commit d0e755716f88234e19f9a8289ea3ba22861c85e7
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Jul 10 11:31:01 2017 +0200
committer Simon Butcher <simon.butcher@arm.com> Fri Jul 28 13:15:57 2017 +0100
tree f147e6ce11c1b82bf6ce0c7bcb2450088c1c3bf0
parent 8af7bfa982dbc855d159f2e990ea33c464f969bc

Only return VERIFY_FAILED from a single point

Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.

library/error.c

diff --git a/library/error.c b/library/error.c
index 98fba5c..be642ca 100644
--- a/library/error.c
+++ b/library/error.c
@@ -496,6 +496,8 @@
             polarssl_snprintf( buf, buflen, "X509 - Allocation of memory failed" );
         if( use_ret == -(POLARSSL_ERR_X509_FILE_IO_ERROR) )
             polarssl_snprintf( buf, buflen, "X509 - Read/write of file failed" );
+        if( use_ret == -(POLARSSL_ERR_X509_FATAL_ERROR) )
+            polarssl_snprintf( buf, buflen, "X509 - A fatal error occured, eg the chain is too long or the vrfy callback failed" );
 #endif /* POLARSSL_X509_USE,X509_CREATE_C */
         // END generated code
 

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index 70ad356..fb09253 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -1957,8 +1957,8 @@
     /* path_cnt is 0 for the first intermediate CA */
     if( 1 + path_cnt > POLARSSL_X509_MAX_INTERMEDIATE_CA )
     {
-        *flags |= BADCERT_NOT_TRUSTED;
-        return( POLARSSL_ERR_X509_CERT_VERIFY_FAILED );
+        /* return immediately as the goal is to avoid unbounded recursion */
+        return( POLARSSL_ERR_X509_FATAL_ERROR );
     }
 
     if( x509_time_expired( &child->valid_to ) )
@@ -2174,6 +2174,10 @@
     }
 
 exit:
+    /* prevent misuse of the vrfy callback */
+    if( ret == POLARSSL_ERR_X509_CERT_VERIFY_FAILED )
+        ret = POLARSSL_ERR_X509_FATAL_ERROR;
+
     if( ret != 0 )
     {
         *flags = (uint32_t) -1;