Fix indentation of comments and labels

OK tb@
author: job <> 2021-09-08 09:49:24 +0000
committer: job <> 2021-09-08 09:49:24 +0000
commit: ebd143e5b1b0ef90bc7849974f5dc568793dd11b (patch)
tree: 7f4ca34d033261f20aa25f7fdbbdbb3da5c17962 /src/lib/libcrypto/x509/x509_asid.c
parent: 704a9c87f5409128acdf0580902921fcd66e7134 (diff)
download: openbsd-ebd143e5b1b0ef90bc7849974f5dc568793dd11b.tar.gz
openbsd-ebd143e5b1b0ef90bc7849974f5dc568793dd11b.tar.bz2
openbsd-ebd143e5b1b0ef90bc7849974f5dc568793dd11b.zip
1 files changed, 85 insertions, 85 deletions
diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c
index b44b01489f..ed99ca7b6d 100644
--- a/src/lib/libcrypto/x509/x509_asid.c
+++ b/src/lib/libcrypto/x509/x509_asid.c
@@ -414,7 +414,7 @@ X509v3_asid_add_id_or_range(ASIdentifiers *asid, int which, ASN1_INTEGER *min,
                goto err;
        return 1;
-err:
+ err:
        ASIdOrRange_free(aor);
        return 0;
 }
@@ -452,22 +452,22 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
        BIGNUM *bn = NULL;
        int i, ret = 0;
-    /*
+        /*
-     * Empty element or inheritance is canonical.
+         * Empty element or inheritance is canonical.
-     */
+         */
        if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
                return 1;
-    /*
+        /*
-     * If not a list, or if empty list, it's broken.
+         * If not a list, or if empty list, it's broken.
-     */
+         */
        if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
            sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
                return 0;
-    /*
+        /*
-     * It's a list, check it.
+         * It's a list, check it.
-     */
+         */
        for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
                ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,
                    i);
@@ -483,17 +483,17 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
                    !extract_min_max(b, &b_min, &b_max))
                        goto done;
-        /*
+                /*
-         * Punt misordered list, overlapping start, or inverted range.
+                 * Punt misordered list, overlapping start, or inverted range.
-         */
+                 */
                if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 ||
                    ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
                    ASN1_INTEGER_cmp(b_min, b_max) > 0)
                        goto done;
-        /*
+                /*
-         * Calculate a_max + 1 to check for adjacency.
+                 * Calculate a_max + 1 to check for adjacency.
-         */
+                 */
                if ((bn == NULL && (bn = BN_new()) == NULL) ||
                    ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
                    !BN_add_word(bn, 1)) {
@@ -508,16 +508,16 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
                        goto done;
                }
-        /*
+                /*
-         * Punt if adjacent or overlapping.
+                 * Punt if adjacent or overlapping.
-         */
+                 */
                if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
                        goto done;
        }
-    /*
+        /*
-     * Check for inverted range.
+        * Check for inverted range.
-     */
+        */
        i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
        {
                ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,
@@ -532,7 +532,7 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
        ret = 1;
-done:
+ done:
        ASN1_INTEGER_free(a_max_plus_one);
        BN_free(bn);
        return ret;
@@ -560,30 +560,30 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
        BIGNUM *bn = NULL;
        int i, ret = 0;
-    /*
+        /*
-     * Nothing to do for empty element or inheritance.
+         * Nothing to do for empty element or inheritance.
-     */
+         */
        if (choice == NULL || choice->type == ASIdentifierChoice_inherit)
                return 1;
-    /*
+        /*
-     * If not a list, or if empty list, it's broken.
+         * If not a list, or if empty list, it's broken.
-     */
+         */
        if (choice->type != ASIdentifierChoice_asIdsOrRanges ||
            sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
                X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);
                return 0;
        }
-    /*
+        /*
-     * We have a non-empty list.  Sort it.
+         * We have a non-empty list.  Sort it.
-     */
+         */
        sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
-    /*
+        /*
-     * Now check for errors and suboptimal encoding, rejecting the
+         * Now check for errors and suboptimal encoding, rejecting the
-     * former and fixing the latter.
+         * former and fixing the latter.
-     */
+         */
        for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
                ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,
                    i);
@@ -599,29 +599,29 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
                    !extract_min_max(b, &b_min, &b_max))
                        goto done;
-        /*
+                /*
-         * Make sure we're properly sorted (paranoia).
+                 * Make sure we're properly sorted (paranoia).
-         */
+                 */
                OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
-        /*
+                /*
-         * Punt inverted ranges.
+                 * Punt inverted ranges.
-         */
+                 */
                if (ASN1_INTEGER_cmp(a_min, a_max) > 0 ||
                    ASN1_INTEGER_cmp(b_min, b_max) > 0)
                        goto done;
-        /*
+                /*
-         * Check for overlaps.
+                 * Check for overlaps.
-         */
+                 */
                if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
                        X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);
                        goto done;
                }
-        /*
+                /*
-         * Calculate a_max + 1 to check for adjacency.
+                 * Calculate a_max + 1 to check for adjacency.
-         */
+                 */
                if ((bn == NULL && (bn = BN_new()) == NULL) ||
                    ASN1_INTEGER_to_BN(a_max, bn) == NULL ||
                    !BN_add_word(bn, 1)) {
@@ -636,9 +636,9 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
                        goto done;
                }
-        /*
+                /*
-         * If a and b are adjacent, merge them.
+                 * If a and b are adjacent, merge them.
-         */
+                 */
                if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
                        ASRange *r;
                        switch (a->type) {
@@ -673,9 +673,9 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
                }
        }
-    /*
+        /*
-     * Check for final inverted range.
+         * Check for final inverted range.
-     */
+         */
        i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
        {
                ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,
@@ -688,12 +688,12 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
                }
        }
-    /* Paranoia */
+        /* Paranoia */
        OPENSSL_assert(ASIdentifierChoice_is_canonical(choice));
        ret = 1;
-done:
+ done:
        ASN1_INTEGER_free(a_max_plus_one);
        BN_free(bn);
        return ret;
@@ -730,9 +730,9 @@ v2i_ASIdentifiers(const struct v3_ext_method *method, struct v3_ext_ctx *ctx,
                CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
                int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0;
-        /*
+                /*
-         * Figure out whether this is an AS or an RDI.
+                 * Figure out whether this is an AS or an RDI.
-         */
+                 */
                if (!name_cmp(val->name, "AS")) {
                        which = V3_ASID_ASNUM;
                } else if (!name_cmp(val->name, "RDI")) {
@@ -743,9 +743,9 @@ v2i_ASIdentifiers(const struct v3_ext_method *method, struct v3_ext_ctx *ctx,
                        goto err;
                }
-        /*
+                /*
-         * Handle inheritance.
+                 * Handle inheritance.
-         */
+                 */
                if (strcmp(val->value, "inherit") == 0) {
                        if (X509v3_asid_add_inherit(asid, which))
                                continue;
@@ -754,9 +754,9 @@ v2i_ASIdentifiers(const struct v3_ext_method *method, struct v3_ext_ctx *ctx,
                        goto err;
                }
-        /*
+                /*
-         * Number, range, or mistake, pick it apart and figure out which.
+                 * Number, range, or mistake, pick it apart and figure out which
-         */
+                 */
                i1 = strspn(val->value, "0123456789");
                if (val->value[i1] == '\0') {
                        is_range = 0;
@@ -778,9 +778,9 @@ v2i_ASIdentifiers(const struct v3_ext_method *method, struct v3_ext_ctx *ctx,
                        }
                }
-        /*
+                /*
-         * Syntax is ok, read and add it.
+                 * Syntax is ok, read and add it.
-         */
+                 */
                if (!is_range) {
                        if (!X509V3_get_value_int(val, &min)) {
                                X509V3error(ERR_R_MALLOC_FAILURE);
@@ -812,14 +812,14 @@ v2i_ASIdentifiers(const struct v3_ext_method *method, struct v3_ext_ctx *ctx,
                min = max = NULL;
        }
-    /*
+        /*
-     * Canonize the result, then we're done.
+         * Canonize the result, then we're done.
-     */
+         */
        if (!X509v3_asid_canonize(asid))
                goto err;
        return asid;
-err:
+ err:
        ASIdentifiers_free(asid);
        ASN1_INTEGER_free(min);
        ASN1_INTEGER_free(max);
@@ -941,11 +941,11 @@ asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain,
        OPENSSL_assert(ctx != NULL || ext != NULL);
        OPENSSL_assert(ctx == NULL || ctx->verify_cb != NULL);
-    /*
+        /*
-     * Figure out where to start.  If we don't have an extension to
+         * Figure out where to start.  If we don't have an extension to
-     * check, we're done.  Otherwise, check canonical form and
+         * check, we're done.  Otherwise, check canonical form and
-     * set up for walking up the chain.
+         * set up for walking up the chain.
-     */
+         */
        if (ext != NULL) {
                i = -1;
                x = NULL;
@@ -978,10 +978,10 @@ asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain,
                }
        }
-    /*
+        /*
-     * Now walk up the chain.  Extensions must be in canonical form, no
+         * Now walk up the chain.  Extensions must be in canonical form, no
-     * cert may list resources that its parent doesn't list.
+         * cert may list resources that its parent doesn't list.
-     */
+         */
        for (i++; i < sk_X509_num(chain); i++) {
                x = sk_X509_value(chain, i);
                OPENSSL_assert(x != NULL);
@@ -1028,9 +1028,9 @@ asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain,
                }
        }
-    /*
+        /*
-     * Trust anchor can't inherit.
+         * Trust anchor can't inherit.
-     */
+         */
        OPENSSL_assert(x != NULL);
        if (x->rfc3779_asid != NULL) {
@@ -1042,7 +1042,7 @@ asid_validate_path_internal(X509_STORE_CTX *ctx, STACK_OF(X509)*chain,
                        validation_err(X509_V_ERR_UNNESTED_RESOURCE);
        }
-done:
+ done:
        return ret;
 }
author	job <>	2021-09-08 09:49:24 +0000
committer	job <>	2021-09-08 09:49:24 +0000
commit	ebd143e5b1b0ef90bc7849974f5dc568793dd11b (patch)
tree	7f4ca34d033261f20aa25f7fdbbdbb3da5c17962 /src/lib/libcrypto/x509/x509_asid.c
parent	704a9c87f5409128acdf0580902921fcd66e7134 (diff)
download	openbsd-ebd143e5b1b0ef90bc7849974f5dc568793dd11b.tar.gz openbsd-ebd143e5b1b0ef90bc7849974f5dc568793dd11b.tar.bz2 openbsd-ebd143e5b1b0ef90bc7849974f5dc568793dd11b.zip

diff --git a/src/lib/libcrypto/x509/x509_asid.c b/src/lib/libcrypto/x509/x509_asid.c index b44b01489f..ed99ca7b6d 100644 --- a/src/lib/libcrypto/x509/x509_asid.c +++ b/src/lib/libcrypto/x509/x509_asid.c
@@ -414,7 +414,7 @@ X509v3_asid_add_id_or_range(ASIdentifiers asid, int which, ASN1_INTEGER min,
414	goto err;	414	goto err;
415	return 1;	415	return 1;
416		416
417	err:	417	err:
418	ASIdOrRange_free(aor);	418	ASIdOrRange_free(aor);
419	return 0;	419	return 0;
420	}	420	}
@@ -452,22 +452,22 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
452	BIGNUM *bn = NULL;	452	BIGNUM *bn = NULL;
453	int i, ret = 0;	453	int i, ret = 0;
454		454
455	/*	455	/*
456	* Empty element or inheritance is canonical.	456	* Empty element or inheritance is canonical.
457	*/	457	*/
458	if (choice == NULL \|\| choice->type == ASIdentifierChoice_inherit)	458	if (choice == NULL \|\| choice->type == ASIdentifierChoice_inherit)
459	return 1;	459	return 1;
460		460
461	/*	461	/*
462	* If not a list, or if empty list, it's broken.	462	* If not a list, or if empty list, it's broken.
463	*/	463	*/
464	if (choice->type != ASIdentifierChoice_asIdsOrRanges \|\|	464	if (choice->type != ASIdentifierChoice_asIdsOrRanges \|\|
465	sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)	465	sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0)
466	return 0;	466	return 0;
467		467
468	/*	468	/*
469	* It's a list, check it.	469	* It's a list, check it.
470	*/	470	*/
471	for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {	471	for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
472	ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,	472	ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,
473	i);	473	i);
@@ -483,17 +483,17 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
483	!extract_min_max(b, &b_min, &b_max))	483	!extract_min_max(b, &b_min, &b_max))
484	goto done;	484	goto done;
485		485
486	/*	486	/*
487	* Punt misordered list, overlapping start, or inverted range.	487	* Punt misordered list, overlapping start, or inverted range.
488	*/	488	*/
489	if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 \|\|	489	if (ASN1_INTEGER_cmp(a_min, b_min) >= 0 \|\|
490	ASN1_INTEGER_cmp(a_min, a_max) > 0 \|\|	490	ASN1_INTEGER_cmp(a_min, a_max) > 0 \|\|
491	ASN1_INTEGER_cmp(b_min, b_max) > 0)	491	ASN1_INTEGER_cmp(b_min, b_max) > 0)
492	goto done;	492	goto done;
493		493
494	/*	494	/*
495	* Calculate a_max + 1 to check for adjacency.	495	* Calculate a_max + 1 to check for adjacency.
496	*/	496	*/
497	if ((bn == NULL && (bn = BN_new()) == NULL) \|\|	497	if ((bn == NULL && (bn = BN_new()) == NULL) \|\|
498	ASN1_INTEGER_to_BN(a_max, bn) == NULL \|\|	498	ASN1_INTEGER_to_BN(a_max, bn) == NULL \|\|
499	!BN_add_word(bn, 1)) {	499	!BN_add_word(bn, 1)) {
@@ -508,16 +508,16 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
508	goto done;	508	goto done;
509	}	509	}
510		510
511	/*	511	/*
512	* Punt if adjacent or overlapping.	512	* Punt if adjacent or overlapping.
513	*/	513	*/
514	if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)	514	if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) >= 0)
515	goto done;	515	goto done;
516	}	516	}
517		517
518	/*	518	/*
519	* Check for inverted range.	519	* Check for inverted range.
520	*/	520	*/
521	i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;	521	i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
522	{	522	{
523	ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,	523	ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,
@@ -532,7 +532,7 @@ ASIdentifierChoice_is_canonical(ASIdentifierChoice *choice)
532		532
533	ret = 1;	533	ret = 1;
534		534
535	done:	535	done:
536	ASN1_INTEGER_free(a_max_plus_one);	536	ASN1_INTEGER_free(a_max_plus_one);
537	BN_free(bn);	537	BN_free(bn);
538	return ret;	538	return ret;
@@ -560,30 +560,30 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
560	BIGNUM *bn = NULL;	560	BIGNUM *bn = NULL;
561	int i, ret = 0;	561	int i, ret = 0;
562		562
563	/*	563	/*
564	* Nothing to do for empty element or inheritance.	564	* Nothing to do for empty element or inheritance.
565	*/	565	*/
566	if (choice == NULL \|\| choice->type == ASIdentifierChoice_inherit)	566	if (choice == NULL \|\| choice->type == ASIdentifierChoice_inherit)
567	return 1;	567	return 1;
568		568
569	/*	569	/*
570	* If not a list, or if empty list, it's broken.	570	* If not a list, or if empty list, it's broken.
571	*/	571	*/
572	if (choice->type != ASIdentifierChoice_asIdsOrRanges \|\|	572	if (choice->type != ASIdentifierChoice_asIdsOrRanges \|\|
573	sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {	573	sk_ASIdOrRange_num(choice->u.asIdsOrRanges) == 0) {
574	X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);	574	X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);
575	return 0;	575	return 0;
576	}	576	}
577		577
578	/*	578	/*
579	* We have a non-empty list. Sort it.	579	* We have a non-empty list. Sort it.
580	*/	580	*/
581	sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);	581	sk_ASIdOrRange_sort(choice->u.asIdsOrRanges);
582		582
583	/*	583	/*
584	* Now check for errors and suboptimal encoding, rejecting the	584	* Now check for errors and suboptimal encoding, rejecting the
585	* former and fixing the latter.	585	* former and fixing the latter.
586	*/	586	*/
587	for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {	587	for (i = 0; i < sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1; i++) {
588	ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,	588	ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,
589	i);	589	i);
@@ -599,29 +599,29 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
599	!extract_min_max(b, &b_min, &b_max))	599	!extract_min_max(b, &b_min, &b_max))
600	goto done;	600	goto done;
601		601
602	/*	602	/*
603	* Make sure we're properly sorted (paranoia).	603	* Make sure we're properly sorted (paranoia).
604	*/	604	*/
605	OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);	605	OPENSSL_assert(ASN1_INTEGER_cmp(a_min, b_min) <= 0);
606		606
607	/*	607	/*
608	* Punt inverted ranges.	608	* Punt inverted ranges.
609	*/	609	*/
610	if (ASN1_INTEGER_cmp(a_min, a_max) > 0 \|\|	610	if (ASN1_INTEGER_cmp(a_min, a_max) > 0 \|\|
611	ASN1_INTEGER_cmp(b_min, b_max) > 0)	611	ASN1_INTEGER_cmp(b_min, b_max) > 0)
612	goto done;	612	goto done;
613		613
614	/*	614	/*
615	* Check for overlaps.	615	* Check for overlaps.
616	*/	616	*/
617	if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {	617	if (ASN1_INTEGER_cmp(a_max, b_min) >= 0) {
618	X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);	618	X509V3error(X509V3_R_EXTENSION_VALUE_ERROR);
619	goto done;	619	goto done;
620	}	620	}
621		621
622	/*	622	/*
623	* Calculate a_max + 1 to check for adjacency.	623	* Calculate a_max + 1 to check for adjacency.
624	*/	624	*/
625	if ((bn == NULL && (bn = BN_new()) == NULL) \|\|	625	if ((bn == NULL && (bn = BN_new()) == NULL) \|\|
626	ASN1_INTEGER_to_BN(a_max, bn) == NULL \|\|	626	ASN1_INTEGER_to_BN(a_max, bn) == NULL \|\|
627	!BN_add_word(bn, 1)) {	627	!BN_add_word(bn, 1)) {
@@ -636,9 +636,9 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
636	goto done;	636	goto done;
637	}	637	}
638		638
639	/*	639	/*
640	* If a and b are adjacent, merge them.	640	* If a and b are adjacent, merge them.
641	*/	641	*/
642	if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {	642	if (ASN1_INTEGER_cmp(a_max_plus_one, b_min) == 0) {
643	ASRange *r;	643	ASRange *r;
644	switch (a->type) {	644	switch (a->type) {
@@ -673,9 +673,9 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
673	}	673	}
674	}	674	}
675		675
676	/*	676	/*
677	* Check for final inverted range.	677	* Check for final inverted range.
678	*/	678	*/
679	i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;	679	i = sk_ASIdOrRange_num(choice->u.asIdsOrRanges) - 1;
680	{	680	{
681	ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,	681	ASIdOrRange *a = sk_ASIdOrRange_value(choice->u.asIdsOrRanges,
@@ -688,12 +688,12 @@ ASIdentifierChoice_canonize(ASIdentifierChoice *choice)
688	}	688	}
689	}	689	}
690		690
691	/* Paranoia */	691	/* Paranoia */
692	OPENSSL_assert(ASIdentifierChoice_is_canonical(choice));	692	OPENSSL_assert(ASIdentifierChoice_is_canonical(choice));
693		693
694	ret = 1;	694	ret = 1;
695		695
696	done:	696	done:
697	ASN1_INTEGER_free(a_max_plus_one);	697	ASN1_INTEGER_free(a_max_plus_one);
698	BN_free(bn);	698	BN_free(bn);
699	return ret;	699	return ret;
@@ -730,9 +730,9 @@ v2i_ASIdentifiers(const struct v3_ext_method method, struct v3_ext_ctx ctx,
730	CONF_VALUE *val = sk_CONF_VALUE_value(values, i);	730	CONF_VALUE *val = sk_CONF_VALUE_value(values, i);
731	int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0;	731	int i1 = 0, i2 = 0, i3 = 0, is_range = 0, which = 0;
732		732
733	/*	733	/*
734	* Figure out whether this is an AS or an RDI.	734	* Figure out whether this is an AS or an RDI.
735	*/	735	*/
736	if (!name_cmp(val->name, "AS")) {	736	if (!name_cmp(val->name, "AS")) {
737	which = V3_ASID_ASNUM;	737	which = V3_ASID_ASNUM;
738	} else if (!name_cmp(val->name, "RDI")) {	738	} else if (!name_cmp(val->name, "RDI")) {
@@ -743,9 +743,9 @@ v2i_ASIdentifiers(const struct v3_ext_method method, struct v3_ext_ctx ctx,
743	goto err;	743	goto err;
744	}	744	}
745		745
746	/*	746	/*
747	* Handle inheritance.	747	* Handle inheritance.
748	*/	748	*/
749	if (strcmp(val->value, "inherit") == 0) {	749	if (strcmp(val->value, "inherit") == 0) {
750	if (X509v3_asid_add_inherit(asid, which))	750	if (X509v3_asid_add_inherit(asid, which))
751	continue;	751	continue;
@@ -754,9 +754,9 @@ v2i_ASIdentifiers(const struct v3_ext_method method, struct v3_ext_ctx ctx,
754	goto err;	754	goto err;
755	}	755	}
756		756
757	/*	757	/*
758	* Number, range, or mistake, pick it apart and figure out which.	758	* Number, range, or mistake, pick it apart and figure out which
759	*/	759	*/
760	i1 = strspn(val->value, "0123456789");	760	i1 = strspn(val->value, "0123456789");
761	if (val->value[i1] == '\0') {	761	if (val->value[i1] == '\0') {
762	is_range = 0;	762	is_range = 0;
@@ -778,9 +778,9 @@ v2i_ASIdentifiers(const struct v3_ext_method method, struct v3_ext_ctx ctx,
778	}	778	}
779	}	779	}
780		780
781	/*	781	/*
782	* Syntax is ok, read and add it.	782	* Syntax is ok, read and add it.
783	*/	783	*/
784	if (!is_range) {	784	if (!is_range) {
785	if (!X509V3_get_value_int(val, &min)) {	785	if (!X509V3_get_value_int(val, &min)) {
786	X509V3error(ERR_R_MALLOC_FAILURE);	786	X509V3error(ERR_R_MALLOC_FAILURE);
@@ -812,14 +812,14 @@ v2i_ASIdentifiers(const struct v3_ext_method method, struct v3_ext_ctx ctx,
812	min = max = NULL;	812	min = max = NULL;
813	}	813	}
814		814
815	/*	815	/*
816	* Canonize the result, then we're done.	816	* Canonize the result, then we're done.
817	*/	817	*/
818	if (!X509v3_asid_canonize(asid))	818	if (!X509v3_asid_canonize(asid))
819	goto err;	819	goto err;
820	return asid;	820	return asid;
821		821
822	err:	822	err:
823	ASIdentifiers_free(asid);	823	ASIdentifiers_free(asid);
824	ASN1_INTEGER_free(min);	824	ASN1_INTEGER_free(min);
825	ASN1_INTEGER_free(max);	825	ASN1_INTEGER_free(max);
@@ -941,11 +941,11 @@ asid_validate_path_internal(X509_STORE_CTX ctx, STACK_OF(X509)chain,
941	OPENSSL_assert(ctx != NULL \|\| ext != NULL);	941	OPENSSL_assert(ctx != NULL \|\| ext != NULL);
942	OPENSSL_assert(ctx == NULL \|\| ctx->verify_cb != NULL);	942	OPENSSL_assert(ctx == NULL \|\| ctx->verify_cb != NULL);
943		943
944	/*	944	/*
945	* Figure out where to start. If we don't have an extension to	945	* Figure out where to start. If we don't have an extension to
946	* check, we're done. Otherwise, check canonical form and	946	* check, we're done. Otherwise, check canonical form and
947	* set up for walking up the chain.	947	* set up for walking up the chain.
948	*/	948	*/
949	if (ext != NULL) {	949	if (ext != NULL) {
950	i = -1;	950	i = -1;
951	x = NULL;	951	x = NULL;
@@ -978,10 +978,10 @@ asid_validate_path_internal(X509_STORE_CTX ctx, STACK_OF(X509)chain,
978	}	978	}
979	}	979	}
980		980
981	/*	981	/*
982	* Now walk up the chain. Extensions must be in canonical form, no	982	* Now walk up the chain. Extensions must be in canonical form, no
983	* cert may list resources that its parent doesn't list.	983	* cert may list resources that its parent doesn't list.
984	*/	984	*/
985	for (i++; i < sk_X509_num(chain); i++) {	985	for (i++; i < sk_X509_num(chain); i++) {
986	x = sk_X509_value(chain, i);	986	x = sk_X509_value(chain, i);
987	OPENSSL_assert(x != NULL);	987	OPENSSL_assert(x != NULL);
@@ -1028,9 +1028,9 @@ asid_validate_path_internal(X509_STORE_CTX ctx, STACK_OF(X509)chain,
1028	}	1028	}
1029	}	1029	}
1030		1030
1031	/*	1031	/*
1032	* Trust anchor can't inherit.	1032	* Trust anchor can't inherit.
1033	*/	1033	*/
1034	OPENSSL_assert(x != NULL);	1034	OPENSSL_assert(x != NULL);
1035		1035
1036	if (x->rfc3779_asid != NULL) {	1036	if (x->rfc3779_asid != NULL) {
@@ -1042,7 +1042,7 @@ asid_validate_path_internal(X509_STORE_CTX ctx, STACK_OF(X509)chain,
1042	validation_err(X509_V_ERR_UNNESTED_RESOURCE);	1042	validation_err(X509_V_ERR_UNNESTED_RESOURCE);
1043	}	1043	}
1044		1044
1045	done:	1045	done:
1046	return ret;	1046	return ret;
1047	}	1047	}
1048		1048