From af50ddfc8cd7409b6577826223496779c69cd1e0 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Mon, 21 Apr 2014 08:41:26 +0000 Subject: KNF. --- src/lib/libcrypto/x509v3/pcy_cache.c | 146 ++++++++++++++++------------------- 1 file changed, 66 insertions(+), 80 deletions(-) (limited to 'src/lib/libcrypto/x509v3/pcy_cache.c') diff --git a/src/lib/libcrypto/x509v3/pcy_cache.c b/src/lib/libcrypto/x509v3/pcy_cache.c index 24c79b4a80..cc990670d7 100644 --- a/src/lib/libcrypto/x509v3/pcy_cache.c +++ b/src/lib/libcrypto/x509v3/pcy_cache.c @@ -10,7 +10,7 @@ * are met: * * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. + * notice, this list of conditions and the following disclaimer. * * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in @@ -63,28 +63,28 @@ #include "pcy_int.h" static int policy_data_cmp(const X509_POLICY_DATA * const *a, - const X509_POLICY_DATA * const *b); + const X509_POLICY_DATA * const *b); static int policy_cache_set_int(long *out, ASN1_INTEGER *value); /* Set cache entry according to CertificatePolicies extension. * Note: this destroys the passed CERTIFICATEPOLICIES structure. */ -static int policy_cache_create(X509 *x, - CERTIFICATEPOLICIES *policies, int crit) - { +static int +policy_cache_create(X509 *x, CERTIFICATEPOLICIES *policies, int crit) +{ int i; int ret = 0; X509_POLICY_CACHE *cache = x->policy_cache; X509_POLICY_DATA *data = NULL; POLICYINFO *policy; + if (sk_POLICYINFO_num(policies) == 0) goto bad_policy; cache->data = sk_X509_POLICY_DATA_new(policy_data_cmp); if (!cache->data) goto bad_policy; - for (i = 0; i < sk_POLICYINFO_num(policies); i++) - { + for (i = 0; i < sk_POLICYINFO_num(policies); i++) { policy = sk_POLICYINFO_value(policies, i); data = policy_data_new(policy, NULL, crit); if (!data) @@ -92,48 +92,44 @@ static int policy_cache_create(X509 *x, /* Duplicate policy OIDs are illegal: reject if matches * found. */ - if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) - { - if (cache->anyPolicy) - { + if (OBJ_obj2nid(data->valid_policy) == NID_any_policy) { + if (cache->anyPolicy) { ret = -1; goto bad_policy; - } - cache->anyPolicy = data; } - else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) - { + cache->anyPolicy = data; + } else if (sk_X509_POLICY_DATA_find(cache->data, data) != -1) { ret = -1; goto bad_policy; - } - else if (!sk_X509_POLICY_DATA_push(cache->data, data)) + } else if (!sk_X509_POLICY_DATA_push(cache->data, data)) goto bad_policy; data = NULL; - } + } ret = 1; - bad_policy: + +bad_policy: if (ret == -1) x->ex_flags |= EXFLAG_INVALID_POLICY; if (data) policy_data_free(data); sk_POLICYINFO_pop_free(policies, POLICYINFO_free); - if (ret <= 0) - { + if (ret <= 0) { sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); cache->data = NULL; - } - return ret; } + return ret; +} - -static int policy_cache_new(X509 *x) - { +static int +policy_cache_new(X509 *x) +{ X509_POLICY_CACHE *cache; ASN1_INTEGER *ext_any = NULL; POLICY_CONSTRAINTS *ext_pcons = NULL; CERTIFICATEPOLICIES *ext_cpols = NULL; POLICY_MAPPINGS *ext_pmaps = NULL; int i; + cache = malloc(sizeof(X509_POLICY_CACHE)); if (!cache) return 0; @@ -150,23 +146,20 @@ static int policy_cache_new(X509 *x) */ ext_pcons = X509_get_ext_d2i(x, NID_policy_constraints, &i, NULL); - if (!ext_pcons) - { + if (!ext_pcons) { if (i != -1) goto bad_cache; - } - else - { - if (!ext_pcons->requireExplicitPolicy - && !ext_pcons->inhibitPolicyMapping) + } else { + if (!ext_pcons->requireExplicitPolicy && + !ext_pcons->inhibitPolicyMapping) goto bad_cache; if (!policy_cache_set_int(&cache->explicit_skip, - ext_pcons->requireExplicitPolicy)) + ext_pcons->requireExplicitPolicy)) goto bad_cache; if (!policy_cache_set_int(&cache->map_skip, - ext_pcons->inhibitPolicyMapping)) + ext_pcons->inhibitPolicyMapping)) goto bad_cache; - } + } /* Process CertificatePolicies */ @@ -175,13 +168,12 @@ static int policy_cache_new(X509 *x) * there is no point continuing because the valid policies will be * NULL. */ - if (!ext_cpols) - { + if (!ext_cpols) { /* If not absent some problem with extension */ if (i != -1) goto bad_cache; return 1; - } + } i = policy_cache_create(x, ext_cpols, i); @@ -192,48 +184,41 @@ static int policy_cache_new(X509 *x) ext_pmaps = X509_get_ext_d2i(x, NID_policy_mappings, &i, NULL); - if (!ext_pmaps) - { + if (!ext_pmaps) { /* If not absent some problem with extension */ if (i != -1) goto bad_cache; - } - else - { + } else { i = policy_cache_set_mapping(x, ext_pmaps); if (i <= 0) goto bad_cache; - } + } ext_any = X509_get_ext_d2i(x, NID_inhibit_any_policy, &i, NULL); - if (!ext_any) - { + if (!ext_any) { if (i != -1) goto bad_cache; - } - else if (!policy_cache_set_int(&cache->any_skip, ext_any)) - goto bad_cache; + } else if (!policy_cache_set_int(&cache->any_skip, ext_any)) + goto bad_cache; - if (0) - { - bad_cache: + if (0) { +bad_cache: x->ex_flags |= EXFLAG_INVALID_POLICY; - } + } - if(ext_pcons) + if (ext_pcons) POLICY_CONSTRAINTS_free(ext_pcons); if (ext_any) ASN1_INTEGER_free(ext_any); return 1; - - } -void policy_cache_free(X509_POLICY_CACHE *cache) - { +void +policy_cache_free(X509_POLICY_CACHE *cache) +{ if (!cache) return; if (cache->anyPolicy) @@ -241,46 +226,47 @@ void policy_cache_free(X509_POLICY_CACHE *cache) if (cache->data) sk_X509_POLICY_DATA_pop_free(cache->data, policy_data_free); free(cache); - } - -const X509_POLICY_CACHE *policy_cache_set(X509 *x) - { +} - if (x->policy_cache == NULL) - { +const X509_POLICY_CACHE * +policy_cache_set(X509 *x) +{ + if (x->policy_cache == NULL) { CRYPTO_w_lock(CRYPTO_LOCK_X509); - policy_cache_new(x); + policy_cache_new(x); CRYPTO_w_unlock(CRYPTO_LOCK_X509); - } + } return x->policy_cache; +} - } - -X509_POLICY_DATA *policy_cache_find_data(const X509_POLICY_CACHE *cache, - const ASN1_OBJECT *id) - { +X509_POLICY_DATA * +policy_cache_find_data(const X509_POLICY_CACHE *cache, const ASN1_OBJECT *id) +{ int idx; X509_POLICY_DATA tmp; + tmp.valid_policy = (ASN1_OBJECT *)id; idx = sk_X509_POLICY_DATA_find(cache->data, &tmp); if (idx == -1) return NULL; return sk_X509_POLICY_DATA_value(cache->data, idx); - } +} -static int policy_data_cmp(const X509_POLICY_DATA * const *a, - const X509_POLICY_DATA * const *b) - { +static int +policy_data_cmp(const X509_POLICY_DATA * const *a, + const X509_POLICY_DATA * const *b) +{ return OBJ_cmp((*a)->valid_policy, (*b)->valid_policy); - } +} -static int policy_cache_set_int(long *out, ASN1_INTEGER *value) - { +static int +policy_cache_set_int(long *out, ASN1_INTEGER *value) +{ if (value == NULL) return 1; if (value->type == V_ASN1_NEG_INTEGER) return 0; *out = ASN1_INTEGER_get(value); return 1; - } +} -- cgit v1.2.3-55-g6feb