mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 04:55:51 +01:00
Factor one more occurrence of code into function
This may look like a behaviour change because one check has been added to the function that was previously done in only one of the 3 call sites. However it is not, because: - for the 2 call sites in verify(), the test always succeeds as path_cnt is 0. - for the call site in verify_child(), the same test was done later anyway in verify_top()
This commit is contained in:
parent
2f1c33dc33
commit
9c6118c498
@ -1904,13 +1904,18 @@ static mbedtls_x509_crt *x509_crt_find_parent( mbedtls_x509_crt *child,
|
|||||||
{
|
{
|
||||||
mbedtls_x509_crt *parent;
|
mbedtls_x509_crt *parent;
|
||||||
|
|
||||||
(void) self_cnt;
|
|
||||||
|
|
||||||
for( parent = candidates; parent != NULL; parent = parent->next )
|
for( parent = candidates; parent != NULL; parent = parent->next )
|
||||||
{
|
{
|
||||||
if( x509_crt_check_parent( child, parent, top, path_cnt == 0 ) != 0 )
|
if( x509_crt_check_parent( child, parent, top, path_cnt == 0 ) != 0 )
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
/* +1 because stored max_pathlen is 1 higher that the actual value */
|
||||||
|
if( parent->max_pathlen > 0 &&
|
||||||
|
parent->max_pathlen < 1 + path_cnt - self_cnt )
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -2158,23 +2163,9 @@ static int x509_crt_verify_child(
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Look for a grandparent upwards the chain */
|
/* Look for a grandparent upwards the chain */
|
||||||
for( grandparent = parent->next;
|
/* path_cnt +1 because current step is not yet accounted for */
|
||||||
grandparent != NULL;
|
grandparent = x509_crt_find_parent( parent, parent->next, 0,
|
||||||
grandparent = grandparent->next )
|
path_cnt + 1, self_cnt );
|
||||||
{
|
|
||||||
/* +2 because the current step is not yet accounted for
|
|
||||||
* and because max_pathlen is one higher than it should be.
|
|
||||||
* Also self signed certificates do not count to the limit. */
|
|
||||||
if( grandparent->max_pathlen > 0 &&
|
|
||||||
grandparent->max_pathlen < 2 + path_cnt - self_cnt )
|
|
||||||
{
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
if( x509_crt_check_parent( parent, grandparent,
|
|
||||||
0, path_cnt == 0 ) == 0 )
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
|
|
||||||
/* Is our parent part of the chain or at the top? */
|
/* Is our parent part of the chain or at the top? */
|
||||||
if( grandparent != NULL )
|
if( grandparent != NULL )
|
||||||
|
Loading…
Reference in New Issue
Block a user