boringssl/crypto/x509
David Benjamin 8f1e113a73 Ensure verify error is set when X509_verify_cert() fails.
Set ctx->error = X509_V_ERR_OUT_OF_MEM when verification cannot
continue due to malloc failure.  Similarly for issuer lookup failures
and caller errors (bad parameters or invalid state).

Also, when X509_verify_cert() returns <= 0 make sure that the
verification status does not remain X509_V_OK, as a last resort set
it it to X509_V_ERR_UNSPECIFIED, just in case some code path returns
an error without setting an appropriate value of ctx->error.

Add new and some missing error codes to X509 error -> SSL alert switch.

(Imported from upstream's 5553a12735e11bc9aa28727afe721e7236788aab.)

Change-Id: I3231a6b2e72a3914cb9316b8e90ebaee009a1c5f
Reviewed-on: https://boringssl-review.googlesource.com/8170
Reviewed-by: David Benjamin <davidben@google.com>
2016-06-09 17:29:39 +00:00
..
a_digest.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
a_sign.c Move all signature algorithm code to crypto/x509. 2016-02-26 22:39:02 +00:00
a_strex.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
a_verify.c Move all signature algorithm code to crypto/x509. 2016-02-26 22:39:02 +00:00
algorithm.c Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
asn1_gen.c Fix build when using Visual Studio 2015 Update 1. 2016-03-25 21:39:52 +00:00
by_dir.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
by_file.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
charmap.h OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
CMakeLists.txt Move all signature algorithm code to crypto/x509. 2016-02-26 22:39:02 +00:00
i2d_pr.c Slightly simplify and deprecate i2d_{Public,Private}Key. 2016-02-17 16:31:26 +00:00
internal.h Move all signature algorithm code to crypto/x509. 2016-02-26 22:39:02 +00:00
pkcs7_test.c Start assuming MSVC 2015. 2016-05-02 19:46:25 +00:00
pkcs7.c Check for overflow when parsing a CBS with d2i_*. 2015-11-16 23:17:42 +00:00
rsa_pss.c Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
t_crl.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
t_req.c Remove the func parameter to OPENSSL_PUT_ERROR. 2015-07-16 02:02:37 +00:00
t_x509.c Don't shift serial number into sign bit 2016-03-17 18:23:49 +00:00
t_x509a.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
vpm_int.h OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_att.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_cmp.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_d2.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_def.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_ext.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_lu.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
x509_obj.c Add checks to X509_NAME_oneline() 2016-05-03 16:34:59 +00:00
x509_r2x.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_req.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_set.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_test.cc Fix some malloc test failures. 2016-03-28 17:17:32 +00:00
x509_trs.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_txt.c Ensure verify error is set when X509_verify_cert() fails. 2016-06-09 17:29:39 +00:00
x509_v3.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509_vfy.c Ensure verify error is set when X509_verify_cert() fails. 2016-06-09 17:29:39 +00:00
x509_vpm.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509.c Align with upstream's error strings, take two. 2016-03-15 16:02:12 +00:00
x509cset.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509name.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509rset.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509spki.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x509type.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_algor.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_all.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_attrib.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_crl.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
x_exten.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_info.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_name.c Add size limit to X509_NAME structure. 2016-05-03 16:43:52 +00:00
x_pkey.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_pubkey.c Split unlock functions into read/write variants. 2016-05-31 21:09:29 +00:00
x_req.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_sig.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_spki.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_val.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00
x_x509.c Make i2d_X509_AUX work if *pp = NULL. 2016-05-13 13:53:48 +00:00
x_x509a.c OpenSSL reformat x509/, x509v3/, pem/ and asn1/. 2016-01-19 17:01:51 +00:00