Don't use assertion for failures of mbedtls_x509_crt_x_acquire()
These functions may afil in a regular run, e.g. due to an out of memory
error.
diff --git a/library/ssl_cli.c b/library/ssl_cli.c
index c3c28c7..0a1fce8 100644
--- a/library/ssl_cli.c
+++ b/library/ssl_cli.c
@@ -2328,9 +2328,8 @@
&peer_pk );
if( ret != 0 )
{
- /* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
+ return( ret );
}
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -2472,9 +2471,8 @@
&peer_pk );
if( ret != 0 )
{
- /* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
+ return( ret );
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@@ -2822,9 +2820,8 @@
&peer_pk );
if( ret != 0 )
{
- /* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
+ return( ret );
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
diff --git a/library/ssl_srv.c b/library/ssl_srv.c
index 1e3c6fa..9e15f75 100644
--- a/library/ssl_srv.c
+++ b/library/ssl_srv.c
@@ -815,7 +815,10 @@
int ret;
ret = mbedtls_x509_crt_pk_acquire( cur->cert, &pk );
if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
return( ret );
+ }
}
#else
/* Outside of ASYNC_PRIVATE, use private key context directly
@@ -877,7 +880,10 @@
mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( cur->cert, &frame );
if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_frame_acquire", ret );
return( ret );
+ }
sig_md = frame->sig_md;
mbedtls_x509_crt_frame_release( cur->cert );
}
@@ -2999,7 +3005,10 @@
mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_frame_acquire", ret );
return( ret );
+ }
dn_size = frame->subject_raw.len;
@@ -4247,9 +4256,8 @@
&peer_pk );
if( ret != 0 )
{
- /* Should never happen */
- MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
- return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
+ return( ret );
}
}
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index 560ef4c..f1075cb 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -6507,7 +6507,10 @@
mbedtls_pk_context *pk;
ret = mbedtls_x509_crt_pk_acquire( chain, &pk );
if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
return( ret );
+ }
/* If certificate uses an EC key, make sure the curve is OK */
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )