pkcs7.c: Do not ignore return value of mbedlts_md

CI was failing due to the return value of mbedtls_md being ignored.
If this function does fail, return early and propogate the md error.

Signed-off-by: Nick Child <nick.child@ibm.com>
This commit is contained in:
Nick Child 2022-02-22 17:19:59 -06:00
parent 600bd30427
commit 6671841d91
2 changed files with 9 additions and 4 deletions

View file

@ -523,8 +523,12 @@ int mbedtls_pkcs7_signed_data_verify( mbedtls_pkcs7 *pkcs7,
return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED ); return( MBEDTLS_ERR_PKCS7_ALLOC_FAILED );
} }
mbedtls_md( md_info, data, datalen, hash ); ret = mbedtls_md( md_info, data, datalen, hash );
if( ret != 0 )
{
mbedtls_free( hash );
return( ret );
}
ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, 0, ret = mbedtls_pk_verify( &pk_cxt, md_alg, hash, 0,
pkcs7->signed_data.signers.sig.p, pkcs7->signed_data.signers.sig.p,
pkcs7->signed_data.signers.sig.len ); pkcs7->signed_data.signers.sig.len );

View file

@ -285,9 +285,10 @@ void pkcs7_verify_hash( char *pkcs7_file, char *crt, char *filetobesigned )
md_info = mbedtls_md_info_from_type( md_alg ); md_info = mbedtls_md_info_from_type( md_alg );
mbedtls_md( md_info, data, datalen, hash ); res = mbedtls_md( md_info, data, datalen, hash );
TEST_ASSERT( res == 0 );
res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash)); res = mbedtls_pkcs7_signed_hash_verify( &pkcs7, &x509, hash, sizeof(hash) );
TEST_ASSERT( res == 0 ); TEST_ASSERT( res == 0 );
exit: exit: