Branch: Tag:

2015-11-08

2015-11-08 01:33:09 by Martin Nilsson <nilsson@fastmail.com>

TBSCertificate fails with exception, so no need to check is tbs is 0. decode_signed can however return 0, so abort directly if that happens.

1392:   TBSCertificate decode_certificate(string|.PKCS.Signature.Signed cert)   {    if (stringp (cert)) +  {    cert = .PKCS.Signature.decode_signed(cert, x509_types); -  +  if(!cert) +  return NULL("ASN.1 had trailing data.\n"); +  }    -  TBSCertificate tbs=TBSCertificate([object(.PKCS.Signature.Signed)]cert->tbs); -  -  // FIXME: The re-encoding and algorithm checks are more appropriate -  // in verify_certificate, but the full certificate doesn't reach -  // there. -  if (!tbs) -  return NULL("Failed to generate TBSCertificate.\n"); -  -  return tbs; +  return TBSCertificate([object(.PKCS.Signature.Signed)]cert->tbs);   }      //! Decodes a certificate, checks the signature. Returns the