yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-03-24 22:25:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

Factor repeated code into function

Browse source 
There are 3 instance that were replaced, but 2 instances of variants of this
function exist and will be handled next (the extra parameter that isn't used
so far is in preparation for that):
- one in verify_child() where path_cnt constraint is handled too
- one in verify_top() where there is extra logic to skip parents that are
  expired or future, but only if there are better parents to be found
This commit is contained in:
Manuel Pégourié-Gonnard 2017-06-29 12:27:23 +02:00
parent 17f4a6a609
commit 2f1c33dc33
1 changed files with 28 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

44
library/x509_crt.c
View file

@ -1893,6 +1893,30 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child,
return( 0 ); return( 0 );
} }
/*
* Find a suitable parent for child in candidates
*/
static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
mbedtls_x509_crt *candidates,
int top,
int path_cnt,
int self_cnt )
{
mbedtls_x509_crt *parent;
(void) self_cnt;
for( parent = candidates; parent != NULL; parent = parent->next )
{
if( x509_crt_check_parent( child, parent, top, path_cnt == 0 ) != 0 )
continue;
break;
}
return parent;
}
/* /*
* Verify a certificate no parent inside the chain * Verify a certificate no parent inside the chain
* (either the parent is a trusted root, or there is no parent) * (either the parent is a trusted root, or there is no parent)
@ -2121,14 +2145,8 @@ static int x509_crt_verify_child(
#endif #endif
/* Look for a grandparent in trusted CAs */ /* Look for a grandparent in trusted CAs */
for( grandparent = trust_ca; /* path_cnt +1 because current step is not yet accounted for */
grandparent != NULL; grandparent = x509_crt_find_parent( parent, trust_ca, 1, path_cnt + 1, self_cnt );
grandparent = grandparent->next )
{
if( x509_crt_check_parent( parent, grandparent,
1, path_cnt == 0 ) == 0 )
break;
}
if( grandparent != NULL ) if( grandparent != NULL )
{ {
@ -2315,11 +2333,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY; *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
/* Look for a parent in trusted CAs */ /* Look for a parent in trusted CAs */
for( parent = trust_ca; parent != NULL; parent = parent->next ) parent = x509_crt_find_parent( crt, trust_ca, 1, pathlen, 0 );
{
if( x509_crt_check_parent( crt, parent, 1, pathlen == 0 ) == 0 )
break;
}
if( parent != NULL ) if( parent != NULL )
{ {
@ -2331,9 +2345,7 @@ int mbedtls_x509_crt_verify_with_profile( mbedtls_x509_crt *crt,
else else
{ {
/* Look for a parent upwards the chain */ /* Look for a parent upwards the chain */
for( parent = crt->next; parent != NULL; parent = parent->next ) parent = x509_crt_find_parent( crt, crt->next, 0, pathlen, 0 );
if( x509_crt_check_parent( crt, parent, 0, pathlen == 0 ) == 0 )
break;
/* Are we part of the chain or at the top? */ /* Are we part of the chain or at the top? */
if( parent != NULL ) if( parent != NULL )