mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-18 13:44:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

X509 build_chain(): Make the variable 'curr' local to the loop body

Browse Source 
This increases readability and maintainability.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/14422)
This commit is contained in:
Dr. David von Oheimb 2021-03-04 17:35:46 +01:00 committed by Dr. David von Oheimb
parent e2abc685b7
commit fc48b5c825
1 changed files with 4 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
crypto/x509/x509_vfy.c
View File

@ -2985,7 +2985,6 @@ static int build_chain(X509_STORE_CTX *ctx)
{
SSL_DANE *dane = ctx->dane;
int num = sk_X509_num(ctx->chain);
X509 *curr = sk_X509_value(ctx->chain, num - 1); /* current end of chain */
STACK_OF(X509) *sk_untrusted = NULL;
unsigned int search;
int may_trusted = 0;
@ -3051,7 +3050,7 @@ static int build_chain(X509_STORE_CTX *ctx)
max_depth = ctx->param->depth + 1;
while (search != 0) {
X509 *issuer = NULL;
X509 *curr, *issuer = NULL;
num = sk_X509_num(ctx->chain);
ctx->error_depth = num - 1;
@ -3145,8 +3144,7 @@ static int build_chain(X509_STORE_CTX *ctx)
* trusted matching issuer. Otherwise, grow the chain.
*/
if (!self_signed) {
curr = issuer;
if (!sk_X509_push(ctx->chain, curr)) {
if (!sk_X509_push(ctx->chain, issuer)) {
X509_free(issuer);
goto memerr;
}
@ -3167,8 +3165,6 @@ static int build_chain(X509_STORE_CTX *ctx)
X509_free(curr);
ctx->num_untrusted = --num;
(void)sk_X509_set(ctx->chain, num, issuer);
curr = issuer;
/* no need to update self_signed */
}
}
@ -3246,7 +3242,6 @@ static int build_chain(X509_STORE_CTX *ctx)
goto int_err;
++ctx->num_untrusted;
curr = issuer;
/* Check for DANE-TA trust of the topmost untrusted certificate. */
trust = check_dane_issuer(ctx, ctx->num_untrusted - 1);
@ -3297,9 +3292,9 @@ static int build_chain(X509_STORE_CTX *ctx)
CB_FAIL_IF(DANETLS_ENABLED(dane)
&& (!DANETLS_HAS_PKIX(dane) || dane->pdpth >= 0),
ctx, NULL, num - 1, X509_V_ERR_DANE_NO_MATCH);
if (X509_self_signed(curr, 0))
if (X509_self_signed(sk_X509_value(ctx->chain, num - 1), 0))
return verify_cb_cert(ctx, NULL, num - 1,
sk_X509_num(ctx->chain) == 1
num == 1
? X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT
: X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN);
return verify_cb_cert(ctx, NULL, num - 1,