mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-25 20:21:10 +00:00
Better initialisation of ver_chain
Use dedicated function for consistency, and initialise flags to -1 as this is the safe value.
This commit is contained in:
parent
8b7b96bbd3
commit
83e923ba2b
|
@ -207,6 +207,23 @@ static int x509_profile_check_key( const mbedtls_x509_crt_profile *profile,
|
||||||
return( -1 );
|
return( -1 );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/*
|
||||||
|
* Reset (init or clear) a verify_chain
|
||||||
|
*/
|
||||||
|
static void x509_crt_verify_chain_reset(
|
||||||
|
mbedtls_x509_crt_verify_chain *ver_chain )
|
||||||
|
{
|
||||||
|
size_t i;
|
||||||
|
|
||||||
|
for( i = 0; i < MBEDTLS_X509_MAX_VERIFY_CHAIN_SIZE; i++ )
|
||||||
|
{
|
||||||
|
ver_chain->items[i].crt = NULL;
|
||||||
|
ver_chain->items[i].flags = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
ver_chain->len = 0;
|
||||||
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
* Version ::= INTEGER { v1(0), v2(1), v3(2) }
|
||||||
*/
|
*/
|
||||||
|
@ -2258,8 +2275,9 @@ static int x509_crt_verify_chain(
|
||||||
/* Add certificate to the verification chain */
|
/* Add certificate to the verification chain */
|
||||||
cur = &ver_chain->items[ver_chain->len];
|
cur = &ver_chain->items[ver_chain->len];
|
||||||
cur->crt = child;
|
cur->crt = child;
|
||||||
flags = &cur->flags;
|
cur->flags = 0;
|
||||||
ver_chain->len++;
|
ver_chain->len++;
|
||||||
|
flags = &cur->flags;
|
||||||
|
|
||||||
/* Check time-validity (all certificates) */
|
/* Check time-validity (all certificates) */
|
||||||
if( mbedtls_x509_time_is_past( &child->valid_to ) )
|
if( mbedtls_x509_time_is_past( &child->valid_to ) )
|
||||||
|
@ -2499,10 +2517,11 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
|
||||||
int ret;
|
int ret;
|
||||||
mbedtls_pk_type_t pk_type;
|
mbedtls_pk_type_t pk_type;
|
||||||
mbedtls_x509_crt_verify_chain ver_chain;
|
mbedtls_x509_crt_verify_chain ver_chain;
|
||||||
uint32_t *ee_flags = &ver_chain.items[0].flags;
|
uint32_t ee_flags;
|
||||||
|
|
||||||
*flags = 0;
|
*flags = 0;
|
||||||
memset( &ver_chain, 0, sizeof( ver_chain ) );
|
ee_flags = 0;
|
||||||
|
x509_crt_verify_chain_reset( &ver_chain );
|
||||||
|
|
||||||
if( profile == NULL )
|
if( profile == NULL )
|
||||||
{
|
{
|
||||||
|
@ -2512,16 +2531,16 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
|
||||||
|
|
||||||
/* check name if requested */
|
/* check name if requested */
|
||||||
if( cn != NULL )
|
if( cn != NULL )
|
||||||
x509_crt_verify_name( crt, cn, ee_flags );
|
x509_crt_verify_name( crt, cn, &ee_flags );
|
||||||
|
|
||||||
/* Check the type and size of the key */
|
/* Check the type and size of the key */
|
||||||
pk_type = mbedtls_pk_get_type( &crt->pk );
|
pk_type = mbedtls_pk_get_type( &crt->pk );
|
||||||
|
|
||||||
if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
|
if( x509_profile_check_pk_alg( profile, pk_type ) != 0 )
|
||||||
*ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
|
ee_flags |= MBEDTLS_X509_BADCERT_BAD_PK;
|
||||||
|
|
||||||
if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 )
|
if( x509_profile_check_key( profile, pk_type, &crt->pk ) != 0 )
|
||||||
*ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
ee_flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
|
||||||
|
|
||||||
/* Check the chain */
|
/* Check the chain */
|
||||||
ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
|
ret = x509_crt_verify_chain( crt, trust_ca, ca_crl, profile,
|
||||||
|
@ -2530,6 +2549,9 @@ int mbedtls_x509_crt_verify_restartable( mbedtls_x509_crt *crt,
|
||||||
if( ret != 0 )
|
if( ret != 0 )
|
||||||
goto exit;
|
goto exit;
|
||||||
|
|
||||||
|
/* Merge end-entity flags */
|
||||||
|
ver_chain.items[0].flags |= ee_flags;
|
||||||
|
|
||||||
/* Build final flags, calling callback on the way if any */
|
/* Build final flags, calling callback on the way if any */
|
||||||
ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
|
ret = x509_crt_merge_flags_with_cb( flags, &ver_chain, f_vrfy, p_vrfy );
|
||||||
|
|
||||||
|
@ -2663,8 +2685,7 @@ void mbedtls_x509_crt_restart_init( mbedtls_x509_crt_restart_ctx *ctx )
|
||||||
|
|
||||||
ctx->child = NULL;
|
ctx->child = NULL;
|
||||||
ctx->self_cnt = 0;
|
ctx->self_cnt = 0;
|
||||||
memset( ctx->ver_chain.items, 0, sizeof( ctx->ver_chain.items ) );
|
x509_crt_verify_chain_reset( &ctx->ver_chain );
|
||||||
ctx->ver_chain.len = 0;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
|
Loading…
Reference in a new issue