lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-03 20:33:16 +03:00
Code Activity

Merge duplicated checks between child() and top()

Browse Source
This commit is contained in:
Manuel Pégourié-Gonnard
2017-07-03 21:39:21 +02:00
parent 58dcd2d9b2
commit 66fac75f8b
1 changed files with 12 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

36
library/x509_crt.c
View File

@@ -2027,18 +2027,6 @@ static int x509_crt_verify_top(
(void) self_cnt; (void) self_cnt;
if( mbedtls_x509_time_is_past( &child->valid_to ) )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
/* Special case #1: no root, stop here */ /* Special case #1: no root, stop here */
if( trust_ca == NULL ) if( trust_ca == NULL )
{ {
@@ -2114,6 +2102,18 @@ static int x509_crt_verify_child(
mbedtls_x509_crt *parent; mbedtls_x509_crt *parent;
uint32_t parent_flags = 0; uint32_t parent_flags = 0;
if( mbedtls_x509_time_is_past( &child->valid_to ) )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
/* Look for a parent in trusted CAs */ /* Look for a parent in trusted CAs */
parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt ); parent = x509_crt_find_parent( child, trust_ca, 1, path_cnt, self_cnt );
@@ -2146,18 +2146,6 @@ static int x509_crt_verify_child(
return( MBEDTLS_ERR_X509_FATAL_ERROR ); return( MBEDTLS_ERR_X509_FATAL_ERROR );
} }
if( mbedtls_x509_time_is_past( &child->valid_to ) )
*flags |= MBEDTLS_X509_BADCERT_EXPIRED;
if( mbedtls_x509_time_is_future( &child->valid_from ) )
*flags |= MBEDTLS_X509_BADCERT_FUTURE;
if( x509_profile_check_md_alg( profile, child->sig_md ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_MD;
if( x509_profile_check_pk_alg( profile, child->sig_pk ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_BAD_PK;
if( x509_crt_check_signature( child, parent ) != 0 ) if( x509_crt_check_signature( child, parent ) != 0 )
*flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED; *flags |= MBEDTLS_X509_BADCERT_NOT_TRUSTED;