Don't use assertion for failures of mbedtls_x509_crt_x_acquire()

These functions may afil in a regular run, e.g. due to an out of memory
error.
This commit is contained in:
Hanno Becker 2019-06-28 10:52:45 +01:00
parent d92078fc55
commit 2224ccf390
3 changed files with 20 additions and 12 deletions

View File

@ -2328,9 +2328,8 @@ static int ssl_write_encrypted_pms( mbedtls_ssl_context *ssl,
&peer_pk ); &peer_pk );
if( ret != 0 ) if( ret != 0 )
{ {
/* Should never happen */ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( ret );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
} }
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@ -2472,9 +2471,8 @@ static int ssl_get_ecdh_params_from_cert( mbedtls_ssl_context *ssl )
&peer_pk ); &peer_pk );
if( ret != 0 ) if( ret != 0 )
{ {
/* Should never happen */ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( ret );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */
@ -2822,9 +2820,8 @@ start_processing:
&peer_pk ); &peer_pk );
if( ret != 0 ) if( ret != 0 )
{ {
/* Should never happen */ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( ret );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */

View File

@ -815,7 +815,10 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
int ret; int ret;
ret = mbedtls_x509_crt_pk_acquire( cur->cert, &pk ); ret = mbedtls_x509_crt_pk_acquire( cur->cert, &pk );
if( ret != 0 ) if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
return( ret ); return( ret );
}
} }
#else #else
/* Outside of ASYNC_PRIVATE, use private key context directly /* Outside of ASYNC_PRIVATE, use private key context directly
@ -877,7 +880,10 @@ static int ssl_pick_cert( mbedtls_ssl_context *ssl,
mbedtls_x509_crt_frame const *frame; mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( cur->cert, &frame ); ret = mbedtls_x509_crt_frame_acquire( cur->cert, &frame );
if( ret != 0 ) if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_frame_acquire", ret );
return( ret ); return( ret );
}
sig_md = frame->sig_md; sig_md = frame->sig_md;
mbedtls_x509_crt_frame_release( cur->cert ); mbedtls_x509_crt_frame_release( cur->cert );
} }
@ -2999,7 +3005,10 @@ static int ssl_write_certificate_request( mbedtls_ssl_context *ssl )
mbedtls_x509_crt_frame const *frame; mbedtls_x509_crt_frame const *frame;
ret = mbedtls_x509_crt_frame_acquire( crt, &frame ); ret = mbedtls_x509_crt_frame_acquire( crt, &frame );
if( ret != 0 ) if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_frame_acquire", ret );
return( ret ); return( ret );
}
dn_size = frame->subject_raw.len; dn_size = frame->subject_raw.len;
@ -4247,9 +4256,8 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl )
&peer_pk ); &peer_pk );
if( ret != 0 ) if( ret != 0 )
{ {
/* Should never happen */ MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) ); return( ret );
return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
} }
} }
#endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */ #endif /* MBEDTLS_SSL_KEEP_PEER_CERTIFICATE */

View File

@ -6507,7 +6507,10 @@ static int ssl_parse_certificate_verify( mbedtls_ssl_context *ssl,
mbedtls_pk_context *pk; mbedtls_pk_context *pk;
ret = mbedtls_x509_crt_pk_acquire( chain, &pk ); ret = mbedtls_x509_crt_pk_acquire( chain, &pk );
if( ret != 0 ) if( ret != 0 )
{
MBEDTLS_SSL_DEBUG_RET( 1, "mbedtls_x509_crt_pk_acquire", ret );
return( ret ); return( ret );
}
/* If certificate uses an EC key, make sure the curve is OK */ /* If certificate uses an EC key, make sure the curve is OK */
if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) ) if( mbedtls_pk_can_do( pk, MBEDTLS_PK_ECKEY ) )