commit cffe4a65bd44152dfd2d8c5c84aed3105c4b3b13
author Manuel Pégourié-Gonnard <mpg@elzevir.fr> Fri Aug 23 16:47:30 2013 +0200
committer Paul Bakker <p.j.bakker@polarssl.org> Wed Aug 28 13:13:20 2013 +0200
tree a71de36a3631c223178cd22052a88716ac70a11b
parent c8676784ffeb2310fc8e35778e4335b135e596ec

Move "constant" code outside a loop

library/x509parse.c

diff --git a/library/x509parse.c b/library/x509parse.c
index 132d285..c175df4 100644
--- a/library/x509parse.c
+++ b/library/x509parse.c
@@ -3505,6 +3505,17 @@
      */
     *flags |= BADCERT_NOT_TRUSTED;
 
+    md_info = md_info_from_type( child->sig_md );
+    if( md_info == NULL )
+    {
+        /*
+         * Cannot check 'unknown', no need to try any CA
+         */
+        trust_ca = NULL;
+    }
+    else
+        md( md_info, child->tbs.p, child->tbs.len, hash );
+
     while( trust_ca != NULL )
     {
         if( trust_ca->version == 0 ||
@@ -3534,18 +3545,6 @@
             continue;
         }
 
-        md_info = md_info_from_type( child->sig_md );
-        if( md_info == NULL )
-        {
-            /*
-             * Cannot check 'unknown' hash
-             */
-            trust_ca = trust_ca->next;
-            continue;
-        }
-
-        md( md_info, child->tbs.p, child->tbs.len, hash );
-
         if( pk_can_do( &trust_ca->pk, child->sig_pk ) == 0 ||
             pk_verify( &trust_ca->pk, child->sig_md, hash, md_info->size,
                        child->sig.p, child->sig.len ) != 0 )
@@ -3571,7 +3570,7 @@
           memcmp( child->subject_raw.p, trust_ca->subject_raw.p,
                             child->issuer_raw.len ) != 0 ) )
     {
-        /* Check trusted CA's CRL for then chain's top crt */
+        /* Check trusted CA's CRL for the chain's top crt */
         *flags |= x509parse_verifycrl( child, trust_ca, ca_crl );
 
         if( x509parse_time_expired( &trust_ca->valid_to ) )