yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 02:45:41 +01:00
Code Issues Packages Projects Releases Wiki Activity

Move other special case from top() to child()

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard 2017-07-03 23:04:06 +02:00
parent b9983be73a
commit 784aee3366
1 changed files with 12 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
library/x509_crt.c
View File

@ -1994,22 +1994,14 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
} }
/* /*
* Verify a certificate no parent inside the chain * Verify a certificate whose parent is a trusted root
* (either the parent is a trusted root, or there is no parent)
* *
* See comments for mbedtls_x509_crt_verify_with_profile() * See comments for mbedtls_x509_crt_verify_with_profile()
* (also for notation used belowe) * (also for notation used below)
* *
* This function is called in one circumstance with two sub-cases: * This function is called when child was found to have a parent in trusted roots,
* - child was found to have a parent in trusted roots, in which case we're * and trust_ca pointing directly to that parent (not the full list).
* called with trust_ca pointing directly to that parent (not the full list) * - this happens in cases 2 and 3 of the comment on verify()
* - this happens in cases 1, 2 and 3 of the comment on verify()
* - case 1 is special as child and trust_ca point to copies of the same
* certificate then
*
* For historical reasons, the function currently does not assume that
* trust_ca points directly to the right root in the first case, so it always
* starts by searching for a parent in trust_ca.
*/ */
static int x509_crt_verify_top( static int x509_crt_verify_top(
mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca, mbedtls_x509_crt *child, mbedtls_x509_crt *trust_ca,
@ -2024,17 +2016,6 @@ static int x509_crt_verify_top(
(void) self_cnt; (void) self_cnt;
/* Special case: child == trust_ca: trust and that's it */
if( child->raw.len == trust_ca->raw.len &&
memcmp( child->raw.p, trust_ca->raw.p, child->raw.len ) == 0 )
{
goto callback;
}
/*
* General case: we have a trusted root, distinct from child
*/
/* this wasn't checked by find_parent() */ /* this wasn't checked by find_parent() */
if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 ) if( x509_profile_check_key( profile, child->sig_pk, &trust_ca->pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_KEY; *flags |= MBEDTLS_X509_BADCERT_BAD_KEY;
@ -2062,7 +2043,6 @@ static int x509_crt_verify_top(
} }
} }
callback:
/* Call callback on child */ /* Call callback on child */
if( NULL != f_vrfy ) if( NULL != f_vrfy )
{ {
@ -2110,6 +2090,13 @@ static int x509_crt_verify_child(
/* Found one? Let verify_top() handle that case */ /* Found one? Let verify_top() handle that case */
if( parent != NULL ) if( parent != NULL )
{ {
/* Special case: child == trust_ca: trust and that's it */
if( child->raw.len == trust_ca->raw.len &&
memcmp( child->raw.p, trust_ca->raw.p, child->raw.len ) == 0 )
{
goto callback;
}
return( x509_crt_verify_top( child, parent, ca_crl, profile, return( x509_crt_verify_top( child, parent, ca_crl, profile,
path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) ); path_cnt, self_cnt, flags, f_vrfy, p_vrfy ) );
} }