From 10e6b9b2b5a1b338cb1f395b101fe1a4965ce81c Mon Sep 17 00:00:00 2001
From: Hanno Becker <hanno.becker@arm.com>
Date: Fri, 22 Feb 2019 17:56:43 +0000
Subject: [PATCH] Move point of re-entry for restartable X.509 verification

---
 library/x509_crt.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/library/x509_crt.c b/library/x509_crt.c
index c6d310d0b..72c04736c 100644
--- a/library/x509_crt.c
+++ b/library/x509_crt.c
@@ -2275,8 +2275,6 @@ static int x509_crt_verify_chain(
         /* restore derived state */
         cur = &ver_chain->items[ver_chain->len - 1];
         child = cur->crt;
-        flags = &cur->flags;
-
         goto find_parent;
     }
 #endif /* MBEDTLS_ECDSA_C && MBEDTLS_ECP_RESTARTABLE */
@@ -2292,6 +2290,11 @@ static int x509_crt_verify_chain(
         cur->crt = child;
         cur->flags = 0;
         ver_chain->len++;
+
+#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
+find_parent:
+#endif
+
         flags = &cur->flags;
 
         /* Check time-validity (all certificates) */
@@ -2319,9 +2322,6 @@ static int x509_crt_verify_chain(
             return( 0 );
         }
 
-#if defined(MBEDTLS_ECDSA_C) && defined(MBEDTLS_ECP_RESTARTABLE)
-find_parent:
-#endif
         /* Look for a parent in trusted CAs or up the chain */
         ret = x509_crt_find_parent( child, trust_ca, &parent,
                                        &parent_is_trusted, &signature_is_good,