGNUM - The input argument for division is zero, which is not allowed" );
     if( use_ret == -(POLARSSL_ERR_MPI_NOT_ACCEPTABLE) )
         snprintf( buf, buflen, "BIGNUM - The input arguments are not acceptable" );
+    if( use_ret == -(POLARSSL_ERR_MPI_MALLOC_FAILED) )
+        snprintf( buf, buflen, "BIGNUM - Memory allocation failed" );
 #endif /* POLARSSL_BIGNUM_C */
 
 #if defined(POLARSSL_CAMELLIA_C)
@@ -388,6 +422,8 @@
         snprintf( buf, buflen, "CTR_DRBG - Too many random requested in single call" );
     if( use_ret == -(POLARSSL_ERR_CTR_DRBG_INPUT_TOO_BIG) )
         snprintf( buf, buflen, "CTR_DRBG - Input too large (Entropy + additional)" );
+    if( use_ret == -(POLARSSL_ERR_CTR_DRBG_FILE_IO_ERROR) )
+        snprintf( buf, buflen, "CTR_DRBG - Read/write error in file" );
 #endif /* POLARSSL_CTR_DRBG_C */
 
 #if defined(POLARSSL_DES_C)
@@ -402,6 +438,21 @@
         snprintf( buf, buflen, "ENTROPY - No more sources can be added" );
 #endif /* POLARSSL_ENTROPY_C */
 
+#if defined(POLARSSL_MD2_C)
+    if( use_ret == -(POLARSSL_ERR_MD2_FILE_IO_ERROR) )
+        snprintf( buf, buflen, "MD2 - Read/write error in file" );
+#endif /* POLARSSL_MD2_C */
+
+#if defined(POLARSSL_MD4_C)
+    if( use_ret == -(POLARSSL_ERR_MD4_FILE_IO_ERROR) )
+        snprintf( buf, buflen, "MD4 - Read/write error in file" );
+#endif /* POLARSSL_MD4_C */
+
+#if defined(POLARSSL_MD5_C)
+    if( use_ret == -(POLARSSL_ERR_MD5_FILE_IO_ERROR) )
+        snprintf( buf, buflen, "MD5 - Read/write error in file" );
+#endif /* POLARSSL_MD5_C */
+
 #if defined(POLARSSL_NET_C)
     if( use_ret == -(POLARSSL_ERR_NET_UNKNOWN_HOST) )
         snprintf( buf, buflen, "NET - Failed to get an IP address for the given hostname" );
@@ -432,6 +483,21 @@
         snprintf( buf, buflen, "PADLOCK - Input data should be aligned" );
 #endif /* POLARSSL_PADLOCK_C */
 
+#if defined(POLARSSL_SHA1_C)
+    if( use_ret == -(POLARSSL_ERR_SHA1_FILE_IO_ERROR) )
+        snprintf( buf, buflen, "SHA1 - Read/write error in file" );
+#endif /* POLARSSL_SHA1_C */
+
+#if defined(POLARSSL_SHA2_C)
+    if( use_ret == -(POLARSSL_ERR_SHA2_FILE_IO_ERROR) )
+        snprintf( buf, buflen, "SHA2 - Read/write error in file" );
+#endif /* POLARSSL_SHA2_C */
+
+#if defined(POLARSSL_SHA4_C)
+    if( use_ret == -(POLARSSL_ERR_SHA4_FILE_IO_ERROR) )
+        snprintf( buf, buflen, "SHA4 - Read/write error in file" );
+#endif /* POLARSSL_SHA4_C */
+
 #if defined(POLARSSL_XTEA_C)
     if( use_ret == -(POLARSSL_ERR_XTEA_INVALID_INPUT_LENGTH) )
         snprintf( buf, buflen, "XTEA - The data input has an invalid length" );

diff --git a/library/md2.c b/library/md2.c
index ff1b5aa..954aa07 100644
--- a/library/md2.c
+++ b/library/md2.c

@@ -189,7 +189,7 @@
     unsigned char buf[1024];
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
 
     md2_starts( &ctx );
 
@@ -203,7 +203,7 @@
     if( ferror( f ) != 0 )
     {
         fclose( f );
-        return( 2 );
+        return( POLARSSL_ERR_MD2_FILE_IO_ERROR );
     }
 
     fclose( f );

diff --git a/library/md4.c b/library/md4.c
index a1c8244..ad52e5e 100644
--- a/library/md4.c
+++ b/library/md4.c

@@ -285,7 +285,7 @@
     unsigned char buf[1024];
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
 
     md4_starts( &ctx );
 
@@ -299,7 +299,7 @@
     if( ferror( f ) != 0 )
     {
         fclose( f );
-        return( 2 );
+        return( POLARSSL_ERR_MD4_FILE_IO_ERROR );
     }
 
     fclose( f );

diff --git a/library/md5.c b/library/md5.c
index 1c5b397..7a449b2 100644
--- a/library/md5.c
+++ b/library/md5.c

@@ -304,7 +304,7 @@
     unsigned char buf[1024];
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
 
     md5_starts( &ctx );
 
@@ -318,7 +318,7 @@
     if( ferror( f ) != 0 )
     {
         fclose( f );
-        return( 2 );
+        return( POLARSSL_ERR_MD5_FILE_IO_ERROR );
     }
 
     fclose( f );

diff --git a/library/sha1.c b/library/sha1.c
index 56028fe..72ca063 100644
--- a/library/sha1.c
+++ b/library/sha1.c

@@ -339,7 +339,7 @@
     unsigned char buf[1024];
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
 
     sha1_starts( &ctx );
 
@@ -353,7 +353,7 @@
     if( ferror( f ) != 0 )
     {
         fclose( f );
-        return( 2 );
+        return( POLARSSL_ERR_SHA1_FILE_IO_ERROR );
     }
 
     fclose( f );

diff --git a/library/sha2.c b/library/sha2.c
index 9cc88e8..4b5e696 100644
--- a/library/sha2.c
+++ b/library/sha2.c

@@ -341,7 +341,7 @@
     unsigned char buf[1024];
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_SHA2_FILE_IO_ERROR );
 
     sha2_starts( &ctx, is224 );
 
@@ -355,7 +355,7 @@
     if( ferror( f ) != 0 )
     {
         fclose( f );
-        return( 2 );
+        return( POLARSSL_ERR_SHA2_FILE_IO_ERROR );
     }
 
     fclose( f );

diff --git a/library/sha4.c b/library/sha4.c
index ee6cf90..cf54d11 100644
--- a/library/sha4.c
+++ b/library/sha4.c

@@ -339,7 +339,7 @@
     unsigned char buf[1024];
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_SHA4_FILE_IO_ERROR );
 
     sha4_starts( &ctx, is384 );
 
@@ -353,7 +353,7 @@
     if( ferror( f ) != 0 )
     {
         fclose( f );
-        return( 2 );
+        return( POLARSSL_ERR_SHA4_FILE_IO_ERROR );
     }
 
     fclose( f );

diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 26e7dfa..545317a 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c

@@ -1376,7 +1376,7 @@
     {
         SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed",
                        sizeof( x509_cert ) ) );
-        return( 1 );
+        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }
 
     memset( ssl->peer_cert, 0, sizeof( x509_cert ) );
@@ -1401,8 +1401,7 @@
             return( POLARSSL_ERR_SSL_BAD_HS_CERTIFICATE );
         }
 
-        ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n,
-                             X509_NON_PERMISSIVE );
+        ret = x509parse_crt( ssl->peer_cert, ssl->in_msg + i, n );
         if( ret != 0 )
         {
             SSL_DEBUG_RET( 1, " x509parse_crt", ret );
@@ -1707,7 +1706,7 @@
     if( ssl->in_ctr == NULL )
     {
         SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
-        return( 1 );
+        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }
 
     ssl->out_ctr = (unsigned char *) malloc( len );
@@ -1718,7 +1717,7 @@
     {
         SSL_DEBUG_MSG( 1, ( "malloc(%d bytes) failed", len ) );
         free( ssl-> in_ctr );
-        return( 1 );
+        return( POLARSSL_ERR_SSL_MALLOC_FAILED );
     }
 
     memset( ssl-> in_ctr, 0, SSL_BUFFER_LEN );

diff --git a/library/x509parse.c b/library/x509parse.c
index d7da8c4..f561754 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c

@@ -284,7 +284,7 @@
                     sizeof( x509_name ) );
 
             if( use->next == NULL )
-                return( 1 );
+                return( POLARSSL_ERR_X509_MALLOC_FAILED );
             
             memset( use->next, 0, sizeof( x509_name ) );
 
@@ -303,7 +303,7 @@
          sizeof( x509_name ) );
 
     if( cur->next == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_X509_MALLOC_FAILED );
 
     return( x509_get_name( p, end2, cur->next ) );
 }
@@ -1018,12 +1018,12 @@
      * Check for valid input
      */
     if( crt == NULL || buf == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_X509_INVALID_INPUT );
 
     p = (unsigned char *) malloc( len = buflen );
 
     if( p == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_X509_MALLOC_FAILED );
 
     memcpy( p, buf, buflen );
 
@@ -1259,10 +1259,9 @@
 /*
  * Parse one or more PEM certificates from a buffer and add them to the chained list
  */
-int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen,
-                   int permissive )
+int x509parse_crt( x509_cert *chain, const unsigned char *buf, size_t buflen )
 {
-    int ret, success = 0, first_error = 0;
+    int ret, success = 0, first_error = 0, total_failed = 0;
     x509_cert *crt, *prev = NULL;
     int buf_format = X509_FORMAT_DER;
 
@@ -1272,7 +1271,7 @@
      * Check for valid input
      */
     if( crt == NULL || buf == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_X509_INVALID_INPUT );
 
     while( crt->version != 0 && crt->next != NULL )
     {
@@ -1288,7 +1287,7 @@
         crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
 
         if( crt->next == NULL )
-            return( 1 );
+            return( POLARSSL_ERR_X509_MALLOC_FAILED );
 
         prev = crt;
         crt = crt->next;
@@ -1349,9 +1348,9 @@
             if( ret != 0 )
             {
                 /*
-                 * quit parsing on a memory error or if in non-permissive parsing mode
+                 * quit parsing on a memory error
                  */
-                if( ret == 1 || permissive != 1 )
+                if( ret == POLARSSL_ERR_X509_MALLOC_FAILED )
                 {
                     if( prev )
                         prev->next = NULL;
@@ -1364,6 +1363,8 @@
 
                 if( first_error == 0 )
                     first_error = ret;
+                
+                total_failed++;
 
                 memset( crt, 0, sizeof( x509_cert ) );
                 continue;
@@ -1377,7 +1378,7 @@
             crt->next = (x509_cert *) malloc( sizeof( x509_cert ) );
 
             if( crt->next == NULL )
-                return( 1 );
+                return( POLARSSL_ERR_X509_MALLOC_FAILED );
 
             prev = crt;
             crt = crt->next;
@@ -1396,7 +1397,7 @@
     }
 
     if( success )
-        return( 0 );
+        return( total_failed );
     else if( first_error )
         return( first_error );
     else
@@ -1423,7 +1424,7 @@
      * Check for valid input
      */
     if( crl == NULL || buf == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_X509_INVALID_INPUT );
 
     while( crl->version != 0 && crl->next != NULL )
         crl = crl->next;
@@ -1438,7 +1439,7 @@
         if( crl->next == NULL )
         {
             x509_crl_free( crl );
-            return( 1 );
+            return( POLARSSL_ERR_X509_MALLOC_FAILED );
         }
 
         crl = crl->next;
@@ -1481,7 +1482,7 @@
         p = (unsigned char *) malloc( len = buflen );
 
         if( p == NULL )
-            return( 1 );
+            return( POLARSSL_ERR_X509_MALLOC_FAILED );
 
         memcpy( p, buf, buflen );
 
@@ -1491,7 +1492,7 @@
     p = (unsigned char *) malloc( len = buflen );
 
     if( p == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_X509_MALLOC_FAILED );
 
     memcpy( p, buf, buflen );
 
@@ -1680,7 +1681,7 @@
         if( crl->next == NULL )
         {
             x509_crl_free( crl );
-            return( 1 );
+            return( POLARSSL_ERR_X509_MALLOC_FAILED );
         }
 
         crl = crl->next;
@@ -1701,20 +1702,20 @@
     FILE *f;
 
     if( ( f = fopen( path, "rb" ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_X509_FILE_IO_ERROR );
 
     fseek( f, 0, SEEK_END );
     *n = (size_t) ftell( f );
     fseek( f, 0, SEEK_SET );
 
     if( ( *buf = (unsigned char *) malloc( *n + 1 ) ) == NULL )
-        return( 1 );
+        return( POLARSSL_ERR_X509_MALLOC_FAILED );
 
     if( fread( *buf, 1, *n, f ) != *n )
     {
         fclose( f );
         free( *buf );
-        return( 1 );
+        return( POLARSSL_ERR_X509_FILE_IO_ERROR );
     }
 
     fclose( f );
@@ -1727,16 +1728,16 @@
 /*
  * Load one or more certificates and add them to the chained list
  */
-int x509parse_crtfile( x509_cert *chain, const char *path, int permissive )
+int x509parse_crtfile( x509_cert *chain, const char *path )
 {
     int ret;
     size_t n;
     unsigned char *buf;
 
-    if ( load_file( path, &buf, &n ) )
-        return( 1 );
+    if ( (ret = load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
 
-    ret = x509parse_crt( chain, buf, n, permissive );
+    ret = x509parse_crt( chain, buf, n );
 
     memset( buf, 0, n + 1 );
     free( buf );
@@ -1753,8 +1754,8 @@
     size_t n;
     unsigned char *buf;
 
-    if ( load_file( path, &buf, &n ) )
-        return( 1 );
+    if ( (ret = load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
 
     ret = x509parse_crl( chain, buf, n );
 
@@ -1773,8 +1774,8 @@
     size_t n;
     unsigned char *buf;
 
-    if ( load_file( path, &buf, &n ) )
-        return( 1 );
+    if ( (ret = load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
 
     if( pwd == NULL )
         ret = x509parse_key( rsa, buf, n, NULL, 0 );
@@ -1797,8 +1798,8 @@
     size_t n;
     unsigned char *buf;
 
-    if ( load_file( path, &buf, &n ) )
-        return( 1 );
+    if ( (ret = load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
 
     ret = x509parse_public_key( rsa, buf, n );
 
@@ -2250,8 +2251,8 @@
     size_t n;
     unsigned char *buf;
 
-    if ( load_file( path, &buf, &n ) )
-        return( 1 );
+    if ( ( ret = load_file( path, &buf, &n ) ) != 0 )
+        return( ret );
 
     ret = x509parse_dhm( dhm, buf, n );
 
@@ -3155,7 +3156,7 @@
     memset( &clicert, 0, sizeof( x509_cert ) );
 
     ret = x509parse_crt( &clicert, (unsigned char *) test_cli_crt,
-                         strlen( test_cli_crt ), X509_NON_PERMISSIVE );
+                         strlen( test_cli_crt ) );
     if( ret != 0 )
     {
         if( verbose != 0 )
@@ -3167,7 +3168,7 @@
     memset( &cacert, 0, sizeof( x509_cert ) );
 
     ret = x509parse_crt( &cacert, (unsigned char *) test_ca_crt,
-                         strlen( test_ca_crt ), X509_NON_PERMISSIVE );
+                         strlen( test_ca_crt ) );
     if( ret != 0 )
     {
         if( verbose != 0 )