From a96884342928667f40ea8e27f178b701a2faea86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Manuel=20P=C3=A9gouri=C3=A9-Gonnard?= Date: Wed, 23 Aug 2017 11:23:59 +0200 Subject: [PATCH] Improve some comments in verify_chain() --- library/x509_crt.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/library/x509_crt.c b/library/x509_crt.c index 1a3eb2d96..69cec4db8 100644 --- a/library/x509_crt.c +++ b/library/x509_crt.c @@ -2219,6 +2219,8 @@ static int x509_crt_check_ee_locally_trusted( * - [in] trust_ca: the trusted list R1, ..., Rp * - [in] ca_crl, profile: as in verify_with_profile() * - [out] ver_chain: the built and verified chain + * Only valid when return value is 0, may contain garbage otherwise! + * Restart note: need not be the same when calling again to resume. * - [in-out] rs_ctx: context for restarting operations * * Return value: @@ -2234,6 +2236,8 @@ static int x509_crt_verify_chain( mbedtls_x509_crt_verify_chain *ver_chain, mbedtls_x509_crt_restart_ctx *rs_ctx ) { + /* Don't initialize any of those variables here, so that the compiler can + * catch potential issues with jumping ahead when restarting */ int ret; uint32_t *flags; mbedtls_x509_crt_verify_chain_item *cur; @@ -2251,7 +2255,7 @@ static int x509_crt_verify_chain( /* restore saved state */ child = rs_ctx->child; self_cnt = rs_ctx->self_cnt; - *ver_chain = rs_ctx->ver_chain; + *ver_chain = rs_ctx->ver_chain; /* struct copy */ cur = &ver_chain->items[ver_chain->len - 1]; flags = &cur->flags; @@ -2312,7 +2316,7 @@ find_parent: /* save state */ rs_ctx->child = child; rs_ctx->self_cnt = self_cnt; - rs_ctx-> ver_chain = *ver_chain; + rs_ctx->ver_chain = *ver_chain; /* struct copy */ return( ret ); }