commit 31458a18788b0cf0b722acda9bb2f2fe13a3fb32
author Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Mon Jun 26 10:11:49 2017 +0200
committer Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com> Thu Jul 06 11:58:41 2017 +0200
tree ef4d4387ef4fec4e9318c6af4bdfa3abd5880574
parent d15795acd5074e0b44e71f7ede8bdfe1b48591fc

Only return VERIFY_FAILED from a single point

Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.

library/x509_crt.c

diff --git a/library/x509_crt.c b/library/x509_crt.c
index ee5f27e..ec5f772 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2057,8 +2057,8 @@
     /* path_cnt is 0 for the first intermediate CA */
     if( 1 + path_cnt > MBEDTLS_X509_MAX_INTERMEDIATE_CA )
     {
-        *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;
-        return( MBEDTLS_ERR_X509_CERT_VERIFY_FAILED );
+        /* return immediately as the goal is to avoid unbounded recursion */
+        return( MBEDTLS_ERR_X509_FATAL_ERROR );
     }
 
     if( mbedtls_x509_time_is_past( &child->valid_to ) )
@@ -2310,6 +2310,10 @@
     }
 
 exit:
+    /* prevent misuse of the vrfy callback */
+    if( ret == MBEDTLS_ERR_X509_CERT_VERIFY_FAILED )
+        ret = MBEDTLS_ERR_X509_FATAL_ERROR;
+
     if( ret != 0 )
     {
         *flags = (uint32_t) -1;