oysteikt/heimdal
0
0
Fork 0
Code Issues 5 Pull Requests Releases Activity

Return less EINVAL.

Browse Source 
git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@18869 ec53bebd-3082-4978-b11e-865c3cabbd6b
This commit is contained in:
Love Hörnquist Åstrand
2006-10-24 14:36:20 +00:00
parent 6bc5a77a26
commit de70ab808f
1 changed files with 38 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
lib/hx509/revoke.c
View File

@@ -159,7 +159,9 @@ verify_ocsp(hx509_context context,
ret = _hx509_cert_is_parent_cmp(s, p, 0); ret = _hx509_cert_is_parent_cmp(s, p, 0);
if (ret != 0) { if (ret != 0) {
ret = EINVAL; ret = HX509_PARENT_NOT_CA;
hx509_set_error_string(context, 0, ret, "Revoke OSCP signer is "
"doesn't have CA as signer certificate");
goto out; goto out;
} }
@@ -210,7 +212,7 @@ parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
return ret; return ret;
if (length != size) { if (length != size) {
free_OCSPResponse(&resp); free_OCSPResponse(&resp);
return EINVAL; return ASN1_EXTRA_DATA;
} }
switch (resp.responseStatus) { switch (resp.responseStatus) {
@@ -218,7 +220,7 @@ parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
break; break;
default: default:
free_OCSPResponse(&resp); free_OCSPResponse(&resp);
return EINVAL; return HX509_REVOKE_WRONG_DATA;
} }
if (resp.responseBytes == NULL) { if (resp.responseBytes == NULL) {
@@ -230,7 +232,7 @@ parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
oid_id_pkix_ocsp_basic()); oid_id_pkix_ocsp_basic());
if (ret != 0) { if (ret != 0) {
free_OCSPResponse(&resp); free_OCSPResponse(&resp);
return EINVAL; return HX509_REVOKE_WRONG_DATA;
} }
ret = decode_OCSPBasicOCSPResponse(resp.responseBytes->response.data, ret = decode_OCSPBasicOCSPResponse(resp.responseBytes->response.data,
@@ -244,7 +246,7 @@ parse_ocsp_basic(const void *data, size_t length, OCSPBasicOCSPResponse *basic)
if (size != resp.responseBytes->response.length) { if (size != resp.responseBytes->response.length) {
free_OCSPResponse(&resp); free_OCSPResponse(&resp);
free_OCSPBasicOCSPResponse(basic); free_OCSPBasicOCSPResponse(basic);
return EINVAL; return ASN1_EXTRA_DATA;
} }
free_OCSPResponse(&resp); free_OCSPResponse(&resp);
@@ -320,8 +322,11 @@ hx509_revoke_add_ocsp(hx509_context context,
int ret; int ret;
size_t i; size_t i;
if (strncmp(path, "FILE:", 5) != 0) if (strncmp(path, "FILE:", 5) != 0) {
return EINVAL; hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
"unsupport type in %s", path);
return HX509_UNSUPPORTED_OPERATION;
}
path += 5; path += 5;
@@ -332,8 +337,10 @@ hx509_revoke_add_ocsp(hx509_context context,
data = realloc(ctx->ocsps.val, data = realloc(ctx->ocsps.val,
(ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0])); (ctx->ocsps.len + 1) * sizeof(ctx->ocsps.val[0]));
if (data == NULL) if (data == NULL) {
hx509_clear_error_string(context);
return ENOMEM; return ENOMEM;
}
ctx->ocsps.val = data; ctx->ocsps.val = data;
@@ -341,8 +348,10 @@ hx509_revoke_add_ocsp(hx509_context context,
sizeof(ctx->ocsps.val[0])); sizeof(ctx->ocsps.val[0]));
ctx->ocsps.val[ctx->ocsps.len].path = strdup(path); ctx->ocsps.val[ctx->ocsps.len].path = strdup(path);
if (ctx->ocsps.val[ctx->ocsps.len].path == NULL) if (ctx->ocsps.val[ctx->ocsps.len].path == NULL) {
hx509_clear_error_string(context);
return ENOMEM; return ENOMEM;
}
ret = load_ocsp(context, &ctx->ocsps.val[ctx->ocsps.len]); ret = load_ocsp(context, &ctx->ocsps.val[ctx->ocsps.len]);
if (ret) { if (ret) {
@@ -397,7 +406,9 @@ verify_crl(hx509_context context,
ret = _hx509_cert_is_parent_cmp(s, p, 0); ret = _hx509_cert_is_parent_cmp(s, p, 0);
if (ret != 0) { if (ret != 0) {
ret = EINVAL; ret = HX509_PARENT_NOT_CA;
hx509_set_error_string(context, 0, ret, "Revoke CRL signer is "
"doesn't have CA as signer certificate");
goto out; goto out;
} }
@@ -450,7 +461,7 @@ load_crl(const char *path, time_t *t, CRLCertificateList *crl)
/* check signature is aligned */ /* check signature is aligned */
if (crl->signatureValue.length & 7) { if (crl->signatureValue.length & 7) {
free_CRLCertificateList(crl); free_CRLCertificateList(crl);
return EINVAL; return HX509_CRYPTO_SIG_INVALID_FORMAT;
} }
return 0; return 0;
} }
@@ -464,8 +475,12 @@ hx509_revoke_add_crl(hx509_context context,
size_t i; size_t i;
int ret; int ret;
if (strncmp(path, "FILE:", 5) != 0) if (strncmp(path, "FILE:", 5) != 0) {
return EINVAL; hx509_set_error_string(context, 0, HX509_UNSUPPORTED_OPERATION,
"unsupport type in %s", path);
return HX509_UNSUPPORTED_OPERATION;
}
path += 5; path += 5;
@@ -476,16 +491,19 @@ hx509_revoke_add_crl(hx509_context context,
data = realloc(ctx->crls.val, data = realloc(ctx->crls.val,
(ctx->crls.len + 1) * sizeof(ctx->crls.val[0])); (ctx->crls.len + 1) * sizeof(ctx->crls.val[0]));
if (data == NULL) if (data == NULL) {
hx509_clear_error_string(context);
return ENOMEM; return ENOMEM;
}
ctx->crls.val = data; ctx->crls.val = data;
memset(&ctx->crls.val[ctx->crls.len], 0, sizeof(ctx->crls.val[0])); memset(&ctx->crls.val[ctx->crls.len], 0, sizeof(ctx->crls.val[0]));
ctx->crls.val[ctx->crls.len].path = strdup(path); ctx->crls.val[ctx->crls.len].path = strdup(path);
if (ctx->crls.val[ctx->crls.len].path == NULL) if (ctx->crls.val[ctx->crls.len].path == NULL) {
hx509_clear_error_string(context);
return ENOMEM; return ENOMEM;
}
ret = load_crl(path, ret = load_crl(path,
&ctx->crls.val[ctx->crls.len].last_modfied, &ctx->crls.val[ctx->crls.len].last_modfied,
@@ -693,7 +711,10 @@ add_to_req(hx509_context context, void *ptr, hx509_cert cert)
if (ctx->parent) { if (ctx->parent) {
if (hx509_cert_cmp(ctx->parent, parent) != 0) { if (hx509_cert_cmp(ctx->parent, parent) != 0) {
ret = EINVAL; ret = HX509_REVOKE_NOT_SAME_PARENT;
hx509_set_error_string(context, 0, ret,
"Not same parent certifate as "
"last certificate in request");
goto out; goto out;
} }
} else } else