projects / openssl.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
More indentation consistency: for (), while (), if (), return ()
[openssl.git] / crypto / x509 / x509_vfy.c
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index b8fb24a1d6a93ccbdbd04fa2dc48b35e79d2240c..767b74be53122801cf2b7e117294fb2143aa85de 100644 (file)
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -87,13 +87,13 @@ static STACK *x509_store_method=NULL;
 
 static int null_callback(int ok, X509_STORE_CTX *e)
        {
-       return(ok);
+       return (ok);
        }
 
 #if 0
 static int x509_subject_cmp(X509 **a, X509 **b)
        {
-       return(X509_subject_name_cmp(*a,*b));
+       return (X509_subject_name_cmp(*a,*b));
        }
 #endif
 
@@ -109,7 +109,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
        if (ctx->cert == NULL)
                {
                X509err(X509_F_X509_VERIFY_CERT,X509_R_NO_CERT_SET_FOR_US_TO_VERIFY);
-               return(-1);
+               return (-1);
                }
 
        cb=ctx->verify_cb;
@@ -205,7 +205,7 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                                ctx->error=X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT;
                                ctx->current_cert=x;
                                ctx->error_depth=i-1;
-                               if(ok == 1) X509_free(xtmp);
+                               if (ok == 1) X509_free(xtmp);
                                ok=cb(0,ctx);
                                if (!ok) goto end;
                                }
@@ -243,14 +243,14 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                ok = ctx->get_issuer(&xtmp, ctx, x);
 
                if (ok < 0) return ok;
-               if(ok == 0) break;
+               if (ok == 0) break;
 
                x = xtmp;
                if (!sk_X509_push(ctx->chain,x))
                        {
                        X509_free(xtmp);
                        X509err(X509_F_X509_VERIFY_CERT,ERR_R_MALLOC_FAILURE);
-                       return(0);
+                       return (0);
                        }
                num++;
                }
@@ -286,15 +286,15 @@ int X509_verify_cert(X509_STORE_CTX *ctx)
                }
 
        /* We have the chain complete: now we need to check its purpose */
-       if(ctx->purpose > 0) ok = check_chain_purpose(ctx);
+       if (ctx->purpose > 0) ok = check_chain_purpose(ctx);
 
-       if(!ok) goto end;
+       if (!ok) goto end;
 
        /* The chain extensions are OK: check trust */
 
-       if(ctx->trust > 0) ok = check_trust(ctx);
+       if (ctx->trust > 0) ok = check_trust(ctx);
 
-       if(!ok) goto end;
+       if (!ok) goto end;
 
        /* We may as well copy down any DSA parameters that are required */
        X509_get_pubkey_parameters(NULL,ctx->chain);
@@ -311,7 +311,7 @@ end:
                }
        if (sktmp != NULL) sk_X509_free(sktmp);
        if (chain_ss != NULL) X509_free(chain_ss);
-       return(ok);
+       return (ok);
        }
 
 
@@ -322,10 +322,12 @@ static X509 *find_issuer(X509_STORE_CTX *ctx, STACK_OF(X509) *sk, X509 *x)
 {
        int i;
        X509 *issuer;
-       for(i = 0; i < sk_X509_num(sk); i++) {
+       for (i = 0; i < sk_X509_num(sk); i++)
+               {
                issuer = sk_X509_value(sk, i);
-               if(ctx->check_issued(ctx, x, issuer)) return issuer;
-       }
+               if (ctx->check_issued(ctx, x, issuer))
+                       return issuer;
+               }
        return NULL;
 }
 
@@ -335,15 +337,18 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 {
        int ret;
        ret = X509_check_issued(issuer, x);
-       if(ret == X509_V_OK) return 1;
-       else {
-                       ctx->error = ret;
-                       ctx->current_cert = x;
-                       ctx->current_issuer = issuer;
-                       if(ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK)
-                               return ctx->verify_cb(0, ctx);
-                       else return 0;
-       }
+       if (ret == X509_V_OK)
+               return 1;
+       else
+               {
+               ctx->error = ret;
+               ctx->current_cert = x;
+               ctx->current_issuer = issuer;
+               if ((ctx->flags & X509_V_FLAG_CB_ISSUER_CHECK) && ctx->verify_cb)
+                       return ctx->verify_cb(0, ctx);
+               else
+                       return 0;
+               }
        return 0;
 }
 
@@ -352,10 +357,13 @@ static int check_issued(X509_STORE_CTX *ctx, X509 *x, X509 *issuer)
 static int get_issuer_sk(X509 **issuer, X509_STORE_CTX *ctx, X509 *x)
 {
        *issuer = find_issuer(ctx, ctx->other_ctx, x);
-       if(*issuer) {
+       if (*issuer)
+               {
                CRYPTO_add(&(*issuer)->references,1,CRYPTO_LOCK_X509);
                return 1;
-       } else return 0;
+               }
+       else
+               return 0;
 }
        
 
@@ -374,29 +382,34 @@ static int check_chain_purpose(X509_STORE_CTX *ctx)
        cb=ctx->verify_cb;
        if (cb == NULL) cb=null_callback;
        /* Check all untrusted certificates */
-       for(i = 0; i < ctx->last_untrusted; i++) {
+       for (i = 0; i < ctx->last_untrusted; i++)
+               {
                x = sk_X509_value(ctx->chain, i);
-               if(!X509_check_purpose(x, ctx->purpose, i)) {
-                       if(i) ctx->error = X509_V_ERR_INVALID_CA;
-                       else ctx->error = X509_V_ERR_INVALID_PURPOSE;
+               if (!X509_check_purpose(x, ctx->purpose, i))
+                       {
+                       if (i)
+                               ctx->error = X509_V_ERR_INVALID_CA;
+                       else
+                               ctx->error = X509_V_ERR_INVALID_PURPOSE;
                        ctx->error_depth = i;
                        ctx->current_cert = x;
                        ok=cb(0,ctx);
-                       if(!ok) goto end;
-               }
+                       if (!ok) goto end;
+                       }
                /* Check pathlen */
-               if((i > 1) && (x->ex_pathlen != -1)
-                                       && (i > (x->ex_pathlen + 1))) {
+               if ((i > 1) && (x->ex_pathlen != -1)
+                          && (i > (x->ex_pathlen + 1)))
+                       {
                        ctx->error = X509_V_ERR_PATH_LENGTH_EXCEEDED;
                        ctx->error_depth = i;
                        ctx->current_cert = x;
                        ok=cb(0,ctx);
-                       if(!ok) goto end;
+                       if (!ok) goto end;
+                       }
                }
-       }
        ok = 1;
      end:
-       return(ok);
+ end:
+       return (ok);
 #endif
 }
 
@@ -414,13 +427,16 @@ static int check_trust(X509_STORE_CTX *ctx)
        i = sk_X509_num(ctx->chain) - 1;
        x = sk_X509_value(ctx->chain, i);
        ok = X509_check_trust(x, ctx->trust, 0);
-       if(ok == X509_TRUST_TRUSTED) return 1;
+       if (ok == X509_TRUST_TRUSTED)
+               return 1;
        ctx->error_depth = sk_X509_num(ctx->chain) - 1;
        ctx->current_cert = x;
-       if(ok == X509_TRUST_REJECTED) ctx->error = X509_V_ERR_CERT_REJECTED;
-       else ctx->error = X509_V_ERR_CERT_UNTRUSTED;
+       if (ok == X509_TRUST_REJECTED)
+               ctx->error = X509_V_ERR_CERT_REJECTED;
+       else
+               ctx->error = X509_V_ERR_CERT_UNTRUSTED;
        ok = cb(0, ctx);
-       return(ok);
+       return (ok);
 #endif
 }
 
@@ -439,8 +455,10 @@ static int internal_verify(X509_STORE_CTX *ctx)
        ctx->error_depth=n-1;
        n--;
        xi=sk_X509_value(ctx->chain,n);
-       if(ctx->flags & X509_V_FLAG_USE_CHECK_TIME) ptime = &ctx->check_time;
-       else ptime = NULL;
+       if (ctx->flags & X509_V_FLAG_USE_CHECK_TIME)
+               ptime = &ctx->check_time;
+       else
+               ptime = NULL;
        if (ctx->check_issued(ctx, xi, xi))
                xs=xi;
        else
@@ -538,7 +556,7 @@ static int internal_verify(X509_STORE_CTX *ctx)
                }
        ok=1;
 end:
-       return(ok);
+       return (ok);
        }
 
 int X509_cmp_current_time(ASN1_TIME *ctm)
@@ -557,17 +575,20 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
        p=buff1;
        i=ctm->length;
        str=(char *)ctm->data;
-       if(ctm->type == V_ASN1_UTCTIME) {
-               if ((i < 11) || (i > 17)) return(0);
+       if (ctm->type == V_ASN1_UTCTIME)
+               {
+               if ((i < 11) || (i > 17)) return (0);
                memcpy(p,str,10);
                p+=10;
                str+=10;
-       } else {
-               if(i < 13) return 0;
+               }
+       else
+               {
+               if (i < 13) return 0;
                memcpy(p,str,12);
                p+=12;
                str+=12;
-       }
+               }
 
        if ((*str == 'Z') || (*str == '-') || (*str == '+'))
                { *(p++)='0'; *(p++)='0'; }
@@ -576,13 +597,13 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
                *(p++)= *(str++);
                *(p++)= *(str++);
                /* Skip any fractional seconds... */
-               if(*str == '.')
+               if (*str == '.')
                        {
                        str++;
-                       while((*str >= '0') && (*str <= '9')) str++;
+                       while ((*str >= '0') && (*str <= '9')) str++;
                        }
-
-       }
+               
+               }
        *(p++)='Z';
        *(p++)='\0';
 
@@ -591,7 +612,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
        else
                {
                if ((*str != '+') && (str[5] != '-'))
-                       return(0);
+                       return (0);
                offset=((str[1]-'0')*10+(str[2]-'0'))*60;
                offset+=(str[3]-'0')*10+(str[4]-'0');
                if (*str == '-')
@@ -603,7 +624,7 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
 
        X509_time_adj(&atm,-offset*60, cmp_time);
 
-       if(ctm->type == V_ASN1_UTCTIME)
+       if (ctm->type == V_ASN1_UTCTIME)
                {
                i=(buff1[0]-'0')*10+(buff1[1]-'0');
                if (i < 50) i+=100; /* cf. RFC 2459 */
@@ -615,9 +636,9 @@ int X509_cmp_time(ASN1_TIME *ctm, time_t *cmp_time)
                }
        i=strcmp(buff1,buff2);
        if (i == 0) /* wait a second then return younger :-) */
-               return(-1);
+               return (-1);
        else
-               return(i);
+               return (i);
        }
 
 ASN1_TIME *X509_gmtime_adj(ASN1_TIME *s, long adj)
@@ -629,12 +650,12 @@ ASN1_TIME *X509_time_adj(ASN1_TIME *s, long adj, time_t *in_tm)
        {
        time_t t;
 
-       if(in_tm) t = *in_tm;
+       if (in_tm) t = *in_tm;
        else time(&t);
 
        t+=adj;
-       if(!s) return ASN1_TIME_set(s, t);
-       if(s->type == V_ASN1_UTCTIME) return(ASN1_UTCTIME_set(s,t));
+       if (!s) return ASN1_TIME_set(s, t);
+       if (s->type == V_ASN1_UTCTIME) return (ASN1_UTCTIME_set(s,t));
        return ASN1_GENERALIZEDTIME_set(s, t);
        }
 
@@ -643,7 +664,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
        EVP_PKEY *ktmp=NULL,*ktmp2;
        int i,j;
 
-       if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return(1);
+       if ((pkey != NULL) && !EVP_PKEY_missing_parameters(pkey)) return (1);
 
        for (i=0; i<sk_X509_num(chain); i++)
                {
@@ -651,7 +672,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
                if (ktmp == NULL)
                        {
                        X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_GET_CERTS_PUBLIC_KEY);
-                       return(0);
+                       return (0);
                        }
                if (!EVP_PKEY_missing_parameters(ktmp))
                        break;
@@ -664,7 +685,7 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
        if (ktmp == NULL)
                {
                X509err(X509_F_X509_GET_PUBKEY_PARAMETERS,X509_R_UNABLE_TO_FIND_PARAMETERS_IN_CHAIN);
-               return(0);
+               return (0);
                }
 
        /* first, populate the other certs */
@@ -677,31 +698,31 @@ int X509_get_pubkey_parameters(EVP_PKEY *pkey, STACK_OF(X509) *chain)
        
        if (pkey != NULL) EVP_PKEY_copy_parameters(pkey,ktmp);
        EVP_PKEY_free(ktmp);
-       return(1);
+       return (1);
        }
 
 int X509_STORE_CTX_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
             CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
         {
         x509_store_ctx_num++;
-        return(CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
+        return (CRYPTO_get_ex_new_index(x509_store_ctx_num-1,
                &x509_store_ctx_method,
                 argl,argp,new_func,dup_func,free_func));
         }
 
 int X509_STORE_CTX_set_ex_data(X509_STORE_CTX *ctx, int idx, void *data)
        {
-       return(CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
+       return (CRYPTO_set_ex_data(&ctx->ex_data,idx,data));
        }
 
 void *X509_STORE_CTX_get_ex_data(X509_STORE_CTX *ctx, int idx)
        {
-       return(CRYPTO_get_ex_data(&ctx->ex_data,idx));
+       return (CRYPTO_get_ex_data(&ctx->ex_data,idx));
        }
 
 int X509_STORE_CTX_get_error(X509_STORE_CTX *ctx)
        {
-       return(ctx->error);
+       return (ctx->error);
        }
 
 void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
@@ -711,17 +732,17 @@ void X509_STORE_CTX_set_error(X509_STORE_CTX *ctx, int err)
 
 int X509_STORE_CTX_get_error_depth(X509_STORE_CTX *ctx)
        {
-       return(ctx->error_depth);
+       return (ctx->error_depth);
        }
 
 X509 *X509_STORE_CTX_get_current_cert(X509_STORE_CTX *ctx)
        {
-       return(ctx->current_cert);
+       return (ctx->current_cert);
        }
 
 STACK_OF(X509) *X509_STORE_CTX_get_chain(X509_STORE_CTX *ctx)
        {
-       return(ctx->chain);
+       return (ctx->chain);
        }
 
 STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
@@ -729,12 +750,13 @@ STACK_OF(X509) *X509_STORE_CTX_get1_chain(X509_STORE_CTX *ctx)
        int i;
        X509 *x;
        STACK_OF(X509) *chain;
-       if(!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
-       for(i = 0; i < sk_X509_num(chain); i++) {
+       if (!ctx->chain || !(chain = sk_X509_dup(ctx->chain))) return NULL;
+       for (i = 0; i < sk_X509_num(chain); i++)
+               {
                x = sk_X509_value(chain, i);
                CRYPTO_add(&x->references, 1, CRYPTO_LOCK_X509);
-       }
-       return(chain);
+               }
+       return (chain);
        }
 
 void X509_STORE_CTX_set_cert(X509_STORE_CTX *ctx, X509 *x)
@@ -772,40 +794,46 @@ int X509_STORE_CTX_purpose_inherit(X509_STORE_CTX *ctx, int def_purpose,
 {
        int idx;
        /* If purpose not set use default */
-       if(!purpose) purpose = def_purpose;
+       if (!purpose) purpose = def_purpose;
        /* If we have a purpose then check it is valid */
-       if(purpose) {
+       if (purpose)
+               {
                X509_PURPOSE *ptmp;
                idx = X509_PURPOSE_get_by_id(purpose);
-               if(idx == -1) {
+               if (idx == -1)
+                       {
                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
                                                X509_R_UNKNOWN_PURPOSE_ID);
                        return 0;
-               }
+                       }
                ptmp = X509_PURPOSE_get0(idx);
-               if(ptmp->trust == X509_TRUST_DEFAULT) {
+               if (ptmp->trust == X509_TRUST_DEFAULT)
+                       {
                        idx = X509_PURPOSE_get_by_id(def_purpose);
-                       if(idx == -1) {
+                       if (idx == -1)
+                               {
                                X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
                                                X509_R_UNKNOWN_PURPOSE_ID);
                                return 0;
-                       }
+                               }
                        ptmp = X509_PURPOSE_get0(idx);
-               }
+                       }
                /* If trust not set then get from purpose default */
-               if(!trust) trust = ptmp->trust;
-       }
-       if(trust) {
+               if (!trust) trust = ptmp->trust;
+               }
+       if (trust)
+               {
                idx = X509_TRUST_get_by_id(trust);
-               if(idx == -1) {
+               if (idx == -1)
+                       {
                        X509err(X509_F_X509_STORE_CTX_PURPOSE_INHERIT,
                                                X509_R_UNKNOWN_TRUST_ID);
                        return 0;
+                       }
                }
-       }
 
-       if(purpose) ctx->purpose = purpose;
-       if(trust) ctx->trust = trust;
+       if (purpose) ctx->purpose = purpose;
+       if (trust) ctx->trust = trust;
        return 1;
 }
 
@@ -813,7 +841,7 @@ X509_STORE_CTX *X509_STORE_CTX_new(void)
 {
        X509_STORE_CTX *ctx;
        ctx = (X509_STORE_CTX *)OPENSSL_malloc(sizeof(X509_STORE_CTX));
-       if(ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
+       if (ctx) memset(ctx, 0, sizeof(X509_STORE_CTX));
        return ctx;
 }
 
@@ -833,17 +861,21 @@ void X509_STORE_CTX_init(X509_STORE_CTX *ctx, X509_STORE *store, X509 *x509,
        ctx->last_untrusted=0;
        ctx->purpose=0;
        ctx->trust=0;
+       ctx->check_time=0;
+       ctx->flags=0;
+       ctx->other_ctx=NULL;
        ctx->valid=0;
        ctx->chain=NULL;
        ctx->depth=9;
        ctx->error=0;
+       ctx->error_depth=0;
        ctx->current_cert=NULL;
        ctx->current_issuer=NULL;
        ctx->check_issued = check_issued;
        ctx->get_issuer = X509_STORE_CTX_get1_issuer;
        ctx->verify_cb = store->verify_cb;
        ctx->verify = store->verify;
-       ctx->cleanup = NULL;
+       ctx->cleanup = 0;
        memset(&(ctx->ex_data),0,sizeof(CRYPTO_EX_DATA));
        }
 
@@ -859,7 +891,7 @@ void X509_STORE_CTX_trusted_stack(X509_STORE_CTX *ctx, STACK_OF(X509) *sk)
 
 void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx)
        {
-       if(ctx->cleanup) ctx->cleanup(ctx);
+       if (ctx->cleanup) ctx->cleanup(ctx);
        if (ctx->chain != NULL)
                {
                sk_X509_pop_free(ctx->chain,X509_free);
Unnamed repository; edit this file 'description' to name the repository.