TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / c386317298520b84260ec6b6615aa86ba1625195^! / . / include / mbedtls
commitc386317298520b84260ec6b6615aa86ba1625195[log] [tgz]
authorManuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>Mon Jun 26 10:11:49 2017 +0200
committerSimon Butcher <simon.butcher@arm.com>Fri Jul 28 12:20:48 2017 +0100
tree15440edebcdb395672d4649f3c922a4a8805d511
parent489939f829ad09dae72731729ea36240f630e49f [diff]
Only return VERIFY_FAILED from a single point

Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.

diff --git a/include/mbedtls/error.h b/include/mbedtls/error.h
index 5e549f6..31591e2 100644
--- a/include/mbedtls/error.h
+++ b/include/mbedtls/error.h

@@ -71,7 +71,7 @@
  * Name      ID  Nr of Errors
  * PEM       1   9
  * PKCS#12   1   4 (Started from top)
- * X509      2   19
+ * X509      2   20
  * PKCS5     2   4 (Started from top)
  * DHM       3   9
  * PK        3   14 (Started from top)

diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index 906866d..60f59a9 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h

@@ -920,7 +920,7 @@
  *
  *                 If set, the verify callback is called for each
  *                 certificate in the chain. For implementation
- *                 information, please see \c x509parse_verify()
+ *                 information, please see \c mbedtls_x509_crt_verify()
  *
  * \param conf     SSL configuration
  * \param f_vrfy   verification function

diff --git a/include/mbedtls/x509.h b/include/mbedtls/x509.h
index f219bf1..128eade 100644
--- a/include/mbedtls/x509.h
+++ b/include/mbedtls/x509.h

@@ -76,6 +76,7 @@
 #define MBEDTLS_ERR_X509_ALLOC_FAILED                     -0x2880  /**< Allocation of memory failed. */
 #define MBEDTLS_ERR_X509_FILE_IO_ERROR                    -0x2900  /**< Read/write of file failed. */
 #define MBEDTLS_ERR_X509_BUFFER_TOO_SMALL                 -0x2980  /**< Destination buffer is too small. */
+#define MBEDTLS_ERR_X509_FATAL_ERROR                      -0x3000  /**< A fatal error occured, eg the chain is too long or the vrfy callback failed. */
 /* \} name */
 
 /**

diff --git a/include/mbedtls/x509_crt.h b/include/mbedtls/x509_crt.h
index fe821d1..5b6d352 100644
--- a/include/mbedtls/x509_crt.h
+++ b/include/mbedtls/x509_crt.h

@@ -263,7 +263,13 @@
  *
  *                 All flags left after returning from the callback
  *                 are also returned to the application. The function should
- *                 return 0 for anything but a fatal error.
+ *                 return 0 for anything (including invalid certificates)
+ *                 other than fatal error, as a non-zero return code
+ *                 immediately aborts the verification process. For fatal
+ *                 errors, a specific error code should be used (different
+ *                 from MBEDTLS_ERR_X509_CERT_VERIFY_FAILED which should not
+ *                 be returned at this point), or MBEDTLS_ERR_X509_FATAL_ERROR
+ *                 can be used if no better code is available.
  *
  * \note           In case verification failed, the results can be displayed
  *                 using \c mbedtls_x509_crt_verify_info()