yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-22 13:41:04 +00:00
Code Issues Packages Projects Releases Wiki Activity

Improve some comments, fix some typos+whitespace

Browse source
This commit is contained in:
Manuel Pégourié-Gonnard 2017-08-08 18:09:14 +02:00
parent ea2dc14c0c
commit 562df401d3
3 changed files with 14 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
include/mbedtls/x509_crt.h
View file

@ -291,7 +291,7 @@ int mbedtls_x509_crt_verify_info( char *buf, size_t size, const char *prefix,
* chaining up to those CAs will be trusted, and (2) * chaining up to those CAs will be trusted, and (2)
* self-signed end-entity certificates to be trusted (for * self-signed end-entity certificates to be trusted (for
* specific peers you know) - in that case, the self-signed * specific peers you know) - in that case, the self-signed
* certificate doens't need to have the CA bit set. * certificate doesn't need to have the CA bit set.
* *
* \param crt a certificate (chain) to be verified * \param crt a certificate (chain) to be verified
* \param trust_ca the list of trusted CAs (see note above) * \param trust_ca the list of trusted CAs (see note above)

15
library/x509_crt.c
View file

@ -1893,7 +1893,6 @@ static int x509_crt_check_signature( const mbedtls_x509_crt *child,
* Return 0 if yes, -1 if not. * Return 0 if yes, -1 if not.
* *
* top means parent is a locally-trusted certificate * top means parent is a locally-trusted certificate
* bottom means child is the end entity cert
*/ */
static int x509_crt_check_parent( const mbedtls_x509_crt *child, static int x509_crt_check_parent( const mbedtls_x509_crt *child,
const mbedtls_x509_crt *parent, const mbedtls_x509_crt *parent,
@ -1935,9 +1934,9 @@ static int x509_crt_check_parent( const mbedtls_x509_crt *child,
* 3. for trusted roots, the signature is correct * 3. for trusted roots, the signature is correct
* 4. pathlen constraints are satisfied * 4. pathlen constraints are satisfied
* *
* Stop at the first suitable candidate, except if it's not time-valid (not * If there's a suitable candidate which is also time-valid, return the first
* expired nor future) *and* there is a later suitable candidate that is * such. Otherwise, return the first suitable candidate (or NULL if there is
* time-valid. * none).
* *
* The rationale for this rule is that someone could have a list of trusted * The rationale for this rule is that someone could have a list of trusted
* roots with two versions on the same root with different validity periods. * roots with two versions on the same root with different validity periods.
@ -1979,7 +1978,7 @@ static mbedtls_x509_crt *x509_crt_find_parent_in( mbedtls_x509_crt *child,
continue; continue;
} }
/* optionnal time check */ /* optional time check */
if( mbedtls_x509_time_is_past( &parent->valid_to ) || if( mbedtls_x509_time_is_past( &parent->valid_to ) ||
mbedtls_x509_time_is_future( &parent->valid_from ) ) mbedtls_x509_time_is_future( &parent->valid_from ) )
{ {
@ -2059,7 +2058,7 @@ static int x509_crt_check_ee_locally_trusted(
* *
* Given a peer-provided list of certificates EE, C1, ..., Cn and * Given a peer-provided list of certificates EE, C1, ..., Cn and
* a list of trusted certs R1, ... Rp, try to build and verify a chain * a list of trusted certs R1, ... Rp, try to build and verify a chain
* EE, Ci1, ... Ciq, Rj * EE, Ci1, ... Ciq [, Rj]
* such that every cert in the chain is a child of the next one, * such that every cert in the chain is a child of the next one,
* jumping to a trusted root as early as possible. * jumping to a trusted root as early as possible.
* *
@ -2074,7 +2073,7 @@ static int x509_crt_check_ee_locally_trusted(
* - [in] crt: the cert list EE, C1, ..., Cn * - [in] crt: the cert list EE, C1, ..., Cn
* - [in] trust_ca: the trusted list R1, ..., Rp * - [in] trust_ca: the trusted list R1, ..., Rp
* - [in] ca_crl, profile: as in verify_with_profile() * - [in] ca_crl, profile: as in verify_with_profile()
* - [out] ver_chain: the built and verified chain * - [out] ver_chain, chain_len: the built and verified chain
* *
* Return value: * Return value:
* - non-zero if the chain could not be fully built and examined * - non-zero if the chain could not be fully built and examined
@ -2167,7 +2166,7 @@ static int x509_crt_verify_chain(
#if defined(MBEDTLS_X509_CRL_PARSE_C) #if defined(MBEDTLS_X509_CRL_PARSE_C)
/* Check trusted CA's CRL for the given crt */ /* Check trusted CA's CRL for the given crt */
*flags |= x509_crt_verifycrl(child, parent, ca_crl, profile ); *flags |= x509_crt_verifycrl( child, parent, ca_crl, profile );
#else #else
(void) ca_crl; (void) ca_crl;
#endif #endif

9
tests/scripts/depends-pkalgs.pl
View file

@ -6,9 +6,10 @@
# #
# Purpose # Purpose
# #
# To test the code dependencies on individual PK algs in each test suite. This # To test the code dependencies on individual PK algs (those that can be used
# is a verification step to ensure we don't ship test suites that do not work # from the PK layer, so currently signature and encryption but not key
# for some build options. # exchange) in each test suite. This is a verification step to ensure we don't
# ship test suites that do not work for some build options.
# #
# The process is: # The process is:
# for each possible PK alg # for each possible PK alg
@ -38,6 +39,8 @@ my $ssl_sed = 's/^#define \(MBEDTLS_SSL.*\)/\1/p';
my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p'; my $kex_sed = 's/^#define \(MBEDTLS_KEY_EXCHANGE.*\)/\1/p';
my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` ); my @ssl = split( /\s+/, `sed -n -e '$ssl_sed' -e '$kex_sed' $config_h` );
# Some algorithms can't be disabled on their own as others depend on them, so
# we list those reverse-dependencies here to keep check_config.h happy.
my %algs = ( my %algs = (
'MBEDTLS_ECDSA_C' => [], 'MBEDTLS_ECDSA_C' => [],
'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'], 'MBEDTLS_ECP_C' => ['MBEDTLS_ECDSA_C', 'MBEDTLS_ECDH_C'],